Inactive Are these virus/trojan/harmful?

[maddy smith]

1.a hidden folder named RECYCLER.
Inside that another hidden folder named S-1-5-21-343818398-1645522239-725345543-500.
2.a hidden folder named $RECYCLE.BIN.
3.a hidden folder named System volume information.

When I try to open the above said folders it says "Access is denied".
most of them have some sub-folders which cannot be opened at all.

4.then there are a no-of 1kb .docx files being created whenever I open a .docx file. As soon as I close the .docx file the 1kb file also vanishes. A few times when they were still there I deleted them(and they appeared back).
5.is svchost.exe harmful?

 

[Jay Pfoutz]

Hello, and welcome back to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please review the 4-Step instructions and post the logs back here for my review.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

 

[maddy smith]

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.01.08.02
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
m.g.sastry :: MGSASTRY-PC [administrator]
Protection: Enabled
1/8/2013 12:18:00 PM
mbam-log-2013-01-08 (12-18-00).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221265
Time elapsed: 5 minute(s), 29 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

 

[maddy smith]

DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457
Run by m.g.sastry at 12:44:19 on 2013-01-08
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1973.858 [GMT 5.5:30]
.
AV: avast! Antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Cepstral\bin\CepstralLicSrv.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Nitro\Pro 8\NitroPDFDriverService8.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\system32\vmnat.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.in/
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [USB Antivirus] c:\program files\usb disk security\USBGuard.exe
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:159
uPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: %SystemRoot%\system32\vsocklib.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{35569293-8DB3-4E72-A42A-C21332BE8B94} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-26 340048]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-26 165584]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2012-11-25 353168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-26 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-12-26 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-12-26 40384]
R2 Cepstral License Server;Cepstral License Server;c:\program files\cepstral\bin\CepstralLicSrv.exe [2007-3-15 57344]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-8 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-8 682344]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\nitro\pro 8\NitroPDFDriverService8.exe [2012-11-29 196616]
R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2013-1-6 578264]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-7-8 2320920]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-8-29 665200]
R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [2011-7-12 22768]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-7-8 208552]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-8 21104]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-8 40776]
S2 VMwareHostd;VMware Workstation Server;c:\program files\vmware\vmware workstation\vmware-hostd.exe [2012-4-30 11839488]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2012-12-26 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2012-12-26 40384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-10-23 77624]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-10-23 181432]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-1-7 1343400]
.
=============== File Associations ===============
.
FileExt: .txt: KMPlayer.txt - HKCR\Unknown\Shell=c:\windows\system32\rundll32.exe c:\windows\system32\shell32.dll,OpenAs_RunDLL %1 [UserChoice] [default=openas]
FileExt: .js: jsfile="c:\program files\adobe\adobe dreamweaver cs5.5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5.5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-01-08 06:46:22 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-08 06:46:22 -------- d-----w- c:\users\m.g.sastry\appdata\roaming\Malwarebytes
2013-01-08 06:46:11 -------- d-----w- c:\programdata\Malwarebytes
2013-01-08 06:46:10 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-08 06:46:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-08 06:45:33 -------- d-----w- c:\users\m.g.sastry\appdata\local\Programs
2013-01-07 17:26:38 -------- d-----w- c:\windows\system32\Wat
2013-01-07 08:41:54 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-01-07 08:41:39 534528 ----a-w- c:\windows\system32\EncDec.dll
2013-01-07 08:41:08 708608 ----a-w- c:\program files\common files\system\wab32.dll
2013-01-07 08:40:52 75776 ----a-w- c:\windows\system32\psisrndr.ax
2013-01-07 08:40:52 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2013-01-07 08:40:52 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2013-01-07 08:40:52 465408 ----a-w- c:\windows\system32\psisdecd.dll
2013-01-07 08:40:52 204288 ----a-w- c:\windows\system32\MSNP.ax
2013-01-07 08:40:36 571904 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 08:40:36 233472 ----a-w- c:\windows\system32\oleacc.dll
2013-01-07 08:39:50 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2013-01-07 08:39:50 86016 ----a-w- c:\windows\system32\odbccu32.dll
2013-01-07 08:39:50 81920 ----a-w- c:\windows\system32\odbccr32.dll
2013-01-07 08:39:50 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2013-01-07 08:39:50 163840 ----a-w- c:\windows\system32\odbctrac.dll
2013-01-07 08:39:50 122880 ----a-w- c:\windows\system32\odbccp32.dll
2013-01-07 08:39:33 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2013-01-07 08:39:33 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2013-01-07 08:39:33 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2013-01-07 08:38:22 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-01-07 08:38:02 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2013-01-07 08:38:02 666624 ----a-w- c:\windows\system32\mssvp.dll
2013-01-07 08:38:02 59392 ----a-w- c:\windows\system32\msscntrs.dll
2013-01-07 08:38:02 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2013-01-07 08:38:02 337408 ----a-w- c:\windows\system32\mssph.dll
2013-01-07 08:38:02 197120 ----a-w- c:\windows\system32\mssphtb.dll
2013-01-07 08:38:02 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2013-01-07 08:38:02 1553920 ----a-w- c:\windows\system32\tquery.dll
2013-01-07 08:38:02 1401856 ----a-w- c:\windows\system32\mssrch.dll
2013-01-07 08:37:22 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-07 08:37:07 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2013-01-07 08:37:07 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2013-01-07 08:37:07 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2013-01-07 08:36:50 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2013-01-07 08:36:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-01-07 08:36:35 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-07 08:36:19 740864 ----a-w- c:\windows\system32\inetcomm.dll
2013-01-07 08:36:04 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2013-01-07 08:35:59 123904 ----a-w- c:\windows\system32\poqexec.exe
2013-01-07 08:35:47 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2013-01-07 08:35:32 31232 ----a-w- c:\windows\system32\prevhost.exe
2013-01-07 08:35:18 2614784 ----a-w- c:\windows\explorer.exe
2013-01-07 08:35:02 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2013-01-07 08:35:02 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2013-01-07 08:34:46 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2013-01-07 08:34:32 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-01-07 08:34:16 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2013-01-07 08:34:16 1137664 ----a-w- c:\windows\system32\mfc42.dll
2013-01-07 08:34:02 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-07 08:33:48 802304 ----a-w- c:\windows\system32\FntCache.dll
2013-01-07 08:33:48 739840 ----a-w- c:\windows\system32\d2d1.dll
2013-01-07 08:33:48 1074176 ----a-w- c:\windows\system32\DWrite.dll
2013-01-07 08:33:29 2690560 ----a-w- c:\windows\system32\mstscax.dll
2013-01-07 08:33:29 1034240 ----a-w- c:\windows\system32\mstsc.exe
2013-01-07 08:33:14 850432 ----a-w- c:\windows\system32\sbe.dll
2013-01-07 08:33:14 642048 ----a-w- c:\windows\system32\CPFilters.dll
2013-01-07 08:33:14 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-07 08:31:45 987136 ----a-w- c:\program files\common files\system\ado\msado15.dll
2013-01-07 08:31:45 573440 ----a-w- c:\windows\system32\odbc32.dll
2013-01-07 08:31:45 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll
2013-01-07 08:31:45 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2013-01-07 08:31:45 208896 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2013-01-07 08:31:19 109056 ----a-w- c:\windows\system32\t2embed.dll
2013-01-07 08:31:08 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2013-01-07 08:31:08 1413632 ----a-w- c:\windows\system32\ole32.dll
2013-01-07 08:30:54 954752 ----a-w- c:\windows\system32\mfc40.dll
2013-01-07 08:30:54 954288 ----a-w- c:\windows\system32\mfc40u.dll
2013-01-07 08:30:45 530432 ----a-w- c:\windows\system32\comctl32.dll
2013-01-07 08:30:32 738816 ----a-w- c:\windows\system32\wmpmde.dll
2013-01-07 08:30:11 101760 ----a-w- c:\windows\system32\consent.exe
2013-01-07 08:29:48 749056 ----a-w- c:\windows\system32\schedsvc.dll
2013-01-07 08:29:48 496128 ----a-w- c:\windows\system32\taskschd.dll
2013-01-07 08:29:48 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2013-01-07 08:29:48 305152 ----a-w- c:\windows\system32\taskcomp.dll
2013-01-07 08:29:48 192000 ----a-w- c:\windows\system32\taskeng.exe
2013-01-07 08:29:48 179712 ----a-w- c:\windows\system32\schtasks.exe
2013-01-07 08:29:30 417792 ----a-w- c:\windows\system32\msdri.dll
2013-01-07 08:29:09 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2013-01-07 08:29:09 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2013-01-07 08:28:54 168448 ----a-w- c:\windows\system32\srvsvc.dll
2013-01-07 08:28:39 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2013-01-07 08:28:16 316928 ----a-w- c:\windows\system32\spoolsv.exe
2013-01-07 08:28:06 37376 ----a-w- c:\windows\system32\rtutils.dll
2013-01-07 08:27:56 82944 ----a-w- c:\windows\system32\iccvid.dll
2013-01-07 08:27:56 197632 ----a-w- c:\windows\system32\ir32_32.dll
2013-01-07 08:27:31 67584 ----a-w- c:\windows\system32\asycfilt.dll
2013-01-07 08:27:20 1619968 ----a-w- c:\program files\windows mail\msoe.dll
2013-01-07 08:27:07 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-07 08:27:07 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-07 08:25:58 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-01-07 08:25:53 34816 ----a-w- c:\windows\system32\msasn1.dll
2013-01-07 08:25:47 257024 ----a-w- c:\windows\system32\msv1_0.dll
2013-01-07 08:25:34 507568 ----a-w- c:\windows\system32\winload.exe
2013-01-07 08:25:34 442920 ----a-w- c:\windows\system32\winresume.exe
2013-01-07 08:25:34 293888 ----a-w- c:\windows\system32\atmfd.dll
2013-01-07 08:25:34 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2013-01-06 07:00:49 -------- d-----w- c:\program files\PANDORA.TV
2013-01-06 07:00:36 -------- d-----w- c:\program files\The KMPlayer
2013-01-06 06:52:03 -------- d-----w- c:\program files\VS Revo Group
2012-12-26 05:36:29 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-12-26 05:36:26 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-12-26 05:35:27 38848 ----a-w- c:\windows\avastSS.scr
2012-12-24 07:34:26 701 ----a-w- c:\users\m.g.sastry\appdata\roaming\init.dll
2012-12-24 07:34:23 701 ----a-w- c:\users\m.g.sastry\appdata\roaming\sound.dll
2012-12-19 12:11:40 -------- d-----w- c:\program files\WinPcap
2012-12-19 12:11:36 -------- d-----w- c:\users\m.g.sastry\appdata\roaming\Neoretix
2012-12-17 15:27:46 -------- d-----w- c:\users\m.g.sastry\appdata\roaming\Wedding Album Maker
2012-12-17 15:27:46 -------- d-----w- c:\programdata\Anvsoft
2012-12-17 15:27:06 -------- d-----w- c:\program files\Wedding Album Maker Gold
2012-12-17 14:59:07 -------- d-----w- c:\program files\Tracker Software
2012-12-17 14:45:33 -------- d-----w- c:\program files\Image2PDF v1.8
2012-12-15 16:52:55 -------- d-----w- c:\users\m.g.sastry\appdata\roaming\Nitro
2012-12-15 16:52:22 27144 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-12-15 16:52:22 18440 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-12-15 16:52:01 -------- d-----w- c:\program files\Nitro
2012-12-15 16:52:01 -------- d-----w- c:\program files\common files\Nitro
2012-12-15 16:52:00 -------- d-----w- c:\programdata\Nitro
2012-12-15 16:50:49 -------- d-----w- c:\users\m.g.sastry\appdata\roaming\Downloaded Installations
2012-12-13 17:51:53 48 ----a-w- c:\users\m.g.sastry\appdata\roaming\tigersetting.dll
2012-12-13 17:51:07 116736 ----a-w- c:\windows\system32\redmonnt.dll
2012-12-13 17:51:03 94274 ----a-w- c:\windows\system32\HPBHEALR.DLL
2012-12-13 17:51:03 58368 ----a-w- c:\windows\system32\HPDOMON.DLL
2012-12-13 17:51:03 53248 ----a-w- c:\windows\system32\HPBMMON.DLL
2012-12-13 17:51:02 -------- d-----w- c:\program files\qvPDF
2012-12-13 17:51:00 -------- d-----w- c:\program files\PDFTiger
.
==================== Find3M ====================
.
2013-01-07 08:26:56 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2013-01-06 07:31:52 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-10-29 03:09:28 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-10-29 03:09:26 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2006-02-19 07:12:26 495616 ----a-w- c:\program files\DJVU Reader.exe
.
============= FINISH: 12:44:59.13 ===============

 

[maddy smith]

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/9/2011 8:45:49 AM
System Uptime: 1/8/2013 10:12:22 AM (2 hours ago)
.
Motherboard: Intel Corporation | | DH55PJ
Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz | XU1 | 2926/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 25.276 GiB free.
D: is FIXED (NTFS) - 123 GiB total, 5.258 GiB free.
E: is FIXED (NTFS) - 123 GiB total, 16.397 GiB free.
F: is FIXED (NTFS) - 123 GiB total, 68.823 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: adfs
Device ID: ROOT\LEGACY_ADFS\0000
Manufacturer:
Name: adfs
PNP Device ID: ROOT\LEGACY_ADFS\0000
Service: adfs
.
==== System Restore Points ===================
.
RP157: 1/7/2013 1:55:00 PM - Windows Modules Installer
.
==== Installed Programs ======================
.
Adobe Acrobat 5.0
Adobe AIR
Adobe Community Help
Adobe Dreamweaver CS5.5
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Media Player
Adobe Photoshop CS5.1
Adobe Reader X
Adobe Widget Browser
Advanced SystemCare 4
Amazon Kindle
AutoUpdate
avast! Pro Antivirus
AVS Disc Creator version 2.1
AVS Video Tools 5.1
Boilsoft Video Joiner 6.22
Boilsoft Video Splitter 6.01
Cepstral Emily 4.2.0
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DiskRedactor
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Easy CD-DA Extractor 15
FIFA 11
Freemake Video Converter version 2.3.2
GetFLV 9.1.1.1
iFilmEdit 1.4
Image2PDF v1.8
Intel(R) Desktop Utilities
Intel(R) Integrator Assistant
Intel(R) Management Engine Components
Intel(R) Network Connections 14.6.9.0
Intel(R) Remote PC Assist
IsoBuster 2.8.5
Java Auto Updater
Java(TM) 6 Update 31
Laura
Learn to Speak English Deluxe 10
LG CyberLink LabelPrint
LG CyberLink Power2Go
LG CyberLink PowerBackup
LG CyberLink PowerDVD
LG CyberLink PowerProducer
LG CyberLink YouCam
LG ODD Auto Firmware Update
LG Power Tools
Logitech Desktop Messenger
Logitech iTouch Software
Logitech MouseWare 9.79.3
Logitech Resource Center
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSI Afterburner 1.5.1
MSVCRT Redists
MSXML 4.0 SP2 Parser and SDK
MyAppVerName
MyFreeCodec
NextUp-Acapela Brightspeech Heather22 US English Voice
NextUp-Acapela Elan Graham22 UK English Voice
NextUp-ScanSoft Daniel British Voice
NextUp-ScanSoft Emily British Voice
Nitro Pro 8
NVIDIA Display Control Panel
NVIDIA Drivers
Pandora Service
PCmover
PDF-XChange Viewer
PDF Settings CS5
PDF/ePUB to Kindle Tool version 2.4.0
PDFTiger
PDFTiger Kernel
PDFTigerDriver
Photo to Cartoon
Picasa 3
QuickTime
Rachel
Rapture3D 2.4.4 Game
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
Ryan
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Snagit 10
Subtitle Workshop 2.51
TextAloud 3.0
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
TubeHunter Ultra 4.31
TURBO C++
TypeFaster Typing Tutor
Ultra Video Joiner 5.6.0801
Ultra Video Splitter 5.4.0822
Update for Microsoft Office 2010 (KB2494150)
Vegas Pro 10.0
Video Enhancer 1.9.8
Video Fixer 3.23
VLC media player 1.1.10
VmciSockets
VMware Workstation
Wedding Album Maker Gold 3.50
WinPcap 4.1.2
WinRAR archiver
WinZip
Xilisoft Movie Maker 6
Xilisoft Video Converter Ultimate 6
.
==== Event Viewer Messages From Past Week ========
.
1/8/2013 10:14:45 AM, Error: Service Control Manager [7023] -
1/8/2013 10:13:24 AM, Error: Service Control Manager [7024] - The VMware Workstation Server service terminated with service-specific error %%-1.
1/8/2013 10:13:18 AM, Error: Service Control Manager [7000] - The adfs service failed to start due to the following error: The system cannot find the file specified.
1/8/2013 10:12:44 AM, Error: volmgr [46] - Crash dump initialization failed!
1/6/2013 8:20:42 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {9EB4C4CB-74C2-4BE9-AA5D-8249F16020AD}. The error: "2" Happened while starting this command: E:\softwares\KMPlayerPortable\App\KMPlayer\KMPlayer.exe -Embedding
1/6/2013 12:30:52 PM, Error: Service Control Manager [7030] - The PandoraService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/4/2013 8:03:07 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
1/1/2013 5:12:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
1/1/2013 5:12:49 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/1/2013 5:12:49 PM, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
1/1/2013 5:12:49 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/1/2013 5:12:49 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/1/2013 5:12:49 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/1/2013 5:12:49 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/1/2013 5:12:49 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/1/2013 5:12:49 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/1/2013 5:12:49 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/1/2013 5:12:49 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================

 

[maddy smith]

Not able to download 'adwcleaner'...
asks me to update again and again.
I've posted rest of the logs.
thanks.

 

[Jay Pfoutz]

ComboFix scan

Please download ComboFix

by sUBs
From TechSpot

Direct Link (alternative)

Please save the file to your Desktop.

Important information about ComboFix


After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on ComboFix.exe & follow the prompts.
• When ComboFix finishes, it will produce a report for you.
• Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

 

[Jay Pfoutz]

Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

However, we'd like to still help. Please update us on the state of your PC.