abblegabble

Members

View Profile See their activity

Posts
3
Joined
January 28, 2012
Last visited
February 1, 2012

Reputation

0 Neutral

malicious mesage incl. svchost.exe

abblegabble replied to abblegabble's topic in Resolved Malware Removal Logs

Is anyone able to assist ? Thanks
- January 30, 2012
- 3 replies
malicious mesage incl. svchost.exe

abblegabble replied to abblegabble's topic in Resolved Malware Removal Logs

. DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by bobbymct at 14:06:41 on 2012-01-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3839.2606 [GMT 0:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\SysWOW64\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\REGSVR32.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://home.bt.yahoo.com/ uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3720&r=173601120206p0305v155y4721929s mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3720&r=173601120206p0305v155y4721929s mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3720&r=173601120206p0305v155y4721929s uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: SpecialSavings: {74f475fa-6c75-43bd-aab9-ecda6184f600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED mRun: [<NO NAME>] mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2A200944-253A-46C6-A191-09ED9CE8F972} : DhcpNameServer = 192.168.1.1 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: SpecialSavings: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll BHO-X64: SpecialSavings - No File BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO-X64: Ask Toolbar BHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED mRun-x64: [(Default)] mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\bobbymct\AppData\Roaming\Mozilla\Firefox\Profiles\x8qeaogp.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000027&locale=en_UK&apn_uid=AB40A16B-F4C2-4E7B-AD55-63A83C92D441&apn_ptnrs=U3&apn_sauid=2C55CE64-FA7F-490B-85B3-A0C35583101D&apn_dtid=OSJ000YYGB&&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-1-23 44768] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] R2 Greg_Service;GRegService;C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-6-4 1150496] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Windows\SysWOW64\nvSCPAPISvr.exe [2009-6-10 232960] R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-8-15 240160] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n64.sys --> C:\Windows\system32\DRIVERS\RTL85n64.sys [?] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-8 135664] S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-28 652872] S3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-8 135664] S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2009-8-15 332272] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-01-28 17:58:56 -------- d-----w- C:\Users\bobbymct\AppData\Local\WinZip 2012-01-28 17:49:37 -------- d-----w- C:\Users\bobbymct\AppData\Roaming\Malwarebytes 2012-01-28 17:49:21 -------- d-----w- C:\ProgramData\Malwarebytes 2012-01-28 17:49:20 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware 2012-01-28 17:47:11 -------- d-----w- C:\Malwarebytes Anti-Malware v1.60.0.1800 Final Incl. Keygen 2012-01-27 16:12:27 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1AD4FCBC-13B1-4C5B-9E4D-5F061EF1170C}\mpengine.dll 2012-01-23 22:21:21 248320 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp70v.dll 2012-01-23 22:19:23 -------- d-----w- C:\Program Files (x86)\Common Files\HP 2012-01-23 22:19:13 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard 2012-01-23 22:18:52 136704 ----a-w- C:\Windows\System32\hpf3l70v.dll 2012-01-23 22:18:08 -------- d-----w- C:\Program Files (x86)\HP 2012-01-23 22:16:52 880640 ----a-w- C:\Windows\System32\hposwia_d02c.dll 2012-01-23 22:16:52 748544 ----a-w- C:\Windows\System32\hpost_d02c.dll 2012-01-23 22:16:52 642360 ----a-w- C:\Windows\System32\hpzids40.dll 2012-01-23 22:16:52 551424 ----a-w- C:\Windows\System32\hppldcoi.dll 2012-01-23 22:16:52 515072 ----a-w- C:\Windows\System32\hposc_d02a.dll 2012-01-23 20:54:29 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-23 20:29:25 16752 ----a-w- C:\Windows\System32\roboot64.exe 2012-01-23 20:29:25 -------- d-----w- C:\Users\bobbymct\AppData\Roaming\PerformerSoft 2012-01-23 20:29:23 -------- d-----w- C:\Program Files (x86)\SpecialSavings 2012-01-23 19:10:50 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-01-23 19:10:47 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-01-23 19:10:09 41184 ----a-w- C:\Windows\avastSS.scr 2012-01-23 19:10:03 -------- d-----w- C:\ProgramData\AVAST Software 2012-01-23 19:10:03 -------- d-----w- C:\Program Files\AVAST Software 2012-01-16 11:25:59 -------- d-----w- C:\ProgramData\Friends Games 2012-01-16 11:25:25 -------- d-sh--w- C:\Users\bobbymct\AppData\Roaming\.# 2012-01-12 19:27:57 902656 ----a-w- C:\Windows\System32\d2d1.dll 2012-01-12 19:27:57 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-01-12 19:27:57 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-01-12 19:27:57 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2012-01-12 19:27:57 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-01-11 16:44:19 -------- d-----w- C:\Program Files (x86)\MapsGalaxy_39EI 2012-01-11 15:26:53 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-01-11 15:26:53 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-01-11 15:26:53 1572864 ----a-w- C:\Windows\System32\quartz.dll 2012-01-11 15:26:53 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll 2012-01-11 15:25:46 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-01-11 15:25:45 1731920 ----a-w- C:\Windows\System32\ntdll.dll 2012-01-11 15:25:04 77312 ----a-w- C:\Windows\System32\packager.dll 2012-01-11 15:25:04 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-01-10 19:04:04 -------- d-----w- C:\Windows\System32\SPReview 2012-01-10 19:03:01 -------- d-----w- C:\Windows\System32\EventProviders 2012-01-09 19:51:44 -------- d-----w- C:\Users\bobbymct\Tracing 2012-01-09 19:42:02 48976 ----a-w- C:\Windows\System32\netfxperf.dll 2012-01-09 19:42:02 1942856 ----a-w- C:\Windows\System32\dfshim.dll 2012-01-09 19:40:59 95232 ----a-w- C:\Windows\System32\regapi.dll 2012-01-09 19:39:59 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll 2012-01-09 19:39:59 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll 2012-01-09 19:38:27 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2012-01-09 19:38:27 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll 2012-01-09 19:38:19 244736 ----a-w- C:\Windows\System32\sqmapi.dll 2012-01-09 19:13:00 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2012-01-09 19:13:00 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys 2012-01-09 19:13:00 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2012-01-09 19:13:00 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2012-01-09 19:13:00 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2012-01-09 19:13:00 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2012-01-09 19:13:00 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2012-01-09 19:12:52 2565632 ----a-w- C:\Windows\System32\esent.dll 2012-01-09 19:12:52 1699328 ----a-w- C:\Windows\SysWow64\esent.dll 2012-01-09 19:12:52 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-01-09 19:12:51 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys 2012-01-09 19:12:51 189824 ----a-w- C:\Windows\System32\drivers\storport.sys 2012-01-09 19:12:51 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys 2012-01-09 19:12:51 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys 2012-01-09 19:12:51 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys 2012-01-09 19:12:50 96768 ----a-w- C:\Windows\System32\fsutil.exe 2012-01-09 19:12:50 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe 2012-01-09 19:12:50 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys 2012-01-08 22:41:04 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2012-01-08 20:24:17 -------- d-----w- C:\Windows\SysWow64\Wat 2012-01-08 20:24:17 -------- d-----w- C:\Windows\System32\Wat 2012-01-08 19:33:11 294912 ----a-w- C:\Windows\System32\browserchoice.exe 2012-01-08 18:46:01 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-01-08 18:46:01 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-01-08 18:44:52 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2012-01-08 18:44:52 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2012-01-08 18:44:52 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2012-01-08 18:44:50 499200 ----a-w- C:\Windows\System32\drivers\afd.sys 2012-01-08 18:44:30 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2012-01-08 18:44:30 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2012-01-08 18:44:10 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2012-01-08 18:44:03 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2012-01-08 18:44:03 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2012-01-08 18:42:33 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys 2012-01-08 18:42:00 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe 2012-01-08 18:42:00 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe 2012-01-08 18:42:00 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll 2012-01-08 18:39:25 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2012-01-08 18:38:58 3145216 ----a-w- C:\Windows\System32\win32k.sys 2012-01-08 18:38:55 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys 2012-01-08 18:38:54 861696 ----a-w- C:\Windows\System32\oleaut32.dll 2012-01-08 18:38:54 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2012-01-08 18:38:54 331776 ----a-w- C:\Windows\System32\oleacc.dll 2012-01-08 18:38:54 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll 2012-01-08 18:38:52 723456 ----a-w- C:\Windows\System32\EncDec.dll 2012-01-08 18:38:52 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll 2012-01-08 18:38:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-01-08 18:38:44 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-01-08 18:33:00 -------- d-----w- C:\Program Files (x86)\Ask.com 2012-01-08 18:31:13 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-01-08 18:31:12 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-01-08 18:31:11 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-01-08 18:27:51 525544 ----a-w- C:\Windows\System32\deployJava1.dll 2012-01-08 18:25:07 279096 ------w- C:\Windows\System32\MpSigStub.exe 2012-01-08 18:21:14 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-01-08 18:15:32 -------- d-----w- C:\Users\bobbymct\AppData\Local\Google 2012-01-08 08:12:19 -------- d-----r- C:\Backup4 2012-01-08 06:37:13 -------- d-----r- C:\Backup3 2012-01-08 01:15:10 -------- d-----r- C:\Backup2 2012-01-08 01:00:15 -------- d-----w- C:\Users\bobbymct\AppData\Local\ElevatedDiagnostics 2012-01-08 00:53:27 -------- d-----w- C:\Users\bobbymct\AppData\Local\Diagnostics 2012-01-08 00:52:50 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll 2012-01-08 00:52:50 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll 2012-01-08 00:52:29 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2012-01-08 00:51:45 -------- d-----w- C:\Program Files (x86)\Microsoft 2012-01-08 00:51:26 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive 2012-01-08 00:50:45 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8e0351501cccd9f\DSETUP.dll 2012-01-08 00:50:45 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8e0351501cccd9f\DXSETUP.exe 2012-01-08 00:50:45 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8e0351501cccd9f\dsetup32.dll 2012-01-08 00:50:16 140066664 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcB27.tmp 2012-01-08 00:50:10 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live 2012-01-08 00:49:19 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared 2012-01-08 00:49:02 55024 ------w- C:\Windows\System32\drivers\PxHlpa64.sys 2012-01-08 00:49:00 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared 2012-01-08 00:49:00 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine 2012-01-08 00:45:36 -------- d-----w- C:\Users\bobbymct\AppData\Local\IOI 2012-01-08 00:45:29 -------- d-----w- C:\Users\bobbymct\AppData\Local\Packard Bell 2012-01-08 00:44:36 -------- d-----w- C:\Users\bobbymct\AppData\Local\VirtualStore 2012-01-08 00:42:37 -------- d-----w- C:\Program Files\PB Accessory Store 2012-01-08 00:42:29 -------- d-----w- C:\Program Files (x86)\OEM 2011-12-31 01:12:34 -------- d-----r- C:\Backup1 . ==================== Find3M ==================== . 2012-01-10 19:11:03 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-01-10 19:11:02 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-01-08 00:35:07 6 ----a-w- C:\Windows\System32\PLD_Framework.cmd 2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys 2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll 2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll 2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll 2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll 2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll 2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll 2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe 2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll 2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll 2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll 2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 14:15:38.91 =============== ATTACH file . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 08/01/2012 00:41:42 System Uptime: 29/01/2012 13:53:18 (1 hours ago) . Motherboard: Packard Bell | | MCP73PVT-PM Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz | CPU 1 | 2499/333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 290 GiB total, 249.172 GiB free. D: is FIXED (NTFS) - 291 GiB total, 230.783 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318} Description: Microsoft PS/2 Mouse Device ID: ACPI\PNP0F03\4&38E7983B&0 Manufacturer: Microsoft Name: Microsoft PS/2 Mouse PNP Device ID: ACPI\PNP0F03\4&38E7983B&0 Service: i8042prt . ==== System Restore Points =================== . RP17: 11/01/2012 15:27:28 - Windows Update RP18: 11/01/2012 16:52:59 - Windows Update RP19: 12/01/2012 11:34:08 - Windows Update RP20: 12/01/2012 12:33:00 - Windows Update RP21: 12/01/2012 19:56:11 - Windows Update RP22: 13/01/2012 19:20:00 - Windows Backup RP23: 13/01/2012 19:21:44 - Windows Backup RP24: 13/01/2012 19:23:00 - Windows Backup RP25: 13/01/2012 19:24:14 - Windows Backup RP26: 13/01/2012 19:25:26 - Windows Backup RP27: 13/01/2012 19:28:07 - Windows Backup RP28: 13/01/2012 19:30:14 - Windows Backup RP29: 13/01/2012 20:05:45 - Windows Update RP30: 15/01/2012 19:23:59 - Windows Backup RP31: 17/01/2012 14:48:37 - Windows Update RP32: 20/01/2012 15:42:47 - Windows Update RP33: 20/01/2012 19:15:53 - Restore Operation RP34: 21/01/2012 07:45:23 - Windows Update RP35: 21/01/2012 10:49:27 - Windows Backup RP36: 21/01/2012 10:55:28 - Restore Operation RP37: 21/01/2012 19:12:37 - Windows Backup RP38: 21/01/2012 20:56:34 - Restore Operation RP39: 23/01/2012 17:07:25 - Windows Backup RP40: 23/01/2012 18:55:22 - Windows Backup RP41: 23/01/2012 19:09:55 - avast! Free Antivirus Setup RP42: 23/01/2012 20:09:32 - ARO 2011 - Before Installation RP43: 23/01/2012 20:10:03 - ARO 2011 - FIRST RUN RP44: 23/01/2012 20:17:21 - ARO 2011 Mon, Jan 23, 12 20:17 RP45: 23/01/2012 20:18:17 - ARO 2011 - Before Optimize RP46: 23/01/2012 20:31:15 - PC Performer Mon, Jan 23, 12 20:31 RP47: 24/01/2012 14:56:48 - Windows Update RP48: 24/01/2012 15:26:12 - Windows Update RP49: 25/01/2012 12:34:23 - Windows Update RP50: 28/01/2012 17:58:05 - Installed WinZip 16.0 . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 2007 Microsoft Office Suite Service Pack 2 (SP2) Acrobat.com Adobe AIR Adobe Photoshop Elements 7.0 Adobe Reader 9.1 MUI Advertising Center Amazonia Ask Toolbar Ask Toolbar Updater avast! Free Antivirus Choice Guard Compatibility Pack for the 2007 Office system DJ_AIO_06_F2400_SW_Min eBay Worldwide Google Toolbar for Internet Explorer Google Update Helper Identity Card ImagXpress Java Auto Updater Java™ 6 Update 30 Junk Mail filter update Malwarebytes Anti-Malware version 1.60.0.1800 Merriam Websters Spell Jam Metaboli Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Mozilla Firefox 9.0.1 (x86 en-GB) MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 9 Essentials Nero ControlCenter Nero DiscSpeed Nero DiscSpeed Help Nero DriveSpeed Nero DriveSpeed Help Nero Express Help Nero InfoTool Nero InfoTool Help Nero Installer Nero Online Upgrade Nero StartSmart Nero StartSmart Help Nero StartSmart OEM NeroExpress neroxml Norton Online Backup NVIDIA Stereoscopic 3D Driver Packard Bell InfoCentre Packard Bell Recovery Management Packard Bell Registration Packard Bell ScreenSaver Packard Bell Software Suite SE Packard Bell Updater Realtek High Definition Audio Driver Scan Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) SpecialSavings Toolbox Update for 2007 Microsoft Office System (KB2284654) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 (KB980729) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 (KB974631) Update for Microsoft Office Word 2007 Help (KB963665) Welcome Center Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer . ==== Event Viewer Messages From Past Week ======== . 29/01/2012 13:55:48, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified. 29/01/2012 13:55:48, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified. 28/01/2012 18:44:30, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running. 28/01/2012 18:42:32, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 28/01/2012 18:42:30, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 28/01/2012 18:42:30, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 28/01/2012 18:42:30, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 28/01/2012 18:31:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP 28/01/2012 18:31:09, Error: SRTSP [5] - 28/01/2012 17:46:46, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6. 23/01/2012 18:56:51, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0. . ==== End Of File ===========================
- January 29, 2012
- 3 replies
malicious mesage incl. svchost.exe

abblegabble posted a topic in Resolved Malware Removal Logs

Hi, I'm attempting to repair a machine belonging to a friend. Initial issue included internet not working, speakers not working and printer not working. all are now working fine except the internet is still v intermittent the machine had no antivirus software at all. I've downloaded avast home and purchased malwarebytes pro for them but one issue still remains. on loading any internet page something strange will happen maybe on google search, the page either will not load due to internet connection dropping off or the page gets redirected. also avast throws up a malicious message including SYSTEM32/SVCHOST.EXE Is there some steps i can go thru to identify a best course of action to resolve ? Thanks in advance
- January 28, 2012
- 3 replies

Sign In

abblegabble

Posts

Joined

Last visited

Reputation

malicious mesage incl. svchost.exe

malicious mesage incl. svchost.exe

malicious mesage incl. svchost.exe

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information