FunkyHomosapien

Members

View Profile See their activity

Posts
2
Joined
January 29, 2012
Last visited
January 30, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by FunkyHomosapien

need some assistance

FunkyHomosapien posted a topic in Resolved Malware Removal Logs

Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.28.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Shahzeb :: SHAHZEB-HP [administrator] 1/28/2012 8:15:32 PM mbam-log-2012-01-28 (20-15-32).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 176720 Time elapsed: 9 minute(s), 36 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 1696 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Shahzeb\AppData\Local\Temp\B8AD.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. (end) ============================================================================================= . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22 Run by Shahzeb at 10:37:44 on 2012-01-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3561.834 [GMT -6:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Overwolf\Overwolf.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin -netsvcs C:\Windows\system32\conhost.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Shahzeb\Downloads\Runes_of_Magic_4_0_5_2467_us_full.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\AUDIODG.EXE C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [spotify] "C:\Users\Shahzeb\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript StartupFolder: C:\Users\Shahzeb\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{55507252-DC70-4A46-A2DC-9A0EECFC4DB6} : DhcpNameServer = 40.20.1.201 40.20.1.202 TCP: Interfaces\{D023B74A-2892-4F97-B842-83C8DEA550A2} : DhcpNameServer = 192.168.1.254 Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll BHO-X64: AMD SteadyVideo BHO - No File BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Shahzeb\AppData\Roaming\Mozilla\Firefox\Profiles\rdio8qps.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?] R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?] R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-28 361984] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-1-23 44768] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-12 227896] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-17 2413056] R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2012-1-28 17848] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-01-29 15:18:12 20480 ------w- C:\Windows\svchost.exe 2012-01-29 02:38:34 -------- d-----w- C:\Users\Shahzeb\AppData\Roaming\FOG Downloader 2012-01-29 02:14:04 -------- d-----w- C:\Users\Shahzeb\AppData\Roaming\Malwarebytes 2012-01-29 02:13:51 -------- d-----w- C:\ProgramData\Malwarebytes 2012-01-29 02:13:50 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-01-29 02:13:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-01-29 01:02:52 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\B755.tmp 2012-01-29 01:02:52 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\B754.tmp 2012-01-28 23:05:23 -------- d-----w- C:\Program Files (x86)\Overwolf 2012-01-28 23:05:23 -------- d-----w- C:\Program Files (x86)\Common Files\Overwolf 2012-01-28 23:03:11 -------- d-----w- C:\Users\Shahzeb\AppData\Local\Overwolf 2012-01-28 22:56:19 -------- d-----w- C:\gPotato.com 2012-01-28 22:43:46 -------- d-----w- C:\Users\Shahzeb\AppData\Local\Evernote 2012-01-28 05:01:35 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BC936E67-50B9-4FBE-B9EE-926D8C3A1445}\mpengine.dll 2012-01-27 00:57:16 -------- d-----w- C:\Users\Shahzeb\AppData\Roaming\OpenOffice.org 2012-01-27 00:50:41 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3 2012-01-27 00:49:57 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-01-25 23:53:42 -------- d-----w- C:\Windows\SysWow64\Wat 2012-01-25 23:53:42 -------- d-----w- C:\Windows\System32\Wat 2012-01-25 22:28:16 -------- d-----w- C:\Program Files (x86)\MSXML 4.0 2012-01-24 22:47:38 -------- d-----w- C:\Users\Shahzeb\AppData\Local\Adobe 2012-01-24 21:27:52 3145216 ----a-w- C:\Windows\System32\win32k.sys 2012-01-24 21:27:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll 2012-01-24 21:27:49 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll 2012-01-24 21:27:49 331776 ----a-w- C:\Windows\System32\oleacc.dll 2012-01-24 21:27:49 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll 2012-01-24 21:27:42 723456 ----a-w- C:\Windows\System32\EncDec.dll 2012-01-24 21:27:42 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll 2012-01-24 21:27:32 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-01-24 21:27:25 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-01-24 21:27:25 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-01-24 21:26:57 1731920 ----a-w- C:\Windows\System32\ntdll.dll 2012-01-24 21:26:57 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-01-24 21:26:56 77312 ----a-w- C:\Windows\System32\packager.dll 2012-01-24 21:26:56 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-01-24 03:23:55 -------- d-----w- C:\Users\Shahzeb\riotsGamesLogs 2012-01-24 03:23:34 -------- d-----w- C:\Users\Shahzeb\AppData\Roaming\LolClient 2012-01-24 03:14:33 -------- d-----w- C:\Users\Shahzeb\AppData\Local\CrashDumps 2012-01-24 01:16:06 -------- d-----w- C:\Users\Shahzeb\AppData\Local\Diagnostics 2012-01-24 00:55:07 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll 2012-01-24 00:55:07 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll 2012-01-24 00:55:06 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll 2012-01-24 00:55:06 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll 2012-01-24 00:55:04 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll 2012-01-24 00:50:35 -------- d-----w- C:\Riot Games 2012-01-23 21:18:59 -------- d-----w- C:\Users\Shahzeb\AppData\Local\CyberLink 2012-01-23 21:18:46 -------- d-----w- C:\Users\Shahzeb\Tracing 2012-01-23 21:03:28 -------- d-----w- C:\Users\Shahzeb\AppData\Local\Spotify 2012-01-23 21:01:01 -------- d-----w- C:\Users\Shahzeb\AppData\Roaming\Spotify 2012-01-23 20:56:10 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-01-23 20:56:09 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-01-23 20:56:01 41184 ----a-w- C:\Windows\avastSS.scr 2012-01-23 20:55:51 -------- d-----w- C:\ProgramData\AVAST Software 2012-01-23 20:55:51 -------- d-----w- C:\Program Files\AVAST Software 2012-01-23 20:51:55 -------- d-----w- C:\Users\Shahzeb\AppData\Local\PMB Files 2012-01-23 20:51:53 -------- d-----w- C:\ProgramData\PMB Files 2012-01-23 20:51:30 -------- d-----w- C:\Program Files (x86)\Pando Networks 2012-01-23 20:46:02 -------- d-----w- C:\Users\Shahzeb\AppData\Local\Mozilla 2012-01-23 20:44:02 -------- d-----w- C:\Users\Shahzeb\AppData\Roaming\Synaptics 2012-01-23 20:41:16 -------- d-----w- C:\Users\Shahzeb\AppData\Roaming\hpqlog 2012-01-23 20:41:11 -------- d-----w- C:\Users\Shahzeb\AppData\Local\Hewlett-Packard 2012-01-23 20:40:27 -------- d-----w- C:\Users\Shahzeb\AppData\Local\RemEngine 2012-01-23 20:40:15 -------- d-----w- C:\Users\Shahzeb\AppData\Local\Hewlett-Packard_Company 2012-01-23 20:39:28 -------- d-----w- C:\Users\Shahzeb\AppData\Local\VirtualStore . ==================== Find3M ==================== . 2012-01-23 20:55:08 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-12-17 08:56:06 0 ----a-w- C:\Windows\ativpsrm.bin 2011-12-07 16:39:10 279096 ------w- C:\Windows\System32\MpSigStub.exe . ============= FINISH: 10:42:06.57 ===============
- January 29, 2012
- 2 replies
Svchost won't leave me alone!

FunkyHomosapien posted a topic in Resolved Malware Removal Logs

Hi! I got a pop up message from avast several times that stated svchost was trying to go through, but thankfully avast blocked it. So I then downloaded malwarebytes to delete the malicious svchost, and it did find the virus in my computer. But then, one I restarted my computer, I scanned it once again since a message popped up from avast and svchost was still there. It will not go away, and keeps getting detected, is there any way to remove this virus? I don't think it has leaked on to the system since avast blocks it, but it is getting annoying. mbam-log-2012-01-28 (22-37-53).txtThanks - FH
- January 29, 2012
- 1 reply

Sign In

FunkyHomosapien

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by FunkyHomosapien

need some assistance

Svchost won't leave me alone!

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information