RubberDucky451

Members

View Profile See their activity

Posts
4
Joined
March 16, 2010
Last visited
April 24, 2014

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by RubberDucky451

svchost.exe blocked

RubberDucky451 posted a topic in Malwarebytes for Windows Support Forum

I've been receiving notifications from malwarebytes about inbound and outbound connections being blocked via svchost.exe. I think I'm infected.
- April 16, 2014
- 1 reply
Various Malware Problems

RubberDucky451 replied to RubberDucky451's topic in Resolved Malware Removal Logs

I hate to bump this, but I'm still experiencing system slowdown
- March 24, 2010
- 1 reply
Various Malware Problems

RubberDucky451 posted a topic in Resolved Malware Removal Logs

DDS LOG: DDS (Ver_10-03-17.01) - NTFSX64 Run by Michael at 19:21:12.06 on Mon 03/22/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6744 [GMT -7:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\SysWOW64\PnkBstrB.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\Windows\SysWOW64\vmnat.exe C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe C:\Windows\SysWOW64\vmnetdhcp.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\QuickTime\QTTask.exe C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Users\Michael\Desktop\Malware Removal\dds.scr C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.ask.com?o=15179&l=dis uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [AdobeBridge] mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [ATICustomerCare] "c:\program files (x86)\ati\aticustomercare\ATICustomerCare.exe" mRun: [PWRISOVM.EXE] c:\program files (x86)\poweriso\PWRISOVM.EXE mRun: [QFan Help] "c:\program files (x86)\asus\ai suite\qfan3\QFanHelp.exe" mRun: [Cpu Level Up help] "c:\program files (x86)\asus\ai suite\CpuLevelUpHelp.exe" mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime mRun: [vmware-tray] "c:\program files (x86)\vmware\vmware workstation\vmware-tray.exe" mRun: [iJNetworkScanUtility] c:\program files (x86)\canon\canon ij network scan utility\CNMNSUT.EXE mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe" mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /starttray StartupFolder: c:\users\michael\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files (x86)\common files\logishrd\ereg\setpoint\eReg.exe StartupFolder: c:\users\michael\appdata\roaming\microsoft\windows\start menu\programs\startup\OpenOffice.org 3.2.lnk.disabled mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000 IE: Sothink SWF Catcher - c:\program files (x86)\common files\sourcetec\swf catcher\InternetExplorer.htm IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files (x86)\common files\sourcetec\swf catcher\InternetExplorer.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll BHO-X64: Windows Live Family Safety Browser Helper - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe mRun-x64: [skytel] c:\program files\realtek\audio\hda\Skytel.exe mRun-x64: [sKDaemon.exe] c:\program files\ltonhis\touch manager\SKDaemon.exe mRun-x64: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe mRun-x64: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\ehv7z2et.default\ FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?client=firefox-a&rls=org.mozilla:en-US:official&hl=en&tab=wn FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npwachk.dll FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-24 202752] R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2009-12-25 90112] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe [2009-11-16 735960] R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-11-16 123200] R2 StarWindServiceAE;StarWind AE Service;c:\program files (x86)\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968] R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\common files\vmware\usb\vmware-usbarbitrator.exe [2009-10-22 563760] R3 rt61x64;RT61 Extensible Wireless Driver;c:\windows\system32\drivers\netr6164.sys [2009-12-21 439808] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-8-24 215040] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920] S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-7-5 77688] S2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2010-3-16 236368] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-22 25832] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-1-11 1038088] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2009-12-12 61808] S3 fsssvc;Windows Live Family Safety;c:\program files (x86)\windows live\family safety\fsssvc.exe [2009-2-6 533360] S3 GRemoteBus;GRemote virtual joystick Bus Enumerator;c:\windows\system32\drivers\GRemoteBus64.sys [2009-8-5 27336] S3 GRemoteJoy;GRemote virtual joystick Device Driver;c:\windows\system32\drivers\GRemoteJoy64.sys [2009-8-5 46792] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-10 139264] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-16 22104] S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28x.sys [2009-6-10 620544] S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152] S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbx64.sys [2009-8-4 48200] =============== Created Last 30 ================ 2010-03-23 02:18:11 20 ----a-w- c:\users\michael\defogger_reenable 2010-03-20 21:34:20 0 d-----w- c:\program files (x86)\common files\Futuremark Shared 2010-03-20 21:33:47 0 d-----w- c:\program files (x86)\Futuremark 2010-03-20 20:28:05 0 d-----w- c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP 2010-03-18 22:05:43 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2010-03-17 01:01:11 0 d-----w- c:\program files (x86)\GameSpy Arcade 2010-03-16 22:35:58 33846 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.bmp 2010-03-16 22:35:58 3159 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat 2010-03-16 22:35:51 33846 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.bmp 2010-03-16 22:35:51 3113 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat 2010-03-16 22:35:44 33846 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp FLAC Codec.bmp 2010-03-16 22:35:44 2993 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp FLAC Codec.dat 2010-03-16 22:35:38 33846 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.bmp 2010-03-16 22:35:38 2849 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat 2010-03-16 22:35:06 0 d-----w- c:\users\michael\appdata\roaming\AccurateRip 2010-03-16 22:35:05 33846 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp DSP Effects.bmp 2010-03-16 22:35:05 11030 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp DSP Effects.dat 2010-03-16 22:34:59 510840 ----a-w- c:\windows\syswow64\SpoonUninstall.exe 2010-03-16 22:34:59 33846 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Music Converter.bmp 2010-03-16 22:34:59 15613 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Music Converter.dat 2010-03-16 22:34:53 0 d-----w- c:\program files (x86)\Illustrate 2010-03-16 22:21:09 0 d-----w- c:\program files (x86)\Xilisoft 2010-03-16 22:09:11 0 d-----w- c:\programdata\RL Vision 2010-03-16 22:08:39 28672 ----a-w- c:\windows\syswow64\FolderWatcher.dll 2010-03-16 22:08:39 17804 ----a-w- c:\windows\syswow64\shlctxmnu.tlb 2010-03-16 22:08:39 11012 ----a-w- c:\windows\syswow64\threadapi.tlb 2010-03-16 22:08:39 106496 ----a-w- c:\windows\syswow64\FlashRenHelper.dll 2010-03-16 22:08:35 0 d-----w- c:\program files (x86)\Flash Renamer 2010-03-16 22:08:22 13312 ----a-w- c:\windows\syswow64\BASSMOD.dll 2010-03-16 20:38:04 212864 ------w- c:\windows\system32\MpSigStub.exe 2010-03-16 09:02:23 0 d-----w- c:\users\michael\appdata\roaming\Malwarebytes 2010-03-16 09:02:16 0 d-----w- c:\programdata\Malwarebytes 2010-03-16 09:02:14 22104 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-16 09:02:13 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2010-03-16 07:40:55 0 d-----w- c:\program files (x86)\WinPcap 2010-03-16 07:40:36 0 d-----w- c:\program files (x86)\Cain 2010-03-16 07:06:45 0 d-----w- c:\program files (x86)\common files\SourceTec 2010-03-16 07:03:15 0 d-----w- c:\program files (x86)\SourceTec 2010-03-12 23:46:15 0 d-----w- c:\users\michael\appdata\roaming\OpenOffice.org 2010-03-12 23:45:18 0 d-----w- c:\program files (x86)\JRE 2010-03-12 23:45:12 0 d-----w- c:\program files (x86)\OpenOffice.org 3 2010-03-12 23:44:50 0 d-----w- c:\programdata\Sun 2010-03-12 23:44:38 153376 ----a-w- c:\windows\syswow64\javaws.exe 2010-03-12 23:44:38 145184 ----a-w- c:\windows\syswow64\javaw.exe 2010-03-12 23:44:38 145184 ----a-w- c:\windows\syswow64\java.exe 2010-03-09 00:40:55 1908 ----a-w- c:\windows\diagwrn.xml 2010-03-09 00:40:55 1908 ----a-w- c:\windows\diagerr.xml 2010-03-08 08:38:31 0 d-----w- c:\program files (x86)\Microsoft Live Labs Pivot 2010-03-07 22:44:58 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2010-03-07 22:44:06 0 d-----w- c:\programdata\Logishrd 2010-03-07 22:43:17 0 d-----w- c:\users\michael\appdata\roaming\Logishrd 2010-03-05 10:28:14 0 d-----w- c:\windows\Simple Port Forwarding 2010-03-05 10:28:14 0 d-----w- c:\program files (x86)\Simple Port Forwarding 2010-03-04 05:18:59 0 d-----w- c:\users\michael\appdata\roaming\.minecraft 2010-03-03 02:30:54 0 d-----w- c:\program files (x86)\TrendMicro 2010-03-02 08:20:56 0 d-----w- c:\program files (x86)\RBK 2010-03-02 07:58:22 0 d-----w- C:\illusion 2010-03-02 05:45:19 0 d-----w- c:\program files (x86)\HxD 2010-03-02 05:42:46 0 d-----w- c:\users\michael\appdata\roaming\Mael 2010-03-01 05:56:57 0 d-----w- c:\users\michael\appdata\roaming\Datel 2010-03-01 05:56:52 0 d-----w- c:\program files (x86)\Datel 2010-03-01 02:56:17 69263 ----a-w- c:\windows\system32\peerblock.dmp 2010-02-26 03:23:25 0 d-----w- c:\program files (x86)\Aixcoustic 2010-02-26 03:23:24 0 d-----w- c:\program files (x86)\VstPlugins 2010-02-25 22:04:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_point64k_01009.Wdf 2010-02-23 21:26:45 2048 ----a-w- c:\windows\syswow64\tzres.dll 2010-02-23 21:26:45 2048 ----a-w- c:\windows\system32\tzres.dll 2010-02-23 21:26:41 716800 ----a-w- c:\windows\syswow64\jscript.dll ==================== Find3M ==================== 2010-03-16 22:36:22 1850 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat 2010-03-16 22:36:20 2234 ----a-w- c:\windows\syswow64\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat 2010-03-16 22:36:18 11479 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat 2010-03-16 22:36:11 3014 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp WavPack Codec.dat 2010-03-16 22:36:04 3071 ----a-w- c:\windows\syswow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat 2010-03-12 23:44:31 411368 ----a-w- c:\windows\syswow64\deploytk.dll 2010-03-12 06:37:44 21840 ----atw- c:\windows\syswow64\SIntfNT.dll 2010-03-12 06:37:43 17212 ----atw- c:\windows\syswow64\SIntf32.dll 2010-03-12 06:37:43 12067 ----atw- c:\windows\syswow64\SIntf16.dll 2010-02-08 05:41:23 160220 ---ha-w- c:\windows\syswow64\mlfcache.dat 2010-02-03 07:47:14 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll 2010-02-03 07:45:41 107832 ----a-w- c:\windows\syswow64\PnkBstrB.exe 2010-02-03 07:45:26 66872 ----a-w- c:\windows\syswow64\PnkBstrA.exe 2010-02-03 07:45:25 2250024 ----a-w- c:\windows\syswow64\pbsvc.exe 2010-01-22 01:33:06 41872 ----a-w- c:\windows\syswow64\xfcodec.dll 2010-01-22 01:33:06 27536 ----a-w- c:\windows\system32\xfcodec64.dll 2010-01-19 04:54:35 99384 ----a-w- c:\users\michael\appdata\roaming\inst.exe 2010-01-19 04:54:35 82816 ----a-w- c:\users\michael\appdata\roaming\pcouffin.sys 2010-01-15 08:09:30 455680 ----a-w- c:\windows\system32\deploytk.dll 2010-01-15 08:06:27 39 ----a-w- c:\users\michael\jagex_runescape_preferences.dat 2010-01-15 08:06:22 69 ----a-w- c:\users\michael\jagex_runescape_preferences2.dat 2010-01-11 07:12:38 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-01-04 04:45:51 604 ---ha-w- c:\program files (x86)\STLL Notifier 2010-01-04 03:48:29 368640 ----a-w- c:\windows\syswow64\ReWire.dll 2010-01-04 03:48:29 233472 ----a-w- c:\windows\syswow64\REX Shared Library.dll 2010-01-02 10:25:35 43520 ----a-w- c:\windows\syswow64\CmdLineExt03.dll 2009-12-30 08:39:13 4608 ----a-w- c:\windows\syswow64\w95inf32.dll 2009-12-30 08:39:13 2272 ----a-w- c:\windows\syswow64\w95inf16.dll 2009-12-25 20:13:11 24072 ----a-w- c:\windows\gdrv.sys 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 19:22:16.24 =============== Mbam Log: Malwarebytes' Anti-Malware 1.44 Database version: 3872 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 3/16/2010 2:10:45 AM mbam-log-2010-03-16 (02-10-45).txt Scan type: Quick Scan Objects scanned: 106733 Time elapsed: 5 minute(s), 45 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\startup (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Users\Michael\AppData\Roaming\Microsoft\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. Attach.zip
- March 23, 2010
- 1 reply
MalwareBytes as primary?

RubberDucky451 posted a topic in General Windows PC Help

I recently installed Malwarebytes and was surprised to find 3 infected files. I'm currently using Eset Nod32, but I've lost confidence since this event. I know that no virus program is fail proof but I'm still concerned. With the above knowledge I purchased the full version of Malwarebtyes, hoping that it could act as my primary protection and not just a scanner.(I uninstalled Eset) I'm now wondering if I should buy another program, or if I'm currently safe with my setup. Thanks
- March 16, 2010
- 2 replies

Sign In

RubberDucky451

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by RubberDucky451

svchost.exe blocked

Various Malware Problems

Various Malware Problems

MalwareBytes as primary?

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information