Jump to content

Need help deleting C:\svchost trojan


Snarff

Recommended Posts

malwarebytes removes but it keeps coming back

Thanks for any help

Looks like I got rid of it, Malwarebytes no longer detects it

Here are the new DDS & Attach logs

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27

Run by John at 8:33:18 on 2012-01-14

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6629 [GMT -8:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - C:\Program Files (x86)\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll

TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

TCP: Interfaces\{9177293E-ADCF-4CE0-9540-BADA80363F64} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe

BHO-X64: Tunebite_WebRipPlugin Class: {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files (x86)\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll

TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\b6d4q4kd.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: network.proxy.type - 0

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 64952]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-6-9 264008]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-9 85560]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-23 212944]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-14 652872]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-1-8 2253120]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-10-12 1128952]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-12 2656280]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]

S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

.txt=SigilTXT

.

=============== Created Last 30 ================

.

2012-01-14 16:20:33 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EEFA1EE3-3821-43EB-A2B5-CDDEA60FBBA7}\offreg.dll

2012-01-14 15:47:32 -------- d-----w- C:\ProgramData\Recovery

2012-01-14 09:42:32 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EEFA1EE3-3821-43EB-A2B5-CDDEA60FBBA7}\mpengine.dll

2012-01-14 09:28:14 -------- d-----w- C:\Users\John\AppData\Local\{606874B5-FA65-4E9A-A04F-DF4DC58641A2}

2012-01-14 09:28:05 -------- d-----w- C:\Users\John\AppData\Local\{9661B1EC-CF12-4C9F-9E8D-3CA1BD855057}

2012-01-14 09:28:04 -------- d-----w- C:\Users\John\AppData\Local\{4BB44E34-8097-4AAA-82CD-62967BBE1373}

2012-01-14 08:56:15 -------- d-----w- C:\Windows\System32\wbem\repository

2012-01-14 07:28:29 -------- d-----w- C:\Users\John\AppData\Local\CrashDumps

2012-01-14 07:27:47 -------- d-----w- C:\MGtools

2012-01-13 22:18:39 -------- d-----w- C:\Users\John\AppData\Local\{9EB19FEB-A96F-487A-83B7-0A6F24CD83C3}

2012-01-13 22:18:29 -------- d-----w- C:\Users\John\AppData\Local\{367276FB-6EF0-426C-A129-80ACE707238D}

2012-01-13 09:41:18 -------- d-----w- C:\Users\John\AppData\Local\{E08DDFA1-FC11-4D8E-A88D-B31B5368946E}

2012-01-13 09:41:08 -------- d-----w- C:\Users\John\AppData\Local\{E1CB9A47-0D36-434D-8B25-F832F4856BF9}

2012-01-13 09:41:08 -------- d-----w- C:\Users\John\AppData\Local\{C907302B-10C0-4AB2-89F9-468C4CBE1D33}

2012-01-13 06:40:21 -------- d-----w- C:\My Music

2012-01-12 19:49:50 -------- d-----w- C:\Users\John\AppData\Local\{F9D3C7FB-8D13-4E01-9BBF-47BF306C50C1}

2012-01-12 19:49:40 -------- d-----w- C:\Users\John\AppData\Local\{0F351073-0692-4CFA-BFFB-DAE6BA756934}

2012-01-12 19:20:52 -------- d-----w- C:\Users\John\AppData\Local\Western Digital

2012-01-12 19:09:32 -------- d-----w- C:\Users\John\AppData\Local\{B1032896-7DD3-445E-8E26-0C0BB80492C0}

2012-01-12 18:02:37 -------- d-----w- C:\Users\John\AppData\Local\Ahead

2012-01-12 05:29:29 -------- d-----w- C:\Users\John\AppData\Local\{D4ED8D81-C5A1-421C-9D81-401EF66F1315}

2012-01-12 05:29:19 -------- d-----w- C:\Users\John\AppData\Local\{6BCE485B-AEF6-405E-8E1B-ED0887B0960A}

2012-01-11 19:51:22 -------- d-----w- C:\Users\John\Tracing

2012-01-11 19:51:12 -------- d-----w- C:\ProgramData\SweetIM

2012-01-11 19:51:12 -------- d-----w- C:\Program Files (x86)\SweetIM

2012-01-11 19:51:01 -------- d-----w- C:\Program Files (x86)\windows-7-themes.com

2012-01-11 15:43:48 -------- d-----w- C:\Users\John\AppData\Local\{B1E49649-12AD-4E64-8753-A86A8542EAE2}

2012-01-11 15:43:38 -------- d-----w- C:\Users\John\AppData\Local\{755B6EFB-CC58-44AE-B5B7-BCEE39687E47}

2012-01-11 07:36:41 -------- d-----w- C:\Users\John\AppData\Local\{5006AD4E-8D93-4DD4-9D11-7924081F5B23}

2012-01-10 16:02:19 -------- d-----w- C:\Users\John\AppData\Local\{720ECDA7-14D1-4302-ACF9-3073DAF7FA18}

2012-01-10 16:02:09 -------- d-----w- C:\Users\John\AppData\Local\{84E3797C-739B-4747-81B5-13898DC03C0A}

2012-01-10 15:58:21 -------- d-----w- C:\Users\John\AppData\Local\ElevatedDiagnostics

2012-01-10 15:55:34 -------- d-----w- C:\Users\John\AppData\Local\{C7193F1B-241C-4559-9EE1-13B7DDEFBAB3}

2012-01-10 02:43:27 -------- d-----w- C:\Users\John\AppData\Local\{387523F3-09BF-445E-95B6-F5A78ADF49BC}

2012-01-10 02:43:17 -------- d-----w- C:\Users\John\AppData\Local\{00E3471C-3212-4173-97AC-3523AC20C7AE}

2012-01-10 00:26:27 -------- d-----w- C:\ProgramData\WEBREG

2012-01-10 00:24:21 -------- d-----w- C:\Users\John\AppData\Local\HP

2012-01-10 00:20:39 -------- d-----w- C:\Program Files (x86)\Yahoo!

2012-01-10 00:19:42 -------- d-----w- C:\Windows\SysWow64\spool

2012-01-10 00:18:46 -------- d-----w- C:\Program Files (x86)\Common Files\HP

2012-01-10 00:18:44 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard

2012-01-10 00:18:33 -------- d-----w- C:\Windows\hpojj4500

2012-01-09 23:46:44 -------- d-----w- C:\Users\John\AppData\Local\Apple Computer

2012-01-09 23:45:38 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-01-09 23:45:38 -------- d-----w- C:\Program Files\iPod

2012-01-09 23:45:38 -------- d-----w- C:\Program Files (x86)\iTunes

2012-01-09 23:45:17 -------- d-----w- C:\Users\John\AppData\Local\Apple

2012-01-09 23:44:53 -------- d-----w- C:\Program Files\Bonjour

2012-01-09 23:44:53 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-01-09 23:16:02 -------- d-----w- C:\Users\John\Calibre Library

2012-01-09 23:15:58 -------- d-----w- C:\Users\John\AppData\Roaming\calibre

2012-01-09 23:15:22 -------- d-----w- C:\Program Files (x86)\OverDrive Media Console

2012-01-09 23:14:48 -------- d-----w- C:\Program Files (x86)\MP3BookHelper

2012-01-09 23:13:39 -------- d-----w- C:\Program Files (x86)\PixiePack Codec Pack

2012-01-09 23:12:23 -------- d-----w- C:\ProgramData\RapidSolution

2012-01-09 23:12:23 -------- d-----w- C:\Program Files (x86)\RapidSolution

2012-01-09 22:57:26 -------- d-----w- C:\Users\John\AppData\Local\RapidSolution

2012-01-09 22:52:31 -------- d-----w- C:\Users\John\My Scans

2012-01-09 22:34:29 -------- d-----w- C:\ProgramData\ESTsoft

2012-01-09 22:33:04 -------- d-----w- C:\Program Files (x86)\Calibre2

2012-01-09 22:32:19 -------- d-----w- C:\Program Files (x86)\Sigil

2012-01-09 22:31:16 -------- d-----w- C:\Program Files (x86)\Conduit

2012-01-09 22:31:15 -------- d-----w- C:\Users\John\AppData\Local\Conduit

2012-01-09 22:31:11 -------- d-----w- C:\Program Files (x86)\uTorrent

2012-01-09 22:31:01 -------- d-----w- C:\Users\John\AppData\Roaming\uTorrent

2012-01-09 22:31:01 -------- d-----w- C:\Users\John\AppData\Local\uTorrent

2012-01-09 22:29:59 -------- d-----w- C:\Mergemp3

2012-01-09 22:24:45 -------- d-----w- C:\ProgramData\WhereIsIt

2012-01-09 22:24:45 -------- d-----w- C:\Program Files (x86)\WhereIsIt

2012-01-09 22:23:00 -------- d-----w- C:\Program Files (x86)\Mp3TagToolsv12

2012-01-09 22:21:47 -------- d-----w- C:\Users\John\AppData\Roaming\NVIDIA

2012-01-09 22:21:39 -------- d-----w- C:\Program Files (x86)\DVDFab 8 Qt

2012-01-09 22:15:18 -------- d-----w- C:\Downloads

2012-01-09 22:08:54 -------- d-----w- C:\Users\John\AppData\Local\MediaMonkey

2012-01-09 22:08:52 -------- d-----w- C:\Program Files (x86)\MediaMonkey

2012-01-09 21:27:21 -------- d-----w- C:\Users\John\AppData\Local\{11B620A2-C6FD-4951-9F8B-D5E8BC2AA0A9}

2012-01-09 21:02:48 1658880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM.dll

2012-01-09 20:37:45 -------- d-----w- C:\Users\John\AppData\Roaming\Auslogics

2012-01-09 20:36:26 -------- d-----w- C:\Users\John\AppData\Local\Adobe

2012-01-09 20:30:03 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2012-01-09 20:29:35 -------- d-----w- C:\Users\John\AppData\Local\Microsoft Help

2012-01-09 20:26:14 -------- d-----w- C:\ProgramData\Nero

2012-01-09 20:26:14 -------- d-----w- C:\Program Files (x86)\Nero

2012-01-09 20:23:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-01-09 20:18:21 -------- d-----w- C:\Program Files\CCleaner

2012-01-09 20:17:41 -------- d-----w- C:\Users\John\AppData\Roaming\ESTsoft

2012-01-09 20:17:41 -------- d-----w- C:\Program Files (x86)\ESTsoft

2012-01-09 20:16:56 -------- d-----w- C:\Program Files (x86)\Auslogics

2012-01-09 07:41:03 -------- d-----w- C:\Users\John\AppData\Local\{9D45D4B4-0EBD-4D76-84F3-96C0605A9CF5}

2012-01-09 07:40:54 -------- d-----w- C:\Users\John\AppData\Local\{4836B757-1E16-4678-8DE2-FBB9239D017F}

2012-01-09 03:37:12 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2012-01-07 11:56:44 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-01-07 11:00:20 -------- d-----w- C:\Users\John\AppData\Roaming\HpUpdate

2012-01-06 14:39:29 -------- d-----w- C:\Windows\SysWow64\Wat

2012-01-06 14:39:29 -------- d-----w- C:\Windows\System32\Wat

2012-01-06 13:53:57 -------- d-----w- C:\Windows\en

2012-01-06 13:53:05 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll

2012-01-06 13:53:05 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll

2012-01-06 13:53:04 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll

2012-01-06 13:53:04 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll

2012-01-06 13:53:00 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2012-01-06 13:53:00 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2012-01-06 13:52:47 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\790a24ce1cccc7a06\MeshBetaRemover.exe

2012-01-06 13:51:10 -------- d-----w- C:\Users\John\AppData\Local\{D431A29C-89AF-4A24-B04A-0B6A27B17886}

2012-01-06 08:11:09 -------- d-----w- C:\Users\John\AppData\Roaming\Origin

2012-01-06 08:10:01 -------- d-----w- C:\Users\John\AppData\Local\Origin

2012-01-06 08:09:29 -------- d-----w- C:\Users\John\AppData\Local\{C8A91F47-381C-46A8-A45C-EB4A8B1B8925}

2012-01-06 07:54:56 -------- d-----w- C:\Users\John\AppData\Local\SWTOR

2012-01-06 07:47:07 -------- d-----w- C:\Users\John\AppData\Local\{41EF572B-95B0-4022-8F78-3231E7FC023A}

2012-01-06 07:45:30 -------- d-----w- C:\Users\John\AppData\Local\{6B842C67-B8FF-4A6C-88A2-8E0AEFF68B9F}

2012-01-06 07:45:20 -------- d-----w- C:\Users\John\AppData\Local\{B09A3982-A9E1-48D5-A2AC-2C07D80FFF8A}

2012-01-06 07:27:13 -------- d-----w- C:\Users\John\AppData\Roaming\Mumble

2012-01-06 07:22:21 -------- d-----w- C:\Users\John\AppData\Local\{9D21C151-2CA1-4A49-88A5-5D1C675C3FA6}

2012-01-06 07:18:19 -------- d-----w- C:\ProgramData\Origin

2012-01-06 07:18:19 -------- d-----w- C:\ProgramData\Electronic Arts

2012-01-06 07:18:19 -------- d-----w- C:\Program Files (x86)\Origin Games

2012-01-06 07:18:13 -------- d-----w- C:\Program Files (x86)\Origin

2012-01-06 07:17:45 4991496 ----a-w- C:\Windows\System32\D3DX9_38.dll

2012-01-06 07:17:45 3850760 ----a-w- C:\Windows\SysWow64\D3DX9_38.dll

2012-01-06 06:46:20 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare

2012-01-06 06:40:16 -------- d-----w- C:\Program Files (x86)\Mumble

2012-01-06 06:24:45 -------- d-----w- C:\Users\John\AppData\Local\Windows Live

2012-01-06 06:24:29 -------- d-----w- C:\Users\John\AppData\Local\{AB957B18-3CCE-4E19-8619-33FA613F4E16}

2012-01-06 06:24:16 -------- d-----w- C:\Users\John\AppData\Roaming\Windows Live Writer

2012-01-06 06:24:16 -------- d-----w- C:\Users\John\AppData\Local\Windows Live Writer

2012-01-06 06:22:52 -------- d-----w- C:\Users\John\AppData\Roaming\Malwarebytes

2012-01-06 06:22:45 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-01-06 06:22:45 -------- d-----w- C:\ProgramData\Malwarebytes

2012-01-06 06:22:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-01-06 06:21:52 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7D7CA966-398F-4EF7-B992-58D36EDFC2E6}\gapaengine.dll

2012-01-06 06:20:59 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-01-06 06:20:57 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-01-06 06:18:19 -------- d-----w- C:\Users\John\AppData\Local\PDFC

2012-01-06 06:17:46 -------- d-----w- C:\Users\John\AppData\Local\RemEngine

2012-01-06 06:16:26 -------- d-----w- C:\Users\John\AppData\Local\VirtualStore

2012-01-06 06:13:22 -------- d-----w- C:\Users\John\AppData\Local\Hewlett-Packard

2012-01-06 06:13:17 -------- d-----w- C:\Users\John\AppData\Local\AuthenTec

2012-01-06 06:13:13 -------- d-----w- C:\Users\John\AppData\Local\Hewlett-Packard_Company

2012-01-06 06:06:40 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll

.

==================== Find3M ====================

.

2012-01-09 20:23:19 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys

2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll

2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll

2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll

.

============= FINISH: 8:33:47.11 ===============

DDS.txt.txt

Attach.txt.txt

Attach.txt

DDS.txt

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

PC is running fine here is the log

Malwarebytes Anti-Malware (PRO) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.19.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

John :: SNARFF-HP [administrator]

Protection: Enabled

1/19/2012 4:43:55 PM

mbam-log-2012-01-19 (16-43-55).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 331275

Time elapsed: 24 minute(s), 6 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.