Jump to content

malicious mesage incl. svchost.exe


Recommended Posts

Hi,

I'm attempting to repair a machine belonging to a friend.

Initial issue included internet not working, speakers not working and printer not working.

all are now working fine except the internet is still v intermittent

the machine had no antivirus software at all. I've downloaded avast home and purchased malwarebytes pro for them but one issue still remains.

on loading any internet page something strange will happen maybe on google search, the page either will not load due to internet connection dropping off or the page gets redirected. also avast throws up a malicious message including SYSTEM32/SVCHOST.EXE

Is there some steps i can go thru to identify a best course of action to resolve ?

Thanks in advance

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by bobbymct at 14:06:41 on 2012-01-29

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3839.2606 [GMT 0:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://home.bt.yahoo.com/

uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3720&r=173601120206p0305v155y4721929s

mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3720&r=173601120206p0305v155y4721929s

mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=ixtreme_m3720&r=173601120206p0305v155y4721929s

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: SpecialSavings: {74f475fa-6c75-43bd-aab9-ecda6184f600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun: [<NO NAME>]

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{2A200944-253A-46C6-A191-09ED9CE8F972} : DhcpNameServer = 192.168.1.1

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: SpecialSavings: {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll

BHO-X64: SpecialSavings - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED

mRun-x64: [(Default)]

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\bobbymct\AppData\Roaming\Mozilla\Firefox\Profiles\x8qeaogp.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000027&locale=en_UK&apn_uid=AB40A16B-F4C2-4E7B-AD55-63A83C92D441&apn_ptnrs=U3&apn_sauid=2C55CE64-FA7F-490B-85B3-A0C35583101D&apn_dtid=OSJ000YYGB&&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-1-23 44768]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-6-4 1150496]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Windows\SysWOW64\nvSCPAPISvr.exe [2009-6-10 232960]

R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-8-15 240160]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n64.sys --> C:\Windows\system32\DRIVERS\RTL85n64.sys [?]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-8 135664]

S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-28 652872]

S3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-8 135664]

S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2009-8-15 332272]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-01-28 17:58:56 -------- d-----w- C:\Users\bobbymct\AppData\Local\WinZip

2012-01-28 17:49:37 -------- d-----w- C:\Users\bobbymct\AppData\Roaming\Malwarebytes

2012-01-28 17:49:21 -------- d-----w- C:\ProgramData\Malwarebytes

2012-01-28 17:49:20 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware

2012-01-28 17:47:11 -------- d-----w- C:\Malwarebytes Anti-Malware v1.60.0.1800 Final Incl. Keygen

2012-01-27 16:12:27 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1AD4FCBC-13B1-4C5B-9E4D-5F061EF1170C}\mpengine.dll

2012-01-23 22:21:21 248320 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpfpp70v.dll

2012-01-23 22:19:23 -------- d-----w- C:\Program Files (x86)\Common Files\HP

2012-01-23 22:19:13 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard

2012-01-23 22:18:52 136704 ----a-w- C:\Windows\System32\hpf3l70v.dll

2012-01-23 22:18:08 -------- d-----w- C:\Program Files (x86)\HP

2012-01-23 22:16:52 880640 ----a-w- C:\Windows\System32\hposwia_d02c.dll

2012-01-23 22:16:52 748544 ----a-w- C:\Windows\System32\hpost_d02c.dll

2012-01-23 22:16:52 642360 ----a-w- C:\Windows\System32\hpzids40.dll

2012-01-23 22:16:52 551424 ----a-w- C:\Windows\System32\hppldcoi.dll

2012-01-23 22:16:52 515072 ----a-w- C:\Windows\System32\hposc_d02a.dll

2012-01-23 20:54:29 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-23 20:29:25 16752 ----a-w- C:\Windows\System32\roboot64.exe

2012-01-23 20:29:25 -------- d-----w- C:\Users\bobbymct\AppData\Roaming\PerformerSoft

2012-01-23 20:29:23 -------- d-----w- C:\Program Files (x86)\SpecialSavings

2012-01-23 19:10:50 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-01-23 19:10:47 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-01-23 19:10:09 41184 ----a-w- C:\Windows\avastSS.scr

2012-01-23 19:10:03 -------- d-----w- C:\ProgramData\AVAST Software

2012-01-23 19:10:03 -------- d-----w- C:\Program Files\AVAST Software

2012-01-16 11:25:59 -------- d-----w- C:\ProgramData\Friends Games

2012-01-16 11:25:25 -------- d-sh--w- C:\Users\bobbymct\AppData\Roaming\.#

2012-01-12 19:27:57 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-01-12 19:27:57 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-01-12 19:27:57 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-01-12 19:27:57 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2012-01-12 19:27:57 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-01-11 16:44:19 -------- d-----w- C:\Program Files (x86)\MapsGalaxy_39EI

2012-01-11 15:26:53 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-01-11 15:26:53 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-01-11 15:26:53 1572864 ----a-w- C:\Windows\System32\quartz.dll

2012-01-11 15:26:53 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-01-11 15:25:46 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-01-11 15:25:45 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-01-11 15:25:04 77312 ----a-w- C:\Windows\System32\packager.dll

2012-01-11 15:25:04 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-01-10 19:04:04 -------- d-----w- C:\Windows\System32\SPReview

2012-01-10 19:03:01 -------- d-----w- C:\Windows\System32\EventProviders

2012-01-09 19:51:44 -------- d-----w- C:\Users\bobbymct\Tracing

2012-01-09 19:42:02 48976 ----a-w- C:\Windows\System32\netfxperf.dll

2012-01-09 19:42:02 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2012-01-09 19:40:59 95232 ----a-w- C:\Windows\System32\regapi.dll

2012-01-09 19:39:59 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll

2012-01-09 19:39:59 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll

2012-01-09 19:38:27 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2012-01-09 19:38:27 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll

2012-01-09 19:38:19 244736 ----a-w- C:\Windows\System32\sqmapi.dll

2012-01-09 19:13:00 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2012-01-09 19:13:00 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys

2012-01-09 19:13:00 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2012-01-09 19:13:00 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2012-01-09 19:13:00 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2012-01-09 19:13:00 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2012-01-09 19:13:00 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2012-01-09 19:12:52 2565632 ----a-w- C:\Windows\System32\esent.dll

2012-01-09 19:12:52 1699328 ----a-w- C:\Windows\SysWow64\esent.dll

2012-01-09 19:12:52 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-01-09 19:12:51 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys

2012-01-09 19:12:51 189824 ----a-w- C:\Windows\System32\drivers\storport.sys

2012-01-09 19:12:51 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys

2012-01-09 19:12:51 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys

2012-01-09 19:12:51 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys

2012-01-09 19:12:50 96768 ----a-w- C:\Windows\System32\fsutil.exe

2012-01-09 19:12:50 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe

2012-01-09 19:12:50 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys

2012-01-08 22:41:04 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2012-01-08 20:24:17 -------- d-----w- C:\Windows\SysWow64\Wat

2012-01-08 20:24:17 -------- d-----w- C:\Windows\System32\Wat

2012-01-08 19:33:11 294912 ----a-w- C:\Windows\System32\browserchoice.exe

2012-01-08 18:46:01 715776 ----a-w- C:\Windows\System32\kerberos.dll

2012-01-08 18:46:01 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

2012-01-08 18:44:52 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2012-01-08 18:44:52 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2012-01-08 18:44:52 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2012-01-08 18:44:50 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2012-01-08 18:44:30 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2012-01-08 18:44:30 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2012-01-08 18:44:10 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2012-01-08 18:44:03 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2012-01-08 18:44:03 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2012-01-08 18:42:33 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2012-01-08 18:42:00 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe

2012-01-08 18:42:00 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe

2012-01-08 18:42:00 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll

2012-01-08 18:39:25 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2012-01-08 18:38:58 3145216 ----a-w- C:\Windows\System32\win32k.sys

2012-01-08 18:38:55 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2012-01-08 18:38:54 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2012-01-08 18:38:54 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2012-01-08 18:38:54 331776 ----a-w- C:\Windows\System32\oleacc.dll

2012-01-08 18:38:54 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2012-01-08 18:38:52 723456 ----a-w- C:\Windows\System32\EncDec.dll

2012-01-08 18:38:52 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2012-01-08 18:38:44 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-01-08 18:38:44 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-01-08 18:33:00 -------- d-----w- C:\Program Files (x86)\Ask.com

2012-01-08 18:31:13 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-01-08 18:31:12 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-01-08 18:31:11 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-01-08 18:27:51 525544 ----a-w- C:\Windows\System32\deployJava1.dll

2012-01-08 18:25:07 279096 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-08 18:21:14 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-01-08 18:15:32 -------- d-----w- C:\Users\bobbymct\AppData\Local\Google

2012-01-08 08:12:19 -------- d-----r- C:\Backup4

2012-01-08 06:37:13 -------- d-----r- C:\Backup3

2012-01-08 01:15:10 -------- d-----r- C:\Backup2

2012-01-08 01:00:15 -------- d-----w- C:\Users\bobbymct\AppData\Local\ElevatedDiagnostics

2012-01-08 00:53:27 -------- d-----w- C:\Users\bobbymct\AppData\Local\Diagnostics

2012-01-08 00:52:50 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2012-01-08 00:52:50 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2012-01-08 00:52:29 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-01-08 00:51:45 -------- d-----w- C:\Program Files (x86)\Microsoft

2012-01-08 00:51:26 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive

2012-01-08 00:50:45 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8e0351501cccd9f\DSETUP.dll

2012-01-08 00:50:45 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8e0351501cccd9f\DXSETUP.exe

2012-01-08 00:50:45 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8e0351501cccd9f\dsetup32.dll

2012-01-08 00:50:16 140066664 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcB27.tmp

2012-01-08 00:50:10 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

2012-01-08 00:49:19 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared

2012-01-08 00:49:02 55024 ------w- C:\Windows\System32\drivers\PxHlpa64.sys

2012-01-08 00:49:00 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared

2012-01-08 00:49:00 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine

2012-01-08 00:45:36 -------- d-----w- C:\Users\bobbymct\AppData\Local\IOI

2012-01-08 00:45:29 -------- d-----w- C:\Users\bobbymct\AppData\Local\Packard Bell

2012-01-08 00:44:36 -------- d-----w- C:\Users\bobbymct\AppData\Local\VirtualStore

2012-01-08 00:42:37 -------- d-----w- C:\Program Files\PB Accessory Store

2012-01-08 00:42:29 -------- d-----w- C:\Program Files (x86)\OEM

2011-12-31 01:12:34 -------- d-----r- C:\Backup1

.

==================== Find3M ====================

.

2012-01-10 19:11:03 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-01-10 19:11:02 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-01-08 00:35:07 6 ----a-w- C:\Windows\System32\PLD_Framework.cmd

2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys

2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll

2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll

2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll

2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll

2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll

2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe

2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll

2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll

2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 14:15:38.91 ===============

ATTACH file

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 08/01/2012 00:41:42

System Uptime: 29/01/2012 13:53:18 (1 hours ago)

.

Motherboard: Packard Bell | | MCP73PVT-PM

Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz | CPU 1 | 2499/333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 290 GiB total, 249.172 GiB free.

D: is FIXED (NTFS) - 291 GiB total, 230.783 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&38E7983B&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&38E7983B&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP17: 11/01/2012 15:27:28 - Windows Update

RP18: 11/01/2012 16:52:59 - Windows Update

RP19: 12/01/2012 11:34:08 - Windows Update

RP20: 12/01/2012 12:33:00 - Windows Update

RP21: 12/01/2012 19:56:11 - Windows Update

RP22: 13/01/2012 19:20:00 - Windows Backup

RP23: 13/01/2012 19:21:44 - Windows Backup

RP24: 13/01/2012 19:23:00 - Windows Backup

RP25: 13/01/2012 19:24:14 - Windows Backup

RP26: 13/01/2012 19:25:26 - Windows Backup

RP27: 13/01/2012 19:28:07 - Windows Backup

RP28: 13/01/2012 19:30:14 - Windows Backup

RP29: 13/01/2012 20:05:45 - Windows Update

RP30: 15/01/2012 19:23:59 - Windows Backup

RP31: 17/01/2012 14:48:37 - Windows Update

RP32: 20/01/2012 15:42:47 - Windows Update

RP33: 20/01/2012 19:15:53 - Restore Operation

RP34: 21/01/2012 07:45:23 - Windows Update

RP35: 21/01/2012 10:49:27 - Windows Backup

RP36: 21/01/2012 10:55:28 - Restore Operation

RP37: 21/01/2012 19:12:37 - Windows Backup

RP38: 21/01/2012 20:56:34 - Restore Operation

RP39: 23/01/2012 17:07:25 - Windows Backup

RP40: 23/01/2012 18:55:22 - Windows Backup

RP41: 23/01/2012 19:09:55 - avast! Free Antivirus Setup

RP42: 23/01/2012 20:09:32 - ARO 2011 - Before Installation

RP43: 23/01/2012 20:10:03 - ARO 2011 - FIRST RUN

RP44: 23/01/2012 20:17:21 - ARO 2011 Mon, Jan 23, 12 20:17

RP45: 23/01/2012 20:18:17 - ARO 2011 - Before Optimize

RP46: 23/01/2012 20:31:15 - PC Performer Mon, Jan 23, 12 20:31

RP47: 24/01/2012 14:56:48 - Windows Update

RP48: 24/01/2012 15:26:12 - Windows Update

RP49: 25/01/2012 12:34:23 - Windows Update

RP50: 28/01/2012 17:58:05 - Installed WinZip 16.0

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office Suite Service Pack 2 (SP2)

Acrobat.com

Adobe AIR

Adobe Photoshop Elements 7.0

Adobe Reader 9.1 MUI

Advertising Center

Amazonia

Ask Toolbar

Ask Toolbar Updater

avast! Free Antivirus

Choice Guard

Compatibility Pack for the 2007 Office system

DJ_AIO_06_F2400_SW_Min

eBay Worldwide

Google Toolbar for Internet Explorer

Google Update Helper

Identity Card

ImagXpress

Java Auto Updater

Java™ 6 Update 30

Junk Mail filter update

Malwarebytes Anti-Malware version 1.60.0.1800

Merriam Websters Spell Jam

Metaboli

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Mozilla Firefox 9.0.1 (x86 en-GB)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 9 Essentials

Nero ControlCenter

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

NeroExpress

neroxml

Norton Online Backup

NVIDIA Stereoscopic 3D Driver

Packard Bell InfoCentre

Packard Bell Recovery Management

Packard Bell Registration

Packard Bell ScreenSaver

Packard Bell Software Suite SE

Packard Bell Updater

Realtek High Definition Audio Driver

Scan

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

SpecialSavings

Toolbox

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 (KB974631)

Update for Microsoft Office Word 2007 Help (KB963665)

Welcome Center

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

29/01/2012 13:55:48, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.

29/01/2012 13:55:48, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.

28/01/2012 18:44:30, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.

28/01/2012 18:42:32, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

28/01/2012 18:42:30, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

28/01/2012 18:42:30, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

28/01/2012 18:42:30, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

28/01/2012 18:31:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP

28/01/2012 18:31:09, Error: SRTSP [5] -

28/01/2012 17:46:46, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.

23/01/2012 18:56:51, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.

.

==== End Of File ===========================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.