Jump to content

Rouge outgoing avastsvc.exe


Recommended Posts

Hi, MBAM has been blocking an outgoign connection for avastsvc.exe, on incrementing ports; during browsing and non-browsing sessions. I've whois'ed the IP, it doesn't seem to be associated with avast, rather with a IP range known for botnets, pr0n, etc a few years back. Anyway, here are my dds and ddr logs. Can you see anything that shouldn't be there?

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Administrator at 0:41:59 on 2012-04-11

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2051 [GMT -5:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe

C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\ide\mspdbsrv.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [aswAhAScr.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll"

mRunOnce: [aswasOutExt.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll"

mRunOnce: [aswasOutExt64.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe" "C:\Program Files\AVAST Software\Avast\asOutExt64.dll"

mRunOnce: [aswaswOtl.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\aswOtl.dll"

mRunOnce: [aswaswOtl64.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe" "C:\Program Files\AVAST Software\Avast\aswOtl64.dll"

mRunOnce: [installShieldSetup] C:\PROGRA~2\INSTAL~1\{0DF70~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{0DF70~1\reboot.ini -l0x0009

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

LSP: %SystemRoot%\system32\vsocklib.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 24.116.2.50 24.116.2.34

TCP: Interfaces\{BAE986FC-BEF5-49E8-A22A-AE8AF6D3FB4D} : DhcpNameServer = 24.116.2.50 24.116.2.34

TCP: Interfaces\{BAE986FC-BEF5-49E8-A22A-AE8AF6D3FB4D}\14E495 : DhcpNameServer = 24.116.2.50 24.116.2.34 192.168.33.1

TCP: Interfaces\{BAE986FC-BEF5-49E8-A22A-AE8AF6D3FB4D}\24C61636B6023586565607D27657563747 : DhcpNameServer = 24.116.2.50 24.116.2.34 192.168.33.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File

BHO-X64: AMD SteadyVideo BHO - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [aswAhAScr.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll"

mRunOnce-x64: [aswasOutExt.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll"

mRunOnce-x64: [aswasOutExt64.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe" "C:\Program Files\AVAST Software\Avast\asOutExt64.dll"

mRunOnce-x64: [aswaswOtl.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\aswOtl.dll"

mRunOnce-x64: [aswaswOtl64.dll] "C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe" "C:\Program Files\AVAST Software\Avast\aswOtl64.dll"

mRunOnce-x64: [installShieldSetup] C:\PROGRA~2\INSTAL~1\{0DF70~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{0DF70~1\reboot.ini -l0x0009

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys --> C:\Windows\system32\DRIVERS\rtlprot.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-14 361984]

R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]

R2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2011-5-25 136616]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-15 44768]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-24 652360]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-10 1153368]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AODDriver4.01;AODDriver4.01;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2011-5-25 55424]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\rtl8187.sys --> C:\Windows\system32\DRIVERS\rtl8187.sys [?]

R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 metasploitPostgreSQL-1;metasploitPostgreSQL-1;C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL-1" -D "C:/METASP~1/POSTGR~1/data" --> C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N metasploitPostgreSQL-1 [?]

S2 metasploitPostgreSQL;metasploitPostgreSQL;C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N "metasploitPostgreSQL" -D "C:/METASP~1/POSTGR~1/data" --> C:/METASP~1/POSTGR~1/bin/pg_ctl.exe runservice -N metasploitPostgreSQL [?]

S2 Realtek87B;Realtek87B;C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe --> C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [?]

S2 RealtekUSB;RealtekUSB;C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe --> C:\Program Files (x86)\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [?]

S2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-8-22 11837440]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 253600]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

S4 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-21 846448]

.

=============== Created Last 30 ================

.

2012-04-10 16:08:32 8767136 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-10 14:47:54 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FC3FB876-36F0-4337-9B90-38EAA474F6CB}\mpengine.dll

2012-04-10 05:17:30 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-05 05:59:10 -------- d-----w- C:\Program Files (x86)\Nmap

2012-04-05 03:36:44 614400 ----a-w- C:\Windows\SysWow64\Rtlihvs.dll

2012-04-05 03:36:44 380928 ----a-w- C:\Windows\RtlUI2.exe

2012-04-05 03:36:44 188416 ----a-w- C:\Windows\SysWow64\RTLExtUI.dll

2012-03-28 04:54:44 -------- d-----w- C:\Program Files\WinHTTrack

2012-03-27 04:27:44 -------- d-----w- C:\Program Files\Speccy

2012-03-27 01:53:01 -------- d-----w- C:\Program Files\Microsoft Games

2012-03-22 21:55:05 62064 ----a-w- C:\Windows\System32\drivers\vmx86.sys

2012-03-22 21:54:30 354416 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe

2012-03-22 21:54:25 432752 ----a-w- C:\Windows\SysWow64\vmnat.exe

2012-03-22 21:54:25 30320 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys

2012-03-22 21:54:22 942192 ----a-w- C:\Windows\System32\vnetlib64.dll

2012-03-22 21:52:20 39024 ----a-w- C:\Windows\System32\drivers\hcmon.sys

2012-03-22 21:51:21 -------- d-----w- C:\Program Files (x86)\VMware

2012-03-22 21:51:21 -------- d-----w- C:\Program Files (x86)\Common Files\VMware

2012-03-22 21:51:06 -------- d-----w- C:\Program Files\Common Files\VMware

2012-03-22 04:46:51 -------- d-----w- C:\Course Technology

2012-03-21 06:26:16 -------- d-----w- C:\Users\Administrator\AppData\Roaming\GlarySoft

2012-03-21 06:23:18 -------- d-----w- C:\Program Files (x86)\Glary Utilities

2012-03-21 05:10:00 -------- d-----w- C:\ProgramData\IObit

2012-03-21 05:09:39 -------- d-----w- C:\Users\Administrator\AppData\Roaming\IObit

2012-03-21 02:31:53 -------- d-----w- C:\Users\Administrator\AppData\Local\ToolwizCareFree

2012-03-21 01:11:13 -------- d-----w- C:\Program Files\Debugging Tools for Windows (x64)

2012-03-21 01:03:33 -------- d-----w- C:\Boot_Trace

2012-03-20 22:35:51 -------- d-----w- C:\Destiny

2012-03-20 12:26:46 -------- d-----w- C:\cygwin

2012-03-20 11:59:34 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Subversion

2012-03-20 07:37:52 31016 ----a-w- C:\Windows\System32\drivers\RtlProt.sys

2012-03-20 07:37:52 -------- d-----w- C:\Program Files (x86)\REALTEK

2012-03-19 20:39:29 -------- d-----w- C:\Program Files\Microsoft Windows Performance Toolkit

2012-03-16 16:39:55 -------- d-----w- C:\Program Files (x86)\AMD AVT

2012-03-16 16:39:52 -------- d-----w- C:\Program Files\AMD

2012-03-15 07:58:16 -------- d-----w- C:\Program Files (x86)\Destiny Media Player

2012-03-15 07:10:22 -------- d-----w- C:\Program Files\WinPcap

2012-03-15 06:32:41 -------- d-----w- C:\strawberry

2012-03-15 06:08:30 -------- d-----w- C:\Program Files (x86)\Debugging Tools for Windows (x86)

2012-03-14 08:00:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-14 08:00:36 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-14 08:00:36 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-13 23:59:02 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-13 23:58:59 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-13 23:58:59 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-13 23:58:28 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-13 23:58:27 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-13 23:58:27 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-13 23:58:16 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-13 23:58:15 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-13 23:58:15 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-13 23:58:15 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-13 00:29:12 -------- d-----w- C:\Program Files\NetBeans 7.1.1

2012-03-13 00:24:53 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll

2012-03-13 00:13:26 -------- d-----w- C:\Users\Administrator\.nbi

.

==================== Find3M ====================

.

2012-04-10 16:08:40 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-11 17:37:30 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr

2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-03-06 23:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-15 03:48:32 10856960 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-02-15 03:21:24 25839104 ----a-w- C:\Windows\System32\atio6axx.dll

2012-02-15 03:18:56 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-02-15 03:18:40 791040 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-02-15 03:17:04 957952 ----a-w- C:\Windows\System32\aticfx64.dll

2012-02-15 03:13:56 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-02-15 03:13:40 496128 ----a-w- C:\Windows\System32\atieclxx.exe

2012-02-15 03:13:00 235520 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-02-15 03:11:42 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-02-15 03:10:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-02-15 03:10:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-02-15 03:10:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-02-15 03:07:44 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-02-15 03:05:32 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-02-15 03:05:26 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-02-15 03:05:20 61952 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-02-15 03:05:16 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-02-15 03:05:08 16507904 ----a-w- C:\Windows\System32\amdocl64.dll

2012-02-15 03:04:26 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-02-15 03:03:44 54272 ----a-w- C:\Windows\System32\OpenCL.dll

2012-02-15 03:03:38 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-02-15 02:58:56 19392000 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-02-15 02:52:28 7646208 ----a-w- C:\Windows\System32\atidxx64.dll

2012-02-15 02:41:28 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2012-02-15 02:40:54 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2012-02-15 02:40:42 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-02-15 02:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-02-15 02:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-02-15 02:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-02-15 02:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-02-15 02:34:36 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-02-15 02:34:30 13859840 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-02-15 02:29:52 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-02-15 02:29:50 11561984 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-02-15 02:25:06 7551488 ----a-w- C:\Windows\System32\atiumd64.dll

2012-02-15 02:16:38 58880 ----a-w- C:\Windows\System32\coinst.dll

2012-02-15 02:14:00 512000 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-02-15 02:13:50 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-02-15 02:13:36 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-02-15 02:13:32 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-02-15 02:13:32 14336 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-02-15 02:13:28 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2012-02-15 02:13:20 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-02-15 02:13:12 327680 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-02-15 02:12:22 43008 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-02-15 02:12:14 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-02-15 02:12:08 39936 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-02-15 02:12:00 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-02-15 02:11:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2012-02-15 02:11:16 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-02-15 02:11:10 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-01-31 11:02:26 21504 ----a-w- C:\Windows\System32\kdbsdk64.dll

2012-01-31 11:00:24 16896 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll

.

============= FINISH: 0:42:36.35 ===============

DDR

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume3

Install Date: 8/1/2011 10:26:58 PM

System Uptime: 4/10/2012 7:17:01 PM (5 hours ago)

.

Motherboard: MSI | | 870A-G54 (MS-7599)

Processor: AMD Phenom II X6 1090T Processor | CPU1 | 4020/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 322.651 GiB free.

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Universal Serial Bus (USB) Controller

Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_75991462&REV_03\4&1B2426B0&0&0050

Manufacturer:

Name: Universal Serial Bus (USB) Controller

PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_75991462&REV_03\4&1B2426B0&0&0050

Service:

.

==== System Restore Points ===================

.

RP127: 4/1/2012 5:51:32 PM - Installed Oracle Database 11g Express Edition

RP128: 4/1/2012 5:59:10 PM - Removed Oracle Database 11g Express Edition

RP129: 4/1/2012 6:15:46 PM - Installed Oracle Database 11g Express Edition

RP130: 4/1/2012 6:46:04 PM - Removed Oracle Database 11g Express Edition

RP131: 4/3/2012 6:33:40 PM - Windows Update

RP132: 4/4/2012 10:36:26 PM - Installed REALTEK RTL8187 Wireless LAN Driver and Utility

RP133: 4/10/2012 9:47:31 AM - Windows Update

.

==== Installed Programs ======================

.

µTorrent

Adobe AIR

Adobe Reader X (10.1.2)

Amarok (remove only)

AMD APP Profiler 2.3

AMD APP SDK Samples

AMD OverDrive

AMD USB Filter Driver

AMD VISION Engine Control Center

Apple Application Support

Apple Software Update

avast! Free Antivirus

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

ControlCenter

Crystal Reports Basic for Visual Studio 2008

Debugging Tools for Windows (x86)

FileZilla Client 3.5.3

Glary Utilities 2.43.0.1419

HiJackThis

Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)

Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)

Java Auto Updater

Java 6 Update 31

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft Document Explorer 2008

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)

Microsoft Office Visual Web Developer 2007

Microsoft Office Visual Web Developer MUI (English) 2007

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft Visual Studio 2008 Professional Edition - ENU

Microsoft Visual Studio Web Authoring Component

Mozilla Firefox 10.0.2 (x86 en-US)

MSDN Library for Visual Studio 2008 - ENU

MyScribe

Notepad++

Razer BlackWidow Ultimate

REALTEK Wireless LAN Driver and Utility

Secure Download Manager

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Spybot - Search & Destroy

StarCraft II

tools-freebsd

tools-linux

tools-netware

tools-solaris

tools-windows

tools-winPre2k

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)

VC Runtimes MSI

Visual Studio 2005 Tools for Office Second Edition Runtime

Visual Studio Tools for the Office system 3.0 Runtime

VLC media player 2.0.1

VMware Workstation

Windows Mobile 5.0 SDK R2 for Pocket PC

Windows Mobile 5.0 SDK R2 for Smartphone

Windows SDK Intellidocs

WinPcap 4.1.2

World of Warcraft

.

==== Event Viewer Messages From Past Week ========

.

4/6/2012 4:52:51 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.

4/6/2012 11:18:02 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

4/6/2012 11:18:02 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

4/5/2012 1:29:22 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR4.

4/5/2012 1:28:22 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

4/4/2012 10:37:23 PM, Error: Service Control Manager [7030] - The Realtek87B service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

4/10/2012 7:17:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom

4/10/2012 7:17:26 PM, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the VMware USB Arbitration Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4/10/2012 7:17:26 PM, Error: Service Control Manager [7000] - The RealtekUSB service failed to start due to the following error: The system cannot find the file specified.

4/10/2012 7:17:26 PM, Error: Service Control Manager [7000] - The Realtek87B service failed to start due to the following error: The system cannot find the file specified.

4/10/2012 7:17:26 PM, Error: Service Control Manager [7000] - The metasploitPostgreSQL service failed to start due to the following error: The system cannot find the file specified.

4/10/2012 7:17:26 PM, Error: Service Control Manager [7000] - The metasploitPostgreSQL-1 service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

Thanks for looking

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.