Jump to content

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.


Recommended Posts

<p>Friends Machine having issues. I downloaded MBAM, ran a full scan, found 43 infected items (Vendors: PUP.Bundle.Installer.OI , PUP.Funmoods , PUP.FCT plugin, Rootkit.0Access, Rootkit.ZeroAccess, Trojan BHO, Trojan.Dropper.BCMiner and removed all but two, required a restart. After the third full scan and restart Trojan.Agent is still there.  </p>

<p> </p>

<p>Here are the DDS log , attach log , and the last MBAM Full scan log in that order</p>

<p> </p>

<p>.<br />

DDS (Ver_2011-08-26.01) - NTFSAMD64<br />

Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 10.5.1<br />

Run by traci at 18:42:53 on 2012-08-21<br />

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4029.1644 [GMT -5:00]<br />

.<br />

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}<br />

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}<br />

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}<br />

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}<br />

.<br />

============== Running Processes ===============<br />

.<br />

C:\Windows\system32\wininit.exe<br />

C:\Windows\system32\lsm.exe<br />

C:\Windows\system32\svchost.exe -k DcomLaunch<br />

C:\Windows\system32\svchost.exe -k RPCSS<br />

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted<br />

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted<br />

C:\Windows\system32\svchost.exe -k netsvcs<br />

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe<br />

C:\Windows\system32\svchost.exe -k LocalService<br />

C:\Program Files\Dell\DellDock\DockLogin.exe<br />

C:\Windows\system32\svchost.exe -k NetworkService<br />

C:\Windows\System32\spoolsv.exe<br />

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe<br />

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe<br />

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork<br />

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation<br />

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe<br />

C:\Windows\system32\taskhost.exe<br />

C:\Windows\system32\Dwm.exe<br />

C:\Windows\Explorer.EXE<br />

C:\Program Files\Common Files\Motive\McciCMService.exe<br />

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE<br />

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe<br />

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe<br />

C:\Windows\system32\svchost.exe -k imgsvc<br />

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe<br />

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe<br />

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe<br />

C:\Windows\system32\svchost.exe -k bthsvcs<br />

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe<br />

C:\Program Files\IDT\WDM\sttray64.exe<br />

C:\Program Files\Dell\QuickSet\quickset.exe<br />

C:\Program Files\Microsoft IntelliType Pro\itype.exe<br />

C:\Program Files\Microsoft IntelliPoint\ipoint.exe<br />

C:\Windows\System32\igfxtray.exe<br />

C:\Windows\System32\hkcmd.exe<br />

C:\Windows\System32\igfxpers.exe<br />

C:\Program Files\Windows Sidebar\sidebar.exe<br />

C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe<br />

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe<br />

C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2010\Planner\PLNRnote.exe<br />

C:\Program Files\Dell\DellDock\DellDock.exe<br />

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe<br />

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe<br />

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe<br />

C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe<br />

C:\Windows\system32\wbem\wmiprvse.exe<br />

C:\Program Files\McAfee.com\Agent\mcagent.exe<br />

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe<br />

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe<br />

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe<br />

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe<br />

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe<br />

C:\Windows\SysWOW64\RunDll32.exe<br />

C:\Program Files\Windows Media Player\wmpnetwk.exe<br />

C:\Windows\system32\SearchIndexer.exe<br />

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe<br />

C:\Program Files (x86)\Internet Explorer\iexplore.exe<br />

C:\Program Files (x86)\Internet Explorer\iexplore.exe<br />

-netsvcs<br />

C:\Windows\system32\conhost.exe<br />

C:\Program Files (x86)\Internet Explorer\IELowutil.exe<br />

C:\Program Files\Common Files\McAfee\Core\mchost.exe<br />

C:\Windows\SysWOW64\NOTEPAD.EXE<br />

C:\Program Files (x86)\Internet Explorer\iexplore.exe<br />

C:\Program Files (x86)\Internet Explorer\iexplore.exe<br />

C:\Program Files (x86)\Internet Explorer\iexplore.exe<br />

C:\Program Files (x86)\Internet Explorer\iexplore.exe<br />

C:\Windows\system32\DllHost.exe<br />

C:\Windows\system32\DllHost.exe<br />

C:\Windows\SysWOW64\cmd.exe<br />

C:\Windows\system32\conhost.exe<br />

C:\Windows\system32\DllHost.exe<br />

C:\Windows\SysWOW64\cscript.exe<br />

C:\Windows\system32\wbem\wmiprvse.exe<br />

.<br />

============== Pseudo HJT Report ===============<br />

.<br />

uSearch Page = hxxp://www.google.com<br />

uStart Page = hxxp://www.wdam.com/<br />

uSearch Bar = hxxp://www.google.com/ie<br />

uDefault_Search_URL = hxxp://www.google.com/ie<br />

mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1QzutDtDtByC0BzytDzzzy0FyC0DtDyD0FyDtN0D0TzutBtDtCtBtDyCtCyE&cr=724090684<br />

uSearchAssistant = hxxp://www.google.com/ie<br />

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s<br />

uURLSearchHooks: FCToolbarURLSearchHook Class: {dd716bcd-bc24-e944-69b7-b26d74121c70} - C:\Program Files (x86)\BucksBee Loyalty Plugin - 100884.rs\Helper.dll<br />

uURLSearchHooks: H - No File<br />

mWinlogon: Userinit=userinit.exe,<br />

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll<br />

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll<br />

BHO: BucksBee Loyalty Plugin - 100884.rs: {531d0355-4050-2cb4-2902-6a0cc0372774} - C:\Program Files (x86)\BucksBee Loyalty Plugin - 100884.rs\BucksBee Loyalty Plugin.dll<br />

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File<br />

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll<br />

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL<br />

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll<br />

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100727213737.dll<br />

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll<br />

BHO: VideoFileDownload: {9194649f-7143-4308-90c1-d6a35b0e354e} - C:\Program Files (x86)\OApps\bho_project.dll<br />

BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll<br />

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll<br />

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll<br />

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll<br />

BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll<br />

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll<br />

TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll<br />

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun<br />

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized<br />

uRun: [HP Deskjet 3050A J611 series (NET)] "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN13T1C2CP05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1<br />

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe -update activex<br />

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m<br />

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2<br />

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter<br />

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume<br />

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"<br />

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey<br />

mRun: [Client Access Service] C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe<br />

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"<br />

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe<br />

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"<br />

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"<br />

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"<br />

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript<br />

StartupFolder: C:\Users\traci\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe<br />

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe<br />

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTP~1.LNK - C:\Windows\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe<br />

mPolicies-explorer: NoActiveDesktop = 1 (0x1)<br />

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)<br />

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)<br />

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)<br />

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)<br />

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200<br />

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000<br />

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html<br />

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm<br />

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm<br />

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm<br />

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll<br />

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll<br />

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll<br />

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL<br />

LSP: mswsock.dll<br />

Trusted Zone: ms.gov\www.mema<br />

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab<br />

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab<br />

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab<br />

TCP: DhcpNameServer = 192.168.1.254<br />

TCP: Interfaces\{51DEC4B6-16BB-4F72-9E48-902EFEB0805B} : DhcpNameServer = 192.168.1.254<br />

TCP: Interfaces\{F0A4697D-B0A2-4C12-B0BD-FDE8818E06CA} : DhcpNameServer = 192.168.1.254<br />

TCP: Interfaces\{F0A4697D-B0A2-4C12-B0BD-FDE8818E06CA}\35641627D655E4355434 : DhcpNameServer = 205.152.132.23<br />

TCP: Interfaces\{F0A4697D-B0A2-4C12-B0BD-FDE8818E06CA}\54F43402027525C4350213 : DhcpNameServer = 192.168.1.1<br />

TCP: Interfaces\{F0A4697D-B0A2-4C12-B0BD-FDE8818E06CA}\C41666F6E6470214D213 : DhcpNameServer = 10.0.0.1<br />

TCP: Interfaces\{F0A4697D-B0A2-4C12-B0BD-FDE8818E06CA}\C4D4649445 : DhcpNameServer = 192.168.11.3<br />

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~3\Office12\GRA32A~1.DLL<br />

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll<br />

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL<br />

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL<br />

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll<br />

BHO-X64:     AcroIEHelperStub - No File<br />

BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll<br />

BHO-X64:     McAfee Phishing Filter - No File<br />

BHO-X64: BucksBee Loyalty Plugin - 100884.rs: {531D0355-4050-2CB4-2902-6A0CC0372774} - C:\Program Files (x86)\BucksBee Loyalty Plugin - 100884.rs\BucksBee Loyalty Plugin.dll<br />

BHO-X64:     FCTBPos00Pos - No File<br />

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File<br />

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll<br />

BHO-X64:     Search Helper - No File<br />

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL<br />

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll<br />

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100727213737.dll<br />

BHO-X64:     scriptproxy - No File<br />

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll<br />

BHO-X64: VideoFileDownload: {9194649F-7143-4308-90C1-D6A35B0E354E} - C:\Program Files (x86)\OApps\bho_project.dll<br />

BHO-X64:     BHO_PROJECT - No File<br />

BHO-X64: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll<br />

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll<br />

BHO-X64:     SkypeIEPluginBHO - No File<br />

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll<br />

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll<br />

BHO-X64: ShopAtHomeIEHelper Class: {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll<br />

BHO-X64:     ShopAtHomeIEHelper - No File<br />

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll<br />

TB-X64: ShopAtHome.com Toolbar: {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll<br />

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m<br />

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2<br />

mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter<br />

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume<br />

mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"<br />

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey<br />

mRun-x64: [Client Access Service] C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe<br />

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"<br />

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe<br />

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"<br />

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"<br />

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"<br />

mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript<br />

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm<br />

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL<br />

.<br />

============= SERVICES / DRIVERS ===============<br />

.<br />

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]<br />

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]<br />

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]<br />

R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]<br />

R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/07/30 20:30:02];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-7-30 146928]<br />

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-11-6 89600]<br />

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]<br />

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2009-10-27 495616]<br />

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-7-27 355440]<br />

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-7-27 355440]<br />

R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-7-27 199032]<br />

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-7-27 244840]<br />

R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-7-27 148520]<br />

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]<br />

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]<br />

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]<br />

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]<br />

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]<br />

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]<br />

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]<br />

R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA008Ufd.sys --> C:\Windows\system32\DRIVERS\OA008Ufd.sys [?]<br />

R3 OA008Vid;Creative Camera OA008 Function Driver;C:\Windows\system32\DRIVERS\OA008Vid.sys --> C:\Windows\system32\DRIVERS\OA008Vid.sys [?]<br />

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]<br />

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]<br />

S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-7-27 355440]<br />

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-5 250056]<br />

S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]<br />

S3 cricutexpression2;cricutexpression2;C:\Windows\system32\DRIVERS\cricutexpression2_x64.sys --> C:\Windows\system32\DRIVERS\cricutexpression2_x64.sys [?]<br />

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]<br />

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]<br />

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]<br />

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]<br />

.<br />

=============== Created Last 30 ================<br />

.<br />

2012-08-21 17:37:36 20480 ----a-w- C:\Windows\svchost.exe<br />

2012-08-20 21:33:10 -------- d-----w- C:\Program Files (x86)\Oracle<br />

2012-08-20 21:32:32 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll<br />

2012-08-20 16:48:21 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys<br />

2012-08-20 16:48:20 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys<br />

2012-08-20 16:48:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware<br />

2012-08-20 15:55:01 -------- d-----w- C:\Users\traci\AppData\Roaming\Malwarebytes<br />

2012-08-20 15:54:49 -------- d-----w- C:\ProgramData\Malwarebytes<br />

2012-08-14 21:27:17 -------- d-----w- C:\Users\traci\AppData\Roaming\AVG<br />

2012-08-14 21:01:17 -------- d-----w- C:\Users\traci\AppData\Roaming\AVG2012<br />

2012-08-14 21:00:26 -------- d-----w- C:\Users\traci\AppData\Local\AVG Secure Search<br />

2012-08-14 21:00:20 -------- d-----w- C:\ProgramData\AVG Secure Search<br />

2012-08-14 20:59:35 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search<br />

2012-08-14 20:59:34 -------- d-----w- C:\Program Files (x86)\AVG Secure Search<br />

2012-08-14 20:46:14 -------- d--h--w- C:\$AVG<br />

2012-08-14 20:46:14 -------- d-----w- C:\Windows\System32\drivers\AVG<br />

2012-08-14 20:46:14 -------- d-----w- C:\ProgramData\AVG2012<br />

2012-08-14 20:45:08 -------- d-----w- C:\Program Files (x86)\AVG<br />

2012-08-14 20:29:51 -------- d--h--w- C:\ProgramData\Common Files<br />

2012-08-14 20:29:51 -------- d-----w- C:\ProgramData\MFAData<br />

2012-08-13 06:05:53 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%<br />

2012-08-11 14:56:10 -------- d-----w- C:\Users\traci\AppData\Roaming\com.Shutterfly.ExpressUploader<br />

2012-08-11 14:56:02 -------- d-----w- C:\Program Files (x86)\Shutterfly<br />

2012-07-29 00:41:24 -------- d-----w- C:\ProgramData\com.aspexsoftware.Silhouette_Studio.8<br />

2012-07-29 00:41:23 -------- d-----w- C:\Users\traci\AppData\Roaming\com.aspexsoftware.Silhouette_Studio<br />

2012-07-29 00:41:22 -------- d-----w- C:\ProgramData\com.aspexsoftware.Silhouette_Studio.license<br />

2012-07-29 00:41:06 -------- d-----w- C:\Program Files (x86)\Silhouette Studio<br />

.<br />

==================== Find3M  ====================<br />

.<br />

2012-08-20 17:02:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl<br />

2012-08-20 17:02:16 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe<br />

2012-07-06 03:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll<br />

2012-06-17 21:02:03 70672 ----a-w- C:\Windows\System32\drivers\cricutexpression2_x64.sys<br />

2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys<br />

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll<br />

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll<br />

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll<br />

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll<br />

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll<br />

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll<br />

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll<br />

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll<br />

2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll<br />

2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe<br />

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll<br />

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll<br />

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl<br />

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe<br />

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb<br />

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll<br />

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll<br />

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl<br />

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe<br />

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb<br />

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys<br />

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys<br />

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys<br />

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll<br />

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll<br />

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll<br />

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll<br />

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll<br />

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll<br />

.<br />

============= FINISH: 18:44:14.79 ===============<br />

 </p>

<p> </p>

<p><u><strong><span style="color: rgb(255, 0, 0);">                                                                                                ATTACH LOG</span></strong></u></p>

<p>..<br />

DDS (Ver_2011-08-26.01)<br />

.<br />

Microsoft Windows 7 Home Premium<br />

Boot Device: \Device\HarddiskVolume3<br />

Install Date: 11/6/2009 1:33:57 PM<br />

System Uptime: 8/21/2012 2:00:11 PM (4 hours ago)<br />

.<br />

Motherboard: Dell Inc. |  | 0D176M<br />

Processor: Intel® Core2 Duo CPU     T6600  @ 2.20GHz | U2E1 | 1188/533mhz<br />

.<br />

==== Disk Partitions =========================<br />

.<br />

C: is FIXED (NTFS) - 451 GiB total, 391.656 GiB free.<br />

D: is FIXED (NTFS) - 15 GiB total, 7.395 GiB free.<br />

E: is CDROM ()<br />

.<br />

==== Disabled Device Manager Items =============<br />

.<br />

==== System Restore Points ===================<br />

.<br />

RP131: 7/28/2012 7:40:43 PM - Installed Silhouette Studio<br />

RP132: 8/14/2012 3:44:27 PM - Installed AVG 2012<br />

RP133: 8/14/2012 3:45:22 PM - Installed AVG 2012<br />

RP134: 8/20/2012 4:30:55 PM - Installed Java 7 Update 5<br />

RP135: 8/20/2012 4:32:37 PM - Installed JavaFX 2.1.1<br />

.<br />

==== Installed Programs ======================<br />

.<br />

.<br />

Acrobat.com<br />

Adobe AIR<br />

Adobe Flash Player 11 ActiveX<br />

Adobe Reader 9.5.2<br />

Banctec Service Agreement<br />

BucksBee Loyalty Plugin - 100884.rs<br />

Choice Guard<br />

Compatibility Pack for the 2007 Office system<br />

Complete Care Consumer Service Agreement<br />

Consumer In-Home Service Agreement<br />

Coupon Printer for Windows<br />

Cricut Craft Room<br />

Cricut Expression 2 Driver v1.04<br />

Cricut Imagine Driver v1.03<br />

Cricut Mini Driver v1.01<br />

DealPly<br />

Dell DataSafe Online<br />

Dell Getting Started Guide<br />

Dell Webcam Central<br />

Driver Whiz<br />

eCAL 1.004<br />

GoToMeeting 5.0.0.799<br />

Hallmark Card Studio 2010<br />

HP Deskjet 3050A J611 series Help<br />

HP Photo Creations<br />

HP Update<br />

IDT Audio<br />

Inkscape 0.48.2<br />

Java Auto Updater<br />

Java 6 Update 29<br />

Java 7 Update 5<br />

JavaFX 2.1.1<br />

Junk Mail filter update<br />

Live! Cam Avatar Creator<br />

Malwarebytes Anti-Malware version 1.62.0.1300<br />

McAfee SecurityCenter<br />

Microsoft Default Manager<br />

Microsoft Office Access MUI (English) 2007<br />

Microsoft Office Access Setup Metadata MUI (English) 2007<br />

Microsoft Office Enterprise 2007<br />

Microsoft Office Excel MUI (English) 2007<br />

Microsoft Office Groove MUI (English) 2007<br />

Microsoft Office Groove Setup Metadata MUI (English) 2007<br />

Microsoft Office InfoPath MUI (English) 2007<br />

Microsoft Office OneNote MUI (English) 2007<br />

Microsoft Office Outlook MUI (English) 2007<br />

Microsoft Office PowerPoint MUI (English) 2007<br />

Microsoft Office Professional Edition 2003<br />

Microsoft Office Proof (English) 2007<br />

Microsoft Office Proof (French) 2007<br />

Microsoft Office Proof (Spanish) 2007<br />

Microsoft Office Proofing (English) 2007<br />

Microsoft Office Publisher MUI (English) 2007<br />

Microsoft Office Shared MUI (English) 2007<br />

Microsoft Office Shared Setup Metadata MUI (English) 2007<br />

Microsoft Office Word MUI (English) 2007<br />

Microsoft Search Enhancement Pack<br />

Microsoft Silverlight<br />

Microsoft SQL Server 2005 Compact Edition [ENU]<br />

Microsoft Sync Framework Runtime Native v1.0 (x86)<br />

Microsoft Sync Framework Services Native v1.0 (x86)<br />

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148<br />

MSVCRT<br />

MSXML 4.0 SP2 (KB954430)<br />

MSXML 4.0 SP2 (KB973688)<br />

Picasa 3<br />

PowerDVD DX<br />

Projector Calculator 1.23<br />

Roxio Creator Audio<br />

Roxio Creator Copy<br />

Roxio Creator Data<br />

Roxio Creator DE<br />

Roxio Creator Tools<br />

Roxio Express Labeler 3<br />

Roxio Update Manager<br />

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)<br />

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)<br />

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)<br />

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)<br />

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)<br />

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)<br />

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)<br />

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)<br />

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)<br />

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)<br />

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)<br />

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)<br />

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)<br />

ShopAtHome.com Toolbar<br />

Shutterfly Express Uploader<br />

Silhouette Studio<br />

Skype Toolbars<br />

Skype™ 5.0<br />

Spelling Dictionaries Support For Adobe Reader 9<br />

Sure Cuts A Lot 1.016<br />

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)<br />

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)<br />

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)<br />

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)<br />

VideoFileDownload<br />

Visual Studio 2008 x64 Redistributables<br />

WebSlingPlayer ActiveX<br />

Windows Live Call<br />

Windows Live Communications Platform<br />

Windows Live Essentials<br />

Windows Live Mail<br />

Windows Live Messenger<br />

Windows Live Photo Gallery<br />

Windows Live Sign-in Assistant<br />

Windows Live Sync<br />

Windows Live Toolbar<br />

Windows Live Upload Tool<br />

Windows Live Writer<br />

.<br />

==== Event Viewer Messages From Past Week ========<br />

.<br />

8/21/2012 6:11:34 PM, Error: Service Control Manager [7003]  - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.<br />

8/21/2012 6:08:53 PM, Error: BTHUSB [17]  - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.<br />

8/21/2012 12:36:47 PM, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.<br />

8/21/2012 12:36:43 PM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024891<br />

8/21/2012 12:36:43 PM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.<br />

8/21/2012 12:36:42 PM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.<br />

8/21/2012 12:29:36 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.<br />

8/20/2012 6:19:35 AM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:  %%-2147024891<br />

8/20/2012 6:19:33 AM, Error: ACPI [13]  - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.<br />

8/20/2012 6:18:49 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000000a (0x00000002000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff800032b2405). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 082012-50045-01.<br />

8/20/2012 3:00:17 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR3.<br />

8/19/2012 10:54:45 AM, Error: Service Control Manager [7022]  - The Windows Media Player Network Sharing Service service hung on starting.<br />

8/18/2012 7:58:11 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff800033014aa, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081812-23290-01.<br />

8/18/2012 7:55:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800032ba7ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081812-32183-01.<br />

8/18/2012 7:50:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000326a7ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081812-47252-01.<br />

8/18/2012 5:47:53 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.<br />

8/17/2012 9:21:43 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.<br />

.<br />

==== End Of File ===========================</p>

<p> </p>

<p><u><strong><span style="color: rgb(255, 0, 0);">                                                                                        MBAM LOG</span></strong></u></p>

<p><span style="color: rgb(0, 0, 0);">Malwarebytes Anti-Malware 1.62.0.1300</span><br />

<a href="http://www.malwarebytes.org"><span style="color: rgb(0, 0, 0);">www.malwarebytes.org</span></a></p>

<p><span style="color: rgb(0, 0, 0);">Database version: v2012.08.21.11</span></p>

<p><span style="color: rgb(0, 0, 0);">Windows 7 Service Pack 1 x64 NTFS<br />

Internet Explorer 9.0.8112.16421<br />

traci :: TRACI-PC [administrator]</span></p>

<p><span style="color: rgb(0, 0, 0);">8/21/2012 12:44:42 PM<br />

mbam-log-2012-08-21 (12-44-42).txt</span></p>

<p><span style="color: rgb(0, 0, 0);">Scan type: Full scan (C:\|D:\|F:\|)<br />

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM<br />

Scan options disabled: P2P<br />

Objects scanned: 453204<br />

Time elapsed: 1 hour(s), 32 minute(s), 44 second(s)</span></p>

<p><span style="color: rgb(0, 0, 0);">Memory Processes Detected: 1<br />

C:\Windows\svchost.exe (Trojan.Agent) -> 3984 -> Delete on reboot.</span></p>

<p><span style="color: rgb(0, 0, 0);">Memory Modules Detected: 0<br />

(No malicious items detected)</span></p>

<p><span style="color: rgb(0, 0, 0);">Registry Keys Detected: 0<br />

(No malicious items detected)</span></p>

<p><span style="color: rgb(0, 0, 0);">Registry Values Detected: 0<br />

(No malicious items detected)</span></p>

<p><span style="color: rgb(0, 0, 0);">Registry Data Items Detected: 0<br />

(No malicious items detected)</span></p>

<p><span style="color: rgb(0, 0, 0);">Folders Detected: 0<br />

(No malicious items detected)</span></p>

<p><span style="color: rgb(0, 0, 0);">Files Detected: 1<br />

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.</span></p>

<p><span style="color: rgb(0, 0, 0);">(end)</span></p>

<p><span style="color: rgb(255, 0, 0);"> </span></p>

<p> </p>

<p> </p>

Link to post
Share on other sites

Welcome to the forum.

Can you repost those logs by clicking on "More Reply Options" in the lower right hand corner of this page, then post the logs in the window that comes up.

Also.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Sorry about the HTML Somehow I got kicked off the site and the window told me that I could copy the text that I had already typed and would have lost. I signed back in and pasted it and must have flubbed a keystorke becuase it immediatly posted with all the page breaks and other html included. I was looking for a way to edit my post when I saw your reply.

So I have a Friends Machine having issues. I downloaded MBAM, ran a full scan, found 43 infected items

(Vendors: PUP.Bundle.Installer.OI , PUP.Funmoods , PUP.FCT plugin, Rootkit.0Access, Rootkit.ZeroAccess, Trojan BHO, Trojan.Dropper.BCMiner) and it removed all but two, required a restart. After the third full scan and restart Trojan.Agent is still there.

I tried to follow your instructions carefully and have attached all the logs.

DDS.txt

Attach.txt

mbam-log=2012-08-21 (12-44-42).txt

RKreport1.txt

Link to post
Share on other sites

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.