Jump to content

svchost.exe Trojan Agent causing blue screens crashes


Recommended Posts

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Quit all running programs.

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

Link to post
Share on other sites

HIJACKTHIS LOGFILE

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 6:43:16 AM, on 11/9/2012

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Avast\AvastUI.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\System32\control.exe

C:\Windows\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?

cid={8E9EE8F6-5D45-401A-9192-CEA92801ABC3}&mid=51d8fbda1c1447d08b47d15a927e952e-

ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=is015&pr=sa&d=2012-11-08

21:10:49&v=11.0.0.9&sap=hp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files

\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:

\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:

\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files

\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program

Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office

\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-

Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [6C3AAF785BFCE2EA504830082CE1FE1093961000._service_run] "C:\Program

Files\Google\Chrome\Application\chrome.exe" --type=service

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\DriverMax\drivermax.exe" -RESTART

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

(User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL

SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

(User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK

SERVICE')

O4 - Startup: CleanTemp.bat

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:

\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:

\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:

\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows

live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows

live\wlidnsp.dll

O13 - Gopher Prefix:

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:

\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files

\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated

- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Avast\AvastSvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files

\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn

\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files

\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Program Files\Common Files\AVG

Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe

--

End of file - 6277 bytes

Link to post
Share on other sites

DDS LOG FILE

DDS (Ver_2012-11-07.01) - NTFS_x86

Internet Explorer: 8.0.7600.16385

Run by silentarts at 6:14:12 on 2012-11-09

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1015.238 [GMT -4.5:30]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\CISVC.EXE

C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Avast\AvastUI.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k apphost

C:\Windows\system32\svchost.exe -k iissvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k secsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://isearch.avg.com/?cid={8E9EE8F6-5D45-401A-9192-CEA92801ABC3}&mid=51d8fbda1c1447d08b47d15a927e952e-ad1491be2ce6c122f6b66faa90e70c2decf7d34c〈=en&ds=is015&pr=sa&d=2012-11-08 21:10:49&v=11.0.0.9&sap=hp

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll

uRun: [6C3AAF785BFCE2EA504830082CE1FE1093961000._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service

uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"

uRun: [DriverMax_RESTART] "c:\program files\drivermax\drivermax.exe" -RESTART

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avast] "c:\program files\avast\avastUI.exe" /nogui

mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

StartupFolder: c:\users\silentarts\appdata\roaming\microsoft\windows\start menu\programs\startup\CleanTemp.bat

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{01BDEBE6-6ADA-4388-8946-8C629255A3D0} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{51132BB7-1E3C-4E2A-A31A-D5913FDF449E} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{A0D72338-71F0-4196-965C-82982C94B637} : DHCPNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-8 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-11-8 353688]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-11-8 21256]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-11-8 57656]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast\AvastSvc.exe [2012-11-8 44808]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2012-6-8 12856]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-11-8 47640]

R3 analog;analog;c:\windows\system32\drivers\analog.sys [2012-11-8 11264]

R3 iegdmini;iegdmini;c:\windows\system32\drivers\iegdmini.sys [2012-11-8 1677440]

R3 lvds;lvds;c:\windows\system32\drivers\lvds.sys [2012-11-8 10496]

R3 sdvo;sdvo;c:\windows\system32\drivers\sdvo.sys [2012-11-8 38784]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

R3 tv;tv;c:\windows\system32\drivers\tv.sys [2012-11-8 36864]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

.

=============== Created Last 30 ================

.

2012-11-09 15:32:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-11-09 15:32:35 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-11-09 08:53:05 -------- d-----w- C:\c164e047adc2ebfd466b

2012-11-09 03:32:29 -------- d-----w- C:\8274542b4bdfad142084d6

2012-11-09 02:47:48 -------- d-----w- C:\3dbed645ae825410e7b6e08a9367

2012-11-09 02:45:37 -------- d-----w- C:\bd43dce6287d498487db4e6d0ad7

2012-11-09 02:17:15 36864 ----a-w- c:\windows\system32\drivers\tv.sys

2012-11-09 02:17:13 38784 ----a-w- c:\windows\system32\drivers\sdvo.sys

2012-11-09 02:17:13 10496 ----a-w- c:\windows\system32\drivers\lvds.sys

2012-11-09 02:17:09 1677440 ----a-w- c:\windows\system32\drivers\iegdmini.sys

2012-11-09 02:17:06 403328 ----a-w- c:\windows\system32\iegddis.dll

2012-11-09 02:16:59 401792 ----a-w- c:\windows\system32\iegd3dg3.dll

2012-11-09 02:16:57 11264 ----a-w- c:\windows\system32\drivers\analog.sys

2012-11-09 02:14:58 -------- d-----w- C:\6c5648bb766312e7cfb5e23427

2012-11-09 02:14:13 196608 ----a-w- c:\windows\system32\mfreadwrite.dll

2012-11-09 02:14:12 3181568 ----a-w- c:\windows\system32\mf.dll

2012-11-09 02:14:10 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL

2012-11-09 01:59:53 40960 ----a-w- c:\windows\system32\F5D9050.dll

2012-11-09 01:59:49 -------- d-----w- c:\program files\Belkin

2012-11-09 01:59:29 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll

2012-11-09 01:59:29 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll

2012-11-09 01:59:28 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll

2012-11-09 01:59:28 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll

2012-11-09 01:59:12 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe

2012-11-09 01:58:42 -------- d-----w- C:\Belkin

2012-11-09 01:43:14 -------- d-----w- c:\users\silentarts\appdata\local\Innovative Solutions

2012-11-09 01:42:52 -------- d-----w- c:\program files\DriverMax

2012-11-09 01:42:25 -------- d-----w- c:\users\silentarts\appdata\local\AVG Secure Search

2012-11-09 01:40:27 -------- d-----w- c:\program files\common files\AVG Secure Search

2012-11-09 01:40:11 -------- d-----w- c:\program files\AVG Secure Search

2012-11-09 01:37:41 -------- d-----w- c:\programdata\AVG Secure Search

2012-11-09 01:37:25 -------- d--h--w- c:\programdata\Common Files

2012-11-09 01:37:12 -------- d-----w- c:\users\silentarts\appdata\roaming\mIRC

2012-11-09 01:37:11 -------- d-----w- c:\program files\mIRC

2012-11-09 01:06:52 -------- d-----w- c:\windows\Panther

2012-11-09 00:59:37 -------- d-----w- c:\program files\RocketDock

2012-11-08 22:35:47 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4bfdeddf-ddb2-47d5-a791-34054722a925}\mpengine.dll

2012-11-08 22:35:44 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-11-08 21:50:00 -------- d-----w- c:\users\silentarts\appdata\local\LogMeIn

2012-11-08 21:49:51 52128 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll

2012-11-08 21:49:51 30624 ----a-w- c:\windows\system32\LMIport.dll

2012-11-08 21:49:50 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-11-08 21:49:50 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys

2012-11-08 21:49:46 87456 ----a-w- c:\windows\system32\LMIinit.dll

2012-11-08 21:49:37 -------- d-----w- c:\programdata\LogMeIn

2012-11-08 21:49:05 -------- d-----w- c:\program files\LogMeIn

2012-11-08 21:44:40 -------- d-----w- c:\windows\system32\Adobe

2012-11-08 21:43:37 -------- d-----w- c:\users\silentarts\appdata\local\Adobe

2012-11-08 21:36:30 -------- d-----w- C:\Torrents

2012-11-08 21:31:04 -------- d-----w- c:\program files\uTorrent

2012-11-08 21:28:58 -------- d-----w- c:\users\silentarts\appdata\roaming\uTorrent

2012-11-08 21:26:50 1096 ----a-w- c:\users\silentarts\appdata\roaming\microsoft\windows\start menu\programs\startup\CleanTemp.bat

2012-11-08 20:39:57 -------- d-----w- c:\windows\system32\BestPractices

2012-11-08 20:39:56 -------- d-----w- C:\inetpub

2012-11-08 20:23:39 -------- d-----w- c:\program files\CCleaner

2012-11-08 20:20:34 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-11-08 20:20:28 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-11-08 20:20:20 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-11-08 20:19:18 41224 ----a-w- c:\windows\avastSS.scr

2012-11-08 20:18:50 -------- d-----w- c:\programdata\AVAST Software

2012-11-08 20:18:49 -------- d-----w- c:\program files\Avast

2012-11-08 20:16:22 -------- d-----w- c:\program files\VirtualDJ

2012-11-08 20:11:42 889416 -c--a-w- c:\program files\common files\windows live\.cache\4389400c1cdbded03\dotNetFx40_Full_setup.exe

2012-11-08 20:09:21 -------- d-----w- c:\users\silentarts\appdata\local\Windows Live

2012-11-08 20:08:46 -------- d-----w- c:\program files\common files\Windows Live

2012-11-08 19:58:58 -------- d-----w- c:\users\silentarts\appdata\roaming\QuickLaunch

2012-11-08 19:38:30 53248 ----a-w- c:\windows\system32\CSVer.dll

2012-11-08 19:38:06 -------- d-----w- C:\Intel

2012-11-08 19:33:10 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2012-11-08 19:32:31 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2012-11-08 19:31:51 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2012-11-08 19:30:25 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

2012-11-08 19:29:30 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2012-11-08 19:28:32 90112 ----a-w- c:\windows\system32\snymsico.dll

2012-11-08 19:28:31 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys

2012-11-08 19:28:05 -------- d-----w- c:\users\silentarts\appdata\roaming\WinBatch

2012-11-08 19:04:17 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll

2012-11-08 19:04:17 32592 ----a-w- c:\windows\system32\msonpmon.dll

2012-11-08 18:58:38 -------- d-----w- c:\windows\PCHEALTH

2012-11-08 18:55:51 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2012-11-08 18:54:24 -------- d-----w- c:\users\silentarts\appdata\local\Microsoft Help

2012-11-08 18:42:07 -------- d-----w- c:\users\silentarts\appdata\roaming\Blitware

2012-11-08 18:42:05 -------- d-----w- c:\program files\Driver Robot

2012-11-08 18:32:01 -------- d-sh--w- c:\windows\Installer

2012-11-08 18:28:14 -------- d-----w- c:\users\silentarts\appdata\local\ElevatedDiagnostics

2012-11-08 18:27:30 -------- d-----w- c:\users\silentarts\appdata\local\Google

2012-11-08 18:24:58 -------- d-----w- c:\users\silentarts\appdata\local\Apps

2012-11-08 18:24:57 -------- d-----w- c:\users\silentarts\appdata\local\Deployment

2012-11-08 17:50:27 -------- d-----w- c:\windows\system32\wbem\Performance

2012-11-08 17:47:26 -------- d-sh--w- C:\Recovery

.

==================== Find3M ====================

.

2012-09-12 20:37:44 58368 ----a-w- c:\windows\system32\sirenacm.dll

.

============= FINISH: 6:16:58.68 ===============

ATTACH LOGFILE

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-07.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 11/8/2012 8:43:00 PM

System Uptime: 11/9/2012 12:09:07 AM (6 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | Z61Ae

Processor: Intel® Pentium® M processor 1.60GHz | CPU 1 | 1596/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 28 GiB total, 11.933 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ACPI\ATK0100\1010100

Manufacturer:

Name:

PNP Device ID: ACPI\ATK0100\1010100

Service:

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Realtek RTL8139/810x Family Fast Ethernet NIC

Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_10451043&REV_10\4&3AE5ECD5&0&00F0

Manufacturer: Realtek Semiconductor Corp.

Name: Realtek RTL8139/810x Family Fast Ethernet NIC

PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_10451043&REV_10\4&3AE5ECD5&0&00F0

Service: RTL8023xp

.

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}

Description: High Definition Audio Device

Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0880&SUBSYS_10430205&REV_1008\4&20787A9C&0&0001

Manufacturer: Microsoft

Name: High Definition Audio Device

PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0880&SUBSYS_10430205&REV_1008\4&20787A9C&0&0001

Service: HdAudAddService

.

==== System Restore Points ===================

.

RP48: 11/9/2012 4:54:32 AM - WLSetup

RP49: 11/9/2012 5:15:19 AM - Windows Update

RP51: 11/9/2012 5:32:15 AM - DMX_DriverMax Driver Installation

.

==== Installed Programs ======================

.

µTorrent

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11.6

avast! Free Antivirus

AVG Security Toolbar

Belkin Wireless G Plus MIMO USB Network Adapter

CCleaner

D3DX10

Driver Robot

DriverMax 6

Google Chrome

Google Update Helper

Junk Mail filter update

LogMeIn

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

mIRC

MSVCRT

MSVCRT110

Photo Common

RICOH R5U8xx Media Driver ver.3.62.02

RocketDock 1.3.5

Spybot - Search & Destroy

swMSM

VirtualDJ

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinZip 15.0

.

==== Event Viewer Messages From Past Week ========

.

11/9/2012 4:02:59 AM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.

11/9/2012 2:33:33 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.105. The computer with the IP address 192.168.0.107 did not allow the name to be claimed by this computer.

11/9/2012 12:17:44 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer PC-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A0D72338-71F0-4196-965C-82982C94B637. The master browser is stopping or an election is being forced.

11/9/2012 1:48:54 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

11/8/2012 5:20:54 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fdPHost service.

11/8/2012 4:20:29 PM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

11/8/2012 3:51:20 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/8/2012 3:51:20 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/8/2012 3:51:20 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/8/2012 3:51:20 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

11/8/2012 3:51:20 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/8/2012 3:51:20 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/8/2012 3:51:20 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

11/8/2012 3:51:20 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/8/2012 3:51:20 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/8/2012 2:10:19 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

11/8/2012 11:15:20 PM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

11/8/2012 11:15:18 PM, Error: Service Control Manager [7034] - The vToolbarUpdater11.0.2 service terminated unexpectedly. It has done this 1 time(s).

11/8/2012 11:01:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Pipe Listener Adapter service to connect.

11/8/2012 11:01:48 PM, Error: Service Control Manager [7000] - The Net.Pipe Listener Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/8/2012 11:01:12 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

11/8/2012 11:01:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.

11/8/2012 11:01:00 PM, Error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/8/2012 11:00:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8d992448, 0xadedfa60, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 110812-25312-01.

11/8/2012 10:59:44 PM, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

11/8/2012 10:21:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x8d9a4448, 0xaad1bb88, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 110812-66828-01.

11/8/2012 10:15:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows (KB958488).

11/8/2012 10:03:32 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

11/8/2012 10:03:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

11/8/2012 10:03:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

11/8/2012 10:03:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

11/8/2012 10:03:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

11/8/2012 10:03:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/8/2012 10:03:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

11/8/2012 10:02:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf

11/8/2012 10:02:01 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/8/2012 10:02:01 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

11/8/2012 10:02:01 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

11/8/2012 10:02:01 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

11/8/2012 10:02:01 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/8/2012 10:02:01 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

11/8/2012 10:02:00 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

11/8/2012 10:02:00 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

11/8/2012 10:02:00 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

11/8/2012 10:02:00 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

11/8/2012 10:01:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0xa80395e6, 0xa95d3144, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 110812-53921-01.

.

==== End Of File ===========================

Link to post
Share on other sites

COMBOFIX LOGFILE

ComboFix 12-11-09.02 - silentarts 11/09/2012 6:54.1.1 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1015.448 [GMT -4.5:30]

Running from: c:\users\silentarts\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\silentarts\AppData\Roaming\mIRC\logs\status.log

c:\windows\system32\F5D9050.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))

.

.

2012-11-09 15:32 . 2012-11-09 15:42 -------- d-----w- c:\program files\Spybot - Search & Destroy

2012-11-09 15:32 . 2012-11-09 05:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-11-09 11:33 . 2012-11-09 11:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-11-09 11:08 . 2012-11-09 11:08 -------- d-----w- c:\program files\TrendMicro

2012-11-09 11:06 . 2012-11-09 11:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-09 10:53 . 2012-11-09 10:53 -------- d-----w- C:\TDSSKiller_Quarantine

2012-11-09 09:24 . 2012-11-09 09:30 -------- d-----w- c:\program files\Windows Live

2012-11-09 08:53 . 2012-11-09 08:53 -------- d-----w- C:\c164e047adc2ebfd466b

2012-11-09 03:32 . 2012-11-09 03:36 -------- d-----w- C:\8274542b4bdfad142084d6

2012-11-09 02:47 . 2012-11-09 02:47 -------- d-----w- C:\3dbed645ae825410e7b6e08a9367

2012-11-09 02:45 . 2012-11-09 02:45 -------- d-----w- C:\bd43dce6287d498487db4e6d0ad7

2012-11-09 02:17 . 2011-02-01 20:39 36864 ----a-w- c:\windows\system32\drivers\tv.sys

2012-11-09 02:17 . 2011-02-01 20:39 38784 ----a-w- c:\windows\system32\drivers\sdvo.sys

2012-11-09 02:17 . 2011-02-01 20:39 10496 ----a-w- c:\windows\system32\drivers\lvds.sys

2012-11-09 02:17 . 2011-02-01 20:39 1677440 ----a-w- c:\windows\system32\drivers\iegdmini.sys

2012-11-09 02:17 . 2011-02-01 20:39 403328 ----a-w- c:\windows\system32\iegddis.dll

2012-11-09 02:16 . 2011-02-01 20:39 401792 ----a-w- c:\windows\system32\iegd3dg3.dll

2012-11-09 02:16 . 2011-02-01 20:39 11264 ----a-w- c:\windows\system32\drivers\analog.sys

2012-11-09 02:14 . 2012-11-09 02:15 -------- d-----w- C:\6c5648bb766312e7cfb5e23427

2012-11-09 02:14 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll

2012-11-09 02:14 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll

2012-11-09 02:14 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL

2012-11-09 01:59 . 2012-11-09 01:59 -------- d-----w- c:\program files\Belkin

2012-11-09 01:59 . 2012-11-09 01:59 -------- d-----w- c:\program files\Common Files\InstallShield

2012-11-09 01:58 . 2012-11-09 01:58 -------- d-----w- C:\Belkin

2012-11-09 01:46 . 2012-11-09 01:47 -------- d-----w- c:\programdata\WinZip

2012-11-09 01:42 . 2012-11-09 02:09 -------- d-----w- c:\program files\DriverMax

2012-11-09 01:40 . 2012-11-09 01:40 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-11-09 01:40 . 2012-11-09 01:42 -------- d-----w- c:\program files\AVG Secure Search

2012-11-09 01:37 . 2012-11-09 01:42 -------- d-----w- c:\programdata\AVG Secure Search

2012-11-09 01:37 . 2012-11-09 01:37 -------- d--h--w- c:\programdata\Common Files

2012-11-09 01:37 . 2012-11-09 01:43 -------- d-----w- c:\program files\mIRC

2012-11-09 01:06 . 2012-11-08 21:34 -------- d-----w- c:\windows\Panther

2012-11-09 00:59 . 2012-11-09 00:59 -------- d-----w- c:\program files\RocketDock

2012-11-08 22:35 . 2012-10-17 06:02 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BFDEDDF-DDB2-47D5-A791-34054722A925}\mpengine.dll

2012-11-08 22:35 . 2012-05-31 15:55 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-11-08 21:49 . 2012-07-05 22:39 52128 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2012-11-08 21:49 . 2012-07-05 22:39 30624 ----a-w- c:\windows\system32\LMIport.dll

2012-11-08 21:49 . 2012-07-05 22:40 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-11-08 21:49 . 2012-06-08 16:36 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys

2012-11-08 21:49 . 2012-07-05 22:39 87456 ----a-w- c:\windows\system32\LMIinit.dll

2012-11-08 21:49 . 2012-11-09 10:10 -------- d-----w- c:\programdata\LogMeIn

2012-11-08 21:49 . 2012-11-09 02:40 -------- d-----w- c:\program files\LogMeIn

2012-11-08 21:44 . 2012-11-08 21:44 -------- d-----w- c:\windows\system32\Adobe

2012-11-08 21:36 . 2012-11-08 21:36 -------- d-----w- C:\Torrents

2012-11-08 21:31 . 2012-11-08 21:31 -------- d-----w- c:\program files\uTorrent

2012-11-08 20:39 . 2012-11-08 20:39 -------- d-----w- c:\windows\system32\BestPractices

2012-11-08 20:39 . 2012-11-08 20:39 -------- d-----w- C:\inetpub

2012-11-08 20:23 . 2012-11-08 20:24 -------- d-----w- c:\program files\CCleaner

2012-11-08 20:20 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-11-08 20:20 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-11-08 20:20 . 2012-07-03 16:21 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-11-08 20:20 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-11-08 20:20 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-11-08 20:20 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-11-08 20:19 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr

2012-11-08 20:19 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-11-08 20:18 . 2012-11-08 20:18 -------- d-----w- c:\programdata\AVAST Software

2012-11-08 20:18 . 2012-11-08 20:19 -------- d-----w- c:\program files\Avast

2012-11-08 20:18 . 2012-11-09 16:17 -------- d-----w- c:\program files\Common Files\Adobe

2012-11-08 20:16 . 2012-11-08 20:18 -------- d-----w- c:\program files\VirtualDJ

2012-11-08 20:08 . 2012-11-08 20:08 -------- d-----w- c:\program files\Common Files\Windows Live

2012-11-08 19:38 . 2012-11-08 19:38 -------- d-----w- c:\program files\Intel

2012-11-08 19:38 . 2012-11-08 19:37 53248 ----a-w- c:\windows\system32\CSVer.dll

2012-11-08 19:38 . 2012-11-08 19:38 -------- d-----w- C:\Intel

2012-11-08 19:33 . 2010-05-26 16:11 248672 ----a-w- c:\windows\system32\d3dx11_43.dll

2012-11-08 19:32 . 2010-05-26 16:11 470880 ----a-w- c:\windows\system32\d3dx10_43.dll

2012-11-08 19:31 . 2010-05-26 16:11 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2012-11-08 19:30 . 2010-05-26 16:11 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll

2012-11-08 19:29 . 2010-05-26 16:11 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2012-11-08 19:28 . 2004-09-04 07:30 90112 ----a-w- c:\windows\system32\snymsico.dll

2012-11-08 19:28 . 2012-11-08 19:28 -------- d--h--w- c:\program files\InstallShield Installation Information

2012-11-08 19:28 . 2009-06-25 20:40 44544 ----a-w- c:\windows\system32\drivers\rimsptsk.sys

2012-11-08 19:04 . 2006-10-27 00:26 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

2012-11-08 19:04 . 2006-10-27 00:26 32592 ----a-w- c:\windows\system32\msonpmon.dll

2012-11-08 19:01 . 2012-11-08 19:01 -------- d-----w- c:\program files\Microsoft Works

2012-11-08 18:58 . 2012-11-09 09:14 -------- d-----w- c:\program files\Microsoft.NET

2012-11-08 18:58 . 2012-11-08 18:58 -------- d-----w- c:\windows\PCHEALTH

2012-11-08 18:55 . 2012-11-08 18:55 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2012-11-08 18:54 . 2012-11-08 19:05 -------- d-----w- c:\programdata\Microsoft Help

2012-11-08 18:51 . 2012-11-08 18:51 -------- d-----r- C:\MSOCache

2012-11-08 18:42 . 2012-11-08 18:42 -------- d-----w- c:\program files\Driver Robot

2012-11-08 18:32 . 2012-11-09 11:08 -------- d-sh--w- c:\windows\Installer

2012-11-08 18:27 . 2012-11-08 19:47 -------- d-----w- c:\program files\Google

2012-11-08 17:53 . 2012-11-09 03:09 -------- d-----w- c:\users\silentarts

2012-11-08 17:50 . 2012-11-08 21:58 -------- d-----w- c:\windows\system32\wbem\Performance

2012-11-08 17:47 . 2012-11-08 17:47 -------- d-----w- C:\Recovery

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-12 20:37 . 2012-09-12 20:37 58368 ----a-w- c:\windows\system32\sirenacm.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-11-09 01:40 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-11-09 2067328]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 121528 ----a-w- c:\program files\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"6C3AAF785BFCE2EA504830082CE1FE1093961000._service_run"="c:\program files\Google\Chrome\Application\chrome.exe" [2012-10-31 1242136]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

"DriverMax_RESTART"="c:\program files\DriverMax\drivermax.exe" [2012-10-19 11325376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"avast"="c:\program files\Avast\avastUI.exe" [2012-07-03 4273976]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-06-08 63048]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-09 1116544]

.

c:\users\silentarts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CleanTemp.bat [2012-11-8 1096]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]

S3 analog;analog;c:\windows\system32\DRIVERS\analog.sys [x]

S3 iegdmini;iegdmini;c:\windows\system32\DRIVERS\iegdmini.sys [x]

S3 lvds;lvds;c:\windows\system32\DRIVERS\lvds.sys [x]

S3 sdvo;sdvo;c:\windows\system32\DRIVERS\sdvo.sys [x]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]

S3 tv;tv;c:\windows\system32\DRIVERS\tv.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 63271854

*Deregistered* - 63271854

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-11-08 c:\windows\Tasks\Driver Robot.job

- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2012-11-08 21:59]

.

2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-08 18:27]

.

2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-08 18:27]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.tt/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-11-09 07:06:58

ComboFix-quarantined-files.txt 2012-11-09 11:36

.

Pre-Run: 12,485,107,712 bytes free

Post-Run: 12,409,049,088 bytes free

.

- - End Of File - - C52651716C3CE8523318C510F7663549

Link to post
Share on other sites

Rogue Killer Report

RogueKiller V8.2.3 [11/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version

Started in : Normal mode

User : silentarts [Admin rights]

Mode : Scan -- Date : 11/09/2012 07:46:49

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3029GACE ATA Device +++++

--- User ---

[MBR] 6da9a9132de1f1e7b080760462079629

[bSP] 2ecea2a2a2bddccfd786902ff63e4fcc : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 28513 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_11092012_02d0746.txt >>

RKreport[1]_S_11092012_02d0746.txt

Link to post
Share on other sites

I ALSO DOWNLOADED Malwarebytes' Anti-Malware and here is the log file for it...

Malwarebytes' Anti-Malware 1.41

Database version: 2775

Windows 6.1.7600

11/9/2012 10:21:37 AM

mbam-log-2012-11-09 (10-21-37).txt

Scan type: Full Scan (C:\|)

Objects scanned: 163112

Time elapsed: 1 hour(s), 27 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

I am having a hard time installing the new version of MBAM...

You don't have to install a new version of MB.

I want you to run Malwarebytes Anti-Rootkit not Malwarebytes Anti-malware

You should already have MBAR on the system, if you deleted it..here's how it goes:

Please create a new system restore point before running Malwarebytes Anti-Malware.

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

MrC

Link to post
Share on other sites

OK....

In case you just want to see... Here it is...

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.12.04

Windows 7 x86 NTFS

Internet Explorer 8.0.7600.16385

silentarts :: SILENTARTS_PC [administrator]

11/11/2012 11:39:58 PM

mbam-log-2012-11-11 (23-39-58).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 265402

Time elapsed: 59 minute(s), 36 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.