Jump to content

Am I Infected?


Calum

Recommended Posts

Hello, I keep getting the following:

2012/12/04 16:53:12 GMT CALUM-PC Calum IP-BLOCK 58.240.163.101 (Type: outgoing, Port: 57959, Process: svchost.exe)

Is this bad or can I ignore it?

Thanks for your help!

The IP address belongs to a known Chinese spam mail server so my guess is that you are infected and you should follow the instructions here

Done :)

I read in other topics that I wasn't allowed uTorrent and to post logs directly into the post.

attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Pro

Boot Device: \Device\HarddiskVolume4

Install Date: 26/11/2012 21:37:29

System Uptime: 28/11/2012 21:31:58 (141 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | Z68XP-UD4

Processor: Intel® Core i7-2600K CPU @ 3.40GHz | Socket 1155 | 3701/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 112 GiB total, 68.54 GiB free.

D: is FIXED (NTFS) - 111 GiB total, 108.678 GiB free.

E: is FIXED (NTFS) - 930 GiB total, 919.055 GiB free.

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1: 26/11/2012 23:25:17 - Installed Microsoft Office Home and Student 2010

RP2: 01/12/2012 09:58:04 - Installed Adobe Reader XI.

RP3: 02/12/2012 17:01:57 - Installed Java 7 Update 9 (64-bit)

.

==== Installed Programs ======================

.

7-Zip 9.20 (x64 edition)

Adobe Flash Player 11 Plugin

Adobe Reader XI

Amazon MP3 Downloader 1.0.17

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

Anki

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition

Google Chrome

Google Update Helper

Intel® Processor Graphics

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft Mathematics Add-in (64-bit)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 32-bit MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Mozilla Firefox 17.0 (x86 en-US)

Mozilla Maintenance Service

Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition

Security Update for Microsoft Word 2010 (KB2553488) 64-Bit Edition

Sublime Text 2.0.1

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition

VLC media player 2.0.4

.

==== Event Viewer Messages From Past Week ========

.

27/11/2012 01:05:46, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialised due to error '0x80070005' when adding the URL 'http://+:10243/WMPNSSv4/1287810425/'. Restart your computer, then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

27/11/2012 01:05:46, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialised because the Windows Media Delivery Engine did not initialise due to error '0x80070005'. Restart your computer, then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

03/12/2012 23:27:13, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

01/12/2012 16:22:51, Error: Schannel [36887] - A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

.

==== End Of File =========================

dds

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16442

Run by Calum at 18:52:47 on 2012-12-04

Microsoft Windows 8 Pro 6.2.9200.0.1252.44.2057.18.16301.13697 [GMT 0:00]

.

AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k RPCSS

C:\WINDOWS\system32\atiesrxx.exe

C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\System32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\System32\dwm.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\taskhostex.exe

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe

C:\Windows\System32\RuntimeBroker.exe

C:\WINDOWS\system32\wwahost.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\WINDOWS\system32\atieclxx.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE

C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\vssvc.exe

C:\WINDOWS\System32\svchost.exe -k swprv

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\Users\Calum\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{3284CA4D-1C05-482F-AD55-506A3411AC6A} : DHCPNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{DAA5DE5E-72FD-443E-BDDB-B9CF0C888463} : DHCPNameServer = 194.168.4.100 194.168.8.100

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

SSODL: WebCheck - <orphaned>

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Calum\AppData\Roaming\Mozilla\Firefox\Profiles\txu8b47a.default-1354553513147\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll

FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll

FF - ExtSQL: 2012-12-03 16:52; omnibar@ajitk.com; C:\Users\Calum\AppData\Roaming\Mozilla\Firefox\Profiles\txu8b47a.default-1354553513147\extensions\omnibar@ajitk.com.xpi

FF - ExtSQL: 2012-12-03 16:53; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Calum\AppData\Roaming\Mozilla\Firefox\Profiles\txu8b47a.default-1354553513147\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

FF - ExtSQL: 2012-12-03 16:55; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Calum\AppData\Roaming\Mozilla\Firefox\Profiles\txu8b47a.default-1354553513147\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

.

============= SERVICES / DRIVERS ===============

.

R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2012-10-18 239616]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-26 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-26 676936]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\Drivers\AtihdW86.sys [2012-8-21 91648]

R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\Drivers\mbam.sys [2012-11-26 25928]

R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440]

R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2012-6-2 589824]

S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-26 117248]

S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]

S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\WINDOWS\System32\Drivers\xusb22.sys [2012-7-26 89088]

.

=============== Created Last 30 ================

.

2012-12-04 18:46:13 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C112CEF5-8CA1-4D11-9B23-85FDA31458AC}\mpengine.dll

2012-12-03 16:05:32 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-12-03 14:01:54 -------- d-----w- C:\Program Files (x86)\xampp

2012-12-02 17:02:51 -------- d-----w- C:\Users\Calum\AppData\Roaming\.minecraft

2012-12-01 19:15:55 -------- d-----w- C:\WINDOWS\System32\appmgmt

2012-12-01 19:08:53 916456 ----a-w- C:\WINDOWS\System32\deployJava1.dll

2012-12-01 19:08:53 1034216 ----a-w- C:\WINDOWS\System32\npDeployJava1.dll

2012-12-01 09:58:34 -------- d-----w- C:\Users\Calum\AppData\Local\Adobe

2012-11-30 18:27:14 -------- d-----w- C:\Program Files (x86)\Amazon

2012-11-27 21:38:01 405504 ----a-w- C:\WINDOWS\System32\pcasvc.dll

2012-11-27 21:38:01 31232 ----a-w- C:\WINDOWS\System32\pcadm.dll

2012-11-27 21:38:01 13312 ----a-w- C:\WINDOWS\System32\pcalua.exe

2012-11-27 21:38:01 11776 ----a-w- C:\WINDOWS\System32\pcaevts.dll

2012-11-27 16:03:04 -------- d-----w- C:\Users\Calum\AppData\Roaming\aacs

2012-11-27 16:01:02 -------- d-----w- C:\Program Files\VideoLAN

2012-11-27 15:26:26 -------- d-----w- C:\Program Files (x86)\VideoLAN

2012-11-27 14:31:38 -------- d-----w- C:\Users\Calum\AppData\Local\Diagnostics

2012-11-27 14:18:32 -------- d-----w- C:\ProgramData\AMD

2012-11-27 14:18:32 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2012-11-27 14:18:32 -------- d-----w- C:\Program Files (x86)\AMD AVT

2012-11-27 14:18:30 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-11-27 14:18:03 -------- d-----w- C:\Program Files\ATI Technologies

2012-11-27 14:18:01 -------- d-----w- C:\Program Files\ATI

2012-11-27 14:17:28 -------- d-----w- C:\AMD

2012-11-27 13:55:42 -------- d-----w- C:\Users\Calum\AppData\Local\ATI

2012-11-27 13:55:00 114704 ----a-w- C:\WINDOWS\System32\drivers\AtihdW76.sys

2012-11-27 13:54:52 462848 ----a-w- C:\WINDOWS\System32\ATIDEMGX.dll

2012-11-27 13:54:13 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2012-11-27 13:49:12 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2012-11-27 13:46:00 0 ----a-w- C:\WINDOWS\ativpsrm.bin

2012-11-27 11:05:20 -------- d-----w- C:\Program Files (x86)\Anki

2012-11-27 01:26:57 -------- d-----w- C:\Program Files\Microsoft Mathematics Add-in

2012-11-27 01:24:10 5425496 ----a-w- C:\WINDOWS\System32\D3DX9_41.dll

2012-11-27 01:24:10 4178264 ----a-w- C:\WINDOWS\SysWow64\D3DX9_41.dll

2012-11-27 01:18:49 778856 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll

2012-11-27 01:18:49 35400 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe

2012-11-27 01:18:49 35400 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe

2012-11-27 01:18:49 124040 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll

2012-11-27 01:18:49 1166440 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll

2012-11-27 01:18:49 102528 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll

2012-11-27 01:07:49 80728 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl

2012-11-27 01:07:49 695648 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe

2012-11-27 01:02:36 -------- d-----r- C:\WINDOWS\BrowserChoice

2012-11-27 00:59:34 11272192 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2012-11-27 00:59:34 10768384 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2012-11-27 00:55:51 279656 ------w- C:\WINDOWS\System32\MpSigStub.exe

2012-11-27 00:50:59 80896 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe

2012-11-27 00:48:33 98304 ----a-w- C:\WINDOWS\System32\wudriver.dll

2012-11-27 00:47:50 8856576 ----a-w- C:\WINDOWS\SysWow64\twinui.dll

2012-11-26 23:28:51 -------- d-----w- C:\WINDOWS\PCHEALTH

2012-11-26 23:26:21 -------- d-----w- C:\Program Files\Microsoft Analysis Services

2012-11-26 23:26:21 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2012-11-26 23:26:06 -------- d-----w- C:\Users\Calum\AppData\Local\Microsoft Help

2012-11-26 23:25:42 -------- d-----w- C:\Users\Calum\AppData\Local\Google

2012-11-26 22:45:07 -------- d-----w- C:\Users\Calum\AppData\Roaming\Sublime Text 2

2012-11-26 22:43:07 -------- d-----w- C:\Program Files\Sublime Text 2

2012-11-26 22:04:31 206528 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10186.bin

2012-11-26 22:03:42 -------- d-----w- C:\Users\Calum\AppData\Local\Macromedia

2012-11-26 21:52:13 -------- d-----w- C:\Intel

2012-11-26 21:48:30 -------- d-----w- C:\Users\Calum\AppData\Local\Mozilla

2012-11-26 21:48:00 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-11-26 21:46:15 -------- d-----w- C:\Users\Calum\AppData\Roaming\Malwarebytes

2012-11-26 21:46:12 -------- d-----w- C:\ProgramData\Malwarebytes

2012-11-26 21:46:11 25928 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys

2012-11-26 21:46:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-26 21:43:38 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin

2012-11-26 21:43:37 18528 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin

2012-11-26 21:34:07 -------- d-----w- C:\WINDOWS\Panther

2012-11-26 21:33:25 -------- d-sh--w- C:\Boot

.

==================== Find3M ====================

.

2012-11-02 05:22:08 34304 ----a-w- C:\WINDOWS\SysWow64\wuapp.exe

2012-11-02 05:21:44 83968 ----a-w- C:\WINDOWS\SysWow64\wudriver.dll

2012-11-02 05:21:44 125952 ----a-w- C:\WINDOWS\SysWow64\wuwebv.dll

2012-11-02 05:21:28 246784 ----a-w- C:\WINDOWS\SysWow64\ubpm.dll

2012-11-02 05:20:31 39424 ----a-w- C:\WINDOWS\System32\wuapp.exe

2012-11-02 05:20:28 77824 ----a-w- C:\WINDOWS\System32\taskhost.exe

2012-11-02 05:20:28 72192 ----a-w- C:\WINDOWS\System32\taskhostex.exe

2012-11-02 05:20:10 141824 ----a-w- C:\WINDOWS\System32\wuwebv.dll

2012-11-02 05:20:09 251904 ----a-w- C:\WINDOWS\System32\WUSettingsProvider.dll

2012-11-02 05:20:09 17408 ----a-w- C:\WINDOWS\System32\wuaext.dll

2012-11-02 05:20:09 1619968 ----a-w- C:\WINDOWS\System32\wucltux.dll

2012-11-02 05:19:50 318464 ----a-w- C:\WINDOWS\System32\ubpm.dll

2012-11-02 05:01:27 99328 ----a-w- C:\WINDOWS\System32\wushareduxresources.dll

2012-11-02 04:55:32 212992 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb20.sys

2012-11-02 04:53:13 366080 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb.sys

2012-10-29 05:04:47 522640 ----a-w- C:\WINDOWS\System32\AUDIOKSE.dll

2012-10-29 05:04:47 490064 ----a-w- C:\WINDOWS\System32\AudioEng.dll

2012-10-29 05:04:47 447792 ----a-w- C:\WINDOWS\System32\AudioSes.dll

2012-10-29 05:04:47 253512 ----a-w- C:\WINDOWS\System32\audiodg.exe

2012-10-29 03:21:53 1526784 ----a-w- C:\WINDOWS\System32\mfcore.dll

2012-10-29 03:21:21 267264 ----a-w- C:\WINDOWS\System32\EncDump.dll

2012-10-29 03:20:49 785920 ----a-w- C:\WINDOWS\System32\audiosrv.dll

2012-10-29 03:20:49 169472 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll

2012-10-29 03:19:08 463768 ----a-w- C:\WINDOWS\SysWow64\AUDIOKSE.dll

2012-10-29 03:19:08 427568 ----a-w- C:\WINDOWS\SysWow64\AudioEng.dll

2012-10-29 03:19:08 324344 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll

2012-10-29 02:46:23 1451520 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll

2012-10-24 04:54:06 6972136 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe

2012-10-24 03:25:41 26624 ----a-w- C:\WINDOWS\System32\ReAgentc.exe

2012-10-24 03:24:42 439296 ----a-w- C:\WINDOWS\System32\ReAgent.dll

2012-10-24 03:06:12 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb

2012-10-24 02:48:12 24064 ----a-w- C:\WINDOWS\SysWow64\ReAgentc.exe

2012-10-24 02:47:29 371712 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll

2012-10-24 02:27:01 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb

2012-10-20 03:22:05 39936 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll

2012-10-20 02:44:53 431104 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll

2012-10-20 02:25:35 310784 ----a-w- C:\WINDOWS\apppatch\AcRes.dll

2012-10-19 04:59:28 4056576 ----a-w- C:\WINDOWS\System32\win32k.sys

2012-10-18 06:17:18 69864 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys

2012-10-18 03:20:46 10096640 ----a-w- C:\WINDOWS\System32\twinui.dll

2012-10-18 03:18:40 2302464 ----a-w- C:\WINDOWS\System32\authui.dll

2012-10-18 03:18:33 2146816 ----a-w- C:\WINDOWS\System32\actxprxy.dll

2012-10-18 02:44:38 2033664 ----a-w- C:\WINDOWS\SysWow64\authui.dll

2012-10-18 02:44:33 753664 ----a-w- C:\WINDOWS\SysWow64\actxprxy.dll

2012-10-17 04:32:52 1172992 ----a-w- C:\WINDOWS\System32\mfnetsrc.dll

2012-10-17 04:32:51 677888 ----a-w- C:\WINDOWS\System32\mfnetcore.dll

2012-10-17 04:32:51 673280 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll

2012-10-17 04:32:50 1048064 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll

2012-10-17 03:57:37 929792 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll

2012-10-17 03:57:37 568832 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll

2012-10-17 03:57:37 513024 ----a-w- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll

2012-10-17 03:57:36 850944 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll

2012-10-12 08:08:01 27880 ----a-w- C:\WINDOWS\System32\drivers\rdpvideominiport.sys

2012-10-12 06:14:54 87040 ----a-w- C:\WINDOWS\System32\srmtrace.dll

2012-10-12 06:14:54 652800 ----a-w- C:\WINDOWS\System32\srmscan.dll

2012-10-12 06:14:54 30720 ----a-w- C:\WINDOWS\System32\srm_ps.dll

2012-10-12 06:14:54 279040 ----a-w- C:\WINDOWS\System32\srm.dll

2012-10-12 06:14:54 274432 ----a-w- C:\WINDOWS\System32\srmstormod.dll

2012-10-12 06:14:54 172032 ----a-w- C:\WINDOWS\System32\srmshell.dll

2012-10-12 06:14:54 1347072 ----a-w- C:\WINDOWS\System32\srmclient.dll

2012-10-12 06:14:54 134144 ----a-w- C:\WINDOWS\System32\adrclient.dll

2012-10-12 06:14:40 36352 ----a-w- C:\WINDOWS\System32\rfxvmt.dll

2012-10-12 06:14:39 3244032 ----a-w- C:\WINDOWS\System32\rdpcorets.dll

2012-10-12 06:14:34 115712 ----a-w- C:\WINDOWS\System32\wbem\PolicMan.dll

2012-10-12 06:13:32 109568 ----a-w- C:\WINDOWS\System32\dskquota.dll

2012-10-12 05:50:01 235520 ----a-w- C:\WINDOWS\System32\rdpudd.dll

2012-10-12 05:46:28 618496 ----a-w- C:\WINDOWS\System32\drivers\srv2.sys

2012-10-12 05:41:02 987648 ----a-w- C:\WINDOWS\SysWow64\srmclient.dll

2012-10-12 05:41:02 68096 ----a-w- C:\WINDOWS\SysWow64\srmtrace.dll

2012-10-12 05:41:02 487936 ----a-w- C:\WINDOWS\SysWow64\srmscan.dll

2012-10-12 05:41:02 278528 ----a-w- C:\WINDOWS\SysWow64\srm.dll

2012-10-12 05:41:02 202240 ----a-w- C:\WINDOWS\SysWow64\srmstormod.dll

2012-10-12 05:41:02 15872 ----a-w- C:\WINDOWS\SysWow64\srm_ps.dll

2012-10-12 05:41:02 128000 ----a-w- C:\WINDOWS\SysWow64\srmshell.dll

2012-10-12 05:41:02 104448 ----a-w- C:\WINDOWS\SysWow64\adrclient.dll

2012-10-12 05:40:49 84992 ----a-w- C:\WINDOWS\SysWow64\wbem\PolicMan.dll

2012-10-12 05:39:54 82944 ----a-w- C:\WINDOWS\SysWow64\dskquota.dll

2012-10-11 07:47:18 793200 ----a-w- C:\WINDOWS\System32\mfplat.dll

2012-10-11 07:35:16 2380944 ----a-w- C:\WINDOWS\explorer.exe

2012-10-11 07:26:44 336104 ----a-w- C:\WINDOWS\System32\drivers\Classpnp.sys

2012-10-11 07:25:48 56552 ----a-w- C:\WINDOWS\System32\drivers\sdstor.sys

2012-10-11 07:23:33 1001192 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys

2012-10-11 07:23:32 441576 ----a-w- C:\WINDOWS\System32\drivers\netio.sys

2012-10-11 07:18:25 172264 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys

2012-10-11 07:16:20 1403784 ----a-w- C:\WINDOWS\System32\winload.efi

2012-10-11 07:16:20 1267424 ----a-w- C:\WINDOWS\System32\winload.exe

2012-10-11 07:16:20 1217328 ----a-w- C:\WINDOWS\System32\winresume.efi

2012-10-11 07:16:19 1093880 ----a-w- C:\WINDOWS\System32\winresume.exe

2012-10-11 07:13:54 194280 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys

2012-10-11 07:13:51 124648 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys

2012-10-11 07:13:49 58088 ----a-w- C:\WINDOWS\System32\drivers\dam.sys

2012-10-11 07:13:37 33512 ----a-w- C:\WINDOWS\System32\drivers\battc.sys

2012-10-11 07:08:41 562392 ----a-w- C:\WINDOWS\System32\drivers\cng.sys

2012-10-11 07:02:27 1636672 ----a-w- C:\WINDOWS\System32\WMALFXGFXDSP.dll

2012-10-11 07:01:47 503080 ----a-w- C:\WINDOWS\System32\ci.dll

2012-10-11 05:56:41 2115952 ----a-w- C:\WINDOWS\SysWow64\explorer.exe

2012-10-11 05:45:58 907776 ----a-w- C:\WINDOWS\System32\uxtheme.dll

2012-10-11 05:45:58 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll

2012-10-11 05:45:58 1045504 ----a-w- C:\WINDOWS\System32\usercpl.dll

2012-10-11 05:45:53 3554304 ----a-w- C:\WINDOWS\System32\tquery.dll

.

============= FINISH: 18:52:52.77 ===============

</orphaned></orphaned>

attach.txt

dds.txt

Edited by Maurice Naggar
Link to post
Share on other sites

  • 2 weeks later...

Hello Callum,

Are you still having the same issue? And is Windows 8 the operating system?

Did it come preloaded on a new system? or did you do an upgrade to Windows 8?

Remove uTorrent at the very next opportunity.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

Forum policy on peer-to-peer-programs:

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

http://forums.malwarebytes.org/index.php?showtopic=97700

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.