Jump to content

System32 SVHOST Backdoor.spynet


Recommended Posts

And here is the other attach.txt file.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 4/4/2012 6:31:19 AM

System Uptime: 12/16/2012 9:39:43 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P8Z68-V PRO GEN3

Processor: Intel® Core i5-2500K CPU @ 3.30GHz | LGA1155 | 3301/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 84 GiB total, 33.699 GiB free.

D: is CDROM ()

F: is Removable

G: is FIXED (NTFS) - 932 GiB total, 524.267 GiB free.

H: is FIXED (NTFS) - 932 GiB total, 412.971 GiB free.

I: is Removable

J: is Removable

K: is Removable

L: is Removable

S: is FIXED (NTFS) - 932 GiB total, 471.116 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: Unknown Device

Device ID: USB\VID_0000&PID_0000\7&74F2FA2&0&4

Manufacturer: (Standard USB Host Controller)

Name: Unknown Device

PNP Device ID: USB\VID_0000&PID_0000\7&74F2FA2&0&4

Service:

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco Systems VPN Adapter for 64-bit Windows

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter for 64-bit Windows

PNP Device ID: ROOT\NET\0000

Service: CVirtA

.

==== System Restore Points ===================

.

RP222: 12/16/2012 11:39:36 AM - Windows Update

.

==== Installed Programs ======================

.

3Dconnexion 3DxSoftware (x64 Edition)

3Dconnexion 3DxWare (x64)

3Dconnexion Add-In for AutoCAD 2007 - 2010

3Dconnexion Add-In for Inventor 11 - 2013

3Dconnexion Add-In for Solid Edge V18 - ST4

3Dconnexion Add-In for SolidWorks 2005 - 2012 (x64)

3Dconnexion Add-On for XSI v5.0 - 2013

3Dconnexion Collage

3Dconnexion Extension for SketchUp

3Dconnexion Plug-In for 3ds Max v9 - 2013

3Dconnexion Plug-in for Acrobat 3D

3Dconnexion Plug-In for Maya v8.5 - 2013

3Dconnexion Plug-In for NX v3.0 - v8.0

3Dconnexion Plug-In for Photoshop CS3 - CS5

3Dconnexion Plug-In for Pro/ENGINEER Wildfire 3.0 - Creo 1.0

3Dconnexion Trainer

Adobe Acrobat X Pro - English, FranÁais, Deutsch

Adobe After Effects CS6

Adobe AIR

Adobe Content Viewer

Adobe Creative Suite 5.5 Master Collection

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Manager

Adobe Illustrator CS6

Adobe Photoshop CS6

Adobe Premiere Pro CS6

Adobe Shockwave Player 11.6

Adobe Story

Adobe Widget Browser

Agisoft PhotoScan Professional

AgiSoft StereoScan

Akamai NetSession Interface

AllToAVI v4 r5394

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Asmedia ASM104x USB 3.0 Host Controller Driver

ASUS GPU Tweak

Autodesk 123D Catch

Autodesk 3ds Max 2012 64-bit - English

Autodesk 3ds Max 2012 64-bit - English SP2

Autodesk 3ds Max 2012 English Documentation

Autodesk 3ds Max 2013 64-bit

Autodesk Backburner 2012.0.0

Autodesk DirectConnect 2013 64-bit

Autodesk Essential Skills Movies for 3ds Max 2013 64-bit

Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit

Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit

Autodesk Inventor Server Engine for 3ds Max 2013 64-bit

Autodesk Material Library 2012

Autodesk Material Library 2013

Autodesk Material Library Base Resolution Image Library 2012

Autodesk Material Library Base Resolution Image Library 2013

Autodesk Material Library Medium Resolution Image Library 2012

Autodesk Material Library Medium Resolution Image Library 2013

Autodesk MotionBuilder 2012 64-bit

Autodesk Mudbox 2012 64-bit - English

Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit

Autodesk Stitcher Unlimited 2009

bl

Bluetooth Win7 Suite (64)

Bonjour

CINEMA 4D 13.016

Cisco Systems VPN Client 5.0.07.0290

Combined Community Codec Pack 2011-11-11

Composite 2012 64-bit

Composite 2013 64-bit

Core Temp version 0.99.7

Corel Painter 12

Corel Painter 12 - IPM

Driver Sweeper version 3.2.0

Dropbox

DVDFab 8.2.2.0 (16/11/2012) Qt

EVGA Precision X 3.0.4

FileZilla Client 3.6.0.2

FlashGet 3.7

Google Chrome

Google Drive

Google Earth Plug-in

Google Talk Plugin

Google Update Helper

iClone v5.2 PRO

IconHandler 64 bit

Intel® Network Connections 15.6.25.0

Intel® Turbo Boost Technology Monitor 2.0

InterVideo DeviceService

IsoBuster 1.7

iTunes

Java 7 Update 7

Java Auto Updater

Java 6 Update 31

JMicron JMB36X Driver

LG Burning Tool

LG CyberLink BD Advisor

LG CyberLink Media Suite

LG CyberLink PowerDVD

LG CyberLink PowerProducer

LG Tool Kit

LightScribe System Software

Makehuman

Malwarebytes Anti-Malware version 1.65.1.1000

marvell 91xx driver

MeshLab_64b 1.3.2

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Camera Codec Pack

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XML Parser

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Microsoft_VC90_MFCLOC_x86

Microsoft_VC90_MFCLOC_x86_x64

NVIDIA 3D Vision Controller Driver 306.97

NVIDIA 3D Vision Driver 306.97

NVIDIA Control Panel 306.97

NVIDIA CUDA Toolkit v4.1 (64 bit)

NVIDIA Graphics Driver 306.97

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0604

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.10.8

NVIDIA Update Components

Painter 12 - Content

Painter 12 - Core

Painter 12 - Corex64

Painter 12 - EN

Painter 12 - Setup Files

PDF Settings CS5

PDF Settings CS6

ph

PxMergeModule

QuickTime

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

smartmontools

Steam

StitcherUnlimited2009 AdLM

swMSM

TopoGun 1.06 W64

Ulead DVD MovieFactory 6

UltraMon

Unwrella2 2.20

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

V-Ray for 3dsmax 2012 for x64

V-Ray for 3dsmax 2013 for x64

Wacom Tablet

WebTablet FB Plugin

WebTablet IE Plugin

WebTablet Netscape Plugin

WibuKey Setup (WibuKey Remove)

WinDirStat 1.1.2

WinRAR 4.11 (64-bit)

.

==== Event Viewer Messages From Past Week ========

.

12/16/2012 9:34:22 PM, Error: Service Control Manager [7034] - The IntelÆ PROSet Monitoring Service service terminated unexpectedly. It has done this 1 time(s).

12/16/2012 9:31:10 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

12/16/2012 9:30:55 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

12/16/2012 9:29:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

12/16/2012 9:29:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

12/16/2012 9:29:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

12/16/2012 9:29:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

12/16/2012 9:29:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa80108d2b30, 0xfffffa80108d2e10, 0xfffff800033de460). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121612-16052-01.

12/16/2012 9:28:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6

12/16/2012 9:26:44 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa80101476a0, 0xfffffa8010147980, 0xfffff80003390460). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121612-18376-01.

12/16/2012 9:26:38 PM, Error: Service Control Manager [7034] - The AtherosSvc service terminated unexpectedly. It has done this 1 time(s).

12/16/2012 9:16:00 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

12/16/2012 9:15:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

12/16/2012 9:15:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

12/16/2012 9:15:10 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800cc88b30, 0xfffffa800cc88e10, 0xfffff80003389460). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121612-13743-01.

12/16/2012 9:15:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf

12/16/2012 9:15:03 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/16/2012 9:15:03 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/16/2012 9:15:03 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

12/16/2012 9:15:03 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/16/2012 9:15:03 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

12/16/2012 9:15:03 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

12/16/2012 9:15:03 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/16/2012 9:15:03 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

12/16/2012 9:15:03 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

12/16/2012 9:15:03 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

12/16/2012 9:11:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8010888b30, 0xfffffa8010888e10, 0xfffff800033da460). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121612-17144-01.

12/16/2012 9:07:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.1996.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

12/16/2012 9:07:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

12/16/2012 9:06:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

12/16/2012 9:04:57 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8014935060, 0xfffffa8014935340, 0xfffff80003381460). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121612-29608-01.

12/15/2012 10:04:35 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

.

==== End Of File ===========================

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes,

We have an advanced product in development that is now in public Beta: Malwarebytes Anti-Rootkit. This tool has been designed to address the specific type of infection(s) identified on your system. At this stage Malwarebytes Anti-Rootkit has been heavily tested and we are confident in it's capabilities and stability. That being said, this is a Beta product and certain disclaimers need to be made. All Beta versions are not final products. Malwarebytes does not guarantee the absence of errors which might lead to interruption in normal computer operations or data loss. Precautions should be taken. The types of infections targeted by Malwarebytes Anti-Rootkit can be very difficult to remove. Please be sure you have any valued data backed up before proceeding, just as a precaution.

While we encourage and invite participation, Malwarebytes Anti-Rootkit Beta users run the tool at their own risk. Malwarebytes bears no responsibility for issues that may arise during use of this tool, however all reasonable efforts will be made by Malwarebytes to assist in recovery should the need arise.

If you agree to these terms, please let us know and we will provide a download link and instructions for you.

Link to post
Share on other sites

  • 2 weeks later...
  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.