Jump to content

safe after system restore?? log posted


pdukey

Recommended Posts

Had "Security Tool">blue screen of death>system restore>no more "security tool">internet explorer crashes citing corrupted malicious add-on

AVG shows clean

steps after system restore

  • malwarebytes 1.5 current version nothing found log below
  • defogger disabled
  • DDS logs below and attached
  • GMER nothing found, no log produced

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Database version: 5302

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/12/2010 4:23:32 PM

mbam-log-2010-12-12 (16-23-32).txt

Scan type: Quick scan

Objects scanned: 159068

Time elapsed: 3 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-12-12.02) - NTFS_AMD64

Run by Timnis at 22:30:59.73 on Sun 12/12/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6135.4106 [GMT -5:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\sminst\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Users\Timnis\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe

C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 6\CalCheck.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\AVG\AVG10\avgchsva.exe

C:\Program Files (x86)\AVG\AVG10\avgrsa.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\AVG\AVG10\avgemca.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

J:\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [steam] "c:\program files (x86)\steam\steam.exe" -silent

uRun: [Octoshape Streaming Services] "C:\Users\Timnis\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

mRun: [Turbine Download Manager Tray Icon] "C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe"

mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [ulead AutoDetector] C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe

mRun: [ulead Calendar Checker] C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 6\CalCheck.exe

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

StartupFolder: C:\Users\Timnis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\Timnis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\KUMA_T~1.LNK - C:\Program Files (x86)\Kuma Games\kgsystray\Kuma_tray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

mRun-x64: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"

mRun-x64: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

mRun-x64: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-6-13 53488]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-9 382032]

R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/01/06 19:31:44];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2010-1-6 146928]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-1-6 92160]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-1-6 202752]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-11-10 6127184]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

R2 SftService;SoftThinks Agent Service;C:\Windows\sminst\SftService.exe [2009-6-13 632048]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]

R3 netr7364;Belkin Wireless 54G USB Network Adapter Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-27 575488]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-1-6 215040]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-3 135664]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2010-9-12 25832]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-5 1255736]

=============== Created Last 30 ================

2010-12-12 20:28:04 -------- d-----w- C:\Users\Timnis\AppData\Roaming\AVG10

2010-12-12 20:27:38 -------- d--h--w- C:\PROGRA~3\Common Files

2010-12-12 20:26:40 -------- d-----w- C:\Windows\System32\drivers\AVG

2010-12-12 20:26:40 -------- d-----w- C:\PROGRA~3\AVG10

2010-12-12 17:08:27 -------- d-----w- C:\PROGRA~3\MFAData

2010-12-11 16:32:55 -------- d-----w- C:\PROGRA~3\oKlMe06301

2010-11-23 20:14:26 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2010-11-23 20:14:26 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2010-11-19 22:37:26 -------- d-----w- C:\Users\Timnis\AppData\Roaming\.minecraft

==================== Find3M ====================

2010-11-29 22:42:06 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-11-10 03:20:56 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2010-10-14 06:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll

2010-10-14 06:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll

2006-05-03 09:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll

2007-02-21 10:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll

2008-03-16 12:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll

============= FINISH: 22:31:17.59 ===============

Attach.zip

Link to post
Share on other sites

Hi Robb, if you did the System Restore to before the rogue was present and the restore point was not infected, this would have eliminated it.

Your log looks okay and if you have no problems, you should be fine. If you want, give it a day or so and monitor for any unusual behaviour and post back here.

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.