Jump to content

malwarebytes crashes, issues with svchost.exe, etc...


Recommended Posts

Hello,

Apologies in advance if I leave anything out; I'm frazzled from spending hours trying to fix this and getting nowhere.

The other day I clicked on a persistent flashing window telling me to install an update for Adobe Reader. The same thing still appears in my icon tray at the lower right. When I mouse over the icon, it says "Update is ready to install", and right-clicking it brings up a balloon which reads "Click on the icon to activate". Clicking it brings up a window called "Adobe Reader Updater"; inside it says "This update addresses customer issues and security vulnerabilities. Adobe recommends that you always install the latest updates." In the lower left there's a small link which reads "Details", and takes me to this page - http://kb2.adobe.com/cps/837/cpsid_83708.html - which seems like the legit Adobe site, but doesn't have any information about an update from the last few days.

Anyway... since then I've had really slow performance.

Earlier today I had a security center warning in my icon tray telling me that my firewall was down AND that I had no antivirus or antimalware software running. I honestly don't know what my usual firewall status is, but I definitely had AVG 2012 (the free version) running and doing daily scans.

Also earlier today (not sure of the chronology, sorry), I got a display showing the results of an AVG scan which had something like 16 suspicious items detected - 2 were taken care of, but 14 "needed action", and couldn't be removed after I clicked on "FIX" and "take action." I then noticed that AVG said that there were no scheduled scans; obviously weird since I'd been running daily scans for some time. When I went to edit scheduled scans, my changes couldn't be saved - it went right back to "no scheduled scans."

Also today I've been getting alert windows telling me "Host Process for Windows Services stopped working and was closed", and the same for something with "iPod" and "32-bit" in the name (this should be in the log). Those are both new as of today.

And I've only been able to get MBAM past the "enumerating registry files" stage once before it terminates. That's after downloading it again, installing it again, updating it again, and restarting the computer if prompted. After that I "don't have permission" to run it and have to start over at downloading it again.

I got the blue screen of death twice today in my efforts to fix things (one in the middle of trying to reinstall AVG - something didn't appreciate that).

Will be very grateful for any help...

Ross

--------

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_20

Run by Ross at 22:57:40 on 2011-11-05

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2813.1408 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\1101516064:3744618686.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\explorer.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\TOSHIBA\TECO\TEco.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\TOSHIBA\TANU\TANU.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEEA.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\ehome\ehsched.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Windows\system32\svchost.exe"

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

uSearch Bar = hxxp://www.google.com/ie

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

uInternet Settings,ProxyOverride = *.local;<local>

uInternet Settings,ProxyServer = http=127.0.0.1:18810

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

uURLSearchHooks: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - c:\program files\vshare.tv_bar\prxtbvsha.dll

mURLSearchHooks: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - c:\program files\vshare.tv_bar\prxtbvsha.dll

uWinlogon: Shell=c:\users\ross\appdata\local\20cda741\X

BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll

BHO: agcore.AGUtils: {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll

BHO: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - c:\program files\vshare.tv_bar\prxtbvsha.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - c:\program files\xfin_portal\auxi\comcastAu.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - c:\program files\vshare.tv_bar\prxtbvsha.dll

TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - c:\program files\xfin_portal\comcastdx.dll

TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [EPSON WorkForce 30 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieea.exe /fu "c:\windows\temp\E_S8251.tmp" /EF "HKCU"

uRun: [Google Update] "c:\users\ross\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden

uRun: [Facebook Update] "c:\users\ross\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide

mRun: [<NO NAME>]

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [NDSTray.exe] "c:\program files\toshiba\configfree\NDSTray.exe"

mRun: [cfFncEnabler.exe] "c:\program files\toshiba\configfree\cfFncEnabler.exe"

mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [TANU] %ProgramFiles%\TOSHIBA\TANU\TANU.exe

mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosSENotify.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

TCP: DhcpNameServer = 68.87.71.230 68.87.73.246

TCP: Interfaces\{55A30E48-C84D-40D1-8AEF-A0B2422CB07C} : DhcpNameServer = 68.87.71.230 68.87.73.246

TCP: Interfaces\{D5EB8D05-615F-4D2E-9A71-3DE464ABF9F1} : DhcpNameServer = 68.87.71.230 68.87.73.246

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\ross\appdata\roaming\mozilla\firefox\profiles\xbhmfxjl.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll

FF - plugin: c:\program files\picasa2\npPicasa2.dll

FF - plugin: c:\program files\picasa2\npPicasa3.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll

FF - plugin: c:\users\ross\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll

FF - plugin: c:\users\ross\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\users\ross\appdata\roaming\facebook\npfbplugin_1_0_3.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-9-12 237632]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-9-12 338880]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-7-17 25896]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-11-5 98392]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-17 173500]

R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2010-9-12 235472]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-9-23 366152]

R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-2-19 57344]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-4-14 180224]

R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-3-17 73728]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-5-3 7168]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-9-23 22216]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-11-5 41272]

S2 AGCoreService;AG Core Services;c:\program files\agi\core\3.1\AGCoreService.exe [2009-10-8 20480]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-5 135664]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-3 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-5 135664]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-9-12 366840]

S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-9-12 1145816]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

SUnknown okmgouzj;okmgouzj; [x]

.

=============== Created Last 30 ================

.

2011-11-06 02:54:01 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-06 02:51:07 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5c4ba68d-0e24-461d-b721-b8e4d00ca38d}\offreg.dll

2011-11-06 02:47:57 709968 ----a-w- c:\windows\isRS-000.tmp

2011-11-06 01:56:23 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5c4ba68d-0e24-461d-b721-b8e4d00ca38d}\mpengine.dll

2011-11-06 00:31:58 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-11-06 00:31:58 27984 ----a-w- c:\windows\system32\sbbd.exe

2011-11-06 00:31:50 -------- d-----w- C:\VIPRERESCUE

2011-11-05 04:41:07 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-11-05 04:34:43 -------- d-sh--w- c:\users\ross\appdata\local\20cda741

2011-10-24 18:33:56 -------- d-----w- c:\users\ross\appdata\roaming\AVG2012

2011-10-24 18:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 18:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-24 17:42:44 -------- d-----w- c:\windows\system32\drivers\AVG

2011-10-24 17:42:44 -------- d-----w- c:\programdata\AVG2012

2011-10-24 17:02:31 -------- d-----w- c:\programdata\MFAData

2011-10-13 07:00:30 -------- d-----w- C:\4cab356a1bb233b1012501cf3b

2011-10-07 10:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys

.

==================== Find3M ====================

.

2011-11-05 17:18:05 173500 ----a-w- c:\windows\system32\atiesrxx.exe

2011-11-05 04:36:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-04 10:21:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys

2011-09-13 10:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-11 16:53:28 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 23:00:16.04 ===============

Attach.zip

DDS.txt

Link to post
Share on other sites

:welcome:

Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps
  • Removing this infection can also disable the ability to connect to the internet.

This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.

Please post back to let me know how you wish to proceed.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.