BleepingComputer.com: msiexec and svchost

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

msiexec and svchost msiexec and svchost taking a lot of CPU

#16 User is offline   jntkwx 

  • Bleepin' Meteorologist
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Senior
  • Posts: 2,313
  • Joined: 12-September 08
  • Gender:Male
  • Location:New England, U.S.A.

Posted 16 October 2011 - 12:58 PM

Hi lenioffe,

The way you describe it, I have a feeling there's malware involved.

Let's try running a new Malwarebytes scan.

Rerun Malwarebytes
Open Malwarebytes (in Normal Mode if possible), click on the Update tab, and click the check for Updates button (the latest update as of this post is 7961.)
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

If you have trouble updating, troubleshoot Malwarebytes' Anti-Malware


Just copy and paste the Malwarebytes log into your next reply (don't put it in quotes.)
Regards,
Jason

Member of the Bleeping Computer A.I.I. early response team!
Please do not PM me for help!

#17 User is offline   lenioffe 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 23
  • Joined: 25-January 09

Posted 23 October 2011 - 08:39 AM

Jason,

thank you very much. I ran MBAM scan again. Here's the log.


Malwarebytes' Anti-Malware 1.51.2.1300
[url="http://www.malwarebytes.org"]www.malwarebytes.org[/url]

Database version: 7999

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/22/2011 9:40:57 PM
mbam-log-2011-10-22 (21-40-57).txt

Scan type: Full scan (C:\|)
Objects scanned: 381145
Time elapsed: 8 hour(s), 14 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Leon\local settings\Temp\563128312.uninstall\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Leon\my documents\MISC\flvplayersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.


But nothing changed after the reboot. I still see constant CPU usage surges making thecomputer extremely slow. I wonder whether flvplayersetup was actually removed. My problems started when I tried to install an applicaiton to watch TV on the computer and the installation crashed. Whether it was FLV player I don't remember.

What are my next steps should be?

Thank you again,
Len.



#18 User is offline   jntkwx 

  • Bleepin' Meteorologist
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Senior
  • Posts: 2,313
  • Joined: 12-September 08
  • Gender:Male
  • Location:New England, U.S.A.

Posted 23 October 2011 - 01:27 PM

Hi lenioffe,

View Postlenioffe, on 23 October 2011 - 08:39 AM, said:

I wonder whether flvplayersetup was actually removed. My problems started when I tried to install an applicaiton to watch TV on the computer and the installation crashed. Whether it was FLV player I don't remember.


It may have been flvplayer. If you can remember what the program was, and try to reinstall it, this may solve your CPU usage problem. Do you remember if you saved the file to a folder (such as C:\documents and settings\Leon\my documents\MISC\) when you downloaded it, or did you just open the without saving it to a specific folder?


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :process
msiexec.exe
svchost.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Regards,
Jason

Member of the Bleeping Computer A.I.I. early response team!
Please do not PM me for help!

#19 User is offline   lenioffe 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 23
  • Joined: 25-January 09

Posted 24 October 2011 - 09:39 PM

Jason,

thanks again. I can't find the applicaiton. I thin kit was actually called flvplayer and was i my MISC directory. That means the file was deleted.
I ran SystemLook. Here's the log.


SystemLook 30.07.11 by jpshortstuff
Log created at 22:25 on 24/10/2011 by Leon
Administrator - Elevation successful

========== process ==========

msiexec.exe - 3 handle(s) returned.
File path: Ÿ6曰6temRoot\System32\smss.exe
MD5: Unable to calculate MD5.
Modules:

File path: Ÿ6曰6temRoot\System32\smss.exe
MD5: Unable to calculate MD5.
Modules:

File path: C:\WINDOWS\system32\msiexec.exe
MD5: 5879D691E842574A20FE63817CB76DF9
Modules:
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\sfc_os.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\APPHELP.DLL
C:\WINDOWS\system32\netapi32.dll

svchost.exe - 11 handle(s) returned.
File path: C:\WINDOWS\System32\svchost.exe
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Modules:
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\System32\ShimEng.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\System32\MSACM32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\UxTheme.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
C:\WINDOWS\system32\comctl32.dll
c:\windows\system32\wiaservc.dll
c:\windows\system32\CFGMGR32.dll
c:\windows\system32\setupapi.DLL
c:\windows\system32\mscms.dll
c:\windows\system32\WINSPOOL.DRV
c:\windows\system32\WINSTA.dll
c:\windows\system32\NETAPI32.dll
C:\WINDOWS\System32\xpsp2res.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\System32\WINTRUST.dll
C:\WINDOWS\System32\CRYPT32.dll
C:\WINDOWS\System32\MSASN1.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\hpwwiax5.dll
C:\WINDOWS\system32\actxprxy.dll
C:\WINDOWS\System32\sti.dll

File path: C:\WINDOWS\System32\svchost.exe
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Modules:
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\System32\ShimEng.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\System32\MSACM32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\UxTheme.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
C:\WINDOWS\system32\comctl32.dll
c:\windows\system32\hpzipm12.dll
c:\windows\system32\WSOCK32.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
C:\WINDOWS\System32\NTMARTA.DLL
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\System32\HPZidr12.dll
C:\WINDOWS\System32\WINSPOOL.DRV

File path: C:\WINDOWS\System32\svchost.exe
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Modules:
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\System32\ShimEng.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\System32\MSACM32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\UxTheme.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
C:\WINDOWS\system32\comctl32.dll
c:\windows\system32\hpzinw12.dll
c:\windows\system32\WSOCK32.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
C:\WINDOWS\System32\NTMARTA.DLL
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\system32\WLDAP32.dll

File path: C:\WINDOWS\system32\svchost.exe
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Modules:
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
C:\WINDOWS\system32\comctl32.dll
c:\program files\hp\digital imaging\bin\hpslpsvc32.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\OLEACC.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\IPHLPAPI.DLL
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\netman.dll
C:\WINDOWS\system32\MPRAPI.dll
C:\WINDOWS\system32\ACTIVEDS.dll
C:\WINDOWS\system32\adsldpc.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\netshell.dll
C:\WINDOWS\system32\credui.dll
C:\WINDOWS\system32\dot3api.dll
C:\WINDOWS\system32\dot3dlg.dll
C:\WINDOWS\system32\OneX.DLL
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\eappcfg.dll
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\eappprxy.dll
C:\WINDOWS\system32\RASAPI32.dll
C:\WINDOWS\system32\rasman.dll
C:\WINDOWS\system32\TAPI32.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\Normaliz.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\iertutil.dll
C:\WINDOWS\system32\WZCSAPI.DLL
C:\WINDOWS\system32\WZCSvc.DLL
C:\WINDOWS\system32\WMI.dll
C:\WINDOWS\system32\DHCPCSVC.DLL
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\EapolQec.dll
C:\WINDOWS\system32\QUtil.dll
C:\WINDOWS\system32\ESENT.dll
C:\Program Files\Avira\AntiVir Desktop\avsda.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\cryptdll.dll

File path: C:\WINDOWS\system32\svchost.exe
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Modules:
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
C:\WINDOWS\system32\comctl32.dll
c:\program files\hp\digital imaging\bin\hpqddsvc.dll
c:\program files\hp\digital imaging\bin\hpqddcmn.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCP80.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
c:\program files\hp\digital imaging\bin\hpqcxs08.dll
C:\WINDOWS\system32\SHFOLDER.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\SXS.DLL
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\CRYPT32.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\Apphelp.dll
C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll
C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\WLDAP32.dll

File path: C:\WINDOWS\System32\svchost.exe
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Modules:
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\System32\ShimEng.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\System32\MSACM32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\UxTheme.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\System32\NTMARTA.DLL
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\System32\xpsp2res.dll
c:\windows\system32\webclnt.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\Normaliz.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\iertutil.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll

File path: C:\WINDOWS\System32\svchost.exe
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Modules:
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\System32\ShimEng.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\System32\MSACM32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\UxTheme.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\System32\NTMARTA.DLL
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\System32\xpsp2res.dll
c:\windows\system32\lmhsvc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\ssdpsrv.dll
C:\WINDOWS\System32\hnetcfg.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\System32\COMRes.dll
C:\Program Files\Avira\AntiVir Desktop\avsda.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\System32\wshtcpip.dll

File path: C:\WINDOWS\System32\svchost.exe
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Modules:
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\System32\ShimEng.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\System32\MSACM32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\UxTheme.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
C:\WINDOWS\system32\comctl32.dll
c:\windows\system32\dnsrslvr.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\iphlpapi.dll
C:\WINDOWS\System32\rsaenh.dll
C:\Program Files\Avira\AntiVir Desktop\avsda.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\System32\hnetcfg.dll
C:\WINDOWS\System32\wshtcpip.dll

File path: C:\WINDOWS\System32\svchost.exe
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Modules:
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\System32\ShimEng.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\System32\WINMM.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\System32\MSACM32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\System32\UxTheme.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\System32\NTMARTA.DLL
C:\WINDOWS\System32\SAMLIB.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\System32\xpsp2res.dll
c:\windows\system32\shsvcs.dll
C:\WINDOWS\System32\WINSTA.dll
C:\WINDOWS\System32\NETAPI32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\DNSAPI.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\iphlpapi.dll
C:\WINDOWS\System32\rsaenh.dll
C:\Program Files\Avira\AntiVir Desktop\avsda.dll
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\System32\hnetcfg.dll
C:\WINDOWS\System32\wshtcpip.dll
c:\windows\system32\wzcsvc.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\WMI.dll
c:\windows\system32\CRYPT32.dll
c:\windows\system32\MSASN1.dll
c:\windows\system32\EapolQec.dll
c:\windows\system32\ATL.DLL
c:\windows\system32\QUtil.dll
c:\windows\system32\MSVCP60.dll
c:\windows\system32\dot3api.dll
c:\windows\system32\WTSAPI32.dll
c:\windows\system32\ESENT.dll
C:\WINDOWS\System32\CLBCATQ.DLL
C:\WINDOWS\System32\COMRes.dll
C:\WINDOWS\System32\CRYPTUI.dll
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\Normaliz.dll
C:\WINDOWS\system32\urlmon.dll
C:\WINDOWS\system32\iertutil.dll
C:\WINDOWS\System32\WINTRUST.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\System32\MPRAPI.dll
C:\WINDOWS\System32\ACTIVEDS.dll
C:\WINDOWS\System32\adsldpc.dll
C:\WINDOWS\System32\SETUPAPI.dll
C:\WINDOWS\System32\RASAPI32.dll
C:\WINDOWS\System32\rasman.dll
C:\WINDOWS\System32\TAPI32.dll
C:\WINDOWS\System32\PSAPI.DLL
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\System32\cryptdll.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\NTDSAPI.dll
C:\WINDOWS\System32\MSIDLE.DLL
c:\windows\system32\audiosrv.dll
c:\windows\system32\wkssvc.dll
c:\windows\system32\cryptsvc.dll
c:\windows\system32\certcli.dll
c:\windows\system32\es.dll
c:\windows\pchealth\helpctr\binaries\pchsvc.dll
c:\windows\system32\hidserv.dll
c:\windows\system32\HID.DLL
c:\windows\system32\srvsvc.dll
c:\windows\system32\netman.dll
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\dot3dlg.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappcfg.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WZCSAPI.DLL
C:\WINDOWS\System32\winspool.drv
c:\windows\system32\seclogon.dll
c:\windows\system32\sens.dll
c:\windows\system32\srsvc.dll
c:\windows\system32\POWRPROF.dll
C:\WINDOWS\System32\SXS.DLL
c:\windows\system32\tapisrv.dll
c:\windows\system32\trkwks.dll
c:\windows\system32\w32time.dll
C:\WINDOWS\System32\winrnr.dll
C:\Program Files\Bonjour\mdnsNSP.dll
c:\windows\system32\wbem\wmisvc.dll
C:\WINDOWS\system32\VSSAPI.DLL
C:\WINDOWS\system32\comsvcs.dll
C:\WINDOWS\system32\colbact.DLL
C:\WINDOWS\system32\MTXCLU.DLL
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\System32\CLUSAPI.DLL
C:\WINDOWS\System32\RESUTILS.DLL
c:\windows\system32\wuauserv.dll
C:\WINDOWS\system32\wuaueng.dll
C:\WINDOWS\System32\WINHTTP.dll
C:\WINDOWS\System32\Cabinet.dll
C:\WINDOWS\System32\mspatcha.dll
C:\WINDOWS\System32\sfc.dll
C:\WINDOWS\System32\sfc_os.dll
C:\WINDOWS\system32\Apphelp.dll
c:\windows\system32\ipnathlp.dll
c:\windows\system32\AUTHZ.dll
c:\windows\system32\browser.dll
C:\WINDOWS\System32\wbem\wbemcomn.dll
C:\WINDOWS\System32\Wbem\wbemcore.dll
C:\WINDOWS\System32\Wbem\esscli.dll
C:\WINDOWS\System32\Wbem\FastProx.dll
C:\WINDOWS\System32\wbem\wmiutils.dll
C:\WINDOWS\System32\wbem\repdrvfs.dll
C:\WINDOWS\System32\wbem\wmiprvsd.dll
C:\WINDOWS\system32\NCObjAPI.DLL
C:\WINDOWS\System32\wbem\wbemess.dll
C:\WINDOWS\System32\netcfgx.dll
C:\WINDOWS\System32\rasmans.dll
C:\WINDOWS\System32\WINIPSEC.DLL
C:\WINDOWS\System32\wbem\ncprov.dll
C:\WINDOWS\System32\dssenh.dll
c:\windows\system32\qmgr.dll
C:\WINDOWS\system32\MPR.dll
c:\windows\system32\SHFOLDER.dll
C:\WINDOWS\System32\rasadhlp.dll
C:\WINDOWS\System32\rastapi.dll
C:\WINDOWS\System32\qmgrprxy.dll
C:\WINDOWS\System32\unimdm.tsp
C:\WINDOWS\System32\uniplat.dll
C:\WINDOWS\System32\unimdmat.dll
C:\WINDOWS\system32\modemui.dll
C:\WINDOWS\System32\kmddsp.tsp
C:\WINDOWS\System32\ndptsp.tsp
C:\WINDOWS\System32\ipconf.tsp
C:\WINDOWS\System32\h323.tsp
C:\WINDOWS\System32\hidphone.tsp
C:\WINDOWS\System32\rasppp.dll
C:\WINDOWS\System32\ntlsapi.dll
C:\WINDOWS\system32\kerberos.dll
C:\WINDOWS\System32\RASQEC.DLL
C:\WINDOWS\System32\raschap.dll
C:\WINDOWS\System32\rastls.dll
C:\WINDOWS\System32\SCHANNEL.dll
C:\WINDOWS\System32\WinSCard.dll
C:\WINDOWS\System32\RASDLG.dll
C:\WINDOWS\System32\xactsrv.dll
C:\WINDOWS\System32\NETRAP.dll
C:\WINDOWS\system32\msi.dll
C:\WINDOWS\system32\advpack.dll
C:\WINDOWS\System32\msxml3.dll
c:\windows\system32\ntmssvc.dll
c:\windows\system32\NTMSDBA.dll
C:\WINDOWS\system32\bitsprx2.dll
C:\WINDOWS\System32\wbem\wbemsvc.dll
C:\WINDOWS\system32\wups2.dll

File path: C:\WINDOWS\system32\svchost.exe
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Modules:
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
C:\WINDOWS\system32\comctl32.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\mswsock.dll
C:\Program Files\Avira\AntiVir Desktop\avsda.dll
C:\WINDOWS\system32\IPHLPAPI.DLL
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\WLDAP32.dll
C:\Program Files\Bonjour\mdnsNSP.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\msi.dll

File path: C:\WINDOWS\system32\svchost.exe
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Modules:
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\ole32.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\OLEAUT32.dll
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\VERSION.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\UxTheme.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\WLDAP32.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\Apphelp.dll
c:\windows\system32\termsrv.dll
c:\windows\system32\ICAAPI.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WINTRUST.dll
c:\windows\system32\CRYPT32.dll
c:\windows\system32\MSASN1.dll
C:\WINDOWS\system32\IMAGEHLP.dll
c:\windows\system32\AUTHZ.dll
c:\windows\system32\mstlsapi.dll
c:\windows\system32\ACTIVEDS.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\NETAPI32.dll
c:\windows\system32\ATL.DLL
C:\WINDOWS\system32\REGAPI.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\msi.dll

-= EOF =-


I'll be waiting for your next advice.

Len.


#20 User is offline   jntkwx 

  • Bleepin' Meteorologist
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Senior
  • Posts: 2,313
  • Joined: 12-September 08
  • Gender:Male
  • Location:New England, U.S.A.

Posted 25 October 2011 - 10:51 AM

Hi lenioffe,

With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and please be patient. It may take several days for someone to respond.
Regards,
Jason

Member of the Bleeping Computer A.I.I. early response team!
Please do not PM me for help!

#21 User is offline   Orange Blossom 

  • OBleepin Investigator
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Moderator
  • Posts: 29,827
  • Joined: 14-July 06
  • Gender:Not Telling
  • Location:Bloomington, IN

Posted 07 November 2011 - 05:28 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic426688.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom
An ounce of prevention is worth a pound of cure
SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users