Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe has stopped workin


  • This topic is locked This topic is locked
1 reply to this topic

#1 zkron

zkron

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 06 February 2013 - 05:18 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
Run by oho OHO oho at 0:00:46 on 2013-02-07
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4030.2601 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\Lingvo\15.0\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Users\oho OHO oho\AppData\Roaming\Mail.Ru\Agent\magent.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Athan\Athan.exe
C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent.exe
C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={D1765EBC-5799-11E2-94A1-101F74F14EAC}
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={D1765EBC-5799-11E2-94A1-101F74F14EAC}
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
TB: Avira SearchFree Toolbar plus Web Protection: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
uRun: [MAgent] C:\Users\oho OHO oho\AppData\Roaming\Mail.Ru\Agent\magent.exe -CU
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
mRun: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [BrandPack] "C:\Program Files\OpenGl_4.3\Mesa.exe"
mRun: [Athan] C:\Program Files (x86)\Athan\Athan.exe
mRun: [Lingvo Launcher] "C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent.exe" /STARTUP
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: &????????? ? OneNote - <no file>
IE: &??????? ? Microsoft Excel - <no file>
IE: Translate with &ABBYY Lingvo x5 - C:\Program Files (x86)\ABBYY Lingvo x5\Lingvo.exe/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{94039173-0434-4E57-A504-3E103A3B1ECA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{94039173-0434-4E57-A504-3E103A3B1ECA}\4656661657C647 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: DeviceNP - DeviceNP.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages = DPPassFilter scecli
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\oho OHO oho\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-25 08:28; otis@digitalpersona.com; C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF - ExtSQL: 2012-12-28 14:13; helper@savefrom.net; C:\Users\oho OHO oho\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\helper@savefrom.net.xpi
FF - ExtSQL: 2012-12-28 14:17; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\oho OHO oho\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-28 18:39; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-01-12 00:08; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
FF - ExtSQL: 2013-01-30 08:01; personas@christopher.beard; C:\Users\oho OHO oho\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\personas@christopher.beard.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-1-10 56208]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-10-8 211344]
R2 ABBYY.Licensing.Lingvo.Desktop.15.0;ABBYY Lingvo x5 Licencing Service;C:\Program Files (x86)\Common Files\ABBYY\Lingvo\15.0\Licensing\NetworkLicenseServer.exe [2011-5-18 816904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-14 204288]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-8-19 211584]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-11-26 1329304]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2012-10-8 138744]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-12-25 1128952]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-12-25 88728]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-12-25 344216]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-12-25 114840]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-12-25 33944]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-12-25 178840]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-12-25 77464]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-12-25 135832]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-12-25 567808]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-8-31 12306848]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2012-8-24 175928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-11 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-11 208896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-12-26 406632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-12-25 13336]
S3 ATHDFU;Qualcomm Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2012-8-19 55448]
S3 DAMDrv;DAMDrv;C:\Windows\System32\drivers\DAMDrv64.sys [2011-8-22 64312]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2011-9-5 476728]
S3 HP8207_8307;HP-HP8207_8307;C:\Windows\System32\drivers\HP8207_8307.sys [2010-2-5 15360]
S3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2012-9-5 1420192]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-24 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-25 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-25 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-25 2656536]
S4 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-8-19 323584]
.
=============== Created Last 30 ================
.
2013-02-06 20:55:24 -------- d-----w- C:\Users\oho OHO oho\Doctor Web
2013-02-05 22:41:15 18880 ----a-w- C:\Users\oho OHO oho\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\969252ce11249fdd.customDestinations-ms~RF118af57.TMP
2013-02-05 21:43:21 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2012
2013-02-04 23:31:42 -------- d-sh--w- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2013-02-04 21:56:56 -------- d-----w- C:\Users\oho OHO oho\AppData\Roaming\ParetoLogic
2013-02-04 21:56:56 -------- d-----w- C:\Users\oho OHO oho\AppData\Roaming\DriverCure
2013-02-04 21:56:40 -------- d-----w- C:\ProgramData\ParetoLogic
2013-02-04 21:46:13 -------- d-----w- C:\ProgramData\SecTaskMan
2013-02-02 15:06:20 -------- d-----w- C:\Users\oho OHO oho\AppData\Roaming\EnglishGrammarinUseExtra
2013-02-02 15:06:20 -------- d-----w- C:\Users\oho OHO oho\AppData\Roaming\Cambridge
2013-02-02 15:04:49 -------- d--h--w- C:\Program Files (x86)\Zero G Registry
2013-02-02 15:04:49 -------- d-----w- C:\Program Files (x86)\Cambridge
2013-02-02 15:03:23 -------- d--h--w- C:\Users\oho OHO oho\InstallAnywhere
2013-01-31 10:54:40 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2013-01-29 22:49:51 -------- d-----w- C:\Users\oho OHO oho\AppData\Local\Qualcomm Atheros
2013-01-29 06:59:32 -------- d-----w- C:\Users\oho OHO oho\AppData\Roaming\TuneUp Software
2013-01-29 06:59:14 -------- d-----w- C:\ProgramData\TuneUp Software
2013-01-28 21:11:09 -------- d-----w- C:\Users\oho OHO oho\AppData\Local\eclipse
2013-01-26 20:33:51 -------- d-----w- C:\Program Files (x86)\Common Files\ABBYY
2013-01-26 20:33:51 -------- d-----w- C:\Program Files (x86)\ABBYY Lingvo x5
2013-01-25 16:06:53 2169856 --sha-w- C:\Windows\System32\hale.exe
2013-01-24 14:32:51 -------- d-----w- C:\Program Files\ESET
2013-01-19 15:26:25 -------- d-----w- C:\Program Files (x86)\Smart Driver Updater
2013-01-18 23:17:45 737280 ----a-w- C:\Windows\iun6002.exe
2013-01-18 23:17:42 -------- d-----w- C:\Windows\SysWow64\athan
2013-01-18 23:16:46 -------- d-----w- C:\Program Files (x86)\Athan
2013-01-18 18:49:26 78872 ----a-w- C:\Windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2013-01-18 18:49:26 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2013-01-18 18:49:19 79896 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2013-01-18 18:49:19 111640 ----a-w- C:\Windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2013-01-18 18:47:53 -------- d-----w- C:\Windows\System32\RsFx
2013-01-18 18:38:46 -------- d-----w- C:\Program Files\Microsoft SQL Server
2013-01-18 18:38:22 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2013-01-18 18:28:07 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2013-01-18 18:21:09 2118848 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2013-01-18 18:10:12 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2013-01-18 18:04:12 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2013-01-18 18:04:12 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2013-01-17 23:24:17 -------- d-----w- C:\Program Files (x86)\Nero
2013-01-17 23:24:10 -------- d-----w- C:\ProgramData\Nero
2013-01-17 23:10:08 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-17 21:04:05 -------- d-----w- C:\Users\oho OHO oho\AppData\Local\assembly
2013-01-17 20:43:10 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2013-01-17 20:43:10 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-01-11 22:08:31 -------- d-----w- C:\Users\oho OHO oho\.swt
2013-01-11 22:08:01 859552 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-01-11 22:08:01 780192 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-01-11 22:07:24 -------- d-----w- C:\Program Files (x86)\Zona
2013-01-10 21:51:01 56208 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2013-01-10 21:51:01 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2013-01-10 21:51:01 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2013-01-10 21:51:01 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2013-01-10 21:51:00 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2013-01-10 21:50:55 -------- d-----w- C:\Program Files (x86)\My Company Name
2013-01-10 21:38:21 -------- d-----w- C:\Users\oho OHO oho\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2013-01-10 19:53:54 -------- d-----w- C:\ProgramData\EwisoftWeb
2013-01-10 19:53:54 -------- d-----w- C:\Program Files (x86)\EwisoftWeb
2013-01-09 07:41:49 -------- d-----w- C:\Program Files\OpenGl_4.3
2013-01-08 04:09:16 -------- d-----w- C:\Windows\SysWow64\directx
.
==================== Find3M ====================
.
2013-02-04 22:29:32 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-04 22:29:32 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-25 16:07:53 65536 ----a-w- C:\Windows\System32\sppuinotify.dll
2013-01-25 16:07:52 381952 ----a-w- C:\Windows\System32\sppcommdlg.dll
2013-01-25 16:07:51 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2013-01-25 16:07:51 1008128 ----a-w- C:\Windows\System32\user32.dll
2013-01-25 16:07:48 142336 ----a-w- C:\Windows\System32\sppwmi.dll
2013-01-25 16:07:47 15360 ----a-w- C:\Windows\System32\slwga.dll
2013-01-25 16:07:16 389632 ----a-w- C:\Windows\System32\winlogon.exe
2013-01-25 16:07:16 349696 ----a-w- C:\Windows\System32\slui.exe
2013-01-25 16:07:16 2048 ----a-w- C:\Windows\System32\winver.exe
2013-01-25 16:07:16 107946 ----a-w- C:\Windows\System32\slmgr.vbs
2012-12-26 21:30:01 13888 ----a-w- C:\Windows\System32\RTNICVer.dll
2012-12-26 11:28:37 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
2012-12-26 11:28:37 406632 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2012-12-26 11:28:37 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2012-12-26 00:54:06 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-12-26 00:54:06 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-12-25 01:16:19 0 ----a-w- C:\Windows\ativpsrm.bin
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 0:02:10.40 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:11 AM

Posted 09 February 2013 - 10:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
 
Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
 
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop
 
IMPORTANT....
 
1. Close any open browsers.
 
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
 
3. Do not install any other programs until this if fixed.
 
How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html
 
Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall
 
Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
 
 
Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===
 
Third party programs if not up to date can be the cause infiltration of an infection.
 
Please run this security check for my review.
 
Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===
 
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.
 
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  •  
    Please post the logs for my review.





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users