Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe*32 COM SURROGATE processes are running


  • This topic is locked This topic is locked
4 replies to this topic

#1 mdblaze6

mdblaze6

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 12 May 2014 - 10:37 PM

I am having a problem with dllhost.exe *32 on a windows 7 machine.  I have run Farbar and added the provided logs.  Any help would be appreciated.  I have already ran Malwarebytes, it found nothing.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01
Ran by BOB (administrator) on BOB-PC on 12-05-2014 23:32:22
Running from C:\Users\BOB\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Lavasoft) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxeaserv.exe
( ) C:\Windows\System32\lxeacoms.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-07] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3696823297-3398412505-4013607494-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\BOB\AppData\Local\Temp\suvokkj\syeipfr\wow.dll ATTENTION! ====> ZeroAccess?
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {8749EEA1-74C1-480C-9B8D-5D417424CDD2} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_34 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U34) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.340.4) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-08]
CHR Extension: (Google Drive) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-08]
CHR Extension: (YouTube) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-08]
CHR Extension: (Google Search) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-08]
CHR Extension: (SiteAdvisor) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-12-08]
CHR Extension: (Google Wallet) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR Extension: (Gmail) - C:\Users\BOB\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-08]
 
==================== Services (Whitelisted) =================
 
R2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [1169232 2009-09-24] (Lavasoft)
R2 lxeaCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( )
R2 lxea_device; C:\Windows\SysWOW64\lxeacoms.exe [602792 2009-07-29] ( )
S4 0282411385603341mcinstcleanup; C:\Windows\TEMP\028241~1.EXE -cleanup -nolog [X]
 
==================== Drivers (Whitelisted) ====================
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69152 2009-09-23] (Lavasoft AB)
S3 nmshguwg; No ImagePath
S3 qgahjody; No ImagePath
S3 rt70x64; C:\Windows\System32\DRIVERS\WUSB54Gv4x64.sys [308224 2007-03-12] (Ralink Technology Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S1 A2DDA; \??\C:\Users\BOB\Downloads\emsisoftemergencykit\Run\a2ddax64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 mferkdet; system32\drivers\mferkdet.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-12 23:32 - 2014-05-12 23:32 - 00010388 _____ () C:\Users\BOB\Downloads\FRST.txt
2014-05-12 22:29 - 2014-05-12 22:29 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\zhcfknls.sys
2014-05-12 22:28 - 2014-05-12 22:28 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\gvdidnta.sys
2014-05-12 22:27 - 2014-05-12 22:27 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\chpvgdtc.sys
2014-05-12 22:26 - 2014-05-12 22:27 - 88882192 _____ (AVAST Software) C:\Users\BOB\Downloads\avast_free_antivirus_setup.exe
2014-05-12 22:03 - 2014-05-12 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-12 22:03 - 2014-05-12 22:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-12 22:03 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 22:03 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 22:03 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-12 21:43 - 2014-05-12 21:43 - 00000000 ____D () C:\_OTL
2014-05-12 21:15 - 2014-05-12 21:15 - 00602112 _____ (OldTimer Tools) C:\Users\BOB\Downloads\OTL.exe
2014-05-12 21:07 - 2014-05-12 21:07 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-05-12 20:58 - 2014-05-12 21:04 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\BOB\Downloads\tdsskiller.exe
2014-05-12 20:42 - 2014-05-12 20:46 - 02066944 _____ (Farbar) C:\Users\BOB\Downloads\FRST64.exe
2014-05-12 20:36 - 2014-05-12 20:36 - 00015278 _____ () C:\ComboFix.txt
2014-05-12 20:24 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-12 20:24 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-12 20:24 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-12 20:24 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-12 20:24 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-12 20:24 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-12 20:24 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-12 20:18 - 2014-05-12 20:22 - 05200347 ____R (Swearware) C:\Users\BOB\Downloads\ComboFix.exe
2014-05-12 19:15 - 2014-05-12 23:26 - 00003606 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-05-12 19:12 - 2009-09-23 08:55 - 00069152 _____ (Lavasoft AB) C:\Windows\system32\Drivers\Lbd.sys
2014-05-12 19:11 - 2014-05-12 19:12 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-12 19:11 - 2014-05-12 19:11 - 00000000 __HDC () C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2014-05-12 19:11 - 2014-05-12 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-05-12 19:11 - 2014-05-12 19:11 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-05-12 19:06 - 2014-05-12 19:06 - 00003054 _____ () C:\Windows\System32\Tasks\{F291FE88-0CFF-43E1-ABBA-47B134D7402E}
2014-05-12 18:57 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-12 18:55 - 2014-05-12 19:06 - 00000000 ____D () C:\AdwCleaner
2014-05-12 18:47 - 2014-05-12 18:52 - 01325827 _____ () C:\Users\BOB\Downloads\adwcleaner.exe
2014-05-12 18:46 - 2014-05-12 19:02 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\BOB\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-12 18:07 - 2014-05-12 18:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
2014-05-11 16:14 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-11 16:12 - 2014-05-12 20:36 - 00000000 ____D () C:\Qoobox
2014-05-11 16:12 - 2014-05-12 20:35 - 00000000 ____D () C:\Windows\erdnt
2014-05-11 16:00 - 2014-05-11 16:00 - 00000000 ____D () C:\Users\BOB\AppData\Roaming\AVAST Software
2014-05-11 15:58 - 2014-05-11 16:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-11 15:39 - 2014-05-12 23:32 - 00000000 ____D () C:\FRST
2014-05-11 15:23 - 2014-05-11 15:29 - 00459338 _____ () C:\Users\BOB\Downloads\Unconfirmed 603432.crdownload
2014-05-11 15:22 - 2014-05-11 15:22 - 00000000 ____D () C:\Windows\ERUNT
2014-05-11 15:17 - 2014-05-12 22:58 - 00000000 ____D () C:\Users\BOB\AppData\Local\CrashDumps
2014-05-11 15:17 - 2014-05-11 15:21 - 01016261 _____ (Thisisu) C:\Users\BOB\Downloads\JRT.exe
2014-05-11 14:44 - 2014-05-11 14:44 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-11 14:40 - 2014-05-11 14:42 - 03972608 _____ () C:\Users\BOB\Downloads\RogueKiller.exe
2014-05-11 13:18 - 2014-05-11 14:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-11 12:53 - 2014-05-12 22:32 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-11 12:46 - 2014-05-12 20:01 - 00000000 ____D () C:\Windows\pss
2014-05-07 22:19 - 2014-05-07 22:19 - 00319320 _____ () C:\Windows\Minidump\050714-17721-01.dmp
2014-05-07 22:15 - 2014-05-07 22:15 - 00319320 _____ () C:\Windows\Minidump\050714-16816-01.dmp
2014-05-07 20:54 - 2014-05-07 20:54 - 00319320 _____ () C:\Windows\Minidump\050714-16099-01.dmp
2014-05-07 20:50 - 2014-05-07 20:50 - 00319320 _____ () C:\Windows\Minidump\050714-21122-01.dmp
2014-05-07 20:41 - 2014-05-07 20:41 - 00319320 _____ () C:\Windows\Minidump\050714-17144-01.dmp
2014-05-07 20:38 - 2014-05-07 20:38 - 00319320 _____ () C:\Windows\Minidump\050714-17409-01.dmp
2014-05-06 21:11 - 2014-05-06 21:11 - 00319320 _____ () C:\Windows\Minidump\050614-16161-01.dmp
2014-05-06 20:11 - 2014-05-06 20:11 - 00319320 _____ () C:\Windows\Minidump\050614-19078-01.dmp
2014-05-05 20:22 - 2014-05-05 20:22 - 00319320 _____ () C:\Windows\Minidump\050514-15412-01.dmp
2014-05-05 20:19 - 2014-05-05 20:20 - 00319320 _____ () C:\Windows\Minidump\050514-24086-01.dmp
2014-05-04 20:46 - 2014-05-04 20:46 - 00319320 _____ () C:\Windows\Minidump\050414-20389-01.dmp
2014-05-03 21:04 - 2014-05-03 21:04 - 00319320 _____ () C:\Windows\Minidump\050314-13634-01.dmp
2014-05-03 20:34 - 2014-05-03 20:34 - 00319320 _____ () C:\Windows\Minidump\050314-16005-01.dmp
2014-05-03 20:31 - 2014-05-03 20:31 - 00319320 _____ () C:\Windows\Minidump\050314-18720-01.dmp
2014-05-02 22:06 - 2014-05-02 22:06 - 00319320 _____ () C:\Windows\Minidump\050214-18548-01.dmp
2014-05-02 20:52 - 2014-05-02 20:52 - 00319320 _____ () C:\Windows\Minidump\050214-15631-01.dmp
2014-05-02 20:12 - 2014-05-02 20:12 - 00319320 _____ () C:\Windows\Minidump\050214-22120-01.dmp
2014-05-01 22:43 - 2014-05-01 22:43 - 00319320 _____ () C:\Windows\Minidump\050114-25537-01.dmp
2014-05-01 22:36 - 2014-05-01 22:36 - 00319320 _____ () C:\Windows\Minidump\050114-21450-01.dmp
2014-05-01 22:27 - 2014-05-01 22:27 - 00319320 _____ () C:\Windows\Minidump\050114-26941-01.dmp
2014-05-01 20:30 - 2014-05-01 20:30 - 00319320 _____ () C:\Windows\Minidump\050114-22432-01.dmp
2014-05-01 20:27 - 2014-05-01 20:27 - 00319320 _____ () C:\Windows\Minidump\050114-29094-01.dmp
2014-04-30 20:33 - 2014-04-30 20:33 - 00319320 _____ () C:\Windows\Minidump\043014-22713-01.dmp
2014-04-30 20:30 - 2014-04-30 20:30 - 00319320 _____ () C:\Windows\Minidump\043014-16879-01.dmp
2014-04-29 21:06 - 2014-04-29 21:06 - 00319320 _____ () C:\Windows\Minidump\042914-21637-01.dmp
2014-04-29 21:03 - 2014-04-29 21:03 - 00319320 _____ () C:\Windows\Minidump\042914-25989-01.dmp
2014-04-27 21:54 - 2014-04-27 21:54 - 00319320 _____ () C:\Windows\Minidump\042714-27690-01.dmp
2014-04-26 23:31 - 2014-04-26 23:31 - 00319320 _____ () C:\Windows\Minidump\042614-19172-01.dmp
2014-04-26 22:20 - 2014-04-26 22:20 - 00319320 _____ () C:\Windows\Minidump\042614-15444-01.dmp
2014-04-26 22:16 - 2014-04-26 22:16 - 00319320 _____ () C:\Windows\Minidump\042614-21450-01.dmp
2014-04-26 20:10 - 2014-04-26 20:10 - 00319320 _____ () C:\Windows\Minidump\042614-17144-01.dmp
2014-04-25 21:17 - 2014-04-25 21:17 - 00319320 _____ () C:\Windows\Minidump\042514-17378-01.dmp
2014-04-25 21:12 - 2014-04-25 21:12 - 00319320 _____ () C:\Windows\Minidump\042514-21996-01.dmp
2014-04-25 20:06 - 2014-04-25 20:06 - 00319320 _____ () C:\Windows\Minidump\042514-58874-01.dmp
2014-04-24 20:39 - 2014-04-24 20:39 - 00319320 _____ () C:\Windows\Minidump\042414-31340-01.dmp
2014-04-24 20:00 - 2014-04-24 20:00 - 00319320 _____ () C:\Windows\Minidump\042414-21918-01.dmp
2014-04-23 21:49 - 2014-04-23 21:49 - 00319320 _____ () C:\Windows\Minidump\042314-24648-01.dmp
2014-04-23 21:30 - 2014-04-23 21:30 - 00319320 _____ () C:\Windows\Minidump\042314-27237-01.dmp
2014-04-23 20:14 - 2014-04-23 20:14 - 00319320 _____ () C:\Windows\Minidump\042314-24928-01.dmp
2014-04-23 20:10 - 2014-04-23 20:10 - 00319320 _____ () C:\Windows\Minidump\042314-20935-01.dmp
2014-04-22 20:24 - 2014-04-22 20:24 - 00319320 _____ () C:\Windows\Minidump\042214-21824-01.dmp
2014-04-22 20:19 - 2014-04-22 20:19 - 00319320 _____ () C:\Windows\Minidump\042214-27565-01.dmp
2014-04-21 20:20 - 2014-04-21 20:20 - 00319320 _____ () C:\Windows\Minidump\042114-39359-01.dmp
2014-04-21 20:16 - 2014-04-21 20:16 - 00319320 _____ () C:\Windows\Minidump\042114-33477-01.dmp
2014-04-21 20:12 - 2014-04-21 20:12 - 00319320 _____ () C:\Windows\Minidump\042114-29624-01.dmp
2014-04-20 20:25 - 2014-04-20 20:25 - 00319320 _____ () C:\Windows\Minidump\042014-22074-01.dmp
2014-04-19 22:58 - 2014-04-19 22:59 - 00319320 _____ () C:\Windows\Minidump\041914-29608-01.dmp
2014-04-19 22:54 - 2014-04-19 22:55 - 00319320 _____ () C:\Windows\Minidump\041914-20467-01.dmp
2014-04-19 22:09 - 2014-04-19 22:10 - 00319320 _____ () C:\Windows\Minidump\041914-32791-01.dmp
2014-04-19 21:47 - 2014-04-19 21:48 - 00319320 _____ () C:\Windows\Minidump\041914-22557-01.dmp
2014-04-19 21:29 - 2014-04-19 21:29 - 00006672 ____N () C:\bootsqm.dat
 
==================== One Month Modified Files and Folders =======
 
2014-05-12 23:33 - 2014-05-12 23:32 - 00010388 _____ () C:\Users\BOB\Downloads\FRST.txt
2014-05-12 23:32 - 2014-05-11 15:39 - 00000000 ____D () C:\FRST
2014-05-12 23:32 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-12 23:32 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-12 23:26 - 2014-05-12 19:15 - 00003606 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2014-05-12 23:26 - 2013-12-08 20:25 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-12 23:26 - 2011-04-14 11:10 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-05-12 23:26 - 2011-04-14 11:10 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-05-12 23:26 - 2011-04-14 10:43 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-05-12 23:25 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-12 23:25 - 2009-07-14 00:51 - 00124133 _____ () C:\Windows\setupact.log
2014-05-12 23:19 - 2009-07-14 01:10 - 01661136 _____ () C:\Windows\WindowsUpdate.log
2014-05-12 23:01 - 2013-12-08 20:25 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-12 22:58 - 2014-05-11 15:17 - 00000000 ____D () C:\Users\BOB\AppData\Local\CrashDumps
2014-05-12 22:43 - 2012-08-03 21:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-12 22:32 - 2014-05-11 12:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-12 22:29 - 2014-05-12 22:29 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\zhcfknls.sys
2014-05-12 22:28 - 2014-05-12 22:28 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\gvdidnta.sys
2014-05-12 22:27 - 2014-05-12 22:27 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\chpvgdtc.sys
2014-05-12 22:27 - 2014-05-12 22:26 - 88882192 _____ (AVAST Software) C:\Users\BOB\Downloads\avast_free_antivirus_setup.exe
2014-05-12 22:20 - 2011-04-14 12:27 - 00279930 _____ () C:\Windows\PFRO.log
2014-05-12 22:20 - 2011-04-14 10:53 - 00000000 ____D () C:\Windows\en
2014-05-12 22:03 - 2014-05-12 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-12 22:03 - 2014-05-12 22:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-12 21:43 - 2014-05-12 21:43 - 00000000 ____D () C:\_OTL
2014-05-12 21:15 - 2014-05-12 21:15 - 00602112 _____ (OldTimer Tools) C:\Users\BOB\Downloads\OTL.exe
2014-05-12 21:10 - 2011-06-22 22:20 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-05-12 21:07 - 2014-05-12 21:07 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-05-12 21:04 - 2014-05-12 20:58 - 04164448 _____ (Kaspersky Lab ZAO) C:\Users\BOB\Downloads\tdsskiller.exe
2014-05-12 20:46 - 2014-05-12 20:42 - 02066944 _____ (Farbar) C:\Users\BOB\Downloads\FRST64.exe
2014-05-12 20:36 - 2014-05-12 20:36 - 00015278 _____ () C:\ComboFix.txt
2014-05-12 20:36 - 2014-05-11 16:12 - 00000000 ____D () C:\Qoobox
2014-05-12 20:36 - 2014-02-15 21:51 - 00000075 _____ () C:\Windows\system32\glqu.qvk
2014-05-12 20:35 - 2014-05-11 16:12 - 00000000 ____D () C:\Windows\erdnt
2014-05-12 20:34 - 2011-04-20 18:01 - 00000000 ____D () C:\Users\BOB
2014-05-12 20:34 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-12 20:22 - 2014-05-12 20:18 - 05200347 ____R (Swearware) C:\Users\BOB\Downloads\ComboFix.exe
2014-05-12 20:01 - 2014-05-11 12:46 - 00000000 ____D () C:\Windows\pss
2014-05-12 19:56 - 2011-04-29 20:19 - 00004717 ____H () C:\ProgramData\lxea.log
2014-05-12 19:56 - 2011-04-29 20:13 - 00250340 ____H () C:\ProgramData\lxeascan.log
2014-05-12 19:12 - 2014-05-12 19:11 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-12 19:11 - 2014-05-12 19:11 - 00000000 __HDC () C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2014-05-12 19:11 - 2014-05-12 19:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-05-12 19:11 - 2014-05-12 19:11 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-05-12 19:06 - 2014-05-12 19:06 - 00003054 _____ () C:\Windows\System32\Tasks\{F291FE88-0CFF-43E1-ABBA-47B134D7402E}
2014-05-12 19:06 - 2014-05-12 18:55 - 00000000 ____D () C:\AdwCleaner
2014-05-12 19:05 - 2013-12-08 20:28 - 00000000 ____D () C:\Users\BOB\AppData\Roaming\Google
2014-05-12 19:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-05-12 19:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Users\Default
2014-05-12 19:02 - 2014-05-12 18:46 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\BOB\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-12 18:52 - 2014-05-12 18:47 - 01325827 _____ () C:\Users\BOB\Downloads\adwcleaner.exe
2014-05-12 18:51 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-12 18:22 - 2011-04-20 18:04 - 00000422 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-05-12 18:20 - 2011-07-30 15:00 - 00003488 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-05-12 18:20 - 2011-04-20 18:04 - 00003436 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-05-12 18:07 - 2014-05-12 18:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
2014-05-11 16:00 - 2014-05-11 16:00 - 00000000 ____D () C:\Users\BOB\AppData\Roaming\AVAST Software
2014-05-11 16:00 - 2014-05-11 15:58 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-05-11 15:29 - 2014-05-11 15:23 - 00459338 _____ () C:\Users\BOB\Downloads\Unconfirmed 603432.crdownload
2014-05-11 15:22 - 2014-05-11 15:22 - 00000000 ____D () C:\Windows\ERUNT
2014-05-11 15:21 - 2014-05-11 15:17 - 01016261 _____ (Thisisu) C:\Users\BOB\Downloads\JRT.exe
2014-05-11 14:44 - 2014-05-11 14:44 - 00000000 ____D () C:\Program Files\AVAST Software
2014-05-11 14:42 - 2014-05-11 14:40 - 03972608 _____ () C:\Users\BOB\Downloads\RogueKiller.exe
2014-05-11 14:38 - 2014-05-11 13:18 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-05-11 14:38 - 2012-11-23 08:51 - 00074856 _____ () C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2014-05-11 14:14 - 2013-12-08 20:26 - 00000000 ____D () C:\Program Files\Google
2014-05-11 14:14 - 2013-12-08 20:25 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-11 14:11 - 2012-08-19 21:18 - 00000000 ____D () C:\Firefox
2014-05-11 14:08 - 2013-12-08 20:25 - 00000000 ____D () C:\Users\BOB\AppData\Local\Google
2014-05-11 14:08 - 2013-12-08 20:25 - 00000000 ____D () C:\ProgramData\Google
2014-05-11 13:31 - 2011-04-14 10:59 - 00000000 ___HD () C:\ProgramData\Sonic
2014-05-11 13:28 - 2011-04-22 10:06 - 00000000 ___HD () C:\Users\BOB\AppData\Roaming\InstallShield
2014-05-11 12:53 - 2011-05-30 21:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-11 12:46 - 2011-04-20 18:04 - 00000000 ___RD () C:\Users\BOB\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-07 22:19 - 2014-05-07 22:19 - 00319320 _____ () C:\Windows\Minidump\050714-17721-01.dmp
2014-05-07 22:19 - 2011-07-06 21:40 - 364276195 _____ () C:\Windows\MEMORY.DMP
2014-05-07 22:19 - 2011-07-06 21:40 - 00000000 ____D () C:\Windows\Minidump
2014-05-07 22:15 - 2014-05-07 22:15 - 00319320 _____ () C:\Windows\Minidump\050714-16816-01.dmp
2014-05-07 20:54 - 2014-05-07 20:54 - 00319320 _____ () C:\Windows\Minidump\050714-16099-01.dmp
2014-05-07 20:50 - 2014-05-07 20:50 - 00319320 _____ () C:\Windows\Minidump\050714-21122-01.dmp
2014-05-07 20:41 - 2014-05-07 20:41 - 00319320 _____ () C:\Windows\Minidump\050714-17144-01.dmp
2014-05-07 20:38 - 2014-05-07 20:38 - 00319320 _____ () C:\Windows\Minidump\050714-17409-01.dmp
2014-05-06 21:11 - 2014-05-06 21:11 - 00319320 _____ () C:\Windows\Minidump\050614-16161-01.dmp
2014-05-06 20:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-06 20:11 - 2014-05-06 20:11 - 00319320 _____ () C:\Windows\Minidump\050614-19078-01.dmp
2014-05-05 20:22 - 2014-05-05 20:22 - 00319320 _____ () C:\Windows\Minidump\050514-15412-01.dmp
2014-05-05 20:20 - 2014-05-05 20:19 - 00319320 _____ () C:\Windows\Minidump\050514-24086-01.dmp
2014-05-04 20:46 - 2014-05-04 20:46 - 00319320 _____ () C:\Windows\Minidump\050414-20389-01.dmp
2014-05-04 20:46 - 2009-07-14 01:08 - 00032594 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-03 21:04 - 2014-05-03 21:04 - 00319320 _____ () C:\Windows\Minidump\050314-13634-01.dmp
2014-05-03 20:34 - 2014-05-03 20:34 - 00319320 _____ () C:\Windows\Minidump\050314-16005-01.dmp
2014-05-03 20:31 - 2014-05-03 20:31 - 00319320 _____ () C:\Windows\Minidump\050314-18720-01.dmp
2014-05-02 22:06 - 2014-05-02 22:06 - 00319320 _____ () C:\Windows\Minidump\050214-18548-01.dmp
2014-05-02 20:52 - 2014-05-02 20:52 - 00319320 _____ () C:\Windows\Minidump\050214-15631-01.dmp
2014-05-02 20:12 - 2014-05-02 20:12 - 00319320 _____ () C:\Windows\Minidump\050214-22120-01.dmp
2014-05-01 22:43 - 2014-05-01 22:43 - 00319320 _____ () C:\Windows\Minidump\050114-25537-01.dmp
2014-05-01 22:36 - 2014-05-01 22:36 - 00319320 _____ () C:\Windows\Minidump\050114-21450-01.dmp
2014-05-01 22:27 - 2014-05-01 22:27 - 00319320 _____ () C:\Windows\Minidump\050114-26941-01.dmp
2014-05-01 20:30 - 2014-05-01 20:30 - 00319320 _____ () C:\Windows\Minidump\050114-22432-01.dmp
2014-05-01 20:27 - 2014-05-01 20:27 - 00319320 _____ () C:\Windows\Minidump\050114-29094-01.dmp
2014-04-30 21:16 - 2013-12-08 20:27 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-30 20:53 - 2012-08-03 21:14 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-30 20:53 - 2012-08-03 21:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-30 20:53 - 2011-05-13 21:13 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 20:33 - 2014-04-30 20:33 - 00319320 _____ () C:\Windows\Minidump\043014-22713-01.dmp
2014-04-30 20:30 - 2014-04-30 20:30 - 00319320 _____ () C:\Windows\Minidump\043014-16879-01.dmp
2014-04-29 21:06 - 2014-04-29 21:06 - 00319320 _____ () C:\Windows\Minidump\042914-21637-01.dmp
2014-04-29 21:03 - 2014-04-29 21:03 - 00319320 _____ () C:\Windows\Minidump\042914-25989-01.dmp
2014-04-27 21:54 - 2014-04-27 21:54 - 00319320 _____ () C:\Windows\Minidump\042714-27690-01.dmp
2014-04-26 23:31 - 2014-04-26 23:31 - 00319320 _____ () C:\Windows\Minidump\042614-19172-01.dmp
2014-04-26 22:20 - 2014-04-26 22:20 - 00319320 _____ () C:\Windows\Minidump\042614-15444-01.dmp
2014-04-26 22:16 - 2014-04-26 22:16 - 00319320 _____ () C:\Windows\Minidump\042614-21450-01.dmp
2014-04-26 20:10 - 2014-04-26 20:10 - 00319320 _____ () C:\Windows\Minidump\042614-17144-01.dmp
2014-04-25 21:17 - 2014-04-25 21:17 - 00319320 _____ () C:\Windows\Minidump\042514-17378-01.dmp
2014-04-25 21:12 - 2014-04-25 21:12 - 00319320 _____ () C:\Windows\Minidump\042514-21996-01.dmp
2014-04-25 20:06 - 2014-04-25 20:06 - 00319320 _____ () C:\Windows\Minidump\042514-58874-01.dmp
2014-04-24 20:39 - 2014-04-24 20:39 - 00319320 _____ () C:\Windows\Minidump\042414-31340-01.dmp
2014-04-24 20:00 - 2014-04-24 20:00 - 00319320 _____ () C:\Windows\Minidump\042414-21918-01.dmp
2014-04-23 21:49 - 2014-04-23 21:49 - 00319320 _____ () C:\Windows\Minidump\042314-24648-01.dmp
2014-04-23 21:30 - 2014-04-23 21:30 - 00319320 _____ () C:\Windows\Minidump\042314-27237-01.dmp
2014-04-23 20:14 - 2014-04-23 20:14 - 00319320 _____ () C:\Windows\Minidump\042314-24928-01.dmp
2014-04-23 20:10 - 2014-04-23 20:10 - 00319320 _____ () C:\Windows\Minidump\042314-20935-01.dmp
2014-04-22 20:24 - 2014-04-22 20:24 - 00319320 _____ () C:\Windows\Minidump\042214-21824-01.dmp
2014-04-22 20:19 - 2014-04-22 20:19 - 00319320 _____ () C:\Windows\Minidump\042214-27565-01.dmp
2014-04-21 21:15 - 2014-03-22 23:42 - 00000000 ____D () C:\Users\BOB\AppData\Local\Windows Live
2014-04-21 20:20 - 2014-04-21 20:20 - 00319320 _____ () C:\Windows\Minidump\042114-39359-01.dmp
2014-04-21 20:16 - 2014-04-21 20:16 - 00319320 _____ () C:\Windows\Minidump\042114-33477-01.dmp
2014-04-21 20:12 - 2014-04-21 20:12 - 00319320 _____ () C:\Windows\Minidump\042114-29624-01.dmp
2014-04-20 20:25 - 2014-04-20 20:25 - 00319320 _____ () C:\Windows\Minidump\042014-22074-01.dmp
2014-04-19 22:59 - 2014-04-19 22:58 - 00319320 _____ () C:\Windows\Minidump\041914-29608-01.dmp
2014-04-19 22:55 - 2014-04-19 22:54 - 00319320 _____ () C:\Windows\Minidump\041914-20467-01.dmp
2014-04-19 22:10 - 2014-04-19 22:09 - 00319320 _____ () C:\Windows\Minidump\041914-32791-01.dmp
2014-04-19 21:48 - 2014-04-19 21:47 - 00319320 _____ () C:\Windows\Minidump\041914-22557-01.dmp
2014-04-19 21:29 - 2014-04-19 21:29 - 00006672 ____N () C:\bootsqm.dat
2014-04-18 22:40 - 2012-11-18 21:00 - 00074856 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
 
ZeroAccess:
C:\Users\BOB\AppData\Local\{802693ca-a29e-fd56-b50e-81e1b971db81}
 
Alureon:
C:\Users\BOB\AppData\Local\Temp\suvokkj\syeipfr\wow.dll
 
Files to move or delete:
====================
C:\Users\BOB\icq.exe
 
 
Some content of TEMP:
====================
C:\Users\BOB\AppData\Local\Temp\{1939777E-2238-4075-B182-42561CECBDBE}.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-05 23:08
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


m

#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:10:46 AM

Posted 13 May 2014 - 10:33 AM

Hi mdblaze6 and Welcome to BleepingComputer!

I am currently looking though your logs and will advice you on what to do in my next reply.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:10:46 AM

Posted 14 May 2014 - 03:24 PM

Hello mdblaze

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

 

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
     
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
     
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
     
  • If you are using Cracked or Illegal software your thread will be closed
     
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Warning Rootkit Detected


One or more of the identified infections is a rootkit.

This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the rootkit has been identified and can be killed, because of how it exploits your system, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this rootkit, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but I can't guarantee that it will be 100% secure afterwards.

I suggest a reformat of the system, but the decision is entirely up to you. If you would like me to fix it please follow this steps.

Step 1

Download TDSSKiller and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    tdss_1.jpg
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    tdss_2.jpg
  • Click the Start Scan button.

    tdss_3.jpg
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    tdss_4.jpg
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure CURE is selected, then click Continue => Reboot now to finish the cleaning process.

    tdss_5.jpg
  • Note: Do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.

  • Double-click the downloaded icon to run the tool.

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#4 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:10:46 AM

Posted 16 May 2014 - 03:08 AM

This is a 48 hour status check. We need to continue our troubleshooting to make sure there are no more threats on your machine. If you don't have any free time please reply back to this thread and we will keep it open.

If you don't reply back within 24 hours, this thread may be closed for inactivity.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:46 AM

Posted 17 May 2014 - 09:38 PM

Due to the lack of feedback/inactivity, this Topic is closed. Should you need it reopened, please contact a Forum Moderator or member of the Malware Response Team. Include the address of this thread in your request. If you have a new issue, please start a New Topic. This applies only to the original poster. Everyone else please begin a New Topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users