Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple SVChost.exe, rundll32.ex, freezing computer

Started by bborden , Jun 02 2011 11:08 PM

  • Please log in to reply

#1
bborden
Posted 02 June 2011 - 11:08 PM

bborden

    New Member

  • Member
  • Pip
  • 1 posts
Hi, would someone please analyze my OTL log? I am frequently getting up to 7 rundll32.exe processes, and, although less common, groups of up to 10 or so svchost.exe processes. When these processes start appearing they tend to start using up large amounts of memory fairly quickly (sometimes up to 500,000K per process). I have ran avast, a full malwarebytes scan, and 3 conficker cleanup tools becausem from the research that I had done, this seemed to be a conficker virus. I think the conficker is out of the question though because I can access these ymantec and microsoft websites just fine. Thank you in advance for your help :)

OTL logfile created on: 6/2/2011 10:10:15 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = E:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.33% Memory free
4.24 Gb Paging File | 3.41 Gb Available in Paging File | 80.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 269.36 Gb Total Space | 168.84 Gb Free Space | 62.68% Space Free | Partition Type: NTFS
Drive E: | 1.87 Gb Total Space | 1.84 Gb Free Space | 98.44% Space Free | Partition Type: FAT

Computer Name: SCREWY | User Name: Brandon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/02 22:02:10 | 000,580,096 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2011/05/10 06:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/05/10 06:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/10 17:29:14 | 001,646,936 | ---- | M] (IObit) -- C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2011/02/14 16:49:04 | 000,184,320 | ---- | M] () -- C:\Program Files\Input Director\InputDirectorSessionHelper.exe
PRC - [2011/02/14 16:48:40 | 000,585,728 | ---- | M] (Imperative Software Pty Ltd) -- C:\Program Files\Input Director\InputDirector.exe
PRC - [2011/02/14 16:48:28 | 000,122,880 | ---- | M] (Imperative Software Pty Ltd) -- C:\Program Files\Input Director\InputDirectorClipboardHelper.exe
PRC - [2011/02/14 16:48:14 | 000,036,864 | ---- | M] () -- C:\Program Files\Input Director\IDWinService.exe
PRC - [2010/07/21 01:06:08 | 000,013,824 | ---- | M] () -- C:\Program Files\Input Director\IDVistaService.exe
PRC - [2010/06/07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/18 15:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/01/19 01:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/07 11:04:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\AstSrv.exe
PRC - [2007/03/23 05:04:54 | 004,423,680 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (SafeList) ==========

MOD - [2011/06/02 22:02:10 | 000,580,096 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2011/05/10 06:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/24 21:43:53 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/05/10 06:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/02/14 16:48:14 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\Input Director\IDWinService.exe -- (InputDirector)
SRV - [2010/07/21 01:06:08 | 000,013,824 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Input Director\IDVistaService.exe -- (IDVistaService)
SRV - [2010/06/07 17:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/23 13:32:00 | 003,425,416 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010/02/19 22:48:48 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2008/11/18 15:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/07 11:04:10 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Windows\System32\\AstSrv.exe -- (Ast Service)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/05/10 06:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 06:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 06:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 05:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 05:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/05/10 05:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/07 17:57:00 | 010,888,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/06/03 22:30:46 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/06/03 22:30:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/18 12:42:37 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/27 03:55:42 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2009/04/21 15:58:06 | 001,147,392 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P17.sys -- (P17)
DRV - [2008/01/19 00:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/17 19:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/05/11 17:31:36 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Fusion(UVC)
DRV - [2007/05/11 17:31:22 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/10/30 15:46:02 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2006/10/18 07:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.quote.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {6cffc2d6-aea4-4032-b8c6-d211fe6ded4e}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.icq.co...b_ver=1.1.9&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/05/28 00:40:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/17 00:00:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/25 00:00:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/03/23 17:08:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins

[2010/06/19 10:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Extensions
[2010/06/19 10:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/05/26 19:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\vt4usf7l.default\extensions
[2010/06/15 21:37:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\vt4usf7l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/08 22:50:27 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\vt4usf7l.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/07/08 19:34:25 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\vt4usf7l.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/03/21 19:14:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Sunbird\Profiles\3kozzqn0.default\extensions
[2011/05/26 19:43:54 | 000,001,056 | ---- | M] () -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\vt4usf7l.default\searchplugins\icqplugin.xml
[2011/06/02 21:52:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/22 18:55:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/07 18:01:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/02 21:52:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/04/14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/24 14:42:00 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [GlobeCom_Full_Client_McciTrayApp] File not found
O4 - HKLM..\Run: [P17RunE] C:\Windows\System32\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [InputDirector] C:\Program Files\Input Director\InputDirector.exe (Imperative Software Pty Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://merlin.telus...stallWizard.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15111/CTPID.cab (Creative Software AutoUpdate Support Package)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{192aa972-3ca6-11df-beb8-001bfcfbbbe5}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe
O33 - MountPoints2\{f81f78bd-2738-11df-bc48-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f81f78bd-2738-11df-bc48-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/02 22:09:59 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/02 21:53:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/02 21:52:20 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/06/02 21:52:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/06/02 21:52:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/06/02 07:42:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/06/02 07:42:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/06/02 07:42:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/06/02 07:41:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/06/01 23:44:06 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Malwarebytes
[2011/06/01 23:44:03 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/01 23:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/01 23:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/01 23:44:00 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/01 23:44:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/30 20:37:20 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\TerrariaWorldViewer
[2011/05/30 20:37:06 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Desktop\worldview
[2011/05/28 21:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Input Director
[2011/05/28 21:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/05/28 07:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Input Director
[2011/05/28 07:21:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/05/28 00:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/05/28 00:40:58 | 000,307,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/28 00:40:58 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/28 00:40:54 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/28 00:40:53 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/28 00:40:53 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/28 00:40:51 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/28 00:40:32 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/28 00:40:32 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/28 00:40:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/28 00:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/26 22:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\Synergy
[2011/05/26 20:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
[2011/05/25 17:24:18 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Documents\My Games
[2011/05/25 00:56:17 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/05/25 00:56:12 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/05/25 00:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2011/05/24 23:28:07 | 000,171,344 | ---- | C] (Kaspersky Lab) -- C:\KK.exe
[2011/05/24 23:03:10 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/05/24 21:47:28 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/05/24 21:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/05/24 21:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/05/24 21:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/05/18 03:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/05/16 17:07:50 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4r.dll
[2011/05/16 17:07:50 | 000,057,344 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\System32\AstSrv.exe
[2011/05/16 17:07:49 | 000,519,680 | ---- | C] (FarPoint Technologies, Inc.) -- C:\Windows\System32\SS32D25.DLL
[2011/05/16 17:07:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml4a.dll
[2011/05/16 17:06:13 | 000,327,168 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/02 22:13:56 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5011565B-DE5C-43C7-A2BC-B1631791D104}.job
[2011/06/02 22:09:59 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/02 22:06:57 | 000,073,231 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/06/02 22:06:55 | 000,073,231 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/06/02 22:06:39 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/02 22:06:19 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/02 22:06:19 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/02 22:06:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/02 22:05:59 | 2144,489,472 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/02 21:53:07 | 000,001,356 | ---- | M] () -- C:\Users\Brandon\AppData\Local\d3d9caps.dat
[2011/06/02 21:26:45 | 000,270,336 | ---- | M] () -- C:\Users\Brandon\Documents\Brandon.bdg
[2011/06/02 21:26:45 | 000,270,336 | ---- | M] () -- C:\Users\Brandon\Documents\Brandon.bak
[2011/06/02 21:26:45 | 000,006,626 | ---- | M] () -- C:\Users\Brandon\Documents\logobig.jpg
[2011/06/02 21:26:45 | 000,001,120 | ---- | M] () -- C:\Users\Brandon\Documents\Default.sfvidcap
[2011/06/02 21:26:45 | 000,000,110 | ---- | M] () -- C:\Users\Brandon\Documents\ax_files.xml
[2011/06/02 21:26:45 | 000,000,067 | ---- | M] () -- C:\Users\Brandon\Documents\bullet.gif
[2011/06/02 21:16:11 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/01 23:44:04 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/01 23:34:32 | 191,220,992 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/30 23:42:03 | 000,006,656 | ---- | M] () -- C:\Users\Brandon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/30 20:40:03 | 005,915,082 | ---- | M] () -- C:\Users\Brandon\Desktop\world1.png
[2011/05/30 20:27:45 | 000,003,308 | ---- | M] () -- C:\Users\Brandon\Desktop\iMsKw.png
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/28 21:32:13 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\Input Director.lnk
[2011/05/28 00:40:59 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/28 00:40:51 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/27 23:30:52 | 000,002,631 | ---- | M] () -- C:\Users\Brandon\Desktop\Sophos confic-a Cleanup Tool.lnk
[2011/05/26 21:16:40 | 000,635,762 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/26 21:16:40 | 000,116,212 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/25 17:05:27 | 000,000,216 | ---- | M] () -- C:\Users\Brandon\Desktop\Terraria.url
[2011/05/25 01:00:06 | 002,348,928 | ---- | M] () -- C:\Users\Brandon\Desktop\D.exe
[2011/05/25 00:00:00 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/05/24 21:40:09 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/05/16 17:09:51 | 000,000,000 | ---- | M] () -- C:\Windows\regset.INI
[2011/05/10 06:10:59 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/10 06:10:55 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/10 06:03:54 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/10 06:03:44 | 000,307,928 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/10 06:02:37 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/10 05:59:56 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/10 05:59:44 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/10 05:59:35 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/02 17:47:36 | 2144,489,472 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/02 07:42:22 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/02 07:42:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/06/02 07:42:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/02 07:42:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/02 07:42:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/01 23:44:04 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/30 20:43:41 | 000,003,308 | ---- | C] () -- C:\Users\Brandon\Desktop\iMsKw.png
[2011/05/30 20:40:02 | 005,915,082 | ---- | C] () -- C:\Users\Brandon\Desktop\world1.png
[2011/05/28 21:32:13 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\Input Director.lnk
[2011/05/28 00:40:59 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/25 17:05:27 | 000,000,216 | ---- | C] () -- C:\Users\Brandon\Desktop\Terraria.url
[2011/05/25 00:59:59 | 002,348,928 | ---- | C] () -- C:\Users\Brandon\Desktop\D.exe
[2011/05/25 00:56:17 | 000,002,631 | ---- | C] () -- C:\Users\Brandon\Desktop\Sophos confic-a Cleanup Tool.lnk
[2011/05/24 23:58:20 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/05/24 23:58:20 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/05/24 21:40:09 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/05/16 17:09:51 | 000,000,000 | ---- | C] () -- C:\Windows\regset.INI
[2011/05/16 17:07:25 | 000,164,864 | ---- | C] () -- C:\Windows\System32\patchw32.dll
[2011/05/16 17:07:25 | 000,017,920 | ---- | C] () -- C:\Windows\System32\MSWTHK32.DLL
[2011/05/16 17:07:25 | 000,017,920 | ---- | C] () -- C:\Windows\System32\IMPLODE.DLL
[2011/05/16 17:07:25 | 000,003,360 | ---- | C] () -- C:\Windows\System32\MSWTHK16.DLL
[2011/05/16 17:07:24 | 000,158,720 | ---- | C] () -- C:\Windows\System32\LFCMP61N.DLL
[2011/05/16 17:07:24 | 000,110,080 | ---- | C] () -- C:\Windows\System32\Lfpng61n.dll
[2011/05/16 17:07:24 | 000,043,008 | ---- | C] () -- C:\Windows\System32\LTFIL61N.DLL
[2011/04/22 00:46:22 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/04/02 20:32:42 | 000,000,173 | ---- | C] () -- C:\Users\Brandon\AppData\Local\msmathematics.qat.Brandon
[2010/12/13 00:48:22 | 000,000,600 | ---- | C] () -- C:\Users\Brandon\AppData\Roaming\winscp.rnd
[2010/09/22 07:47:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\ZLIB.DLL
[2010/07/05 00:07:31 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/07/05 00:07:31 | 000,138,056 | ---- | C] () -- C:\Users\Brandon\AppData\Roaming\PnkBstrK.sys
[2010/07/05 00:07:17 | 000,215,016 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/07/05 00:07:13 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010/07/05 00:07:13 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/07/02 11:22:13 | 000,002,329 | ---- | C] () -- C:\Users\Brandon\AppData\Roaming\PStrip.bk!
[2010/07/02 11:21:49 | 000,008,468 | ---- | C] () -- C:\Users\Brandon\AppData\Roaming\PStrip.bak
[2010/07/02 11:21:28 | 000,073,231 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/07/02 11:21:28 | 000,073,231 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/07/02 11:10:09 | 000,008,883 | ---- | C] () -- C:\Users\Brandon\AppData\Roaming\PStrip.ini
[2010/06/22 17:08:18 | 000,000,000 | ---- | C] () -- C:\Users\Brandon\AppData\Roaming\chrtmp
[2010/06/22 17:08:15 | 000,000,012 | ---- | C] () -- C:\Users\Brandon\AppData\Roaming\Update.cfg
[2010/04/30 21:09:25 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\175A6D0F01.dll
[2010/04/06 19:27:53 | 000,000,002 | -HS- | C] () -- C:\Users\Brandon\AppData\Roaming\evf2
[2010/03/05 12:10:09 | 000,006,656 | ---- | C] () -- C:\Users\Brandon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/03 21:06:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/03/03 21:06:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/03/03 20:59:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/03/01 22:18:15 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2010/03/01 22:18:15 | 000,012,400 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2010/03/01 21:16:27 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2010/02/24 08:46:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/19 22:35:13 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2010/02/19 22:35:12 | 000,012,884 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/02/19 22:34:58 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2010/02/19 22:31:01 | 000,148,480 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/02/19 22:31:01 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/02/19 22:29:50 | 000,001,356 | ---- | C] () -- C:\Users\Brandon\AppData\Local\d3d9caps.dat
[2009/04/21 13:04:26 | 000,003,930 | ---- | C] () -- C:\Windows\System32\ludap17.ini
[2008/11/13 08:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2007/05/11 16:12:54 | 000,057,126 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,244,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,635,762 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,116,212 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/03/08 16:17:00 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:9ED07655

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP