Jump to content

tumtumm

Members
  • Posts

    7
  • Joined

  • Last visited

Reputation

0 Neutral
  1. still getting network acess limited conectivity but this maybe from comcast becus even telephone is acting up.
  2. update to problem: ran tdsskiller and it found rootkit.boot.phar.b it removed it sucessfully but the log is not on my computer. i wrote the name down before i okayed the cleaning and reboot. i reran mbam after reboot and it found and cleaned : Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.08.02 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Amy :: AMYS-PC [administrator] 1/9/2012 1:27:07 AM mbam-log-2012-01-09 (01-27-07).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 209686 Time elapsed: 3 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end) after reboot i ran a full mbam and it read: Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.08.02 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Amy :: AMYS-PC [administrator] 1/9/2012 1:40:39 AM mbam-log-2012-01-09 (01-40-39).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 389284 Time elapsed: 1 hour(s), 55 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  3. my mbam and imf(iobits malware fighter) keep flagging trojan.32 agent on file c:\\windows\svchost.exe i click the options to quarintine and repaire/deletes it, but upon finish before i can click to let mbam restart my computer, windows crashes first with windows security center turning off, then machine turing restarting by itsself. when i rescan after restart it says its still there. also noted some internet features do not work properly exmpl downloading things says its starting and dosent do anything and security protections levels keep turning down to low ( i keep them set to high) and internet conectivity limited error occurs not allowing me to use internet thought this was because my cable was old but still occured after installing a new cable. (these last 2 started within the last 48 hours) my comp is: hp pavilion model a6700y amd phenom X4 9150e - quad core processor nvidia geforce 6150 se graphics memory (ram) 4.00gb windows Vista home premium SP2 64bit operating system products running : Mbam free/imf free/advanced systemcare 5 pro/ norton security suite all are latest version and definitions are uptodate. windows update = no new updates are available logg from IMF IObit Malware Fighter OS: Windows Vista Version: 1.2.0.16 Define Version: 1093 Time Elapsed: 00:02:49 Objects Scanned: 49536 Threats Found: 1 Save Time: 1/5/2012 10:28:35 PM |Name|Type|Description|ID| Trojan.Win32/Agent, FILE, C:\Windows\svchost.exe, 1018291 log from mbam: Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.06.01 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 1/6/2012 12:53:00 AM mbam-log-2012-01-06 (01-00-51).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 210110 Time elapsed: 5 minute(s), 29 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 1560 -> No action taken. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> No action taken. (end) if i missed anything please let me know and ill try to provide it. (sorry about any misspellings in the uncopied and pasted sections) Thank you in advanced. managed to get HJT to download heres the log: Logfile of HijackThis v1.99.1 Scan saved at 2:04:10 AM, on 1/6/2012 Platform: Unknown Windows (WinNT 6.00.1906 SP2) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Running processes: C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe C:\hp\support\hpsysdrv.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/? R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: (no name) - {6778613D-616B-4A6C-9856-65DE943CF424} - (no file) R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file) F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll O4 - HKLM\..\Run: [KBD] "C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" O4 - HKLM\..\Run: [hpsysdrv] "c:\hp\support\hpsysdrv.exe" O4 - HKLM\..\Run: [HP Health Check Scheduler] "c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" O4 - HKCU\..\Run: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart O4 - HKCU\..\Run: [p9pl3659959979186922236] \\?\globalroot\Device\HarddiskVolume1\Users\Amy\AppData\Local\Temp\p9pl3659959979186922236.tmp O8 - Extra context menu item: Free YouTube Download - C:\Users\Amy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O11 - Options group: [iNTERNATIONAL] International O13 - Gopher Prefix: O15 - Trusted Zone: *.clonewarsadventures.com O15 - Trusted Zone: *.freerealms.com O15 - Trusted Zone: *.knowledgeanywhere.com O15 - Trusted Zone: *.soe.com O15 - Trusted Zone: *.sony.com O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package 1) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Norton Security Suite (N360) - Unknown owner - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\diMaster.dll" /prefetch:1 (file missing) O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) took awhile to download an run but heres the dds.scr dds report let me know if its unreadable ill try reposting: DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Amy at 2:11:54 on 2012-01-06 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3965.2259 [GMT -5:00] . AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup -netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe C:\hp\support\hpsysdrv.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://xfinity.comcast.net/? uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt uURLSearchHooks: H - No File uURLSearchHooks: H - No File uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File TB: {2B171655-A70C-5C18-B693-6CB5DC269D41} - No File TB: {2B171655-A69C-5C18-B693-6CB5DC269D41} - No File TB: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File uRun: [sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart uRun: [p9pl3659959979186922236] \\?\globalroot\Device\HarddiskVolume1\Users\Amy\AppData\Local\Temp\p9pl3659959979186922236.tmp mRun: [KBD] "C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" mRun: [hpsysdrv] "c:\hp\support\hpsysdrv.exe" mRun: [HP Health Check Scheduler] "c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" mRun: [HP Software Update] "c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Free YouTube Download - C:\Users\Amy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: knowledgeanywhere.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{A4E21433-30FF-433A-A2CA-C9295CDF5DB1} : DhcpNameServer = 75.75.75.75 75.75.76.76 BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll BHO-X64: Symantec NCO BHO - No File BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL BHO-X64: Symantec Intrusion Prevention - No File BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File TB-X64: {2B171655-A70C-5C18-B693-6CB5DC269D41} - No File TB-X64: {2B171655-A69C-5C18-B693-6CB5DC269D41} - No File TB-X64: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File mRun-x64: [KBD] "C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" mRun-x64: [hpsysdrv] "c:\hp\support\hpsysdrv.exe" mRun-x64: [HP Health Check Scheduler] "c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" mRun-x64: [HP Software Update] "c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" mRun-x64: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" mRun-x64: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-21 1156216] R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys --> C:\Windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120105.001\IDSviA64.sys [2012-1-6 488568] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [?] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [?] R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/08 17:02:30];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-10-21 146928] R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-26 494424] R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-10-16 820568] R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-3 2253120] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-1-4 138360] R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\FileMonitor.sys [2011-10-16 20336] R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?] R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\RegFilter.sys [2011-10-16 33184] R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\UrlFilter.sys [2011-10-16 21872] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 FreemakeVideoCapture;FreemakeVideoCapture; [x] S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?] S3 JLTECH0227;Dual Mode Camera;C:\Windows\system32\Drivers\jl2005c.sys --> C:\Windows\system32\Drivers\jl2005c.sys [?] S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-9-9 25888] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-6-9 89920] . =============== File Associations =============== . JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2012-01-06 06:06:53 20480 ----a-w- C:\Windows\svchost.exe 2012-01-05 21:53:42 -------- d-----w- C:\Users\Amy\AppData\Roaming\NVIDIA 2012-01-05 20:33:52 -------- d-----w- C:\Program Files (x86)\LucasArts 2012-01-05 19:43:13 -------- d-----w- C:\Users\Amy\AppData\Roaming\ParetoLogic 2012-01-05 19:43:13 -------- d-----w- C:\Users\Amy\AppData\Roaming\DriverCure 2012-01-05 17:44:10 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll 2012-01-05 17:44:09 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2012-01-05 17:44:09 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2012-01-05 17:44:09 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2012-01-01 11:31:46 -------- d-----w- C:\N360_BACKUP 2011-12-21 05:03:25 -------- d-----w- C:\Users\Amy\AppData\Roaming\Malwarebytes 2011-12-21 05:02:24 -------- d-----w- C:\ProgramData\Malwarebytes 2011-12-21 05:02:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2011-12-15 02:20:06 677136 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-12-14 03:39:22 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2011-12-14 03:39:22 2048 ----a-w- C:\Windows\System32\tzres.dll 2011-12-14 03:39:15 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat 2011-12-14 03:39:15 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat 2011-12-14 03:21:53 85504 ----a-w- C:\Windows\System32\csrsrv.dll 2011-12-14 03:21:51 2764800 ----a-w- C:\Windows\System32\win32k.sys 2011-12-14 03:21:50 559616 ----a-w- C:\Windows\System32\EncDec.dll 2011-12-14 03:21:50 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll 2011-12-14 02:34:46 -------- d-----w- C:\0e259766bdb2cd3ffa3d3c7b48f955 2011-12-11 07:43:04 2324 ----a-w- C:\Users\Amy\AppData\Local\VWL122B.tmp 2011-12-11 07:38:12 2324 ----a-w- C:\Users\Amy\AppData\Local\VWL9D3A.tmp 2011-12-11 07:36:42 2324 ----a-w- C:\Users\Amy\AppData\Local\VWL3DDC.tmp 2011-12-11 07:33:09 2324 ----a-w- C:\Users\Amy\AppData\Local\VWLFCF6.tmp 2011-12-11 07:30:48 2324 ----a-w- C:\Users\Amy\AppData\Local\VWLD450.tmp 2011-12-11 07:21:38 2324 ----a-w- C:\Users\Amy\AppData\Local\VWL1566.tmp 2011-12-09 13:38:30 -------- d-----w- C:\Users\Amy\AppData\Local\ElevatedDiagnostics . ==================== Find3M ==================== . 2011-12-10 20:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-11-29 09:52:13 525792 ----a-w- C:\Windows\DIFxAPI.dll 2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll 2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll 2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-10-24 18:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2011-10-24 18:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2011-10-20 03:15:56 22872 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe 2011-10-20 02:17:07 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-19 00:53:14 2957544 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys 2011-10-18 23:10:30 99432 ----a-w- C:\Windows\System32\RCoInst64.dll 2011-10-18 18:55:50 331880 ----a-w- C:\Windows\System32\RtlCPAPI64.dll 2011-10-18 18:47:22 1914472 ----a-w- C:\Windows\System32\RtkApi64.dll 2011-10-18 16:05:00 2528872 ----a-w- C:\Windows\System32\RtPgEx64.dll 2011-10-17 22:30:38 3213928 ----a-w- C:\Windows\System32\RtkAPO64.dll . ============= FINISH: 2:14:32.39 =============== dont know if it will help but norton says no infections data is: scan type full time run 3hrs 2min 26sec total items scanned 578,192 total security risks detected:0 total security risks resolved:0 no other alarms occur excpet when i run mbam/imf scans please help
  4. thanks ill move it to the correct area now thank you
  5. mbam log: Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.06.01 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 1/6/2012 12:53:00 AM mbam-log-2012-01-06 (01-00-51).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 210110 Time elapsed: 5 minute(s), 29 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 1560 -> No action taken. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> No action taken. (end)
  6. logg form prior to first post: IObit Malware Fighter OS: Windows Vista Version: 1.2.0.16 Define Version: 1093 Time Elapsed: 00:02:49 Objects Scanned: 49536 Threats Found: 1 Save Time: 1/5/2012 10:28:35 PM |Name|Type|Description|ID| Trojan.Win32/Agent, FILE, C:\Windows\svchost.exe, 1018291 logg from mbam to follow:
  7. my mbam and imf(iobits malware fighter) keep flagging trojan.32 agent on file c:\\windows\svchost.exe i click the options to quarintine and repaire/deletes it, but upon finish before i can click to let mbam restart my computer, windows crashes first with windows security center turning off, then machine turing restarting by itsself. when i rescan after restart it says its still there. my comp is: hp pavilion model a6700y amd phenom X4 9150e - quad core processor nvidia geforce 6150 se graphics memory (ram) 4.00gb windows Vista home premium SP2 64bit operating system products running : Mbam free/imf free/advanced systemcare 5 pro/ norton security suite all are latest version and definitions are uptodate. windows update = no new updates are available mbam logg to follow please help!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.