suspected malware problem
Comments
-
Had to use the uninstall updates instead.0
-
Post me a DDS log - should take 2-3 minutes.
Download DDS from the link below and save it to your desktop:
Link
After you've downloaded it and saved it to your desktop:- Double click DDS to run it.
- When it's finished, DDS will open two logs:
- DDS.txt
- Attach.txt
Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)0 -
here it is
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16869 BrowserJavaVersion: 10.13.2
Run by Holmes at 22:44:30 on 2013-02-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3326.2169 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_168_ActiveX.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.mg.bt.mail.yahoo.com/neo/launch?.partner=bt-1&.rand=4qrf0mfdv7oa0
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: BT Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [NetMeter] c:\program files\netmeter\NetMeter.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{F43170CE-2F1D-4B12-BF25-FD43C13774A2} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
Hosts: 127.0.0.1 validation.sls.microsoft.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-2-23 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-2-23 361032]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-2-23 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-2-23 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-2-23 44808]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2012-3-5 217088]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-23 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-23 682344]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2012-3-5 36640]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2013-2-19 68208]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-23 21104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2012-3-5 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2012-3-5 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2012-3-5 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [2012-3-5 100224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-10-19 1343400]
.
=============== Created Last 30 ================
.
2013-02-23 21:01:10
d--h--w- c:\windows\msdownld.tmp
2013-02-23 19:56:02
d
w- c:\program files\CCleaner
2013-02-23 19:34:20
d
w- c:\users\holmes\appdata\local\Avg2013
2013-02-23 19:28:03 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-02-23 19:28:00 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-02-23 19:27:55 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-02-23 19:26:58 41224 ----a-w- c:\windows\avastSS.scr
2013-02-23 19:26:31
d
w- c:\programdata\AVAST Software
2013-02-23 19:26:31
d
w- c:\program files\AVAST Software
2013-02-23 18:08:45 388096 ----a-r- c:\users\holmes\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-02-23 18:08:45
d
w- c:\program files\Trend Micro
2013-02-23 01:40:24
d
w- c:\program files\Belarc
2013-02-23 00:46:55
d
w- c:\users\holmes\appdata\roaming\Malwarebytes
2013-02-23 00:46:48 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-23 00:46:48
d
w- c:\programdata\Malwarebytes
2013-02-23 00:46:48
d
w- c:\program files\Malwarebytes' Anti-Malware
2013-02-23 00:46:30
d
w- c:\users\holmes\appdata\local\Programs
2013-02-22 23:44:57
d
w- c:\users\holmes\appdata\local\Diagnostics
2013-02-22 15:57:11
d-sh--w- c:\windows\system32\%APPDATA%
2013-02-21 12:36:59
d
w- c:\users\holmes\appdata\roaming\Highresolution Enterprises
2013-02-21 12:36:59
d
w- c:\program files\Highresolution Enterprises
2013-02-20 12:13:03
d
w- c:\programdata\UDL
2013-02-20 12:09:53
d
w- c:\program files\Epson Software
2013-02-20 12:08:46
d
w- c:\users\holmes\appdata\local\ABBYY
2013-02-20 12:07:08
d
w- c:\programdata\ABBYY
2013-02-20 12:07:08
d
w- c:\program files\common files\ABBYY
2013-02-20 12:07:08
d
w- c:\program files\ABBYY FineReader 9.0 Sprint
2013-02-20 12:05:12
d
w- c:\programdata\EPSON
2013-02-20 12:05:01
d
w- c:\program files\epson
2013-02-19 17:05:12
d
w- c:\program files\common files\Motive
2013-02-19 17:05:02
d
w- c:\program files\BT Broadband Desktop Help
2013-02-19 17:04:26
d
w- c:\program files\Citrix
2013-02-19 17:04:16
d
w- c:\program files\BTHomeHub
2013-02-19 16:59:36 68208 ----a-w- c:\windows\system32\drivers\L1C62x86.sys
2013-02-19 16:59:08
d
w- c:\windows\system32\Atheros_L1e
2013-02-07 11:58:24 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2013-02-22 15:51:41 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-22 15:51:41 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-07 11:58:18 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-07 11:58:18 782240 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 22:44:56.26 ===============0 -
I can see the problem but this doesn't look to be a legit install - what's the history of the machine?0
-
It was built by the IT dept where I worked a couple of yrs ago.0
-
The best thing to do is get a legit copy of Windows, backup then format/reinstall and start again.0
-
damn you got a lot of toolbars running.
AVG isnt the best free antivirus anymore, would suggest Avast free
but then again i dont have any installed.
so its the conhost.exe virus. did a bit of googling. someone else has the same problem " If you go to Google.com and type in anything and try to go to a link of any kind it re-routes you to more spyware sites."
check your IE settings internet explorer > tools > internet options > connections > LAN settings > and unchecking proxy server.0 -
never start a sentence with because.
because its in the system32 folder right.
well i spent over 30minutes reading the above DDS report and I cant see it.0 -
because its in the system32 folder right.
Yes.
http://blogs.technet.com/b/askperf/archive/2009/10/05/windows-7-windows-server-2008-r2-console-host.aspx0
This discussion has been closed.
Categories
- All Categories
- 343K Banking & Borrowing
- 250K Reduce Debt & Boost Income
- 449.6K Spending & Discounts
- 235.1K Work, Benefits & Business
- 607.8K Mortgages, Homes & Bills
- 173K Life & Family
- 247.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards