We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Help please - I have an infection!!
Options

mrsfrench
Posts: 78 Forumite
in Techie Stuff
Hello, hope someone can help me.
Avast Mail-Shield has blocked a threat 'Win32:Evo-gen (susp) in process c:\\Windows\SysWOW64\svchost.exe'
I have run:
Malwarebytes
CCleaner
Hijack this
EEK
None of these programmes have found the threat although malwarebytes does pop up saying that it has blocked access to a website (just an ip address).
Avast is blocking the threat but it is continually popping up to tell me, is there a way of deleting this? I can't find the file (or know what to do with it when I do find it). Any advice would be gratefully received.
Many thanks
Avast Mail-Shield has blocked a threat 'Win32:Evo-gen (susp) in process c:\\Windows\SysWOW64\svchost.exe'
I have run:
Malwarebytes
CCleaner
Hijack this
EEK
None of these programmes have found the threat although malwarebytes does pop up saying that it has blocked access to a website (just an ip address).
Avast is blocking the threat but it is continually popping up to tell me, is there a way of deleting this? I can't find the file (or know what to do with it when I do find it). Any advice would be gratefully received.
Many thanks
0
Comments
-
Post me a DDS log - should take 2-3 minutes.
Download DDS from the link below and save it to your desktop:
Link
After you've downloaded it and saved it to your desktop:- Double click DDS to run it.
- Click Start
- When it's finished, DDS will open two logs:
- DDS.txt
- Attach.txt
Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)0 -
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16750
Run by asus at 21:28:24 on 2013-12-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3873.815 [GMT 0:00]
.
AV: avast! Internet Security *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Internet Security *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\FaceLogon\smartlogon.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
svchost.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
svchost.exe
svchost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\EEK\start.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://dub114.mail.live.com/default.aspx?id=64855
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [xckstioq] "C:\Users\asus\AppData\Local\hptmbiwx.exe"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\0bf7e983-6415-4467-8c5b-7a13844ed85a.exe /check
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{148BE42F-048A-4B38-B96D-1869E2D0FC99} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1C51060D-4441-40BD-A9C1-4C3AAB6BC4E4} : DHCPNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-11-4 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-11-4 207904]
R1 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2013-12-5 447888]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-11-4 1034464]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-11-4 422216]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2013-10-29 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-11-4 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-25 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-12-5 116776]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-12-27 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-12-27 701512]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-10-29 2656280]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-10-4 129512]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-10-4 394728]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2013-12-25 82744]
R3 cleanhlp;cleanhlp;C:\EEK\Run\cleanhlp64.sys [2013-12-27 57024]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-3-29 142632]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-3-29 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-3-29 169584]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-27 25928]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-3-18 74840]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-2-24 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-7 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-12-27 19:53:55 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D09C5793-CA9E-40A7-910F-4007525B828A}\offreg.dll
2013-12-27 19:41:54
d
w- C:\EEK
2013-12-27 19:12:52 388096 ----a-r- C:\Users\asus\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-12-27 19:12:52
d
w- C:\Program Files (x86)\Trend Micro
2013-12-27 18:26:43
d
w- C:\Program Files\CCleaner
2013-12-27 18:05:57
d
w- C:\Users\asus\AppData\Roaming\Malwarebytes
2013-12-27 18:05:50
d
w- C:\ProgramData\Malwarebytes
2013-12-27 18:05:49 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-12-27 18:05:48
d
w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-27 18:05:24
d
w- C:\Users\asus\AppData\Local\Programs
2013-12-27 17:25:22 97792 ----a-w- C:\Users\asus\AppData\Local\hptmbiwx.exe
2013-12-27 12:49:54 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D09C5793-CA9E-40A7-910F-4007525B828A}\mpengine.dll
2013-12-25 15:40:58 82744 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2013-12-20 09:09:59 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-12-19 15:14:34 0 ----a-w- C:\Windows\SysWow64\sho5456.tmp
2013-12-18 18:02:44
d
w- C:\Users\asus\AppData\Local\{A0EC5D38-87C8-4701-87DB-91227AD10D18}
2013-12-18 18:02:44
d
w- C:\Users\asus\AppData\Local\{54A8FBB3-3D5B-4121-B027-96C31646CDCE}
2013-12-17 22:56:45 0 ----a-w- C:\Windows\SysWow64\shoAEE2.tmp
2013-12-12 03:03:37 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 03:03:37 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 03:03:36 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-12 03:03:35 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-05 14:30:35 447888 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2013-12-05 09:59:12 0 ----a-w- C:\Windows\SysWow64\sho6723.tmp
2013-12-01 20:28:24 0 ----a-w- C:\Windows\SysWow64\sho6409.tmp
2013-12-01 01:24:29 0 ----a-w- C:\Windows\SysWow64\shoF926.tmp
.
==================== Find3M ====================
.
2013-12-25 15:40:48 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-12-25 15:40:48 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-12-25 15:40:48 1034464 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-12-25 15:40:47 43152 ----a-w- C:\Windows\avastSS.scr
2013-12-25 01:59:40 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-25 01:59:40 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-21 03:07:00 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
2013-11-26 03:25:33 0 ----a-w- C:\Windows\SysWow64\sho75D0.tmp
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 03:33:38 267936
w- C:\Windows\System32\MpSigStub.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-11-06 19:19:15 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-04 01:49:52 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-11-04 01:49:51 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-29 20:53:33 80512 ----a-w- C:\Windows\AsusScr_K3 Series_ENG Uninstaller.exe
2013-10-29 20:53:31 3058304 ----a-w- C:\Windows\AsScrPro.exe
2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-25 06:17:52 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-25 06:17:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-25 04:43:38 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-25 04:43:38 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-25 04:07:48 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-25 03:41:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-25 03:17:49 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-25 02:49:34 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 02:16:30 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-04 01:36:04 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
.
============= FINISH: 21:29:18.98 ===============
Thank you!0 -
Go here and read through the instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial- IMPORTANT! Ensure you temporarily turn off Avast before running.
Instructions here - Save combofix to your desktop.
- Double click combofix.exe & follow the prompts closely.
- Combofix may reboot the PC several times.
- When it's finished, it will automatically produce a log. Post the contents of that log.
- It can also be found on your C:\ drive named combofix.txt
0 - IMPORTANT! Ensure you temporarily turn off Avast before running.
-
I'm being blocked when I go to post the log report. Will keep trying!
Morag x0 -
I'll pm you my email address & you can send me it.0
-
Log sent via email. Thank you!! x0
-
How are things now? Any warnings from avast or mbam?0
-
Switched Avast back on and it seems to be fine now. Malwarebytes has also stopped notifications. Can't thank you enough, you went above and beyond to help.
Thanks again, Morag x0 -
No problem.
Open a Run command box, Windows key + R on your keyboard) and copy/paste this command in:
ComboFix /uninstall
Note the space between ComboFix and /uninstall , it needs to be there.
Click OK
Combofix will uninstall itself. Let me know if you have problems.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 599K Mortgages, Homes & Bills
- 177K Life & Family
- 257.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards