Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ccevtmgr.exe


  • This topic is locked This topic is locked
3 replies to this topic

#1 Lynnvangsnes

Lynnvangsnes

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 22 June 2010 - 01:15 PM

The process, ccevtmgr.exe, keeps adding more and more memory until my cpu is maxed at 100%.
A couple of weeks ago, I contracted some type of virus. I ran Spybot, Stinger, and various others. Finally, I installed a full version of CA, and that helped a great deal. I noticed that the above mentioned process seemed to take a lot of cpu time and the memory would increase. I can stop the process, and the cpu load will drop significantly; however, it starts immediately, and begins to grow again. I have followed the preparation guide and will post the log.
I have run the GMER scan, only to have my system crash twice before it finishes.
Here is the first log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Compaq_Owner at 8:47:42.00 on Tue 06/22/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.330 [GMT -5:00]

AV: CA Anti-Virus Plus *On-access scanning enabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: CA Personal Firewall *enabled* {38102F93-1B6E-4922-90E1-A35D8DC6DAA3}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\system32\svcprs32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\Program Files\IP Scanner\Receiver\MGS.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\1.2.1.24.01562218\Light\CAGlobalLight.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CA\CA Internet Security Suite\ccEvtMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mykonicaminolta.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: {F6104497-54FD-4688-9162-5115CC8AB0FB} - No File
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\1.2.1.24.01562218\toolbar\CallingIDIE.dll
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\1.2.1.24.01562218\toolbar\CallingIDIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [OXNotifier] c:\program files\outlook oxtender\OXNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imager~1.lnk - c:\program files\ip scanner\receiver\MGS.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.162.167,93.188.166.198
TCP: {E87BBF73-6C8E-4635-B4BE-9D24FFB9BAA6} = 208.123.108.40,208.123.109.20
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: callingid - {086D03BA-57AC-4C8E-A33D-0BAABF742411} - c:\program files\ca\ca internet security suite\ca website inspector\1.2.1.24.01562218\toolbar\CallingIDToolbar.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PFW - UmxWnp.Dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\1.2.1.24.01562218\linkadvisor\CIDLinkAdvisor.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\4d49wp0u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mykonicaminolta.com/logon/Logon
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\toolbar\firefox\components\CIDDomFx3.dll
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\toolbar\firefox\components\CIDDomFx35.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2009-12-23 132088]
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2009-6-8 108024]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2009-12-23 78840]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2009-9-2 53240]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2009-6-8 115704]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2009-8-14 145912]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2009-9-30 60920]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2009-9-30 239608]
S0 2270753664;2270753664;c:\windows\system32\drivers\2270753664.sys --> c:\windows\system32\drivers\2270753664.sys [?]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 KmxAMVet;KmxAMVet;c:\windows\system32\drivers\KmxAMVet.sys [2009-3-27 598656]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]

=============== Created Last 30 ================

2010-06-18 21:29:57 0 d-----w- C:\stinger
2010-06-17 20:37:24 0 d-----w- c:\windows\_ISTMP1.DIR
2010-06-17 20:37:21 0 d-----w- C:\_ISTMP1.DIR
2010-06-09 06:04:54 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-07 12:26:43 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-06-03 20:18:02 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-03 20:18:02 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-03 20:16:29 0 d-----w- c:\windows\ie8updates
2010-06-03 15:33:41 0 d-sh--w- c:\documents and settings\compaq_owner\PrivacIE
2010-06-03 14:09:34 0 d-sh--w- c:\documents and settings\compaq_owner\IETldCache
2010-06-03 14:05:02 1355 ----a-w- c:\windows\imsins.BAK
2010-06-03 14:01:37 0 dc-h--w- c:\windows\ie8
2010-06-03 12:38:40 178588 ----a-w- c:\windows\system32\drivers\KmxAgent.asc
2010-06-02 21:14:26 7 ----a-w- c:\windows\system32\mkghj.dll
2010-06-02 20:36:35 95472 ----a-w- c:\windows\system32\Vetredir.dll
2010-06-02 20:36:35 201968 ----a-w- c:\windows\system32\Isafprod.dll
2010-06-02 20:36:34 128240 ----a-w- c:\windows\system32\Isafeif.dll
2010-06-02 18:48:10 0 d-----w- c:\docume~1\compaq~1\applic~1\CallingID
2010-06-02 18:23:35 0 d-----w- c:\program files\ISSThirdParty
2010-06-02 18:22:54 1054032 ----a-w- c:\windows\system32\cfgmig32.dll
2010-06-02 18:20:23 1377008 ----a-w- c:\windows\system32\svcprs32.exe
2010-06-02 18:20:22 5845744 ----a-w- c:\windows\system32\win32cpr.dll
2010-06-02 18:20:22 2385136 ----a-w- c:\windows\system32\winsflt_x64.dll
2010-06-02 18:20:22 200704 ----a-w- c:\windows\system32\ssleay32.dll
2010-06-02 18:20:22 1028096 ----a-w- c:\windows\system32\libeay32.dll
2010-06-02 18:20:21 286208 ----a-w- c:\windows\system32\winsfinst.exe
2010-06-02 18:20:21 1872624 ----a-w- c:\windows\system32\winsflt.dll
2010-06-02 18:20:20 2654208 ----a-w- c:\windows\system32\winsflte.dll
2010-06-02 18:20:20 2339568 ----a-w- c:\windows\system32\mdmcls32.exe
2010-06-02 18:20:08 0 d-----w- c:\windows\rnapxs
2010-06-02 18:20:04 7440 ----a-w- c:\windows\system32\sporder.dll
2010-06-02 16:29:15 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-06-02 15:51:13 0 d-----w- c:\program files\Yahoo!
2010-06-02 15:51:02 0 d-----w- c:\program files\CCleaner
2010-06-02 14:15:27 0 ----a-w- c:\windows\system32\VolumeMSPrLam.dll
2010-06-02 14:15:26 0 d-----w- c:\docume~1\compaq~1\applic~1\AVP 2009
2010-06-02 12:20:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-02 12:20:33 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-01 20:39:16 24 ----a-w- c:\windows\herjek.config
2010-06-01 20:29:58 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-06-01 20:29:58 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-06-01 20:29:56 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-06-01 20:29:56 8576 ----a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-06-01 20:29:55 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-06-01 20:29:55 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-06-01 20:29:53 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2010-06-01 20:29:53 142592 ----a-w- c:\windows\system32\dllcache\aec.sys
2010-06-01 20:29:46 0 d-----w- c:\docume~1\compaq~1\applic~1\Street-Ads
2010-06-01 20:27:50 50981 ----a-w- c:\windows\system32\kjdgvqnhnunhrvjjz.exe
2010-06-01 20:25:18 0 d-----w- c:\docume~1\compaq~1\applic~1\63A47D353DBEF2E14D8656E099B92789
2010-06-01 19:25:05 85504 --sha-r- c:\windows\system32\c_737T.dll
2010-05-24 16:31:20 40633 ----a-w- c:\windows\system32\hbtznqeh.exe

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2010-05-06 10:41:52 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-05-06 10:41:52 5950976 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2010-05-06 10:41:52 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2010-05-06 10:41:52 1209344 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2010-05-06 10:41:51 599040 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-06 10:41:51 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-06 10:41:51 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2010-05-06 10:41:50 1985536 ----a-w- c:\windows\system32\dllcache\iertutil.dll
2010-05-06 10:41:50 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2010-05-06 10:41:49 11076096 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2010-05-06 10:41:48 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-04-03 08:33:56 2365288 ----a-w- c:\windows\system32\dllcache\WMVCore.dll
2008-10-27 18:52:28 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102720081028\index.dat

============= FINISH: 8:51:23.65 ===============
I will continue to work on the GMER scan.
Thank you.
To Orange Blossom:
When I posted this, I could not find it. This thread is so busy that I couldn't even get on the current page. That's why the double post. I know what a double post is...It was unintentional. I know these people are very busy.

Edited by Lynnvangsnes, 22 June 2010 - 06:38 PM.


BC AdBot (Login to Remove)

 


#2 Lynnvangsnes

Lynnvangsnes
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 23 June 2010 - 08:08 AM

As of yet, I have been unable to complete the GMER scan. It crashes my system or freezes. I have been able to save a partial log of one of the scans. It is attached.

Attached Files



#3 Lynnvangsnes

Lynnvangsnes
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:51 PM

Posted 23 June 2010 - 03:23 PM

I have since uninstalled my entire CA program, and reinstalled a stripped-down version. The pesky process is now gone, and all is well.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:51 AM

Posted 23 June 2010 - 07:07 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users