Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect and high CPU and physical memory usage


  • Please log in to reply
11 replies to this topic

#1 belowavgman

belowavgman

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 31 August 2011 - 05:14 PM

I have had the Google redirect virus for a while now, thought its little paragraphs were harmless, but it has become a nuisance. At startup computer was running at 30% CPU usage and 56 physical memory. I made the error of reading and following someone else's topic and not starting my own, but I will stop all that I am doing and await your instructions. have run minitoolbox and was starting GMER but realised I should really make sure I get proper advice from someone who knows what they are doing. sorry to be the 3rd Google redirect on this topic page alone. as the problem is not computer life threatening i promise to not self bump and will be patient :)


Belowavgman


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:39 AM

Posted 31 August 2011 - 11:26 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 belowavgman

belowavgman
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 02 September 2011 - 02:25 AM

security

Results of screen317's Security Check version 0.99.7
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 9 (Out of date Flash Player installed!)
Adobe Flash Player 10.3.181.34
Adobe Reader 9.4.5
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Windows Defender MSASCui.exe
Trend Micro HiJackThis HiJackThis.exe
``````````End of Log````````````


MiniToolBox by Farbar
Ran by Trey (administrator) on 02-09-2011 at 01:30:42
Windows ™ Vista Home Premium Service Pack 2 (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Trey-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter TAP:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9
Physical Address. . . . . . . . . : 00-FF-6D-34-8D-77
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-22-43-C9-92-5A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-22-FA-56-10-8E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d51d:329f:4757:e82f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, August 31, 2011 3:36:35 PM
Lease Expires . . . . . . . . . . : Saturday, September 03, 2011 12:25:35 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 268444410
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-F0-4B-DD-00-24-8C-30-5E-91
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gru.net
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-24-8C-30-5E-91
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.gru.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{1658FB58-F75F-40FB-8C35-4D8A3166BE88}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2c81:2926:b946:9a35(Preferred)
Link-local IPv6 Address . . . . . : fe80::2c81:2926:b946:9a35%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{73ABB1FD-5883-48FC-9F91-D24A193682C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{73ABB1FD-5883-48FC-9F91-D24A193682C4}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{6D348D77-A97B-4475-A4C1-1F59D3270D1C}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.73.104
74.125.73.105
74.125.73.106
74.125.73.147
74.125.73.99
74.125.73.103


Pinging google.com [74.125.73.147] with 32 bytes of data:
Reply from 74.125.73.147: bytes=32 time=66ms TTL=53
Reply from 74.125.73.147: bytes=32 time=63ms TTL=53

Ping statistics for 74.125.73.147:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 63ms, Maximum = 66ms, Average = 64ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=37ms TTL=56
Reply from 209.191.122.70: bytes=32 time=34ms TTL=56

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 34ms, Maximum = 37ms, Average = 35ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15 ...00 ff 6d 34 8d 77 ...... TAP-Win32 Adapter V9
13 ...00 22 43 c9 92 5a ...... Bluetooth Device (Personal Area Network)
11 ...00 22 fa 56 10 8e ...... Intel® WiFi Link 5100 AGN
10 ...00 24 8c 30 5e 91 ...... Realtek PCIe GBE Family Controller
1 ........................... Software Loopback Interface 1
17 ...00 00 00 00 00 00 00 e0 isatap.gru.net
19 ...00 00 00 00 00 00 00 e0 isatap.{1658FB58-F75F-40FB-8C35-4D8A3166BE88}
14 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
18 ...00 00 00 00 00 00 00 e0 isatap.{73ABB1FD-5883-48FC-9F91-D24A193682C4}
20 ...00 00 00 00 00 00 00 e0 isatap.{73ABB1FD-5883-48FC-9F91-D24A193682C4}
16 ...00 00 00 00 00 00 00 e0 isatap.{6D348D77-A97B-4475-A4C1-1F59D3270D1C}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 281
192.168.1.2 255.255.255.255 On-link 192.168.1.2 281
192.168.1.255 255.255.255.255 On-link 192.168.1.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 18 ::/0 On-link
1 306 ::1/128 On-link
14 18 2001::/32 On-link
14 266 2001:0:4137:9e76:2c81:2926:b946:9a35/128
On-link
11 281 fe80::/64 On-link
14 266 fe80::/64 On-link
14 266 fe80::2c81:2926:b946:9a35/128
On-link
11 281 fe80::d51d:329f:4757:e82f/128
On-link
1 306 ff00::/8 On-link
14 266 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/31/2011 03:41:17 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\TREY\VIDEOS\VEOH\VEOH909AA0D609544CE3AB79A594DF0E5DE5.VIDEOS-JOURNAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/31/2011 03:41:12 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\TREY\DESKTOP\02.JPG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (08/31/2011 03:38:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2011 04:35:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2011 03:21:31 AM) (Source: Application Error) (User: )
Description: Faulting application opera.exe, version 9.64.10487.0, time stamp 0x49a6659c, faulting module nvd3dum.dll, version 8.15.11.8631, time stamp 0x4a4c6b74, exception code 0xc0000005, fault offset 0x00383f62,
process id 0xeec, application start time 0xopera.exe0.

Error: (08/31/2011 02:15:13 AM) (Source: Application Error) (User: )
Description: Faulting application opera.exe, version 9.64.10487.0, time stamp 0x49a6659c, faulting module NPSWF32.dll, version 10.3.181.34, time stamp 0x4e0117de, exception code 0xc0000005, fault offset 0x00396011,
process id 0x3508, application start time 0xopera.exe0.

Error: (08/31/2011 02:12:48 AM) (Source: Application Hang) (User: )
Description: The program opera.exe version 9.64.10487.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 16b8
Start Time: 01cc659974d8bb9d
Termination Time: 490

Error: (08/31/2011 00:02:44 AM) (Source: Microsoft-Windows-RestartManager) (User: Trey)Trey
Description: 0C:\Program Files (x86)\Mozilla Firefox\plugin-container.exePlugin Container for Firefox02117125080

Error: (08/30/2011 07:43:35 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: e28
Start Time: 01cc6597b1599a5d
Termination Time: 242

Error: (08/30/2011 04:33:03 PM) (Source: Application Hang) (User: )
Description: The program game.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 2e6c
Start Time: 01cc673dcd504e80
Termination Time: 536


System errors:
=============
Error: (08/31/2011 05:03:14 PM) (Source: Service Control Manager) (User: )
Description: Windows Firewall6801 (0x1A91)

Error: (08/31/2011 05:02:48 PM) (Source: Service Control Manager) (User: )
Description: Windows Firewall6801 (0x1A91)

Error: (08/31/2011 03:41:34 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: SYSTEM)
Description: 0x80070032

Error: (08/31/2011 03:40:32 PM) (Source: Service Control Manager) (User: )
Description: 30000ShellHWDetection

Error: (08/31/2011 03:38:47 PM) (Source: Service Control Manager) (User: )
Description: Windows Firewall6801 (0x1A91)

Error: (08/31/2011 03:36:28 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:29:03 PM on 8/31/2011 was unexpected.

Error: (08/31/2011 10:53:54 AM) (Source: Service Control Manager) (User: )
Description: 30000Netman

Error: (08/31/2011 04:39:23 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: SYSTEM)
Description: 0x80070032

Error: (08/31/2011 04:35:14 AM) (Source: Service Control Manager) (User: )
Description: Windows Firewall6801 (0x1A91)

Error: (08/31/2011 04:33:46 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:17:55 AM on 8/31/2011 was unexpected.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 2.2.1)
2007 Microsoft Office system (Version: 12.0.6425.1000)
64 Bit HP CIO Components Installer (Version: 3.2.1)
8000A809 (Version: 50.0.165.000)
8000A809_eDocs (Version: 50.0.165.000)
8000A809_Help (Version: 1.00.0000)
Acrobat.com (Version: 1.1.377)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe AIR (Version: 1.5.0.7220)
Adobe Flash Player 10 Plugin (Version: 10.3.181.34)
Adobe Flash Player 9 ActiveX (Version: 9)
Adobe Reader 9.4.5 (Version: 9.4.5)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Age of Empires III (Version: 1.00.0000)
AhnLab Online Security
AIM Pro (Version: 1.5.0.291)
Akamai NetSession Interface
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ASUS Data Security Manager (Version: 1.00.0007)
ASUS FancyStart (Version: 1.0.1)
ASUS LifeFrame3 (Version: 3.0.14)
ASUS Live Update (Version: 2.5.7)
ASUS Power4Gear Hybrid (Version: 1.1.11)
ASUS SmartLogon (Version: 1.0.0006)
ASUS Splendid Video Enhancement Technology (Version: 1.02.0025)
ASUS Virtual Camera (Version: 1.0.13)
Asus_Camera_ScreenSaver (Version: 2.0.0008)
ATK Generic Function Service (Version: 1.00.0008)
ATK Hotkey (Version: 1.0.0048)
ATK Media (Version: 2.0.0001)
ATKOSD2 (Version: 7.0.0003)
Bandisoft MPEG-1 Decoder
BitTorrentBar Toolbar (Version: 6.2.2.4)
Bonjour (Version: 3.0.0.2)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
Browser Defender 3.0 (Version: 3.0.0.312)
BufferChm (Version: 120.0.194.000)
calibre (Version: 0.8.5)
Choice Guard (Version: 1.2.87.0)
Conduit Engine (Version: 6.2.7.3)
Creative MediaSource 5 (Version: 5.00)
Crysis® 2 (Version: 1.0.0.0)
CyberLink LabelPrint (Version: 2.0.2908)
CyberLink Power2Go (Version: 6.0.1924)
DAEMON Tools Lite (Version: 4.40.2.0131)
DeviceDiscovery (Version: 120.0.194.000)
DivX Setup (Version: 2.5.0.11)
EdenEternal
Express Gate (Version: 1.1.9.6)
Fallout 3 (Version: 1.00.0000)
Giraffic Video Accelerator (Version: 0.86.111.230)
GPBaseService2 (Version: 120.0.194.000)
HiJackThis (Version: 1.0.0)
Hitman Pro 3.5 (Version: 3.5.9.125)
HP Customer Participation Program 12.0 (Version: 12.0)
HP Imaging Device Functions 12.0 (Version: 12.0)
HP Officejet Pro 8000 A809 Series (Version: 12.0)
HP Smart Web Printing (Version: 4.05)
HP Solution Center 12.0 (Version: 12.0)
HP Update (Version: 4.000.011.006)
hppMSRedist (Version: 1.00.0000)
HPProductAssistant (Version: 120.0.194.000)
hppusgP1000 (Version: 000.000.00003)
HPSSupply (Version: 120.0.194.000)
iPhone Configuration Utility (Version: 2.1.0.163)
ITECIR (Version: 1.00.0000)
iTunes (Version: 10.4.1.10)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 22 (64-bit) (Version: 6.0.220)
Java™ 6 Update 26 (Version: 6.0.260)
Junk Mail filter update (Version: 14.0.8050.1202)
League of Legends (Version: 1.0020)
League of Legends (Version: 1.3)
LightScribe System Software 1.14.17.1 (Version: 1.14.17.1)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
MarketResearch (Version: 120.0.226.000)
Maxima 5.19.2 (Version: 5.19.2)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (Version: 2.1.54.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Chinese (Simplified)) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access MUI (Chinese (Traditional)) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access MUI (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access MUI (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel 2007 Help ¸üР(KB963678)
Microsoft Office Excel 2007 Help Actualización (KB963678)
Microsoft Office Excel 2007 Help §ó•sµ{¦¡ (KB963678)
Microsoft Office Excel MUI (Chinese (Simplified)) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (Chinese (Traditional)) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office IME (Chinese (Simplified)) 2007 (Version: 12.0.6425.1000)
Microsoft Office IME (Chinese (Traditional)) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook 2007 Help ¸üР(KB963677)
Microsoft Office Outlook 2007 Help Actualización (KB963677)
Microsoft Office Outlook Connector (Version: 12.0.6414.1000)
Microsoft Office Outlook MUI (Chinese (Simplified)) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (Chinese (Traditional)) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Powerpoint 2007 Help ¸üР(KB963669)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669)
Microsoft Office Powerpoint 2007 Help §ó•sµ{¦¡ (KB963669)
Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Arabic) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Basque) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Catalan) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Chinese (Simplified)) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Chinese (Traditional)) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Dutch) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Galician) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (German) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (Chinese (Simplified)) 2007 (Version: 12.0.4518.1016)
Microsoft Office Proofing (Chinese (Traditional)) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Chinese (Simplified)) 2007 (Version: 12.0.6425.1000)
Microsoft Office Publisher MUI (Chinese (Traditional)) 2007 (Version: 12.0.6425.1000)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Publisher MUI (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Publisher MUI (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (Chinese (Simplified)) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (Chinese (Simplified)) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (Chinese (Traditional)) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word 2007 Help ¸üР(KB963665)
Microsoft Office Word 2007 Help Actualización (KB963665)
Microsoft Office Word 2007 Help §ó•sµ{¦¡ (KB963665)
Microsoft Office Word MUI (Chinese (Simplified)) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (Chinese (Traditional)) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Search Enhancement Pack (Version: 3.0.126.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mise à jour Microsoft Office Excel 2007 Help (KB963678)
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)
Mise à jour Microsoft Office Word 2007 Help (KB963665)
MobileMe Control Panel (Version: 3.1.6.0)
Mozilla Firefox 6.0.1 (x86 en-US) (Version: 6.0.1)
MrvlUsgTracking (Version: 1.0.7)
MSN Toolbar (Version: 4.0.0396.0)
MSN Toolbar Platform (Version: 4.0.0417.0)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML4 Parser (Version: 1.0.0)
myPrintMileage (Officejet Pro 8000 A809) (Version: 1.00.0000)
Need For Speed™ World (Version: 1.0.0.581)
Network64 (Version: 120.0.194.000)
Nexon Game Manager
NVIDIA Drivers (Version: 1.4)
NVIDIA PhysX (Version: 9.10.0513)
OpenVPN 2.1.1 (Version: 2.1.1)
Opera 9.64 (Version: 9.64)
Pando Media Booster (Version: 2.3.6.0)
ProductContext (Version: 50.0.165.000)
QuickTime (Version: 7.70.80.34)
Ragnarok Online
REACTOR (Version: 1.00.0000)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5845)
RealUpgrade 1.1 (Version: 1.1.0)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03 (Version: 3.55.03)
Safari (Version: 5.34.50.0)
Shop for HP Supplies (Version: 12)
SmartWebPrinting (Version: 120.0.194.000)
SolutionCenter (Version: 120.0.194.000)
Sound Blaster Audigy HD Asus (Version: 1.0)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spybot - Search & Destroy (Version: 1.6.2)
Spyware Doctor 8.0 (Version: 8.0)
StartNow Toolbar 2.0 (Version: 2.0)
Status (Version: 120.0.194.000)
swMSM (Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 10.1.8.0)
Toolbox (Version: 120.0.194.000)
TrayApp (Version: 120.0.194.000)
Trillian
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2586924)
USB 2.0 2.0M UVC WebCam
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Ventrilo Client (Version: 3.0.5)
Veoh Web Player (Version: 1.1.2.0000)
Visual C++ 8.0 Runtime Setup Package (Version: 1.0.0.0)
VLC media player 1.1.9 (Version: 1.1.9)
WebReg (Version: 120.0.194.000)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live Family Safety (Version: 14.0.8052.1208)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Movie Maker Beta (Version: 14.0.8051.1204)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)
WinFlash
WinRAR archiver
Wireless Console 2 (Version: 2.0.10)
Xvid 1.2.1 final uninstall (Version: 1.2)

========================= Memory info: ===================================

Percentage of memory in use: 68%
Total physical RAM: 4094.16 MB
Available physical RAM: 1304.8 MB
Total Pagefile: 8363.55 MB
Available Pagefile: 3414.3 MB
Total Virtual: 4095.88 MB
Available Virtual: 4008.34 MB

========================= Partitions: =====================================

1 Drive c: (Vista64) (Fixed) (Total:149.04 GB) (Free:46.07 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:137.33 GB) (Free:77.86 GB) NTFS
3 Drive e: (PAL 2.0) (CDROM) (Total:0.45 GB) (Free:0 GB) CDFS
4 Drive f: () (Fixed) (Total:149.04 GB) (Free:78.01 GB) NTFS
5 Drive g: () (Fixed) (Total:149.04 GB) (Free:125.09 GB) NTFS

========================= Users: ========================================

User accounts for \\TREY-PC

Administrator ASPNET Guest
Trey


**** End of log ****

Anti malware
Anti malware, malware bytes log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7634

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/2/2011 1:40:57 AM
mbam-log-2011-09-02 (01-40-57).txt

Scan type: Quick scan
Objects scanned: 186005
Time elapsed: 8 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

and last is GMER






GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-02 03:10:24
Windows 6.0.6002 Service Pack 2
Running: 4vxwjykv.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e8c03d022
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002243c9925a
Reg HKLM\SYSTEM\ControlSet045\Services\BTHPORT\Parameters\Keys\001e8c03d022 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet045\Services\BTHPORT\Parameters\Keys\002243c9925a (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 16 bytes
File C:\ADSM_PData_0150\DB\VL.db 16 bytes
File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
File C:\ADSM_PData_0150\DB\_avt 512 bytes
File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x64 0 bytes
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x64\AsDsm.sys 34872 bytes executable
File C:\Program Files\ASUS\ASUS Data Security Manager\driver\x64\_avt 512 bytes

---- EOF - GMER 1.0.15 ----



this its a total of 4 logs.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:39 AM

Posted 02 September 2011 - 06:16 PM

To start with you don't have any AV program installed.
Install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html (make sure to opt out from installing Ask Toolbar - it comes pre-checked)
Update, run full scan, report on any findings.

Then...

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Post the content in your next reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 belowavgman

belowavgman
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 03 September 2011 - 01:09 PM

Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 91.54 0 K 24 K
System 4 0 K 34,076 K
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
smss.exe 556 592 K 1,040 K
csrss.exe 624 3,136 K 7,644 K
wininit.exe 676 2,616 K 5,116 K
services.exe 732 5,480 K 9,760 K
svchost.exe 932 4,732 K 8,696 K
ACEngSvr.exe 1828 3,620 K 7,104 K
hpqbam08.exe 4340 2,292 K 7,004 K HP CUE Alert Popup Window Objects Hewlett-Packard Co. "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding
hpqgpc01.exe 5388 4,052 K 9,676 K GPCore COM object Hewlett-Packard "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding
unsecapp.exe 6896 3,884 K 7,640 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation C:\Windows\system32\wbem\unsecapp.exe -Embedding
WmiPrvSE.exe 7028 4,828 K 8,920 K
nvvsvc.exe 1000 2,700 K 4,652 K
nvvsvc.exe 1612 4,460 K 8,000 K
svchost.exe 248 7,932 K 11,128 K
svchost.exe 564 71,016 K 44,336 K
svchost.exe 12 19,860 K 18,036 K
audiodg.exe 1104 19,580 K 23,848 K
svchost.exe 688 0.38 290,156 K 294,828 K
dwm.exe 2544 0.77 42,760 K 68,388 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
svchost.exe 1036 33,308 K 40,360 K
taskeng.exe 832 3,644 K 7,772 K
taskeng.exe 2512 < 0.01 12,952 K 15,360 K Task Scheduler Engine Microsoft Corporation taskeng.exe {8796DB50-E5D5-422D-A240-9E7E8E031C61}
taskeng.exe 2612 3,504 K 7,112 K
sensorsrv.exe 2688 1,976 K 5,812 K
ALU.exe 2756 < 0.01 2,428 K 5,684 K
BatteryLife.exe 2812 5,784 K 7,900 K
CTAudSvc.exe 1136 1,944 K 4,960 K
svchost.exe 1160 3,504 K 6,340 K
SLsvc.exe 1176 9,224 K 9,980 K
svchost.exe 1224 12,416 K 17,828 K
svchost.exe 1340 21,272 K 20,540 K
ADSMSrv.exe 1452 1,648 K 4,624 K
AsLdrSrv.exe 1464 1,872 K 4,852 K
HControl.exe 2932 8,444 K 8,520 K
Atouch64.exe 3032 2,192 K 5,776 K
ATKOSD.exe 2528 1,444 K 5,224 K
KBFiltr.exe 2112 1,572 K 4,580 K
WDC.exe 2764 3,092 K 5,620 K
MsgTranAgt64.exe 2940 2,396 K 3,424 K
wcourier.exe 3000 3,616 K 6,724 K
ACMON.exe 3016 4,268 K 9,800 K
GFNEXSrv.exe 1488 1,376 K 3,952 K
AvastSvc.exe 1536 99,244 K 35,072 K
spoolsv.exe 1956 11,536 K 14,836 K
svchost.exe 1764 27,688 K 30,464 K
svchost.exe 1996 1.15 10,040 K 13,944 K
AppleMobileDeviceService.exe 1080 5,040 K 9,148 K
mDNSResponder.exe 2636 2,764 K 5,740 K
BDTUpdateService.exe 2436 7,848 K 3,700 K
svchost.exe 2096 3,476 K 4,896 K
GirafficWatchdog.exe 3216 6,592 K 9,524 K
Giraffic.exe 2228 8,656 K 11,924 K
svchost.exe 3240 5,396 K 9,724 K
LSSrvc.exe 3336 1,836 K 5,164 K
svchost.exe 3360 2,180 K 4,148 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k HPZ12
svchost.exe 3448 2,036 K 3,832 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k HPZ12
svchost.exe 3484 4,024 K 7,060 K
SeaPort.exe 3504 6,804 K 10,468 K
svchost.exe 3612 6,444 K 8,572 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
ToolbarUpdaterService.exe 3656 3,036 K 6,596 K
svchost.exe 3684 3,036 K 5,480 K
WLIDSVC.EXE 3752 7,248 K 12,868 K
WLIDSVCM.EXE 4612 2,424 K 4,136 K
SearchIndexer.exe 3816 125,448 K 120,748 K
SDWinSec.exe 3916 6,700 K 10,360 K
svchost.exe 4196 7,024 K 9,232 K
wmpnetwk.exe 2124 6,644 K 12,688 K
iPodService.exe 5524 5,096 K 8,732 K
svchost.exe 6196 3,088 K 7,672 K
mbamservice.exe 6680 97,088 K 38,844 K Malwarebytes' Anti-Malware Malwarebytes Corporation "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
lsass.exe 760 5,516 K 2,992 K
lsm.exe 768 4,316 K 6,024 K
csrss.exe 696 4,060 K 10,144 K
winlogon.exe 548 4,164 K 8,064 K
explorer.exe 2640 0.38 33,128 K 51,876 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
MSASCui.exe 4680 12,216 K 15,320 K Windows Defender User Interface Microsoft Corporation "C:\Program Files\Windows Defender\MSASCui.exe" -hide
RAVCpl64.exe 4696 12,256 K 10,940 K HD Audio Control Panel Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
rundll32.exe 4712 8,396 K 6,300 K Windows host process (Rundll32) Microsoft Corporation "C:\Windows\System32\rundll32.exe" C:\Windows\system32\AmbRunE.dll,RunDLLEntry
SynTPEnh.exe 4732 < 0.01 4,912 K 9,588 K Synaptics TouchPad Enhancements Synaptics, Inc. "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
SynTPHelper.exe 5760 2,376 K 4,496 K
LightScribeControlPanel.exe 4756 3,896 K 10,480 K Hewlett-Packard Company "C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
veohwebplayer.exe 4768 < 0.01 27,336 K 34,752 K Veoh Web Player Beta Veoh Networks "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
DTLite.exe 4984 6,248 K 12,320 K DAEMON Tools Lite DT Soft Ltd "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uTorrent.exe 4992 < 0.01 25,156 K 31,776 K µTorrent BitTorrent, Inc. "C:\Program Files (x86)\uTorrent\uTorrent.exe"
PMB.exe 5024 < 0.01 30,808 K 24,944 K Pando Media Booster "C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
TeaTimer.exe 5044 0.38 65,816 K 78,264 K System settings protector Safer Networking Limited "C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
hpqtra08.exe 4536 7,520 K 13,352 K HP Digital Imaging Monitor Hewlett-Packard Co. "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe"
hpqste08.exe 5260 5,736 K 11,964 K HP CUE Status Root Hewlett-Packard Co. "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Officejet Pro 8000 A809 Series#1253209978" -Startup
wmpnscfg.exe 1700 3,292 K 8,080 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnscfg.exe"
firefox.exe 4336 5.00 507,940 K 531,232 K Firefox Mozilla Corporation "C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
WinRAR.exe 6016 < 0.01 12,256 K 18,928 K WinRAR archiver Alexander Roshal "C:\Program Files (x86)\WinRAR.exe" C:\Users\Trey\AppData\Local\Temp\ProcessExplorer.zip
procexp.exe 1328 3,000 K 10,904 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Trey\AppData\Local\Temp\Rar$EX99.2002\procexp.exe"
procexp64.exe 8116 0.38 23,748 K 36,500 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Trey\AppData\Local\Temp\Rar$EX99.2002\procexp.exe"
plugin-container.exe 1688 < 0.01 88,364 K 109,176 K Plugin Container for Firefox Mozilla Corporation "C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4336.153f5b70.1423693088 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" - -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.jar" 4336 "\\.\pipe\gecko-crash-server-pipe.4336" plugin
CLMLSvc.exe 2120 < 0.01 6,336 K 10,612 K CyberLink MediaLibray Service CyberLink "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
ATKOSD2.exe 2572 10,172 K 20,780 K ATKOSD2 ASUS "C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"
VolPanlu.exe 1132 < 0.01 13,684 K 15,760 K VolPanlu.exe Creative Technology Ltd "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
DMedia.exe 1712 1,552 K 4,892 K ATK Media ASUS "C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"
ASScrPro.exe 1728 < 0.01 2,204 K 6,012 K "C:\Windows\ASScrPro.exe"
hppusg.exe 5076 11,212 K 5,516 K "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\"
hpwuSchd2.exe 4344 1,648 K 4,896 K hpwuSchd Application Hewlett-Packard "C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"
mswinext.exe 5248 < 0.01 37,864 K 61,912 K MSN® Toolbar Microsoft Corp. "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
FGuard.exe 5308 4,652 K 7,792 K Browser Defender Social On Disk Threat Expert Ltd. "C:\Program Files (x86)\Spyware Doctor\BDT\FGuard.exe"
jusched.exe 5320 1,848 K 5,448 K Java™ Update Scheduler Sun Microsystems, Inc. "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
conime.exe 5364 376 K 120 K Console IME Microsoft Corporation C:\Windows\system32\conime.exe
conime.exe 5396 380 K 124 K Console IME Microsoft Corporation C:\Windows\system32\conime.exe
realsched.exe 5412 2,952 K 716 K RealNetworks Scheduler RealNetworks, Inc. "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mbamgui.exe 5536 3,188 K 8,348 K Malwarebytes' Anti-Malware Malwarebytes Corporation "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
AvastUI.exe 5864 < 0.01 28,344 K 41,084 K avast! Antivirus AVAST Software "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
conime.exe 6036 1,540 K 5,016 K Console IME Microsoft Corporation C:\Windows\system32\conime.exe

that was procexo


for the avast (one i chose) it recorded 10 high security risks and asked for a boot scan which i didn't do but will if asked. when i first downloaded avast spybot asked if i would allow some changes in registry? not sure if it was registry, but then i got a blue screen and all my physical memory was dumped on disk or something. was a like ISQL error or something. and the high CPU usage is from applemobiledeviceservice.exe which is a problem a lot of people have with the current 10.4 updated version of apple. will await next reply.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:39 AM

Posted 03 September 2011 - 01:23 PM

i didn't do but will if asked

Please do.

CPU usage seems to be fine right now.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 belowavgman

belowavgman
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 03 September 2011 - 05:46 PM

I did it but did not know that there wouldnt be a save file or log file afterward so I can't say exactly what was deleted but I saw Win32 WoW or something, lot of rar. files in my downloads and a ton of Sunjava. think one said tj which i took for being a trojan. I still have the google redirect virus that brings me to find fast answers.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:39 AM

Posted 03 September 2011 - 06:12 PM

Which browser is getting redirected?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 belowavgman

belowavgman
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 03 September 2011 - 06:37 PM

firefox. also when i start up i get a rediculous amount of physical memory used from svchost, could this be a virus "am I infected?"

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:39 AM

Posted 03 September 2011 - 06:42 PM

Can you check if redirection happens in IE as well?

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 belowavgman

belowavgman
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:39 AM

Posted 03 September 2011 - 06:49 PM

I closed out the windows i just dunno if i did it fast enough. i think i did. not experiencing redirect on IE. and now not experiencing redirect on firefox currently. think it was just a fluke when i typed potato and find fast answers showed up to give me info on potato. if that log seems to say all is fine, I appreciate the help. Thanks



GooredFix by jpshortstuff (03.07.10.1)
Log created at 19:44 on 03/09/2011 (Trey)
Firefox version 6.0.1 (en-US)

========== GooredScan ==========

Deleting "C:\Users\Trey\Application Data\Mozilla\Firefox\Profiles\5shi7esw.default\extensions\{168c0658-789b-4607-9e31-2bfd65bdb2fb}" -> Success!
Removing Orphan:
"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [03:40 29/06/2011]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [16:09 07/08/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [23:04 26/01/2010]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [02:58 22/07/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [13:22 13/08/2010]
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [23:29 28/06/2011]

C:\Users\Trey\Application Data\Mozilla\Firefox\Profiles\5shi7esw.default\extensions\
{1018e4d6-728f-4b20-ad56-37578a4de76b} [23:03 29/08/2011]
{20a82645-c095-46ed-80e3-08825760534b} [18:56 30/04/2010]
{5911488E-9D1E-40ec-8CBB-06B231CC153F} [19:11 30/06/2011]
{635abd67-4fe9-1b23-4f01-e679fa7484c1} [19:11 30/06/2011]
{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF} [23:38 02/08/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [01:45 06/08/2009]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2" [17:52 17/09/2009]
"{cb84136f-9c44-433a-9048-c5cd9df1dc16}"="C:\Program Files (x86)\Spyware Doctor\BDT\Firefox\" [18:32 07/07/2010]
"msntoolbar@msn.com"="C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\Firefox" [23:10 05/04/2011]
"{27182e60-b5f3-411c-b545-b44205977502}"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\" [07:02 07/04/2011]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video" [16:53 26/05/2011]
"{6904342A-8307-11DF-A508-4AE2DFD72085}"="C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa" [16:54 26/05/2011]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [19:14 30/06/2011]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [14:50 03/09/2011]

-=E.O.F=-

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:03:39 AM

Posted 03 September 2011 - 07:10 PM

GooredFix removed some leftovers, but anyway....good news :)

Last scans...

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users