Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected svchost, winrscmde, info to random sites


  • This topic is locked This topic is locked
10 replies to this topic

#1 Arreladd

Arreladd

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 18 September 2011 - 01:36 PM

Hello all, I have an issue with my Computer. Windows 7 Ultimate x64. For the past month I have been having issues where AVG would pop up and say that one of my svchost.exe were trying to send information to an infected website. Upon further investigation in the Windows Task Manager I noticed svchost.exe *32 for winrscmde was showing over 900,000k Usage and exessive CPU time. I went and looked in the Process Explorer and found that unlike the other svchost's there was no services tab for this one. On top of that I also found that when the it started becoming very active that in the TCP/IP it was establishing connections with Numerous sites before AVG would pop up and block one. I have run AVG and it didn't find anything, Malwarebytes didn't find anything, SpybotS&D only found cookies, Housecall didn't find anything, Superantispyware didn't find anything.

I am at a total loss as to what is going on. Any ideas on what I can do to fix this problem.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:37 AM

Posted 18 September 2011 - 02:27 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Arreladd

Arreladd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 18 September 2011 - 06:04 PM

SecurityCheck.exe Results

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 27
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader X (10.1.1)
Mozilla Firefox (3.6.6)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#4 Arreladd

Arreladd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 18 September 2011 - 06:10 PM

Gmer.log was empty and stated that it didn't find anything

MiniToolBox

MiniToolBox by Farbar
Ran by Aran (administrator) on 18-09-2011 at 13:43:38
Windows 7 Ultimate Service Pack 1 (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="Local Area Connection* 11" address=192.168.56.1 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : CALIBRE
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 6:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Loopback Adapter
Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::31c7:2e79:84d0:bbc%20(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.11.188(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 520224844
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-07-94-C1-00-04-4B-18-B9-02
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 6C-F0-49-0A-1C-41
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b98a:b4c2:2123:a226%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, September 18, 2011 1:42:31 PM
Lease Expires . . . . . . . . . . : Monday, September 19, 2011 1:42:31 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 342683721
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-07-94-C1-00-04-4B-18-B9-02
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{C0347BA4-CBC5-439D-9E50-0AF81BDEE6B7}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{4CC8BC89-688B-44A0-A451-8F046D8189A2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.224.114
74.125.224.115
74.125.224.113
74.125.224.116
74.125.224.112


Pinging google.com [74.125.224.80] with 32 bytes of data:
Reply from 74.125.224.80: bytes=32 time=22ms TTL=51
Reply from 74.125.224.80: bytes=32 time=43ms TTL=51

Ping statistics for 74.125.224.80:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 22ms, Maximum = 43ms, Average = 32ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56


Pinging yahoo.com [69.147.125.65] with 32 bytes of data:
Reply from 69.147.125.65: bytes=32 time=85ms TTL=48
Reply from 69.147.125.65: bytes=32 time=81ms TTL=48

Ping statistics for 69.147.125.65:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 81ms, Maximum = 85ms, Average = 83ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
20...02 00 4c 4f 4f 50 ......Microsoft Loopback Adapter
13...6c f0 49 0a 1c 41 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.11.188 286
169.254.11.188 255.255.255.255 On-link 169.254.11.188 286
169.254.255.255 255.255.255.255 On-link 169.254.11.188 286
192.168.1.0 255.255.255.0 On-link 192.168.1.2 266
192.168.1.2 255.255.255.255 On-link 192.168.1.2 266
192.168.1.255 255.255.255.255 On-link 192.168.1.2 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.11.188 286
224.0.0.0 240.0.0.0 On-link 192.168.1.2 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.11.188 286
255.255.255.255 255.255.255.255 On-link 192.168.1.2 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
20 286 fe80::/64 On-link
13 266 fe80::/64 On-link
20 286 fe80::31c7:2e79:84d0:bbc/128
On-link
13 266 fe80::b98a:b4c2:2123:a226/128
On-link
1 306 ff00::/8 On-link
20 286 ff00::/8 On-link
13 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/18/2011 04:22:13 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/18/2011 04:22:04 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (09/18/2011 00:42:48 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (09/17/2011 00:34:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/17/2011 00:34:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (09/16/2011 06:47:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: MSHTML.dll, version: 9.0.8112.16434, time stamp: 0x4e28e61f
Exception code: 0xc0000005
Fault offset: 0x00427710
Faulting process id: 0x278
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/15/2011 05:47:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: Flash10w.ocx, version: 10.3.183.7, time stamp: 0x4e52e8e0
Exception code: 0xc0000005
Fault offset: 0x001a102b
Faulting process id: 0x1514
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (09/15/2011 03:48:45 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/15/2011 03:48:37 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.

Error: (09/14/2011 05:00:17 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (09/18/2011 01:43:31 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (09/18/2011 01:42:51 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (09/18/2011 01:42:50 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/18/2011 01:42:50 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/18/2011 01:42:50 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (09/18/2011 01:42:51 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/18/2011 01:42:51 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/18/2011 01:42:46 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (09/18/2011 01:42:40 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (09/18/2011 01:42:36 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Avgldx64
Avgmfx64
discache
SASDIFSV
SASKUTIL
spldr
VBoxDrv
VBoxUSBMon
Wanarpv6


Microsoft Office Sessions:
=========================
Error: (09/18/2011 04:22:13 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/18/2011 04:22:04 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (09/18/2011 00:42:48 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (09/17/2011 00:34:29 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/17/2011 00:34:21 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (09/16/2011 06:47:20 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5MSHTML.dll9.0.8112.164344e28e61fc00000050042771027801cc74d83419a8dc\\.\globalroot\systemroot\svchost.exeC:\Windows\system32\MSHTML.dllfaae2415-e0ce-11e0-9868-6cf0490a1c41

Error: (09/15/2011 05:47:55 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c5Flash10w.ocx10.3.183.74e52e8e0c0000005001a102b151401cc740996a1f0fa\\.\globalroot\systemroot\svchost.exeC:\Windows\SysWOW64\Macromed\Flash\Flash10w.ocx8381701c-dffd-11e0-80ce-6cf0490a1c41

Error: (09/15/2011 03:48:45 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (09/15/2011 03:48:37 AM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (09/14/2011 05:00:17 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe


=========================== Installed Programs ============================

µTorrent (Version: 2.0.0)
A.V.A (Version: 24.18.03866)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.7)
Adobe Flash Player 10 Plugin (Version: 10.0.45.2)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
Akamai NetSession Interface
Ancient Weapon Sounds (Version: 2.1.0)
Android SDK Tools (Version: 0.7)
AVG 2012 (Version: 12.0.1808)
AVG 2012 (Version: 12.0.2085)
AVG 2012 (Version: 2012.0.1808)
Bandisoft MPEG-1 Decoder
Battlefield Heroes
Battlefield: Bad Company™ 2 (Version: 1.0.0.0)
BF3 Alpha Trial (Version: 1.0.0.0)
Browser Configuration Utility (Version: 1.1.11.0)
Call of Duty® - World at War™ (Version: 1.0)
Call of Duty® - World at War™ (Version: 1.4)
Call of Duty® - World at War™ 1.1 Patch
Call of Duty® - World at War™ 1.1 Patch (Version: 1.1)
Call of Duty® - World at War™ 1.2 Patch
Call of Duty® - World at War™ 1.2 Patch (Version: 1.2)
Call of Duty® - World at War™ 1.4 Patch
Call of Duty® - World at War™ 1.4 Patch (Version: 1.4)
CCleaner (Version: 3.10)
Combat Arms
Comic Sound Pack (Version: 2.1.0)
Creatures of Darkness (Version: 3.3.0)
Crystal Reports Basic for Visual Studio 2008 (Version: 10.5.0.0)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (Version: 10.5.0.0)
Crystal Reports for Visual Studio (Version: 12.51.0.240)
D3DX10 (Version: 15.4.2368.0902)
Deep Space Voices (Version: 3.3.0)
Dotfuscator Software Services - Community Edition (Version: 5.0.2300.0)
Easy Tune 6 B09.1104.1 (Version: 1.00.0000)
EasySaver B9.0904.1 (Version: 1.00.0000)
ESET Online Scanner v3
ESN Sonar (Version: 0.41.0)
Fantasy Sound Pack (Version: 1.1.0)
Fantasy Voice Pack (Version: 1.3.0)
Farm Animal Sounds (Version: 1.1.0)
Fiesta (Version: 1.280.0000)
FileZilla Client 3.5.1 (Version: 3.5.1)
Fraps (remove only)
Furry Voices for Second Life (Version: 1.3.0)
Galactic Voices (Version: 1.3.0)
GenesisAD_Setup (Version: 1.00.0000)
Gigabyte Raid Cinfigurer (Version: 1.00.0001)
GIMP 2.6.11 (Version: 2.6.11)
GiPo@MoveOnBoot 1.9.5 (Version: 1.9.5)
Google Earth Plug-in (Version: 6.0.3.2197)
Google Update Helper (Version: 1.3.21.69)
Guild Wars
Guitar Pro 5.2
ijji - Gunz
ImgBurn (Version: 2.5.5.0)
IsoBuster 2.8.5 (Version: 2.8.5)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 27 (64-bit) (Version: 6.0.270)
Java™ 6 Update 27 (Version: 6.0.270)
Junk Mail filter update (Version: 15.4.3502.0922)
LinuxLive USB Creator (Version: 2.8)
LiveUpdate 3.2 (Symantec Corporation) (Version: 3.2.0.26)
Mabinogi
Magic ISO Maker v5.5 (build 0272)
MagicDisc 2.7.106
Male Voice Pack (Version: 1.3.0)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Compact Framework 2.0 SP2 (Version: 2.0.7045)
Microsoft .NET Compact Framework 3.5 (Version: 3.5.7283)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Access database engine 2010 (English) (Version: 14.0.4763.1000)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (Version: 2.0.50217.0)
Microsoft Device Emulator (64 bit) version 3.0 - ENU (Version: 9.0.21022)
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008 (Version: 9.0.21022)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft IntelliPoint 8.0 (Version: 8.0.225.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access database engine 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007 (Version: 12.0.4518.1066)
Microsoft Office Visual Web Developer MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Outlook Hotmail Connector 64-bit (Version: 14.0.5118.5000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit (Version: 14.0.5120.5000)
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40818.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1447.4)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (Version: 10.50.1447.4)
Microsoft SQL Server Compact 3.5 Design Tools ENU (Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 for Devices ENU (Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.2 (Version: 1.2.0.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (Version: 10.1.2512.8)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 (Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.30319)
Microsoft Visual Basic 2008 Step by Step (Version: 2.00.10)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual F# 2.0 Runtime (Version: 10.0.30319)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Visual Studio 2008 Remote Debugger - ENU
Microsoft Visual Studio 2008 Remote Debugger - ENU (Version: 9.0.21022)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.30319)
Microsoft Visual Studio 2010 Performance Collection Tools - ENU (Version: 10.0.30319)
Microsoft Visual Studio 2010 SharePoint Developer Tools (Version: 10.0.30319)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31117)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31121)
Microsoft Visual Studio 2010 Ultimate - ENU (Version: 10.0.30319)
Microsoft Visual Studio Macro Tools (Version: 9.0.30729)
Microsoft Visual Studio Web Authoring Component (Version: 12.0.4518.1066)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (Version: 3.5.21022)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 Tools (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (Version: 6.1.5288.17011)
Modern War Sounds (Version: 1.0.0)
MorphVOX Pro (Version: 4.3.3)
MotoHelper 2.0.40 Driver 4.9.0 (Version: 2.0.40)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 4.9.0 (Version: 4.9.0)
Mozilla Firefox (3.6.6) (Version: 3.6.6 (en-US))
MSDN Library for Visual Studio 2008 - ENU (Version: 9.0)
MSDN Library for Visual Studio 2008 - ENU (Version: 9.0.21022)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MTX (Version: 1.0.0)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.14.0)
Neo Steam : The Shattered Continent (Version: : The Shattered Continent)
Nexon Game Manager
Norton Ghost (Version: 12.0.0.18971)
NVIDIA Display Control Panel (Version: 1.10)
NVIDIA Drivers (Version: 1.10)
NVIDIA PhysX v8.08.01 (Version: 8.08.01)
OpenOffice.org 3.3 (Version: 3.3.9567)
Oracle VM VirtualBox 4.0.12 (Version: 4.0.12)
Origin (Version: 8.2.3.2458)
Personality Voices (Version: 1.0.0)
PocketCloud Windows Companion (Version: 2.2.10)
PSP ISO Compressor (Version: 1.4.0)
PunkBuster Services (Version: 0.988)
PVSonyDll (Version: 1.00.0001)
Python 2.5.4 (Version: 2.5.4150)
QuickTime
REACTOR (Version: 1.00.0000)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
Realtek Ethernet Controller Driver For Windows Vista and Later (Version: 1.00.0009)
Realtek High Definition Audio Driver (Version: 6.0.1.5964)
RealUpgrade 1.1 (Version: 1.1.0)
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (Version: v2.24 MSI Master Overclocking Arena 2009 edition)
Rose Online 1.0.254.123 (Version: 1.0.254.123)
Sci-Fi 2 Sound Pack (Version: 1.3.0)
Sci-Fi Sound Pack (Version: 1.1.0)
Sci-Fi Voice Pack (Version: 1.3.0)
Shaiya(US) (Version: 1.0)
SPAtune (Version: 1.0.1)
Special Effects Voices (Version: 1.0.2)
Spooky Sounds (Version: 2.1.0)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.0.1118)
swMSM (Version: 12.0.0.1)
System Requirements Lab (Version: 4.1.71.0)
TeamSpeak 3 Client
The Rosetta Stone
UltraVNC 1.0.8.2 (Version: 1.0.8.2)
Unity (Version: 2.6.1f3_31223)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Script Editor Help (KB963671)
Ventrilo Client for Windows x64 (Version: 3.0.5.0)
Vindictus
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
Visual Studio .NET Prerequisites - English (Version: 9.0.21022)
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 Prerequisites - English (Version: 10.0.30319)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.21022)
Vivox Web Voice 1.16.2.2858 (Version: 1.16.2)
VLC media player 1.0.5 (Version: 1.0.5)
Web Deployment Tool (Version: 1.1.0618)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Mobile 5.0 SDK R2 for Pocket PC (Version: 5.00.1700.5.14343.06)
Windows Mobile 5.0 SDK R2 for Smartphone (Version: 5.00.1700.5.14343.06)
Windows Mobile Device Center (Version: 6.1.6965.0)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0)
WinPcap 4.1.1 (Version: 4.1.0.1753)
WinRAR archiver
Xfire (remove only)
XLink Kai (Version: 7.4.22.0)
Yahoo! Messenger
Yahoo! Software Update

========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 4094.49 MB
Available physical RAM: 2820.68 MB
Total Pagefile: 8187.18 MB
Available Pagefile: 6924.87 MB
Total Virtual: 4095.88 MB
Available Virtual: 3991.57 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:931.41 GB) (Free:610.63 GB) NTFS

========================= Users: ========================================

User accounts for \\CALIBRE

Administrator Aran Guest


**** End of log ****

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7740

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

9/18/2011 1:41:06 PM
mbam-log-2011-09-18 (13-41-06).txt

Scan type: Full scan (C:\|)
Objects scanned: 1176849
Time elapsed: 3 hour(s), 16 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:37 AM

Posted 18 September 2011 - 06:13 PM

Ooops...I didn't see GMER didn't find any modifications...

Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.

Edited by Broni, 18 September 2011 - 06:14 PM.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 Arreladd

Arreladd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 18 September 2011 - 06:38 PM

Process PID CPU Private Bytes Working Set Description Company Name Command Line
AluSchedulerSvc.exe 2144 2,052 K 1,596 K Automatic LiveUpdate Scheduler Service Symantec Corporation "C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
armsvc.exe 2032 1,240 K 4,008 K Adobe Acrobat Update Service Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
audiodg.exe 1272 17,580 K 17,988 K Windows Audio Device Graph Isolation Microsoft Corporation C:\Windows\system32\AUDIODG.EXE 0x308
avgcsrva.exe 408 14,492 K 4,368 K AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o. C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe /pipeName=ad93b203-6d82-4566-98d7-2e0bad07144a /coreSdkOptions=286 /logConfFile="C:\ProgramData\AVG2012\temp\645d0a5a-5a60-480b-9b6b-ab08d1625c4e-178-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2012\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg2012" /tempPath="C:\ProgramData\AVG2012\temp\"
AVGIDSAgent.exe 3564 0.34 29,724 K 23,356 K AVG Identity Protection Service AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe"
avgnsa.exe 1576 5,268 K 2,924 K AVG Online Shield Service AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe"
avgrsa.exe 376 < 0.01 289,164 K 2,696 K AVG Resident Shield Service AVG Technologies CZ, s.r.o. C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /boot
avgtray.exe 4976 0.01 5,904 K 7,688 K AVG Tray Monitor AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
avgwdsvc.exe 2180 0.01 7,904 K 15,516 K AVG Watchdog Service AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe"
BCU.exe 4920 0.02 1,676 K 5,056 K Browser Configuration Utility DeviceVM, Inc. "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
BCUService.exe 2200 988 K 3,460 K Browser Configuration Utility Auto-recovery Service DeviceVM, Inc. "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe"
conhost.exe 1060 < 0.01 1,152 K 3,128 K Console Window Host Microsoft Corporation \??\C:\Windows\system32\conhost.exe "1886007530-1613198507-635299392-885528740-1567759164-1755937513-1512495189-1082595528
csrss.exe 688 0.01 2,532 K 5,052 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
csrss.exe 764 0.29 15,452 K 12,920 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
dllhost.exe 4740 < 0.01 2,836 K 7,380 K COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{30D49246-D217-465F-B00B-AC9DDD652EB7}
dllhost.exe 2544 2,144 K 5,348 K COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
dwm.exe 1952 1,952 K 5,532 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
essvr.exe 2248 0.08 1,448 K 4,032 K "C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE"
explorer.exe 1920 0.04 45,596 K 66,028 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
GUI.exe 3416 0.45 14,124 K 17,512 K GUI MFC Application "C:\Program Files (x86)\Gigabyte\ET6\GUI.exe" -m
iexplore.exe 2580 0.01 13,492 K 27,888 K Internet Explorer Microsoft Corporation "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
iexplore.exe 4536 < 0.01 110,832 K 117,748 K Internet Explorer Microsoft Corporation "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2580 CREDAT:79873
Interrupts n/a 0.86 0 K 0 K Hardware Interrupts and DPCs
ipoint.exe 4148 < 0.01 15,168 K 26,248 K IPoint.exe Microsoft Corporation "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
jusched.exe 5004 1,052 K 3,952 K Java™ Update Scheduler Sun Microsystems, Inc. "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
lsass.exe 880 0.14 6,332 K 15,116 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
lsm.exe 888 3,204 K 6,032 K Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
Monitor.exe 2484 0.08 2,108 K 4,832 K Registry Monitor PixArt Imaging Incorporation "C:\Windows\PixArt\Pac207\Monitor.exe"
MotoHelperAgent.exe 2688 1,584 K 6,020 K MotoHelperAgent "C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe"
MotoHelperService.exe 2432 3,512 K 8,428 K MotoHelper Service "C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe"
nusb3mon.exe 4944 1,448 K 4,824 K USB 3.0 Monitor NEC Electronics Corporation "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
nvvsvc.exe 352 1,568 K 4,096 K NVIDIA Driver Helper Service, Version 177.83 NVIDIA Corporation C:\Windows\system32\nvvsvc.exe
PMB.exe 4156 0.03 16,740 K 18,696 K Pando Media Booster "C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
PnkBstrA.exe 2804 < 0.01 1,232 K 4,276 K C:\Windows\SysWOW64\PnkBstrA.exe
PocketCloudService.exe 2080 < 0.01 27,572 K 22,560 K PocketCloudService "C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe"
procexp64.exe 5596 2.42 34,316 K 56,500 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Aran\Desktop\procexp64.exe"
qttask.exe 5012 36,432 K 16,860 K Apple Computer, Inc. "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
RAVCpl64.exe 360 9,012 K 11,044 K Realtek HD Audio Manager Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
realsched.exe 5028 2,176 K 704 K RealNetworks Scheduler RealNetworks, Inc. "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
rundll32.exe 1468 < 0.01 2,572 K 6,476 K Windows host process (Rundll32) Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\NVSVC64.DLL,nvsvcInitialize
rundll32.exe 4080 2,312 K 5,864 K Windows host process (Rundll32) Microsoft Corporation "C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
SASCore64.exe 1392 < 0.01 1,928 K 4,260 K Core Service SUPERAntiSpyware.com "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
SDWinSec.exe 3504 4,324 K 8,704 K Spybot-S&D Security Center integration Safer Networking Ltd. "C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe"
SearchFilterHost.exe 708 2,304 K 5,336 K Microsoft Windows Search Filter Host Microsoft Corporation "C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
SearchIndexer.exe 5928 < 0.01 28,448 K 20,092 K Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
SearchProtocolHost.exe 5644 < 0.01 2,752 K 6,932 K Microsoft Windows Search Protocol Host Microsoft Corporation "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-714751620-1818666518-86292380-10003_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-714751620-1818666518-86292380-10003 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
services.exe 872 < 0.01 6,108 K 10,024 K Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
smss.exe 264 524 K 1,212 K Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
soffice.bin 4504 14,764 K 43,156 K OpenOffice.org 3.3 OpenOffice.org "C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
soffice.exe 4336 1,108 K 3,480 K OpenOffice.org 3.3 OpenOffice.org "C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
SPAtune.exe 4196 0.05 5,636 K 9,816 K "C:\Program Files\SPARKLE\SPAtune 1.0.1\SPAtune.exe"
spoolsv.exe 1696 9,000 K 16,016 K Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
sqlbrowser.exe 2836 1,552 K 4,404 K SQL Browser Service EXE Microsoft Corporation "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
sqlservr.exe 2600 48,824 K 2,728 K SQL Server Windows NT Microsoft Corporation "c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
sqlwriter.exe 2892 2,184 K 6,428 K SQL Server VSS Writer - 64 Bit Microsoft Corporation "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
SUPERAntiSpyware.exe 4172 0.01 167,904 K 1,152 K SUPERAntiSpyware Application SUPERAntiSpyware.com "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
svchost.exe 1012 < 0.01 4,836 K 10,064 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
svchost.exe 300 7,664 K 14,412 K winrscmde Microsoft Corporation -netsvcs
svchost.exe 684 0.01 4,880 K 8,796 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
svchost.exe 972 0.03 20,908 K 24,600 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
svchost.exe 1096 < 0.01 120,568 K 129,480 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
svchost.exe 1144 0.20 60,584 K 58,784 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
svchost.exe 1320 0.05 11,160 K 18,256 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 1500 0.05 17,328 K 19,228 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
svchost.exe 1724 15,948 K 19,248 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
svchost.exe 2284 0.02 8,908 K 29,664 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
svchost.exe 2980 0.05 2,064 K 5,800 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
svchost.exe 5624 2,744 K 6,328 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
svchost.exe 5840 3,736 K 8,696 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k WindowsMobile
svchost.exe 5264 0.23 12,908 K 16,428 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServicePeerNet
System 4 0.33 348 K 119,248 K
System Idle Process 0 93.91 0 K 24 K
taskhost.exe 1852 7,896 K 8,548 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
taskmgr.exe 5988 0.25 3,652 K 11,596 K Windows Task Manager Microsoft Corporation "C:\Windows\system32\taskmgr.exe" /1
TrustedInstaller.exe 3468 3,884 K 9,288 K Windows Modules Installer Microsoft Corporation C:\Windows\servicing\TrustedInstaller.exe
VProSvc.exe 2664 35,244 K 24,844 K Service Module Symantec Corporation "C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe"
wininit.exe 744 1,712 K 4,856 K Windows Start-Up Application Microsoft Corporation wininit.exe
winlogon.exe 804 3,388 K 7,836 K Windows Logon Application Microsoft Corporation winlogon.exe
winvnc.exe 3056 < 0.01 2,032 K 4,732 K VNC server for X64/win32 UltraVNC "C:\Program Files (x86)\UltraVNC\WinVNC.exe" -service
winvnc.exe 3188 2,760 K 6,572 K VNC server for X64/win32 UltraVNC "C:\Program Files (x86)\UltraVNC\WinVNC.exe" -service_run
WLIDSVC.EXE 2452 < 0.01 7,660 K 16,516 K Microsoft® Windows Live ID Service Microsoft Corp. "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSVCM.EXE 1792 1,500 K 3,516 K Microsoft® Windows Live ID Service Monitor Microsoft Corp. WLIDSvcM.exe 2452
wmdc.exe 4140 2,388 K 6,596 K Windows Mobile Device Center Microsoft Corporation "C:\Windows\WindowsMobile\wmdc.exe"
WmiPrvSE.exe 5220 5,992 K 11,268 K WMI Provider Host Microsoft Corporation C:\Windows\system32\wbem\wmiprvse.exe
WmiPrvSE.exe 4212 3,040 K 7,180 K WMI Provider Host Microsoft Corporation C:\Windows\system32\wbem\wmiprvse.exe
wmpnetwk.exe 5784 < 0.01 10,784 K 4,600 K Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe"
XSrvSetup.exe 2348 < 0.01 1,972 K 5,556 K C:\Windows\SysWOW64\XSrvSetup.exe
YahooAUService.exe 3352 2,184 K 6,976 K AutoUpater Service Module Yahoo! Inc. "C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe"

#7 Arreladd

Arreladd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 18 September 2011 - 06:57 PM

Here is the same report but when the process is hitting hard

Process PID CPU Private Bytes Working Set Description Company Name Command Line
AluSchedulerSvc.exe 1736 1,880 K 1,760 K Automatic LiveUpdate Scheduler Service Symantec Corporation "C:\Program Files (x86)\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
armsvc.exe 1912 1,224 K 3,952 K Adobe Acrobat Update Service Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
audiodg.exe 4976 17,020 K 17,300 K Windows Audio Device Graph Isolation Microsoft Corporation C:\Windows\system32\AUDIODG.EXE 0xa4
avgcsrva.exe 408 0.47 15,400 K 20,552 K AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o. C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe /pipeName=4698b078-f761-4959-b197-89534af39c6d /coreSdkOptions=286 /logConfFile="C:\ProgramData\AVG2012\temp\4429dc79-d95b-4067-9376-e6605bcf9c5a-178-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG\AVG2012\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg2012" /tempPath="C:\ProgramData\AVG2012\temp\"
AVGIDSAgent.exe 3492 0.02 30,312 K 21,036 K AVG Identity Protection Service AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe"
avgnsa.exe 2624 2.79 10,196 K 9,632 K AVG Online Shield Service AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe"
avgrsa.exe 376 0.07 289,032 K 7,536 K AVG Resident Shield Service AVG Technologies CZ, s.r.o. C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /boot
avgtray.exe 4520 < 0.01 7,868 K 12,132 K AVG Tray Monitor AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
avgwdsvc.exe 2092 < 0.01 7,724 K 15,332 K AVG Watchdog Service AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe"
BCU.exe 4432 1,780 K 5,164 K Browser Configuration Utility DeviceVM, Inc. "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
BCUService.exe 2136 < 0.01 976 K 3,452 K Browser Configuration Utility Auto-recovery Service DeviceVM, Inc. "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe"
conhost.exe 4900 < 0.01 1,156 K 3,124 K Console Window Host Microsoft Corporation \??\C:\Windows\system32\conhost.exe "789887072-6926896549191527521018276305-381768109-1988816508-451587732-766603511
csrss.exe 688 0.12 2,332 K 7,988 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
csrss.exe 768 0.05 15,692 K 12,960 K Client Server Runtime Process Microsoft Corporation %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
dllhost.exe 5300 2,864 K 7,432 K COM Surrogate Microsoft Corporation C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{30D49246-D217-465F-B00B-AC9DDD652EB7}
dwm.exe 1972 2,072 K 5,404 K Desktop Window Manager Microsoft Corporation "C:\Windows\system32\Dwm.exe"
essvr.exe 2192 0.04 1,436 K 4,032 K "C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE"
explorer.exe 1832 0.04 45,000 K 65,028 K Windows Explorer Microsoft Corporation C:\Windows\Explorer.EXE
GUI.exe 4860 0.04 14,264 K 17,668 K GUI MFC Application "C:\Program Files (x86)\Gigabyte\ET6\GUI.exe" -m
iexplore.exe 5408 0.01 14,388 K 27,244 K Internet Explorer Microsoft Corporation "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
iexplore.exe 5024 0.02 104,456 K 111,156 K Internet Explorer Microsoft Corporation "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:5408 CREDAT:79873
Interrupts n/a 1.55 0 K 0 K Hardware Interrupts and DPCs
ipoint.exe 4160 < 0.01 15,008 K 26,096 K IPoint.exe Microsoft Corporation "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
jusched.exe 4584 1,048 K 3,916 K Java™ Update Scheduler Sun Microsystems, Inc. "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
lsass.exe 880 0.02 6,688 K 15,480 K Local Security Authority Process Microsoft Corporation C:\Windows\system32\lsass.exe
lsm.exe 888 < 0.01 3,512 K 6,244 K Local Session Manager Service Microsoft Corporation C:\Windows\system32\lsm.exe
Monitor.exe 4112 0.04 2,092 K 4,832 K Registry Monitor PixArt Imaging Incorporation "C:\Windows\PixArt\Pac207\Monitor.exe"
MotoHelperAgent.exe 2616 1,584 K 6,184 K MotoHelperAgent "C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe"
MotoHelperService.exe 2324 2,808 K 7,944 K MotoHelper Service "C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe"
nusb3mon.exe 4476 1,452 K 4,800 K USB 3.0 Monitor NEC Electronics Corporation "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
nvvsvc.exe 644 1,592 K 4,116 K NVIDIA Driver Helper Service, Version 177.83 NVIDIA Corporation C:\Windows\system32\nvvsvc.exe
PMB.exe 4168 0.01 16,756 K 18,784 K Pando Media Booster "C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
PnkBstrA.exe 2728 < 0.01 1,228 K 4,252 K C:\Windows\SysWOW64\PnkBstrA.exe
PocketCloudService.exe 2400 27,504 K 22,548 K PocketCloudService "C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe"
procexp64.exe 6244 0.75 23,660 K 41,680 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Users\Aran\Desktop\procexp64.exe"
qttask.exe 4596 4,708 K 9,128 K Apple Computer, Inc. "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
RAVCpl64.exe 4120 9,000 K 10,992 K Realtek HD Audio Manager Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
realsched.exe 4604 1,868 K 748 K RealNetworks Scheduler RealNetworks, Inc. "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
rundll32.exe 1408 < 0.01 2,572 K 6,476 K Windows host process (Rundll32) Microsoft Corporation C:\Windows\system32\rundll32.exe C:\Windows\system32\NVSVC64.DLL,nvsvcInitialize
rundll32.exe 4136 2,308 K 5,864 K Windows host process (Rundll32) Microsoft Corporation "C:\Windows\System32\rundll32.exe" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
SASCore64.exe 1232 < 0.01 1,888 K 4,216 K Core Service SUPERAntiSpyware.com "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
SDWinSec.exe 3300 4,388 K 8,820 K Spybot-S&D Security Center integration Safer Networking Ltd. "C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe"
SearchIndexer.exe 3780 0.08 24,092 K 15,280 K Microsoft Windows Search Indexer Microsoft Corporation C:\Windows\system32\SearchIndexer.exe /Embedding
services.exe 868 0.01 6,492 K 10,292 K Services and Controller app Microsoft Corporation C:\Windows\system32\services.exe
smss.exe 264 540 K 1,232 K Windows Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
soffice.bin 5060 14,640 K 43,116 K OpenOffice.org 3.3 OpenOffice.org "C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
soffice.exe 4220 1,100 K 3,484 K OpenOffice.org 3.3 OpenOffice.org "C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
SPAtune.exe 4268 0.02 5,608 K 9,748 K "C:\Program Files\SPARKLE\SPAtune 1.0.1\SPAtune.exe"
spoolsv.exe 1676 8,944 K 16,032 K Spooler SubSystem App Microsoft Corporation C:\Windows\System32\spoolsv.exe
sqlbrowser.exe 2764 1,556 K 4,412 K SQL Browser Service EXE Microsoft Corporation "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
sqlservr.exe 2524 48,268 K 2,856 K SQL Server Windows NT Microsoft Corporation "c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
sqlwriter.exe 2816 2,192 K 6,432 K SQL Server VSS Writer - 64 Bit Microsoft Corporation "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
SUPERAntiSpyware.exe 4184 0.01 167,904 K 1,640 K SUPERAntiSpyware Application SUPERAntiSpyware.com "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
svchost.exe 1000 < 0.01 4,996 K 10,500 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k DcomLaunch
svchost.exe 720 4,896 K 8,916 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k RPCSS
svchost.exe 1052 19,764 K 23,452 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
svchost.exe 1108 0.11 118,240 K 126,540 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
svchost.exe 1148 < 0.01 28,160 K 44,816 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k netsvcs
svchost.exe 1336 < 0.01 11,240 K 18,348 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalService
svchost.exe 1476 0.01 19,184 K 21,044 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkService
svchost.exe 1708 17,908 K 21,312 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
svchost.exe 2228 0.01 8,720 K 32,984 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
svchost.exe 2884 2,076 K 5,804 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k imgsvc
svchost.exe 4636 39.03 585,764 K 660,172 K winrscmde Microsoft Corporation -netsvcs
svchost.exe 3932 2,844 K 6,436 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
svchost.exe 5268 3,732 K 8,616 K Host Process for Windows Services Microsoft Corporation C:\Windows\system32\svchost.exe -k WindowsMobile
svchost.exe 4016 < 0.01 13,916 K 17,044 K Host Process for Windows Services Microsoft Corporation C:\Windows\System32\svchost.exe -k LocalServicePeerNet
System 4 1.12 348 K 119,248 K
System Idle Process 0 53.11 0 K 24 K
taskhost.exe 1868 8,028 K 8,912 K Host Process for Windows Tasks Microsoft Corporation "taskhost.exe"
taskmgr.exe 2184 0.06 4,752 K 11,276 K Windows Task Manager Microsoft Corporation "C:\Windows\system32\taskmgr.exe" /1
VProSvc.exe 2604 23,436 K 1,840 K Service Module Symantec Corporation "C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe"
wininit.exe 748 1,712 K 4,824 K Windows Start-Up Application Microsoft Corporation wininit.exe
winlogon.exe 804 3,532 K 7,856 K Windows Logon Application Microsoft Corporation winlogon.exe
winvnc.exe 3000 < 0.01 2,032 K 4,736 K VNC server for X64/win32 UltraVNC "C:\Program Files (x86)\UltraVNC\WinVNC.exe" -service
winvnc.exe 3424 0.34 2,808 K 6,540 K VNC server for X64/win32 UltraVNC "C:\Program Files (x86)\UltraVNC\WinVNC.exe" -service_run
WLIDSVC.EXE 2112 < 0.01 7,604 K 16,444 K Microsoft® Windows Live ID Service Microsoft Corp. "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSVCM.EXE 2472 1,500 K 3,508 K Microsoft® Windows Live ID Service Monitor Microsoft Corp. WLIDSvcM.exe 2112
wmdc.exe 4152 2,388 K 6,552 K Windows Mobile Device Center Microsoft Corporation "C:\Windows\WindowsMobile\wmdc.exe"
WmiPrvSE.exe 5056 5,960 K 11,164 K WMI Provider Host Microsoft Corporation C:\Windows\system32\wbem\wmiprvse.exe
WmiPrvSE.exe 6388 2,948 K 6,388 K WMI Provider Host Microsoft Corporation C:\Windows\system32\wbem\wmiprvse.exe
wmpnetwk.exe 3124 < 0.01 11,280 K 11,680 K Windows Media Player Network Sharing Service Microsoft Corporation "C:\Program Files\Windows Media Player\wmpnetwk.exe"
XSrvSetup.exe 2284 1,976 K 5,568 K C:\Windows\SysWOW64\XSrvSetup.exe
YahooAUService.exe 3232 2,192 K 6,984 K AutoUpater Service Module Yahoo! Inc. "C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe"

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:37 AM

Posted 18 September 2011 - 06:57 PM

Your CPU usage looks perfectly normal, so I don't see any issues showing up.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Arreladd

Arreladd
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 18 September 2011 - 07:06 PM

Notice this one line from the two different reports

First report right after a reboot
svchost.exe 300 7,664 K 14,412 K winrscmde Microsoft Corporation -netsvcs

Letting the computer sit idle for 10 minutes after booting
svchost.exe 4636 39.03 585,764 K 660,172 K winrscmde Microsoft Corporation -netsvcs

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:37 AM

Posted 18 September 2011 - 07:34 PM

Possibly some more advanced tools need to be used.

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:37 AM

Posted 18 September 2011 - 10:06 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic419519.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users