Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected, computer resources continually being used, HELP!!


  • This topic is locked This topic is locked
20 replies to this topic

#1 Solomon87

Solomon87

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 05 August 2012 - 09:04 PM

Hi, I went to a link posted in a forum and the page i went to seemed really off to me and since then my computer resources both memory and cpu usage keep on bouncing up and down without doing anything on my pc, here is my DDS.TXT and the ATTACH.TXT, thanks for any help you can offer!!!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Leeann at 20:56:54 on 2012-08-05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2529 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\SBC\update\SST.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\CTHELPER.EXE
C:\Windows\SysWOW64\CTXFIHLP.EXE
C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\GlidePoint\glidesvc.exe
C:\Program Files\GlidePoint\glidesvc.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [SBC_McciTrayApp] "C:\Program Files (x86)\SBC\update\SST.exe"
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [CtxfiReg] CTXFIREG.exe /FAIL2
dRun: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1
StartupFolder: C:\Users\Leeann\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMVU.lnk - C:\Users\Leeann\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 75.75.76.76
TCP: Interfaces\{978D326C-9C90-49B2-B2B4-B2BC92341DDA} : DhcpNameServer = 192.168.1.1 75.75.76.76
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Yahoo! IE Services Button: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [SBC_McciTrayApp] "C:\Program Files (x86)\SBC\update\SST.exe"
mRun-x64: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun-x64: [CTHelper] CTHELPER.EXE
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Leeann\AppData\Roaming\Mozilla\Firefox\Profiles\6sd1b1hh.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Leeann\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: C:\Users\Leeann\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 GlidePoint;GlidePoint Touchpad Client;C:\Program Files\GlidePoint\glidesvc.exe [2007-6-12 238080]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-18 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 glidehid;GlidePoint HID Touchpad Minidriver;C:\Windows\system32\DRIVERS\glidehid.sys --> C:\Windows\system32\DRIVERS\glidehid.sys [?]
R3 glideps2;GlidePoint PS/2 Touchpad Filter;C:\Windows\system32\DRIVERS\glideps2.sys --> C:\Windows\system32\DRIVERS\glideps2.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2008-2-29 8944]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2008-2-29 51440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-29 135664]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2008-5-13 79360]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2008-5-27 5632]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-29 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-1 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2012-8-3 38912]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SaiK0836;SaiK0836;C:\Windows\system32\DRIVERS\SaiK0836.sys --> C:\Windows\system32\DRIVERS\SaiK0836.sys [?]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2006-2-16 4096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-28 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-05 22:11:58 -------- d-----w- C:\Users\Leeann\.explorer.local
2012-08-05 22:11:58 -------- d-----w- C:\Users\Leeann\.explorer.cache
2012-08-05 07:12:55 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C61EB2CE-5646-45B6-803B-A80574B1270D}\mpengine.dll
2012-08-05 00:25:55 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-03 17:33:17 38912 ----a-w- C:\Windows\System32\drivers\PcaSp60.sys
2012-08-03 17:31:39 61440 ----a-w- C:\Windows\SysWow64\ASIW32N50.dll
2012-08-03 17:31:39 52800 ----a-w- C:\Windows\SysWow64\drivers\PCASp50.sys
2012-08-03 17:31:39 41280 ----a-w- C:\Windows\SysWow64\drivers\PCASp50a64.sys
2012-08-03 17:31:39 38912 ----a-w- C:\Windows\SysWow64\drivers\PcaSp60.sys
2012-08-03 17:31:39 16302 ----a-w- C:\Windows\SysWow64\ASINDIS5.sys
2012-08-03 17:31:38 15577 ----a-w- C:\Windows\SysWow64\ASINDIS3.vxd
2012-07-13 09:59:54 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2012-07-11 19:44:28 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
.
==================== Find3M ====================
.
2012-08-05 20:28:59 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-05 20:28:59 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-04 06:26:53 0 ----a-w- C:\Windows\SysWow64\REN5236.tmp
2012-07-04 06:26:53 0 ----a-w- C:\Windows\SysWow64\REN5235.tmp
2012-07-04 06:26:53 0 ----a-w- C:\Windows\SysWow64\REN5224.tmp
2012-06-16 15:24:27 0 ----a-w- C:\Windows\SysWow64\REN47B0.tmp
2012-06-16 15:24:27 0 ----a-w- C:\Windows\SysWow64\REN47AF.tmp
2012-06-16 15:24:27 0 ----a-w- C:\Windows\SysWow64\REN47AE.tmp
2012-06-13 13:58:27 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 20:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-05-12 23:09:48 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
============= FINISH: 20:57:46.43 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 AM

Posted 10 August 2012 - 09:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/464036 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Solomon87

Solomon87
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 12 August 2012 - 03:14 AM

Hello again, per the bot's message i am posting a new DDS log since no one has been able to respond to me. As far as what happened, someone posted a link in a forum i frequent and when i clicked on the link i got some pop-ups and it wouldnt let me shut down firefox, i eventually just used task manager to kill the website but when i went back into firefox it just re-directed me to the same webpage again and again while my computer resources started being eaten up by this webpage/malware. Right now when i turn on my pc my memory usage will jump up to about 70 percent within a few hours which did not happen to me before. Also, i have experienced my computer locking up as well which required me to shut the pc down from the power supply switch. Anyways here is my DDS LOG again:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Leeann at 3:06:42 on 2012-08-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2554 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\GlidePoint\glidesvc.exe
C:\Program Files\GlidePoint\glidesvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\SBC\update\SST.exe
C:\Windows\SysWOW64\CTHELPER.EXE
C:\Windows\SysWOW64\CTXFIHLP.EXE
C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.my.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [SBC_McciTrayApp] "C:\Program Files (x86)\SBC\update\SST.exe"
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [CtxfiReg] CTXFIREG.exe /FAIL2
dRun: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1
StartupFolder: C:\Users\Leeann\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMVU.lnk - C:\Users\Leeann\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 75.75.76.76
TCP: Interfaces\{978D326C-9C90-49B2-B2B4-B2BC92341DDA} : DhcpNameServer = 192.168.1.1 75.75.76.76
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Yahoo! IE Services Button: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [SBC_McciTrayApp] "C:\Program Files (x86)\SBC\update\SST.exe"
mRun-x64: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun-x64: [CTHelper] CTHELPER.EXE
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Leeann\AppData\Roaming\Mozilla\Firefox\Profiles\6sd1b1hh.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Leeann\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: C:\Users\Leeann\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 GlidePoint;GlidePoint Touchpad Client;C:\Program Files\GlidePoint\glidesvc.exe [2007-6-12 238080]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-18 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R3 glidehid;GlidePoint HID Touchpad Minidriver;C:\Windows\system32\DRIVERS\glidehid.sys --> C:\Windows\system32\DRIVERS\glidehid.sys [?]
R3 glideps2;GlidePoint PS/2 Touchpad Filter;C:\Windows\system32\DRIVERS\glideps2.sys --> C:\Windows\system32\DRIVERS\glideps2.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2008-2-29 8944]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2008-2-29 51440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-29 135664]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2008-5-13 79360]
S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2008-5-27 5632]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-29 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-1 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2012-8-3 38912]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SaiK0836;SaiK0836;C:\Windows\system32\DRIVERS\SaiK0836.sys --> C:\Windows\system32\DRIVERS\SaiK0836.sys [?]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2006-2-16 4096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-28 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-12 01:19:38 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E7A709CE-A77B-4EA0-9198-1D1E6E1B0638}\mpengine.dll
2012-08-11 01:19:55 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-05 22:11:58 -------- d-----w- C:\Users\Leeann\.explorer.local
2012-08-05 22:11:58 -------- d-----w- C:\Users\Leeann\.explorer.cache
2012-08-03 17:33:17 38912 ----a-w- C:\Windows\System32\drivers\PcaSp60.sys
2012-08-03 17:31:39 61440 ----a-w- C:\Windows\SysWow64\ASIW32N50.dll
2012-08-03 17:31:39 52800 ----a-w- C:\Windows\SysWow64\drivers\PCASp50.sys
2012-08-03 17:31:39 41280 ----a-w- C:\Windows\SysWow64\drivers\PCASp50a64.sys
2012-08-03 17:31:39 38912 ----a-w- C:\Windows\SysWow64\drivers\PcaSp60.sys
2012-08-03 17:31:39 16302 ----a-w- C:\Windows\SysWow64\ASINDIS5.sys
2012-08-03 17:31:38 15577 ----a-w- C:\Windows\SysWow64\ASINDIS3.vxd
2012-07-13 09:59:54 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
.
==================== Find3M ====================
.
2012-08-05 20:28:59 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-05 20:28:59 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-04 06:26:53 0 ----a-w- C:\Windows\SysWow64\REN5236.tmp
2012-07-04 06:26:53 0 ----a-w- C:\Windows\SysWow64\REN5235.tmp
2012-07-04 06:26:53 0 ----a-w- C:\Windows\SysWow64\REN5224.tmp
2012-06-16 15:24:27 0 ----a-w- C:\Windows\SysWow64\REN47B0.tmp
2012-06-16 15:24:27 0 ----a-w- C:\Windows\SysWow64\REN47AF.tmp
2012-06-16 15:24:27 0 ----a-w- C:\Windows\SysWow64\REN47AE.tmp
2012-06-13 13:58:27 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 20:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
.
============= FINISH: 3:08:03.40 ===============

Attached Files


Edited by Solomon87, 12 August 2012 - 03:15 AM.


#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:31 AM

Posted 13 August 2012 - 10:19 PM

Hello Solomon87

My name is Cody and I'll be helping you clean up your computer.

I will reply as soon as possible (typically within 24 hours).

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: When you post your reply, do not use the Posted Image button but use the Posted Image button instead.

In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Edited by TheShooter93, 13 August 2012 - 10:20 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#5 Solomon87

Solomon87
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 14 August 2012 - 07:07 PM

Thanks for replying Shooter, look forward to hearing from you.

#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:31 AM

Posted 15 August 2012 - 01:28 PM

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Edited by TheShooter93, 15 August 2012 - 01:28 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#7 Solomon87

Solomon87
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 15 August 2012 - 10:13 PM

Hi Shooter, as requested i have downloaded and had TDSS scan my PC and nothing came up infection wise and here is the report:

22:10:03.0484 3776 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
22:10:03.0734 3776 ============================================================
22:10:03.0734 3776 Current date / time: 2012/08/15 22:10:03.0734
22:10:03.0734 3776 SystemInfo:
22:10:03.0734 3776
22:10:03.0734 3776 OS Version: 6.0.6002 ServicePack: 2.0
22:10:03.0734 3776 Product type: Workstation
22:10:03.0734 3776 ComputerName: LEEANN-PC
22:10:03.0734 3776 UserName: Leeann
22:10:03.0734 3776 Windows directory: C:\Windows
22:10:03.0734 3776 System windows directory: C:\Windows
22:10:03.0734 3776 Running under WOW64
22:10:03.0734 3776 Processor architecture: Intel x64
22:10:03.0734 3776 Number of processors: 2
22:10:03.0734 3776 Page size: 0x1000
22:10:03.0734 3776 Boot type: Normal boot
22:10:03.0734 3776 ============================================================
22:10:04.0966 3776 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:10:04.0982 3776 ============================================================
22:10:04.0982 3776 \Device\Harddisk0\DR0:
22:10:04.0982 3776 MBR partitions:
22:10:04.0982 3776 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2362CFF8
22:10:04.0982 3776 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2362D800, BlocksNum 0x1E00000
22:10:04.0982 3776 ============================================================
22:10:04.0998 3776 C: <-> \Device\Harddisk0\DR0\Partition1
22:10:05.0044 3776 R: <-> \Device\Harddisk0\DR0\Partition2
22:10:05.0044 3776 ============================================================
22:10:05.0044 3776 Initialize success
22:10:05.0044 3776 ============================================================
22:10:12.0205 3408 ============================================================
22:10:12.0205 3408 Scan started
22:10:12.0205 3408 Mode: Manual;
22:10:12.0205 3408 ============================================================
22:10:12.0688 3408 ================ Scan services =============================
22:10:12.0766 3408 [ 1965aaffab07e3fb03c77f81beba3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
22:10:12.0766 3408 ACPI - ok
22:10:12.0860 3408 [ d19c4ee2ac7c47b8f5f84fff1a789d8a ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:10:12.0860 3408 AdobeARMservice - ok
22:10:12.0907 3408 [ f14215e37cf124104575073f782111d2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:10:12.0907 3408 adp94xx - ok
22:10:12.0922 3408 [ 7d05a75e3066861a6610f7ee04ff085c ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:10:12.0938 3408 adpahci - ok
22:10:12.0938 3408 [ 820a201fe08a0c345b3bedbc30e1a77c ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
22:10:12.0954 3408 adpu160m - ok
22:10:12.0954 3408 [ 9b4ab6854559dc168fbb4c24fc52e794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:10:12.0954 3408 adpu320 - ok
22:10:12.0985 3408 [ 0f421175574bfe0bf2f4d8e910a253bb ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:10:12.0985 3408 AeLookupSvc - ok
22:10:13.0032 3408 [ c4f6ce6087760ad70960c9eb130e7943 ] AFD C:\Windows\system32\drivers\afd.sys
22:10:13.0032 3408 AFD - ok
22:10:13.0063 3408 [ f6f6793b7f17b550ecfdbd3b229173f7 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:10:13.0063 3408 agp440 - ok
22:10:13.0063 3408 [ 222cb641b4b8a1d1126f8033f9fd6a00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
22:10:13.0063 3408 aic78xx - ok
22:10:13.0078 3408 [ 5922f4f59b7868f3d74bbbbeb7b825a3 ] ALG C:\Windows\System32\alg.exe
22:10:13.0078 3408 ALG - ok
22:10:13.0078 3408 [ 157d0898d4b73f075ce9fa26b482df98 ] aliide C:\Windows\system32\drivers\aliide.sys
22:10:13.0094 3408 aliide - ok
22:10:13.0094 3408 [ 970fa5059e61e30d25307b99903e991e ] amdide C:\Windows\system32\drivers\amdide.sys
22:10:13.0094 3408 amdide - ok
22:10:13.0110 3408 [ cdc3632a3a5ea4dbb83e46076a3165a1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:10:13.0110 3408 AmdK8 - ok
22:10:13.0125 3408 [ 9c37b3fd5615477cb9a0cd116cf43f5c ] Appinfo C:\Windows\System32\appinfo.dll
22:10:13.0141 3408 Appinfo - ok
22:10:13.0141 3408 [ ba8417d4765f3988ff921f30f630e303 ] arc C:\Windows\system32\drivers\arc.sys
22:10:13.0141 3408 arc - ok
22:10:13.0156 3408 [ 9d41c435619733b34cc16a511e644b11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:10:13.0156 3408 arcsas - ok
22:10:13.0281 3408 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:10:13.0281 3408 aspnet_state - ok
22:10:13.0297 3408 [ 22d13ff3dafec2a80634752b1eaa2de6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:10:13.0297 3408 AsyncMac - ok
22:10:13.0328 3408 [ e68d9b3a3905619732f7fe039466a623 ] atapi C:\Windows\system32\drivers\atapi.sys
22:10:13.0328 3408 atapi - ok
22:10:13.0359 3408 [ 0ef3966fc82cc3856052ac4485570c78 ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:10:13.0390 3408 athr - ok
22:10:13.0422 3408 [ 79318c744693ec983d20e9337a2f8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:10:13.0437 3408 AudioEndpointBuilder - ok
22:10:13.0453 3408 [ 79318c744693ec983d20e9337a2f8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:10:13.0453 3408 AudioSrv - ok
22:10:13.0453 3408 Beep - ok
22:10:13.0484 3408 [ ffb96c2589ffa60473ead78b39fbde29 ] BFE C:\Windows\System32\bfe.dll
22:10:13.0500 3408 BFE - ok
22:10:13.0531 3408 [ 6d316f4859634071cc25c4fd4589ad2c ] BITS C:\Windows\system32\qmgr.dll
22:10:13.0562 3408 BITS - ok
22:10:13.0562 3408 [ 79feeb40056683f8f61398d81dda65d2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:10:13.0562 3408 blbdrive - ok
22:10:13.0593 3408 [ 2348447a80920b2493a9b582a23e81e1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:10:13.0593 3408 bowser - ok
22:10:13.0609 3408 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
22:10:13.0609 3408 BrFiltLo - ok
22:10:13.0609 3408 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
22:10:13.0609 3408 BrFiltUp - ok
22:10:13.0624 3408 [ a1b39de453433b115b4ea69ee0343816 ] Browser C:\Windows\System32\browser.dll
22:10:13.0640 3408 Browser - ok
22:10:13.0656 3408 [ f0f0ba4d815be446aa6a4583ca3bca9b ] Brserid C:\Windows\system32\drivers\brserid.sys
22:10:13.0656 3408 Brserid - ok
22:10:13.0671 3408 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
22:10:13.0671 3408 BrSerWdm - ok
22:10:13.0687 3408 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
22:10:13.0687 3408 BrUsbMdm - ok
22:10:13.0702 3408 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
22:10:13.0702 3408 BrUsbSer - ok
22:10:13.0702 3408 [ e0777b34e05f8a82a21856efc900c29f ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:10:13.0702 3408 BTHMODEM - ok
22:10:13.0718 3408 catchme - ok
22:10:13.0718 3408 [ b4d787db8d30793a4d4df9feed18f136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:10:13.0734 3408 cdfs - ok
22:10:13.0765 3408 [ c025aa69be3d0d25c7a2e746ef6f94fc ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:10:13.0765 3408 cdrom - ok
22:10:13.0796 3408 [ 5a268127633c7ee2a7fb87f39d748d56 ] CertPropSvc C:\Windows\System32\certprop.dll
22:10:13.0796 3408 CertPropSvc - ok
22:10:13.0812 3408 [ 02ea568d498bbdd4ba55bf3fce34d456 ] circlass C:\Windows\system32\drivers\circlass.sys
22:10:13.0812 3408 circlass - ok
22:10:13.0843 3408 [ 3dca9a18b204939cfb24bea53e31eb48 ] CLFS C:\Windows\system32\CLFS.sys
22:10:13.0843 3408 CLFS - ok
22:10:13.0905 3408 [ 8ee772032e2fe80a924f3b8dd5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:10:13.0905 3408 clr_optimization_v2.0.50727_32 - ok
22:10:13.0952 3408 [ ce07a466201096f021cd09d631b21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:10:13.0952 3408 clr_optimization_v2.0.50727_64 - ok
22:10:14.0077 3408 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:10:14.0108 3408 clr_optimization_v4.0.30319_32 - ok
22:10:14.0124 3408 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:10:14.0155 3408 clr_optimization_v4.0.30319_64 - ok
22:10:14.0186 3408 [ e5d5499a1c50a54b5161296b6afe6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:10:14.0186 3408 cmdide - ok
22:10:14.0202 3408 [ bcf7f2cf2533c0dccfc347777df897b8 ] COMMONFX.DLL C:\Windows\system32\COMMONFX.DLL
22:10:14.0217 3408 COMMONFX.DLL - ok
22:10:14.0217 3408 [ 7fb8ad01db0eabe60c8a861531a8f431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:10:14.0217 3408 Compbatt - ok
22:10:14.0233 3408 COMSysApp - ok
22:10:14.0280 3408 cpuz130 - ok
22:10:14.0295 3408 [ a8585b6412253803ce8efcbd6d6dc15c ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:10:14.0295 3408 crcdisk - ok
22:10:14.0358 3408 [ 86a591677c54ff0c12290b3292202530 ] Creative ALchemy AL1 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
22:10:16.0651 3408 Creative ALchemy AL1 Licensing Service - ok
22:10:16.0682 3408 [ 62740b9d2a137e8ced41a9e4239a7a31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:10:16.0682 3408 CryptSvc - ok
22:10:16.0713 3408 [ 5458f74192e7a663051dd5943bda0b2f ] CT20XUT.DLL C:\Windows\system32\CT20XUT.DLL
22:10:16.0729 3408 CT20XUT.DLL - ok
22:10:16.0760 3408 [ a8d31734ba202f57e8c8723da80f4cb8 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
22:10:16.0776 3408 ctac32k - ok22:10:16.0791 3408 [ c6e3d76c7d5c60c38b1a24e8bb9c59fb ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
22:10:16.0807 3408 ctaud2k - ok
22:10:16.0838 3408 [ 465b15eeff39c3245d4a4c3bdd4d58b9 ] CTAUDFX.DLL C:\Windows\system32\CTAUDFX.DLL
22:10:16.0854 3408 CTAUDFX.DLL - ok
22:10:16.0869 3408 [ c7dcdd7b884bf544c7d24823f73a8168 ] CTEAPSFX.DLL C:\Windows\system32\CTEAPSFX.DLL
22:10:16.0885 3408 CTEAPSFX.DLL - ok
22:10:16.0900 3408 [ c290de6257dbcc76605a63cf11857e05 ] CTEDSPFX.DLL C:\Windows\system32\CTEDSPFX.DLL
22:10:16.0900 3408 CTEDSPFX.DLL - ok
22:10:16.0932 3408 [ 662fec592cea5df3fa356d9d066656dc ] CTEDSPIO.DLL C:\Windows\system32\CTEDSPIO.DLL
22:10:16.0932 3408 CTEDSPIO.DLL - ok
22:10:16.0963 3408 [ 3a0f352078e588abfc746cd829494084 ] CTEDSPSY.DLL C:\Windows\system32\CTEDSPSY.DLL
22:10:16.0963 3408 CTEDSPSY.DLL - ok
22:10:16.0994 3408 [ 134775518717b591c5ef70b21e41321f ] CTERFXFX.DLL C:\Windows\system32\CTERFXFX.DLL
22:10:16.0994 3408 CTERFXFX.DLL - ok
22:10:17.0025 3408 [ d8a1f2d6c131c3e8651af5193fcf1454 ] CTEXFIFX.DLL C:\Windows\system32\CTEXFIFX.DLL
22:10:17.0056 3408 CTEXFIFX.DLL - ok
22:10:17.0072 3408 [ d60cd2c37e91a2f6e2a793181b91b79b ] CTHWIUT.DLL C:\Windows\system32\CTHWIUT.DLL
22:10:17.0088 3408 CTHWIUT.DLL - ok
22:10:17.0088 3408 [ 96342cdfdd2ce29dee2137aed92622fc ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
22:10:17.0088 3408 ctprxy2k - ok
22:10:17.0119 3408 [ 0f8698733412f27ff2c6756d9257551a ] CTSBLFX.DLL C:\Windows\system32\CTSBLFX.DLL
22:10:17.0134 3408 CTSBLFX.DLL - ok
22:10:17.0150 3408 [ bf05008d233708f197317d6a23d519d9 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
22:10:17.0166 3408 ctsfm2k - ok
22:10:17.0212 3408 [ cf8b9a3a5e7dc57724a89d0c3e8cf9ef ] DcomLaunch C:\Windows\system32\rpcss.dll
22:10:17.0228 3408 DcomLaunch - ok
22:10:17.0259 3408 [ 8b722ba35205c71e7951cdc4cdbade19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:10:17.0259 3408 DfsC - ok
22:10:17.0368 3408 [ c647f468f7de343df8c143655c5557d4 ] DFSR C:\Windows\system32\DFSR.exe
22:10:17.0431 3408 DFSR - ok
22:10:17.0478 3408 [ 3ed0321127ce70acdaabbf77e157c2a7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
22:10:17.0493 3408 Dhcp - ok
22:10:17.0509 3408 [ b0107e40ecdb5fa692ebf832f295d905 ] disk C:\Windows\system32\drivers\disk.sys
22:10:17.0524 3408 disk - ok
22:10:17.0556 3408 [ 06230f1b721494a6df8d47fd395bb1b0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:10:17.0556 3408 Dnscache - ok
22:10:17.0587 3408 [ 1a7156dd1e850e9914e5e991e3225b94 ] dot3svc C:\Windows\System32\dot3svc.dll
22:10:17.0587 3408 dot3svc - ok
22:10:17.0618 3408 [ 1583b39790db3eaec7edb0cb0140c708 ] DPS C:\Windows\system32\dps.dll
22:10:17.0618 3408 DPS - ok
22:10:17.0634 3408 [ f1a78a98cfc2ee02144c6bec945447e6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:10:17.0634 3408 drmkaud - ok
22:10:17.0680 3408 [ b8e554e502d5123bc111f99d6a2181b4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:10:17.0696 3408 DXGKrnl - ok
22:10:17.0727 3408 [ 264cee7b031a9d6c827f3d0cb031f2fe ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
22:10:17.0727 3408 E1G60 - ok
22:10:17.0743 3408 [ c2303883fd9be49dc36a6400643002ea ] EapHost C:\Windows\System32\eapsvc.dll
22:10:17.0743 3408 EapHost - ok
22:10:17.0790 3408 [ 5f94962be5a62db6e447ff6470c4f48a ] Ecache C:\Windows\system32\drivers\ecache.sys
22:10:17.0790 3408 Ecache - ok
22:10:17.0821 3408 [ 14ce384d2e27b64c256bda4dc39c312d ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:10:17.0836 3408 ehRecvr - ok
22:10:17.0852 3408 [ b93159c1313d66fdfbbe876f5189cd52 ] ehSched C:\Windows\ehome\ehsched.exe
22:10:17.0852 3408 ehSched - ok
22:10:17.0868 3408 [ f5ee2527d74449868e3c3227a59bcd28 ] ehstart C:\Windows\ehome\ehstart.dll
22:10:17.0868 3408 ehstart - ok
22:10:17.0883 3408 [ c4636d6e10469404ab5308d9fd45ed07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:10:17.0883 3408 elxstor - ok
22:10:17.0914 3408 [ a9b18b63a4fd6baab83326706d857fab ] EMDMgmt C:\Windows\system32\emdmgmt.dll
22:10:17.0930 3408 EMDMgmt - ok
22:10:17.0946 3408 [ 5218e42654192c68b21fecb3ca23c8d3 ] emupia C:\Windows\system32\drivers\emupia2k.sys
22:10:17.0961 3408 emupia - ok
22:10:18.0008 3408 [ 12c061d9f9621be916d58191872ec281 ] ENTECH64 C:\Windows\system32\DRIVERS\ENTECH64.sys
22:10:18.0024 3408 ENTECH64 - ok
22:10:18.0039 3408 [ bc3a58e938bb277e46bf4b3003b01abd ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:10:18.0039 3408 ErrDev - ok
22:10:18.0070 3408 [ e12f22b73f153dece721cd45ec05b4af ] EventSystem C:\Windows\system32\es.dll
22:10:18.0086 3408 EventSystem - ok
22:10:18.0117 3408 [ 486844f47b6636044a42454614ed4523 ] exfat C:\Windows\system32\drivers\exfat.sys
22:10:18.0117 3408 exfat - ok
22:10:18.0148 3408 [ 1a4bee34277784619ddaf0422c0c6e23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:10:18.0148 3408 fastfat - ok
22:10:18.0164 3408 [ 81b79b6df71fa1d2c6d688d830616e39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:10:18.0164 3408 fdc - ok
22:10:18.0180 3408 [ bb9267acacd8b7533dd936c34a0cba5e ] fdPHost C:\Windows\system32\fdPHost.dll
22:10:18.0180 3408 fdPHost - ok
22:10:18.0195 3408 [ 300c80931eabbe1db7591c516efe8d0f ] FDResPub C:\Windows\system32\fdrespub.dll
22:10:18.0195 3408 FDResPub - ok
22:10:18.0195 3408 [ 457b7d1d533e4bd62a99aed9c7bb4c59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:10:18.0195 3408 FileInfo - ok
22:10:18.0211 3408 [ d421327fd6efccaf884a54c58e1b0d7f ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:10:18.0211 3408 Filetrace - ok
22:10:18.0226 3408 [ 230923ea2b80f79b0f88d90f87b87ebd ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:10:18.0226 3408 flpydisk - ok
22:10:18.0258 3408 [ e3041bc26d6930d61f42aedb79c91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:10:18.0258 3408 FltMgr - ok
22:10:18.0320 3408 [ de67b1afab1ddb6ca0bba89a776f26fa ] FontCache C:\Windows\system32\FntCache.dll
22:10:18.0336 3408 FontCache - ok
22:10:18.0382 3408 [ bc5b0be5af3510b0fd8c140ee42c6d3e ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:10:18.0398 3408 FontCache3.0.0.0 - ok
22:10:18.0414 3408 [ 5779b86cd8b32519fbecb136394d946a ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:10:18.0414 3408 Fs_Rec - ok
22:10:18.0429 3408 [ c8e416668d3dc2be3d4fe4c79224997f ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:10:18.0429 3408 gagp30kx - ok
22:10:18.0460 3408 [ eca89d56e812c8f6c8f94aa53d031614 ] glidehid C:\Windows\system32\DRIVERS\glidehid.sys
22:10:18.0460 3408 glidehid - ok
22:10:18.0523 3408 [ f91f3ef7db2ac6b02a9e4cd40d340ae2 ] GlidePoint C:\Program Files\GlidePoint\glidesvc.exe
22:10:18.0523 3408 GlidePoint - ok
22:10:18.0554 3408 [ 715e3a9ff7861ce53bff83d1f5a81f58 ] glideps2 C:\Windows\system32\DRIVERS\glideps2.sys
22:10:18.0554 3408 glideps2 - ok
22:10:18.0601 3408 [ a0e1b575ba8f504968cd40c0faeb2384 ] gpsvc C:\Windows\System32\gpsvc.dll
22:10:18.0632 3408 gpsvc - ok
22:10:18.0726 3408 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:10:18.0726 3408 gupdate - ok
22:10:18.0741 3408 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:10:18.0741 3408 gupdatem - ok
22:10:18.0772 3408 [ 5d4bc124faae6730ac002cdb67bf1a1c ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:10:18.0772 3408 gusvc - ok
22:10:18.0835 3408 [ f81c9e889848dd214eeabaed9fa544e7 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
22:10:18.0866 3408 ha20x2k - ok
22:10:18.0944 3408 [ 68e732382b32417ff61fd663259b4b09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:10:18.0944 3408 HdAudAddService - ok
22:10:18.0991 3408 [ f942c5820205f2fb453243edfec82a3d ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:10:19.0006 3408 HDAudBus - ok
22:10:19.0038 3408 [ b4881c84a180e75b8c25dc1d726c375f ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:10:19.0038 3408 HidBth - ok
22:10:19.0038 3408 [ 4e77a77e2c986e8f88f996bb3e1ad829 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:10:19.0038 3408 HidIr - ok
22:10:19.0069 3408 [ 59361d38a297755d46a540e450202b2a ] hidserv C:\Windows\System32\hidserv.dll
22:10:19.0069 3408 hidserv - ok
22:10:19.0100 3408 [ 443bdd2d30bb4f00795c797e2cf99edf ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:10:19.0100 3408 HidUsb - ok
22:10:19.0116 3408 [ b12f367ea39c0795fd57e31242ce1a5a ] hkmsvc C:\Windows\system32\kmsvc.dll
22:10:19.0116 3408 hkmsvc - ok
22:10:19.0147 3408 [ d7109a1e6bd2dfdbcba72a6bc626a13b ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
22:10:19.0147 3408 HpCISSs - ok
22:10:19.0178 3408 [ 098f1e4e5c9cb5b0063a959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:10:19.0194 3408 HTTP - ok
22:10:19.0209 3408 [ da94c854cea5fac549d4e1f6e88349e8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
22:10:19.0209 3408 i2omp - ok
22:10:19.0225 3408 [ cbb597659a2713ce0c9cc20c88c7591f ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:10:19.0225 3408 i8042prt - ok
22:10:19.0225 3408 [ 3e3bf3627d886736d0b4e90054f929f6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
22:10:19.0240 3408 iaStorV - ok
22:10:19.0334 3408 [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:10:19.0365 3408 IDriverT - ok
22:10:19.0412 3408 [ 749f5f8cedca70f2a512945325fc489d ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:10:19.0443 3408 idsvc - ok
22:10:19.0459 3408 [ 8c3951ad2fe886ef76c7b5027c3125d3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:10:19.0459 3408 iirsp - ok
22:10:19.0490 3408 [ 0c9ea6e654e7b0471741e343a6c671af ] IKEEXT C:\Windows\System32\ikeext.dll
22:10:19.0490 3408 IKEEXT - ok
22:10:19.0506 3408 [ df797a12176f11b2d301c5b234bb200e ] intelide C:\Windows\system32\drivers\intelide.sys
22:10:19.0506 3408 intelide - ok
22:10:19.0506 3408 [ bfd84af32fa1bad6231c4585cb469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:10:19.0506 3408 intelppm - ok
22:10:19.0537 3408 [ 5624bc1bc5eeb49c0ab76a8114f05ea3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:10:19.0537 3408 IPBusEnum - ok
22:10:19.0568 3408 [ d8aabc341311e4780d6fce8c73c0ad81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:10:19.0568 3408 IpFilterDriver - ok
22:10:19.0584 3408 [ bf0dbfa9792c5c14fa00f61c75116c1b ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:10:19.0599 3408 iphlpsvc - ok
22:10:19.0599 3408 IpInIp - ok
22:10:19.0599 3408 [ 9c2ee2e6e5a7203bfae15c299475ec67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
22:10:19.0615 3408 IPMIDRV - ok
22:10:19.0615 3408 [ b7e6212f581ea5f6ab0c3a6ceeeb89be ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
22:10:19.0630 3408 IPNAT - ok
22:10:19.0630 3408 [ 8c42ca155343a2f11d29feca67faa88d ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:10:19.0630 3408 IRENUM - ok
22:10:19.0646 3408 [ 0672bfcedc6fc468a2b0500d81437f4f ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:10:19.0662 3408 isapnp - ok
22:10:19.0677 3408 [ e4fdf99599f27ec25d2cf6d754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:10:19.0677 3408 iScsiPrt - ok
22:10:19.0693 3408 [ 63c766cdc609ff8206cb447a65abba4a ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
22:10:19.0693 3408 iteatapi - ok
22:10:19.0708 3408 [ 1281fe73b17664631d12f643cbea3f59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
22:10:19.0708 3408 iteraid - ok
22:10:19.0724 3408 [ 423696f3ba6472dd17699209b933bc26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:10:19.0724 3408 kbdclass - ok
22:10:19.0755 3408 [ dbdf75d51464fbc47d0104ec3d572c05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:10:19.0755 3408 kbdhid - ok
22:10:19.0771 3408 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] KeyIso C:\Windows\system32\lsass.exe
22:10:19.0786 3408 KeyIso - ok
22:10:19.0818 3408 [ 88956ad9fa510848ad176777a6c6c1f5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:10:19.0818 3408 KSecDD - ok
22:10:19.0849 3408 [ 1d419cf43db29396ecd7113d129d94eb ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:10:19.0849 3408 ksthunk - ok
22:10:19.0880 3408 [ 1faf6926f3416d3da05c5b265491bdae ] KtmRm C:\Windows\system32\msdtckrm.dll
22:10:19.0880 3408 KtmRm - ok
22:10:19.0911 3408 [ 50c7a3cb427e9bb5ed0708a669956ab5 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:10:19.0911 3408 LanmanServer - ok
22:10:19.0942 3408 [ caf86fc1388be1e470f1a7b43e348adb ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:10:19.0942 3408 LanmanWorkstation - ok
22:10:19.0958 3408 [ 96ece2659b6654c10a0c310ae3a6d02c ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:10:19.0958 3408 lltdio - ok
22:10:19.0974 3408 [ 961ccbd0b1ccb5675d64976fae37d092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:10:19.0989 3408 lltdsvc - ok
22:10:20.0005 3408 [ a47f8080cacc23c91fe823ad19aa5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:10:20.0005 3408 lmhosts - ok
22:10:20.0020 3408 [ acbe1af32d3123e330a07bfbc5ec4a9b ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:10:20.0020 3408 LSI_FC - ok
22:10:20.0036 3408 [ 799ffb2fc4729fa46d2157c0065b3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:10:20.0036 3408 LSI_SAS - ok
22:10:20.0052 3408 [ f445ff1daad8a226366bfaf42551226b ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:10:20.0052 3408 LSI_SCSI - ok
22:10:20.0067 3408 [ 52f87b9cc8932c2a7375c3b2a9be5e3e ] luafv C:\Windows\system32\drivers\luafv.sys
22:10:20.0067 3408 luafv - ok
22:10:20.0098 3408 [ 76a58df02bd4ea29f189b82d0bef17f8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:10:20.0098 3408 Mcx2Svc - ok
22:10:20.0114 3408 [ 5c5cd6aaced32fb26c3fb34b3dcf972f ] megasas C:\Windows\system32\drivers\megasas.sys
22:10:20.0114 3408 megasas - ok
22:10:20.0130 3408 [ 859bc2436b076c77c159ed694acfe8f8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
22:10:20.0145 3408 MegaSR - ok
22:10:20.0161 3408 [ 3cbe4995e80e13ccfbc42e5dcf3ac81a ] MMCSS C:\Windows\system32\mmcss.dll
22:10:20.0161 3408 MMCSS - ok
22:10:20.0176 3408 [ 59848d5cc74606f0ee7557983bb73c2e ] Modem C:\Windows\system32\drivers\modem.sys
22:10:20.0176 3408 Modem - ok
22:10:20.0208 3408 [ c247cc2a57e0a0c8c6dccf7807b3e9e5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:10:20.0208 3408 monitor - ok
22:10:20.0223 3408 [ 9367304e5e412b120cf5f4ea14e4e4f1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:10:20.0223 3408 mouclass - ok
22:10:20.0239 3408 [ c2c2bd5c5ce5aaf786ddd74b75d2ac69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:10:20.0239 3408 mouhid - ok
22:10:20.0254 3408 [ 11bc9b1e8801b01f7f6adb9ead30019b ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
22:10:20.0254 3408 MountMgr - ok
22:10:20.0332 3408 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:10:20.0332 3408 MozillaMaintenance - ok
22:10:20.0379 3408 [ 94c66ededcdb6a126880472f9a704d8e ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
22:10:20.0379 3408 MpFilter - ok
22:10:20.0395 3408 [ f8276eb8698142884498a528dfea8478 ] mpio C:\Windows\system32\drivers\mpio.sys
22:10:20.0395 3408 mpio - ok
22:10:20.0410 3408 [ c92b9abdb65a5991e00c28f13491dba2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:10:20.0410 3408 mpsdrv - ok
22:10:20.0442 3408 [ 897e3baf68ba406a61682ae39c83900c ] MpsSvc C:\Windows\system32\mpssvc.dll
22:10:20.0457 3408 MpsSvc - ok
22:10:20.0488 3408 [ 3c200630a89ef2c0864d515b7a75802e ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
22:10:20.0488 3408 Mraid35x - ok
22:10:20.0520 3408 [ 7c1de4aa96dc0c071611f9e7de02a68d ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:10:20.0520 3408 MRxDAV - ok
22:10:20.0551 3408 [ 1485811b320ff8c7edad1caebb1c6c2b ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:10:20.0551 3408 mrxsmb - ok
22:10:20.0582 3408 [ 3b929a60c833fc615fd97fba82bc7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:10:20.0598 3408 mrxsmb10 - ok
22:10:20.0613 3408 [ c64ab3e1f53b4f5b5bb6d796b2d7bec3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:10:20.0613 3408 mrxsmb20 - ok
22:10:20.0613 3408 [ 1ac860612b85d8e85ee257d372e39f4d ] msahci C:\Windows\system32\drivers\msahci.sys
22:10:20.0613 3408 msahci - ok
22:10:20.0629 3408 [ 264bbb4aaf312a485f0e44b65a6b7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:10:20.0629 3408 msdsm - ok
22:10:20.0644 3408 [ 7ec02ce772f068ed0beafa3da341a9bc ] MSDTC C:\Windows\System32\msdtc.exe
22:10:20.0644 3408 MSDTC - ok
22:10:20.0676 3408 [ 704f59bfc4512d2bb0146aec31b10a7c ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:10:20.0676 3408 Msfs - ok
22:10:20.0691 3408 [ 00ebc952961664780d43dca157e79b27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:10:20.0691 3408 msisadrv - ok
22:10:20.0722 3408 [ 366b0c1f4478b519c181e37d43dcda32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:10:20.0722 3408 MSiSCSI - ok
22:10:20.0722 3408 msiserver - ok
22:10:20.0754 3408 [ 0ea73e498f53b96d83dbfca074ad4cf8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:10:20.0754 3408 MSKSSRV - ok
22:10:20.0816 3408 [ 59faaf2c83c8169ea20f9e335e418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:10:20.0816 3408 MsMpSvc - ok
22:10:20.0816 3408 [ 52e59b7e992a58e740aa63f57edbae8b ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:10:20.0816 3408 MSPCLOCK - ok
22:10:20.0847 3408 [ 49084a75bae043ae02d5b44d02991bb2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:10:20.0847 3408 MSPQM - ok
22:10:20.0910 3408 [ dc6ccf440cdede4293db41c37a5060a5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:10:20.0910 3408 MsRPC - ok
22:10:20.0925 3408 [ 855796e59df77ea93af46f20155bf55b ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:10:20.0925 3408 mssmbios - ok
22:10:20.0925 3408 [ 86d632d75d05d5b7c7c043fa3564ae86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:10:20.0925 3408 MSTEE - ok
22:10:20.0956 3408 [ 03b7145c889603537e9ffeabb1ad1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
22:10:20.0956 3408 MTsensor - ok
22:10:20.0956 3408 [ 0cc49f78d8aca0877d885f149084e543 ] Mup C:\Windows\system32\Drivers\mup.sys
22:10:20.0956 3408 Mup - ok
22:10:21.0003 3408 [ a5b10c845e7538c60c0f5d87a57cb3f5 ] napagent C:\Windows\system32\qagentRT.dll
22:10:21.0003 3408 napagent - ok
22:10:21.0034 3408 [ 2007b826c4acd94ae32232b41f0842b9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:10:21.0050 3408 NativeWifiP - ok
22:10:21.0112 3408 [ 5e8edd6a52e897c19ec6e149fe6c7a8e ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
22:10:21.0112 3408 NBService - ok
22:10:21.0175 3408 [ 65950e07329fcee8e6516b17c8d0abb6 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:10:21.0190 3408 NDIS - ok
22:10:21.0190 3408 [ 64df698a425478e321981431ac171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:10:21.0190 3408 NdisTapi - ok
22:10:21.0206 3408 [ 8baa43196d7b5bb972c9a6b2bbf61a19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:10:21.0206 3408 Ndisuio - ok
22:10:21.0222 3408 [ f8158771905260982ce724076419ef19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:10:21.0222 3408 NdisWan - ok
22:10:21.0222 3408 [ 9cb77ed7cb72850253e973a2d6afdf49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:10:21.0237 3408 NDProxy - ok
22:10:21.0237 3408 [ a499294f5029a7862adc115bda7371ce ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:10:21.0237 3408 NetBIOS - ok
22:10:21.0268 3408 [ fc2c792ebddc8e28df939d6a92c83d61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
22:10:21.0268 3408 netbt - ok
22:10:21.0268 3408 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] Netlogon C:\Windows\system32\lsass.exe
22:10:21.0268 3408 Netlogon - ok
22:10:21.0300 3408 [ 9b63b29defc0f3115a559d2597bf5d75 ] Netman C:\Windows\System32\netman.dll
22:10:21.0300 3408 Netman - ok
22:10:21.0346 3408 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:10:21.0393 3408 NetMsmqActivator - ok
22:10:21.0393 3408 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:10:21.0393 3408 NetPipeActivator - ok
22:10:21.0424 3408 [ 7846d0136cc2b264926a73047ba7688a ] netprofm C:\Windows\System32\netprofm.dll
22:10:21.0424 3408 netprofm - ok
22:10:21.0424 3408 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:10:21.0440 3408 NetTcpActivator - ok
22:10:21.0440 3408 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:10:21.0440 3408 NetTcpPortSharing - ok
22:10:21.0456 3408 [ 4ac08bd6af2df42e0c3196d826c8aea7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:10:21.0456 3408 nfrd960 - ok
22:10:21.0487 3408 [ 91b4e0273d2f6c24ef845f2b41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:10:21.0487 3408 NisDrv - ok
22:10:21.0534 3408 [ 10a43829a9e606af3eef25a1c1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
22:10:21.0534 3408 NisSrv - ok
22:10:21.0549 3408 [ f145bf4c4668e7e312069f81ef847cfc ] NlaSvc C:\Windows\System32\nlasvc.dll
22:10:21.0549 3408 NlaSvc - ok
22:10:21.0580 3408 [ 193fa51dddd0bffded1c340f0434999a ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
22:10:21.0580 3408 NMIndexingService - ok
22:10:21.0612 3408 [ b298874f8e0ea93f06ec40aa8d146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:10:21.0612 3408 Npfs - ok
22:10:21.0612 3408 [ acb62baa1c319b17752553df3026eeeb ] nsi C:\Windows\system32\nsisvc.dll
22:10:21.0612 3408 nsi - ok
22:10:21.0627 3408 [ 1523af19ee8b030ba682f7a53537eaeb ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:10:21.0627 3408 nsiproxy - ok
22:10:21.0674 3408 [ bac869dfb98e499ba4d9bb1fb43270e1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:10:21.0721 3408 Ntfs - ok
22:10:21.0721 3408 [ dd5d684975352b85b52e3fd5347c20cb ] Null C:\Windows\system32\drivers\Null.sys
22:10:21.0721 3408 Null - ok
22:10:21.0783 3408 [ e132423e77fdcd11880bab7a8dbac8aa ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys
22:10:21.0814 3408 NVENETFD - ok
22:10:22.0142 3408 [ ba0b4889c40380a01ecdf84c227a89c9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:10:22.0438 3408 nvlddmkm - ok
22:10:22.0470 3408 [ 2c040b7ada5b06f6facadac8514aa034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:10:22.0470 3408 nvraid - ok
22:10:22.0470 3408 [ f7ea0fe82842d05eda3efdd376dbfdba ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:10:22.0470 3408 nvstor - ok
22:10:22.0516 3408 [ 06633cf95bea62164c3bfca24bce6b11 ] nvsvc C:\Windows\system32\nvvsvc.exe
22:10:22.0548 3408 nvsvc - ok
22:10:22.0610 3408 [ 53b629ce436b110c5689c2f6439e567b ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:10:22.0641 3408 nvUpdatusService - ok
22:10:22.0657 3408 [ 19067ca93075ef4823e3938a686f532f ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:10:22.0657 3408 nv_agp - ok
22:10:22.0657 3408 NwlnkFlt - ok
22:10:22.0672 3408 NwlnkFwd - ok
22:10:22.0704 3408 [ b5b1ce65ac15bbd11c0619e3ef7cfc28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:10:22.0704 3408 ohci1394 - ok
22:10:22.0704 3408 [ b4a561afa9f289ee824d6d23533072f4 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
22:10:22.0719 3408 ossrv - ok
22:10:22.0750 3408 [ 9ae31d2e1d15c10d91318e0ec149ceac ] p2pimsvc C:\Windows\system32\p2psvc.dll
22:10:22.0782 3408 p2pimsvc - ok
22:10:22.0797 3408 [ 9ae31d2e1d15c10d91318e0ec149ceac ] p2psvc C:\Windows\system32\p2psvc.dll
22:10:22.0797 3408 p2psvc - ok
22:10:22.0828 3408 [ 4c6a7fd04ddf4db88791048382e3edb1 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:10:22.0844 3408 Parport - ok
22:10:22.0860 3408 [ b43751085e2abe389da466bc62a4b987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:10:22.0860 3408 partmgr - ok
22:10:22.0891 3408 [ 5eacb8a19cad7057806fbbf9550165e1 ] PcaSp60 C:\Windows\system32\DRIVERS\PcaSp60.sys
22:10:22.0906 3408 PcaSp60 - ok
22:10:22.0938 3408 [ 9ab157b374192ff276c1628fbdba2b0e ] PcaSvc C:\Windows\System32\pcasvc.dll
22:10:22.0938 3408 PcaSvc - ok
22:10:22.0969 3408 [ 47ab1e0fc9d0e12bb53ba246e3a0906d ] pci C:\Windows\system32\drivers\pci.sys
22:10:22.0969 3408 pci - ok
22:10:23.0000 3408 [ 2657f6c0b78c36d95034be109336e382 ] pciide C:\Windows\system32\drivers\pciide.sys
22:10:23.0000 3408 pciide - ok
22:10:23.0016 3408 [ 037661f3d7c507c9993b7010ceee6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:10:23.0031 3408 pcmcia - ok
22:10:23.0047 3408 [ 58865916f53592a61549b04941bfd80d ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:10:23.0078 3408 PEAUTH - ok
22:10:23.0125 3408 [ 0ed8727ea0172860f47258456c06caea ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:10:23.0125 3408 PerfHost - ok
22:10:23.0187 3408 [ e9e68c1a0f25cf4a7ac966eea74ee89e ] pla C:\Windows\system32\pla.dll
22:10:23.0218 3408 pla - ok
22:10:23.0250 3408 [ fe6b0f59215c9fd9f9d26539c58c8b82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:10:23.0250 3408 PlugPlay - ok
22:10:23.0265 3408 PnkBstrA - ok
22:10:23.0281 3408 [ 9ae31d2e1d15c10d91318e0ec149ceac ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
22:10:23.0281 3408 PNRPAutoReg - ok
22:10:23.0296 3408 [ 9ae31d2e1d15c10d91318e0ec149ceac ] PNRPsvc C:\Windows\system32\p2psvc.dll
22:10:23.0296 3408 PNRPsvc - ok
22:10:23.0328 3408 [ 89a5560671c2d8b4a4b51f3e1aa069d8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:10:23.0343 3408 PolicyAgent - ok
22:10:23.0374 3408 [ 23386e9952025f5f21c368971e2e7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:10:23.0374 3408 PptpMiniport - ok
22:10:23.0390 3408 [ 5080e59ecee0bc923f14018803aa7a01 ] Processor C:\Windows\system32\drivers\processr.sys
22:10:23.0390 3408 Processor - ok
22:10:23.0421 3408 [ e058ce4fc2449d8bfa14739c83b7ff2a ] ProfSvc C:\Windows\system32\profsvc.dll
22:10:23.0421 3408 ProfSvc - ok
22:10:23.0437 3408 [ 260bf9c43ee12c6898a9f5aab0fb0e5d ] ProtectedStorage C:\Windows\system32\lsass.exe
22:10:23.0437 3408 ProtectedStorage - ok
22:10:23.0468 3408 [ c5ab7f0809392d0da027f4a2a81bfa31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
22:10:23.0468 3408 PSched - ok
22:10:23.0499 3408 [ 0b83f4e681062f3839be2ec1d98fd94a ] ql2300 C:\Windows\system32\drivers\ql2300.sys

#8 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:31 AM

Posted 16 August 2012 - 11:15 AM

Hello Solomon87,

  • Click Start.
  • In the search bar type mbam and hit Enter.
  • Malwarebytes Antimalware will launch.
  • Click the Update tab and click "Check for Updates."
  • Once MBAM is finished updating, continue with the rest of these instructions.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#9 Solomon87

Solomon87
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 16 August 2012 - 05:12 PM

Hey Shooter, I ran MBAM as requested but it did not find anything, i dont understand. I am sorry if i am wasting your time but my pc just isn't right even if no malware is coming up :( . My pc was going nuts last night for about two hours. CPU usage was constantly in the 50 to 75 percent range and memory was about 60 to 70 percent all the while i was not doing anything. Anyways, here is the MBAM log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.16.10

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Leeann :: LEEANN-PC [administrator]

8/16/2012 3:33:18 PM
mbam-log-2012-08-16 (15-33-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225414
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:31 AM

Posted 18 August 2012 - 06:39 AM

Hello Solomon87,

Please download and install Startup Lite.

This tool will allow you to disable all non-essential startup programs and should lower the amount of resource usage on background processes.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#11 Solomon87

Solomon87
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 19 August 2012 - 06:13 PM

Hi Shooter, i downloaded and used Startup lite and seems to make some difference on memory usage, thanks.

I have a question for you, i had Microsoft Essentials run it's weekly scan Sunday morning and it found nothing that i am aware of, however under the history tab, there we're about 4 or 5 entries where MSE had found instances of different variations of Trojans on one day alone and it happened on 8-16, just 3 days ago. Is that normal?? I find it hard to believe it would find so many trojans in one day, especially considering i don't often go to questionable websites. I wish i had not removed all of them, i forgot i could show them to you. MSE said it had quarantined all of them so i just had them permanently removed.

Is there anything else you can recommend i try here to check for this stuff on my pc?

Edited by Solomon87, 19 August 2012 - 06:16 PM.


#12 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:31 AM

Posted 20 August 2012 - 09:16 AM

Hello Solomon87,

Glad Startup Lite worked for you. :thumbup2:

---------------------------------

Malware can come from all sorts of places and can exploit all sorts of programs to infect your machine.

More information about this will be provided in my final "all-clean" post to you.

There are plenty of people that are infected and don't even know it. That's why security is such a large priority and why it's good to be informed.

---------------------------------

As for checking for more malware on the computer, I've looked through multiple logs of yours now and I don't see anything.

If there is something excessively hogging your resources, it isn't malicious.

Statup Lite should have taken care of anything at startup that is non-malicious.

---------------------------------

Lastly, can you please post what Microsoft Security Essentials found on your computer?

You should be able to find these under the "History" tab in MSE.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#13 Solomon87

Solomon87
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 20 August 2012 - 10:11 AM

Hey shooter, i will post what MSE found. It says it found all of these variants, i thought it had said Trojans but i guess not:


EXPLOIT:Java/CVE-2012-1723.DD
EXPLOIT:Java/CVE-2012-1723.DC
EXPLOIT:Java/CVE-2012-1723.DF
EXPLOIT:Java/CVE-2012-1723.DE

All found on 8/16

Also, Firefox has now been hijacked by Conduit search that uses Bing. I reset Firefox and it is not there anymore that i can see but can you recommend a program to sweep my pc for anything CONDUIT related?

Edited by Solomon87, 20 August 2012 - 10:14 AM.


#14 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:11:31 AM

Posted 20 August 2012 - 11:41 AM

Hello Solomon87,

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#15 Solomon87

Solomon87
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 20 August 2012 - 08:20 PM

I ran the program and Conduit has stamped itself all over the place, holy crap!!


# AdwCleaner v1.801 - Logfile created 08/20/2012 at 20:16:36
# Updated 14/08/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Leeann - LEEANN-PC
# Boot Mode : Normal
# Running from : C:\Users\Leeann\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Leeann\AppData\Local\Conduit
Folder Found : C:\Users\Leeann\AppData\Local\Temp\CT3220468
Folder Found : C:\Users\Leeann\AppData\LocalLow\Conduit
Folder Found : C:\Users\Leeann\AppData\Roaming\Mozilla\Firefox\Profiles\6sd1b1hh.default\CT3220468
Folder Found : C:\Users\Leeann\AppData\Roaming\Mozilla\Firefox\Profiles\6sd1b1hh.default\Smartbar
Folder Found : C:\Users\Leeann\AppData\Roaming\Mozilla\Firefox\Profiles\6sd1b1hh.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

***** [Registry] *****

[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\Conduit
[x64] Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[x64] Key Found : HKCU\Software\AppDataLow\Software\SmartBar
[x64] Key Found : HKCU\Software\Conduit

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Users\Leeann\AppData\Roaming\Mozilla\Firefox\Profiles\6sd1b1hh.default\prefs.js

Found : user_pref("CT3220468.129571859753082121.isToggled_item0_11", "true");
Found : user_pref("CT3220468.BT_Stats", "{\"last_log\":1345392217,\"uuid\":989284194163523,\"seq_id\":1,\"ss[...]
Found : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3220468.FirstTime", "true");
Found : user_pref("CT3220468.FirstTimeFF3", "true");
Found : user_pref("CT3220468.TrusteLinkUrl", "");
Found : user_pref("CT3220468.UserID", "UN06606676004557088");
Found : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3220468.autoDisableScopes", -1);
Found : user_pref("CT3220468.cbfirsttime", "Sun Aug 19 2012 11:03:25 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT3220468.defaultSearch", "FALSE");
Found : user_pref("CT3220468.defaultSearchUrl", "");
Found : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3220468.enableAlerts", "always");
Found : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
Found : user_pref("CT3220468.firstTimeDialogOpened", "true");
Found : user_pref("CT3220468.fixPageNotFoundError", "true");
Found : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3220468.fixUrls", true);
Found : user_pref("CT3220468.installId", "fft32.tmp.exe");
Found : user_pref("CT3220468.installType", "XPE");
Found : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3220468.isNewTabEnabled", true);
Found : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Found : user_pref("CT3220468.openThankYouPage", "true");
Found : user_pref("CT3220468.openUninstallPage", "FALSE");
Found : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Found : user_pref("CT3220468.search.searchCount", "0");
Found : user_pref("CT3220468.searchAddressUrl", "");
Found : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3220468.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1345392204763");
Found : user_pref("CT3220468.serviceLayer_services_appTracking_lastUpdate", "1345392205640");
Found : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1345473371730");
Found : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1345392204926");
Found : user_pref("CT3220468.serviceLayer_services_login_10.10.20.14_lastUpdate", "1345473375556");
Found : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1345392204969");
Found : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1345392204417");
Found : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1345392204309");
Found : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1345392204839");
Found : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1345473375251");
Found : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1345392204744");
Found : user_pref("CT3220468.settingsINI", true);
Found : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Found : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Found : user_pref("CT3220468.smartbar.Uninstall", "0");
Found : user_pref("CT3220468.smartbar.isHidden", true);
Found : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Found : user_pref("CT3220468.startPage", "userChanged");
Found : user_pref("CT3220468.startPageUrl", "");
Found : user_pref("CT3220468.toolbarBornServerTime", "19-8-2012");
Found : user_pref("CT3220468.toolbarCurrentServerTime", "20-8-2012");

Profile name : default-1345474550914 [Profil par défaut]
File : C:\Users\Leeann\AppData\Roaming\Mozilla\Firefox\Profiles\gek19ci2.default-1345474550914\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7067 octets] - [20/08/2012 20:16:36]

########## EOF - C:\AdwCleaner[R1].txt - [7195 octets] ##########




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users