Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Its Indexing my HDD


  • Please log in to reply
16 replies to this topic

#1 slotfy

slotfy

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 29 August 2012 - 10:53 AM

Some spyware is indexing my hard disk drive and sending it online .. it doesn't have a process of its own it works from within any process which is already running .. I tried Malewarebytes and spyware search&destroy but no success so I removed them .. I uninstalled most of my start up programs checking one by one but no success .. all I know is that this thing is able to use maximum cpu resources by the process its working through which leaves almost nothing to other applications .. every time I stop process tree it just moves to another process.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:20 AM

Posted 29 August 2012 - 08:07 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 slotfy

slotfy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 31 August 2012 - 08:44 AM

run all the five programs???

#4 slotfy

slotfy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 31 August 2012 - 09:47 AM

SecurityCheck:

Results of screen317's Security Check version 0.99.49
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Kaspersky PURE 2.0
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Norton Ghost
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.3.300.262
Mozilla Firefox 11.0 Firefox out of Date!
Google Chrome 21.0.1180.79
Google Chrome 21.0.1180.83
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky PURE 2.0 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

#5 slotfy

slotfy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 31 August 2012 - 09:49 AM

Farbar Service Scanner (FSS):

Farbar Service Scanner Version: 06-08-2012
Ran by Temp (administrator) on 31-08-2012 at 08:49:02
Running from "C:\Users\Temp\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
cryptsvc Service is not running. Checking service configuration:
The start type of cryptsvc service is OK.
The ImagePath of cryptsvc service is OK.
The ServiceDll of cryptsvc service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll
[2011-07-07 19:00] - [2011-07-07 19:00] - 0132608 ____A (Microsoft Corporation) 2FE30D71919C51131405797620E0A714

C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#6 slotfy

slotfy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 31 August 2012 - 10:00 AM

MiniToolBox:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Temp (administrator) on 31-08-2012 at 08:51:50
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 100sexlinks.com

There are 15222 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
MAC Bridge Miniport = Network Bridge (Hardware not present)
Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Temp-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Home

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : E0-CA-94-32-4D-EB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a121:9f57:de3d:2640%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, August 31, 2012 6:44:08 AM
Lease Expires . . . . . . . . . . : Saturday, September 01, 2012 7:39:51 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 316721812
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-4D-FC-78-00-26-6C-D2-DC-7F
DNS Servers . . . . . . . . . . . : 192.168.1.1
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 00-26-6C-D2-DC-7F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.Home:

Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.2%14(Preferred)
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.1
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:73b8:1863:3914:d6d5:1050(Preferred)
Link-local IPv6 Address . . . . . : fe80::1863:3914:d6d5:1050%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: Broadcom.Home
Address: 192.168.1.1

Name: google.com.Home
Address: 92.242.144.5


Pinging google.com [173.194.35.35] with 32 bytes of data:
Reply from 173.194.35.35: bytes=32 time=103ms TTL=55
Reply from 173.194.35.35: bytes=32 time=110ms TTL=55

Ping statistics for 173.194.35.35:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 103ms, Maximum = 110ms, Average = 106ms
Server: Broadcom.Home
Address: 192.168.1.1

Name: yahoo.com.Home
Address: 92.242.144.5


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=1021ms TTL=49
Reply from 98.139.183.24: bytes=32 time=1030ms TTL=50

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1021ms, Maximum = 1030ms, Average = 1025ms
Server: Broadcom.Home
Address: 192.168.1.1

Name: bleepingcomputer.com.Home
Address: 92.242.144.5


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...e0 ca 94 32 4d eb ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
11...00 26 6c d2 dc 7f ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 281
192.168.1.2 255.255.255.255 On-link 192.168.1.2 281
192.168.1.255 255.255.255.255 On-link 192.168.1.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:73b8:1863:3914:d6d5:1050/128
On-link
12 281 fe80::/64 On-link
13 306 fe80::/64 On-link
14 286 fe80::5efe:192.168.1.2/128
On-link
13 306 fe80::1863:3914:d6d5:1050/128
On-link
12 281 fe80::a121:9f57:de3d:2640/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/30/2012 05:59:34 AM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 21.0.1180.83, time stamp: 0x502eaec7
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x0003bc21
Faulting process id: 0xfac
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (08/29/2012 09:19:07 AM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 21.0.1180.83, time stamp: 0x502eaec7
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x0003bc21
Faulting process id: 0x1c74
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (08/29/2012 00:28:55 AM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 21.0.1180.83, time stamp: 0x502eaec7
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x0003bc21
Faulting process id: 0x2160
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (08/28/2012 06:18:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: wmprph.exe, version: 12.0.7600.16385, time stamp: 0x4a5bccac
Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96e
Exception code: 0xc0000005
Fault offset: 0x00032239
Faulting process id: 0x255c
Faulting application start time: 0xwmprph.exe0
Faulting application path: wmprph.exe1
Faulting module path: wmprph.exe2
Report Id: wmprph.exe3

Error: (08/27/2012 03:37:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9609

Error: (08/27/2012 03:37:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9609

Error: (08/27/2012 03:37:11 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/27/2012 03:37:10 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8611

Error: (08/27/2012 03:37:10 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8611

Error: (08/27/2012 03:37:10 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (08/31/2012 07:46:01 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error:
%%1056

Error: (08/31/2012 07:41:01 AM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (08/31/2012 07:40:46 AM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/30/2012 00:35:26 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (08/30/2012 03:56:34 AM) (Source: Tcpip) (User: )
Description: The system detected an address conflict for IP address 192.168.1.2 with the system
having network hardware address 54-04-A6-24-23-BD. Network operations on this system may
be disrupted as a result.

Error: (08/29/2012 00:24:36 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly. It has done this 5 time(s).

Error: (08/29/2012 00:24:16 PM) (Source: Service Control Manager) (User: )
Description: The Workstation service terminated unexpectedly. It has done this 3 time(s).

Error: (08/29/2012 00:24:16 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly. It has done this 4 time(s).

Error: (08/29/2012 09:19:52 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service terminated unexpectedly. It has done this 3 time(s).

Error: (08/29/2012 09:19:52 AM) (Source: Service Control Manager) (User: )
Description: The DNS Client service terminated unexpectedly. It has done this 3 time(s).


Microsoft Office Sessions:
=========================
Error: (08/30/2012 05:59:34 AM) (Source: Application Error)(User: )
Description: chrome.exe21.0.1180.83502eaec7ole32.dll6.1.7601.175144ce7b96fc00000050003bc21fac01cd85fa1d9e517dC:\Users\Temp\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\ole32.dll295486fd-f29a-11e1-a8c9-00266cd2dc7f

Error: (08/29/2012 09:19:07 AM) (Source: Application Error)(User: )
Description: chrome.exe21.0.1180.83502eaec7ole32.dll6.1.7601.175144ce7b96fc00000050003bc211c7401cd85af97edf793C:\Users\Temp\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\ole32.dlldfb6be5b-f1ec-11e1-a8c9-00266cd2dc7f

Error: (08/29/2012 00:28:55 AM) (Source: Application Error)(User: )
Description: chrome.exe21.0.1180.83502eaec7ole32.dll6.1.7601.175144ce7b96fc00000050003bc21216001cd83e684cb8a48C:\Users\Temp\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\ole32.dllce254827-f1a2-11e1-a8c9-00266cd2dc7f

Error: (08/28/2012 06:18:33 PM) (Source: Application Error)(User: )
Description: wmprph.exe12.0.7600.163854a5bccacntdll.dll6.1.7601.175144ce7b96ec000000500032239255c01cd857bcae50e91C:\Program Files\Windows Media Player\wmprph.exeC:\Windows\SYSTEM32\ntdll.dll10a8b3ad-f16f-11e1-a8c9-00266cd2dc7f

Error: (08/27/2012 03:37:11 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9609

Error: (08/27/2012 03:37:11 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9609

Error: (08/27/2012 03:37:11 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/27/2012 03:37:10 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8611

Error: (08/27/2012 03:37:10 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8611

Error: (08/27/2012 03:37:10 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


=========================== Installed Programs ============================

µTorrent (Version: 3.1.3)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (Version: 9.0.0)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.20)
Adobe Flash Player 11 ActiveX (Version: 11.2.202.235)
Adobe Flash Player 11 Plugin (Version: 11.3.300.262)
Aerosoft's - F-16 Fighting Falcon (Version: 1.00)
AMD OverDrive (Version: 4.2.0.0594)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.36)
Babylon
Bonjour (Version: 3.0.0.10)
Ekiga (remove only)
Express Talk
Firebird 2.5.0.26074 (Win32) (Version: 2.5.0.26074)
Fone 4 PC (Version: 1.0.0)
FreeCall (Version: 3.02 build 439)
fTalk
Google Chrome (Version: 21.0.1180.83)
Google Earth (Version: 6.2.2.6613)
Google Talk Plugin (Version: 3.5.1.8982)
Google Update Helper (Version: 1.3.21.115)
GTK2-Runtime (Version: 2.16.6-2010-05-12-ash)
Hao123.com
Incredibar Toolbar on IE
Internet TV for Windows Media Center (Version: 4.2.2.0)
iriver plus 3 (remove only)
iTunes (Version: 10.6.3.25)
Jazler RadioStar 2 (Version: 2.4)
Kaspersky PURE 2.0 (Version: 12.0.1.288)
LiveReg (Symantec Corporation) (Version: 2.1.5.1502)
LiveUpdate 1.80 (Symantec Corporation) (Version: 1.80.19.0)
Magic ISO Maker v5.5 (build 0281)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Flight Simulator X Demo (Version: 10.0.60905)
Microsoft Office Professional Edition 2003 (Version: 11.0.7969.0)
Microsoft Reader
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MozBackup 1.4.10
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSI to redistribute MS VS2005 CRT libraries (Version: 8.0.50727.42)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MultiSkypeLauncher (remove only) (Version: 1.8)
Nimbuzz 2.2.0.6663.RC6 (Version: 2.2.0.6663.RC6)
Norton Ghost (Version: 76.00.775)
Octoshape add-in for Adobe Flash Player
Opera 12.01 (Version: 12.01.1532)
Pamela Basic 4.8 (Version: 4.8)
Partition Wizard Professional Edition 5.0
Picasa 3 (Version: 3.8)
PowerISO
PrettyMay Call Center for Skype 4.2.0.227 (Version: 4.2.0.227)
QuickTime (Version: 7.72.80.56)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.5)
Realtek WLAN Driver (Version: 2.00.0016)
RealUpgrade 1.1 (Version: 1.1.0)
Safari (Version: 5.34.57.2)
SAM Broadcaster v4 (Version: v4)
Skype Click to Call (Version: 6.1.10441)
Skype™ 5.10 (Version: 5.10.116)
SoftPhone_Client 8.3.1.0
Spesoft Image Converter 2.60
Starry Night Enthusiast Digital Download
TOSHIBA Value Added Package (Version: 1.6.1)
VLC media player 2.0.1 (Version: 2.0.1)
VoipBuster (Version: 4.09 build 662)
Voipwise (Version: 4.02 build 509)
Web Assistant 2.0.0.462
Windows 7 USB/DVD Download Tool (Version: 1.0.30)
Windows Media Center Add-in for Flash (Version: 4.1.2.0)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver
X-Lite 3.0
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

========================= Devices: ================================

Name: MAC Bridge Miniport
Description: MAC Bridge Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BridgeMP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ATI I/O Communications Processor PCI Bus Controller
Description: ATI I/O Communications Processor PCI Bus Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI
Service: pci
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ATI I/O Communications Processor SMBus Controller
Description: ATI I/O Communications Processor SMBus Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


========================= Memory info: ===================================

Percentage of memory in use: 35%
Total physical RAM: 3574.87 MB
Available physical RAM: 2295.62 MB
Total Pagefile: 7148.02 MB
Available Pagefile: 5650.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1939.24 MB

========================= Partitions: =====================================

1 Drive c: (WIN7 32-BIT) (Fixed) (Total:75 GB) (Free:23.66 GB) NTFS
3 Drive e: (HDDRECOVERY) (Fixed) (Total:12.22 GB) (Free:0.58 GB) NTFS
4 Drive f: (TOSHIBA System Volume) (Fixed) (Total:1.46 GB) (Free:1.07 GB) NTFS
5 Drive g: (Non-boot Storage) (Fixed) (Total:209.4 GB) (Free:9.33 GB) NTFS
7 Drive i: (Boot-OS:Windows Vista) (Fixed) (Total:48.83 GB) (Free:9.83 GB) NTFS
8 Drive j: (None-Boot Storage) (Fixed) (Total:62.95 GB) (Free:26.72 GB) NTFS

========================= Users: ========================================

User accounts for \\

Administrator Guest Temp


**** End of log ****

#7 slotfy

slotfy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 31 August 2012 - 10:56 AM

1) The link https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ is not working for me.
2) aswMBR reaches to a point where a blue dump screen appears and then the machine restarts.
3) Please note that the spyware was NOT WORKING when I performed all these scans and logs. Unless it was working through the scanning program there was no other high CPU usage.

Edited by slotfy, 31 August 2012 - 10:59 AM.


#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:20 AM

Posted 31 August 2012 - 07:56 PM

1. Please explain "not working".
Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/

2. See if you can run aswMBR from safe mode.

3. I'm not sure what you're saying.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 slotfy

slotfy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 01 September 2012 - 12:35 AM

Do you mean that there is nothing found in the logs I posted already?

Samir

Edited by slotfy, 01 September 2012 - 12:36 AM.


#10 slotfy

slotfy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 01 September 2012 - 06:40 AM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.01.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Temp :: TEMP-PC [administrator]

9/1/2012 5:24:24 AM
mbam-log-2012-09-01 (05-24-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200816
Time elapsed: 14 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

anything so far?

#11 slotfy

slotfy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 01 September 2012 - 08:27 AM

btw .. the firefox icon at the end of your posts looks really angry :)

#12 slotfy

slotfy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 01 September 2012 - 08:41 AM

svchost.exe (network service)

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:20 AM

Posted 01 September 2012 - 10:29 AM

??

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#14 slotfy

slotfy
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 05 September 2012 - 02:13 AM

he is doing it through svchost.exe .. when I end its process tree after a few moments it starts within one of the processes which is already running.

Borni I posted all the logs .. did you find anything yet?

Samir

The more time it takes the more of my HDD info and data he is acquiring.

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:20 AM

Posted 05 September 2012 - 06:21 PM

I'm still not sure what you're saying.
Why are you killing svchost process?

How exactly do you know something is acquiring your data?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users