Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am i infected? (paranoid)


  • This topic is locked This topic is locked
6 replies to this topic

#1 DubWub

DubWub

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 30 January 2013 - 02:23 AM

Hi, i aint sure if i have a infection or if anything is out of place im just very paranoid and would like to be reasured that my system is fine. I am mainly paranoid after seeing alot of random reg entries in Interface, and also because i replaced my bios chip with a pre flashed one. Would be great if a expert could look over my logs, many thanks.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by Sean at 7:17:20 on 2013-01-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4077.2773 [GMT 0:00]
.
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Plantronics\GameCom780\GameCom780.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
C:\Windows\explorer.exe
C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2start.exe
C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSInterface.exe
C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe
C:\Program Files (x86)\OpenDNS\DNSCrypt\dnscrypt-proxy.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
mRun: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENDN~1.LNK - C:\Windows\Installer\{DEF3592F-0751-4632-9875-8BF9AD602898}\_7245386387960A1D7D5229.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: Interfaces\{80F675CA-0639-4C0F-B945-A6604680D185} : NameServer = 127.0.0.1
SSODL: WebCheck - <orphaned>
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [GamecomSound] C:\Program Files\Plantronics\GameCom780\GameCom780.exe
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\4722k1hd.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.duckduckgo.com/
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: 2013-01-26 19:30; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\4722k1hd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-01-26 19:53; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; C:\Users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\4722k1hd.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2013-1-26 23208]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2013-1-26 44688]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2013-1-26 14720]
R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2013-1-26 3084688]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 DNSCrypt;OpenDNSCrypt;C:\Program Files (x86)\OpenDNS\DNSCrypt\OpenDNSCryptService.exe [2012-8-31 14336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-26 398184]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2013-1-26 66320]
R3 AE1000;Linksys AE1000 Driver;C:\Windows\System32\drivers\ae1000w7.sys [2013-1-26 1600064]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-26 24176]
R3 PlantronicsGC;PLTGC Interface;C:\Windows\System32\drivers\PLTGC.sys [2012-6-29 1327616]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-26 769168]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-26 682344]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-26 59392]
.
=============== Created Last 30 ================
.
2013-01-30 06:00:09 -------- d-----w- C:\Users\Sean\AppData\Local\OpenDNS
2013-01-30 05:57:49 -------- d-----w- C:\ProgramData\OpenDNS
2013-01-30 05:57:43 -------- d-----w- C:\Program Files (x86)\OpenDNS
2013-01-30 02:53:18 92160 ----a-w- C:\Windows\System32\ff_vfw.dll
2013-01-30 02:53:17 -------- d-----w- C:\Program Files\ffdshow
2013-01-30 02:33:25 -------- d-----w- C:\Users\Sean\AppData\Roaming\Geek Uninstaller
2013-01-30 02:26:58 -------- d-----w- C:\Program Files\Media Player Classic
2013-01-30 02:01:40 -------- d-----w- C:\Users\Sean\AppData\Roaming\qBittorrent
2013-01-30 02:01:40 -------- d-----w- C:\Users\Sean\AppData\Local\qBittorrent
2013-01-30 02:01:32 -------- d-----w- C:\Program Files (x86)\qBittorrent
2013-01-29 21:25:54 49664 ------w- C:\Windows\unvise32.exe
2013-01-28 20:56:04 -------- d-----w- C:\Users\Sean\AppData\Local\Diagnostics
2013-01-28 17:03:37 -------- d-----w- C:\Users\Sean\VirtualBox VMs
2013-01-28 17:02:53 237992 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2013-01-28 17:02:50 120232 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2013-01-27 02:06:22 3995760 ----a-w- C:\Windows\SysWow64\GameMon.des
2013-01-27 00:18:35 -------- d-----w- C:\Windows\Panther
2013-01-27 00:18:23 -------- d-sh--w- C:\Boot
2013-01-26 20:16:59 -------- d-----w- C:\Users\Sean\AppData\Local\Celeris
2013-01-26 20:15:42 -------- d-----w- C:\ProgramData\Celeris
2013-01-26 20:15:42 -------- d-----w- C:\Program Files (x86)\Celeris
2013-01-26 20:15:29 -------- d-----w- C:\Users\Sean\AppData\Roaming\Celeris
2013-01-26 20:12:59 72200 ----a-w- C:\Windows\System32\XAPOFX1_1.dll
2013-01-26 20:11:58 489480 ----a-w- C:\Windows\System32\XAudio2_0.dll
2013-01-26 19:53:25 -------- d-----w- C:\Users\Sean\AppData\Local\Macromedia
2013-01-26 19:52:48 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-26 19:52:48 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-26 19:41:45 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2013-01-26 19:34:23 -------- d-----w- C:\Program Files\CCleaner
2013-01-26 19:31:10 -------- d-----w- C:\Users\Sean\AppData\Roaming\Malwarebytes
2013-01-26 19:31:07 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-26 19:31:07 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-26 19:31:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-26 19:30:58 -------- d-----w- C:\Users\Sean\AppData\Local\Programs
2013-01-26 19:13:40 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-01-26 19:13:40 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-01-26 19:13:40 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-01-26 19:13:40 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-01-26 19:13:40 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-01-26 19:13:40 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-01-26 19:13:17 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-01-26 19:13:17 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-01-26 19:13:17 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-01-26 19:13:17 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-01-26 19:13:17 220672 ----a-w- C:\Windows\System32\wintrust.dll
2013-01-26 19:13:17 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-01-26 19:13:17 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-01-26 19:11:55 715776 ----a-w- C:\Windows\System32\kerberos.dll
2013-01-26 19:08:08 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-01-26 19:08:07 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-01-26 19:08:06 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-01-26 19:08:06 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-01-26 19:06:44 1600064 ----a-w- C:\Windows\System32\drivers\ae1000w7.sys
2013-01-26 19:01:21 -------- d-----w- C:\Windows\System32\SPReview
2013-01-26 18:56:14 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2013-01-26 18:56:13 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2013-01-26 18:56:09 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2013-01-26 18:56:09 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2013-01-26 18:53:59 99328 ----a-w- C:\Windows\SysWow64\QSVRMGMT.DLL
2013-01-26 18:50:49 811400 ------w- C:\Windows\System32\PLTGC.exe
2013-01-26 18:50:49 523144 ----a-w- C:\Windows\difxapi.dll
2013-01-26 18:50:49 364936 ------w- C:\Windows\System32\CmiInstallResAll64.dll
2013-01-26 18:50:49 -------- d-----w- C:\Program Files\Plantronics
2013-01-26 18:50:37 -------- d-----w- C:\Program Files (x86)\Plantronics
2013-01-26 18:50:15 769168 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
2013-01-26 18:50:15 74344 ----a-w- C:\Windows\System32\RtNicProp64.dll
2013-01-26 18:50:15 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll
2013-01-26 18:48:47 0 ----a-w- C:\Windows\ativpsrm.bin
2013-01-26 18:48:07 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2013-01-26 18:48:06 -------- d-----w- C:\Program Files\ATI
2013-01-26 18:47:52 -------- d-----w- C:\Program Files\ATI Technologies
2013-01-26 18:46:26 -------- d-----w- C:\AMD
2013-01-26 18:45:05 -------- d-----w- C:\Windows\SysWow64\RTCOM
2013-01-26 18:45:05 -------- d-----w- C:\Program Files\Realtek
2013-01-26 18:42:44 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll
2013-01-26 18:42:20 -------- d-----w- C:\Intel
.
==================== Find3M ====================
.
2013-01-26 19:00:03 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-01-26 19:00:03 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-12-19 20:50:14 5630200 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-12-19 20:48:48 11278336 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-12-19 20:29:36 23461376 ----a-w- C:\Windows\System32\atio6axx.dll
2012-12-19 20:22:50 70144 ----a-w- C:\Windows\System32\coinst_9.012.dll
2012-12-19 20:19:46 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-12-19 20:18:04 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-12-19 20:18:02 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-12-19 20:17:54 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-12-19 20:17:52 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-12-19 20:17:40 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-12-19 20:13:24 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-12-19 20:12:44 18982400 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-12-19 20:09:52 960512 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-12-19 20:08:04 1151488 ----a-w- C:\Windows\System32\aticfx64.dll
2012-12-19 20:06:00 6681088 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-12-19 19:59:44 5087744 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-12-19 19:57:00 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2012-12-19 19:56:46 550912 ----a-w- C:\Windows\System32\atieclxx.exe
2012-12-19 19:56:00 240640 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-12-19 19:54:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-12-19 19:54:22 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-12-19 19:54:18 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-12-19 19:54:12 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-12-19 19:49:00 7370752 ----a-w- C:\Windows\System32\atidxx64.dll
2012-12-19 19:44:28 4162048 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-12-19 19:44:12 6786560 ----a-w- C:\Windows\System32\atiumd64.dll
2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-12-19 19:33:42 619008 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-12-19 19:33:32 421888 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-12-19 19:33:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-12-19 19:33:14 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-12-19 19:33:14 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-12-19 19:33:10 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-12-19 19:33:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-12-19 19:32:54 552960 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-12-19 19:31:14 130048 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-12-19 19:31:08 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-12-19 19:31:00 104448 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-12-19 19:30:52 83968 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-12-19 19:30:16 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-12-19 14:47:20 132008 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
.
============= FINISH: 7:17:28.80 ===============

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:24 PM

Posted 30 January 2013 - 03:37 PM

Good evening. :)

When you ran DDS it should have created a second log, Attach.txt. Will you post the contents of that in your next reply. If you didn't save a copy, simply run DDS again.

I am mainly paranoid after seeing alot of random reg entries in Interface

Would you care to elaborate. Also, do you have any other issues that you make you think that your system may be infected, pop-ups, browser redirection - I assume not as it's the sort of thing that I would have expected you to mention if you did, but I have to ask.

because i replaced my bios chip with a pre flashed one.

Did you obtain the chip from a legitimate source?

So long, and thanks for all the fish.

 

 


#3 DubWub

DubWub
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 30 January 2013 - 07:19 PM

Hi thanks for reply. I dont get any re directs or anything out of place. Im just paranoid more than anything and would just like to be reassured by a expert. My bios chip was from a ebay store so legit i think so, i re flashed the bios anyways just to be sure. I did attach the second log file to my first post but for some reason it must not of uploaded. I will attach it to this post.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 26/01/2013 18:35:38
System Uptime: 30/01/2013 09:10:56 (15 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8Z68-V LX
Processor: Intel® Pentium® CPU G840 @ 2.80GHz | LGA1155 | 2800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 89.869 GiB free.
D: is CDROM (UDF)
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 Plugin
AMD Catalyst Install Manager
Asmedia ASM104x USB 3.0 Host Controller Driver
Catalyst Control Center InstallProxy
CCleaner
Emsisoft Anti-Malware
ffdshow x64 v1.2.4422 [2012-04-09]
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Mozilla Firefox 18.0.1 (x86 en-US)
Plantronics® GameCom 780 Software for Dolby® Headphone
qBittorrent 3.0.8
Realtek High Definition Audio Driver
SoulseekQt
Virtual Pool 4
.
==== Event Viewer Messages From Past Week ========
.
30/01/2013 09:13:36, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the NetBT service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
28/01/2013 20:58:18, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The system cannot find the file specified.
28/01/2013 20:51:36, Error: Service Control Manager [7001] - The SPP Notification Service service depends on the COM+ Event System service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
28/01/2013 17:54:46, Error: Service Control Manager [7023] - The System Event Notification Service service terminated with the following error: Overlapped I/O operation is in progress.
28/01/2013 02:31:18, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DHCP Client service, but this action failed with the following error: An instance of the service is already running.
28/01/2013 02:29:23, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
28/01/2013 02:29:23, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
28/01/2013 02:29:23, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
28/01/2013 02:29:23, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
28/01/2013 02:29:23, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
27/01/2013 02:06:22, Error: Service Control Manager [7030] - The nProtect GameGuard Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
26/01/2013 19:16:37, Error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v2.0.50727_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:24 PM

Posted 31 January 2013 - 02:40 PM

Good evening. :)

And the random reg entries in Interface?

So long, and thanks for all the fish.

 

 


#5 DubWub

DubWub
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 02 February 2013 - 01:13 AM

Hi sorry for late replie. The registry entries could be normal buti aint sure but theres alot of random registry entries in HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface with keys {0000000d-0000-0000-C000-000000000046}. There atleast 100 and each one when i click them them have ProxyStubclsid and proxystubclsid32. I dont have any issues with my pc just paranoid and confused to what all these reg keys are.

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:24 PM

Posted 04 February 2013 - 03:49 PM

Good evening. :)

I've got a large number on my system, so i'd go with the idea that it's how Windows works rather than the sign of an infection, For a little more information, click here.

So long, and thanks for all the fish.

 

 


#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:24 PM

Posted 09 February 2013 - 04:25 PM

As this issue appears to have been resolved, this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users