Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CPU at 100% maybe malware?


  • This topic is locked This topic is locked
13 replies to this topic

#1 kokolul

kokolul

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 11 January 2014 - 07:59 PM

So yesterday i got a new keyboard and i put it on the USB not sure if this is the cause of it or its just a coincidence. Anyways basically the CPU shot up to 100% with no changes of going down i checked the performance and it was Svchost and Trustedinstaller.exe taking all the CPU. I ran Avast anti virus and Superantispyware to try and see if there was anything i found nothing. I decided to restore the PC to factory hoping it would fix but apparently it did not work and i basically went back to step one with nothing on. I installed all the windows updates it gave me and its still not working it jumps from 22%- 100% with no programs opened so i cant even do anything can someone help me ? i cant do anything no idea what to do next.

 

 

 

Making new post since i was told to switch to this side here are the logs.

Attached Files


Edited by kokolul, 11 January 2014 - 08:17 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:24 PM

Posted 16 January 2014 - 08:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/520512 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 kokolul

kokolul
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 17 January 2014 - 12:23 AM

Hello !
 
Okay so basically my CPU usage is going crazy most the time usually jumps from 40%-100% sometimes drops to 17% but its mostly All way's super high. It started last week and i have been trying to fix this and i have not had any luck what so ever to even improve on the issue. I have installed the updates and even checked to install updates my graphics card. I share this PC with my brother and he plays games on it he tells me that the fps in games is really bad when he normally has 40 fps in wow (not much but playable) now hes barely able to do anything cause of the drops of frame (7-18) and its not even that only its noticeable in YouTube and even Netflix on YouTube it lags so bad i can barely watch anything and on Netflix its unwatchble due to the fact that the audio is not sync cause of the CPU i am Guessing i have done ac couple things to try and fix this ran avast it found nothing ran Superantispyware and found a couple things which i have removed. Defragmented the computer and even use CCleaner to try and fix registry's and such with no programs opened its at 80% CPU and i cant explain or even know why its happening so i am guessing it is a Malware or virus or some sort but i am not really good at computers so i cant say for sure that is why i am in need of help !
thanks in advance
 
Also here is my old post i made has some steps i tried thanks to someone trying to help --->http://www.bleepingcomputer.com/forums/t/520265/vista-100-cpu-usage/


#4 polskamachina

polskamachina

  • Malware Response Team
  • 3,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 17 January 2014 - 01:14 PM

Hi kokolul :)

 

My name is polskamachina and I will be assisting you with your malware problem. Please give me some time to look over your reports and I will get back to you as soon as possible. In the meantime, can you please tell me if this high CPU usage problem happened suddenly after you installed the keyboard? Just for test purposes, have you tried putting the old keyboard back in to see if that made a difference in your CPU usage?

 

polskamachina


Edited by polskamachina, 17 January 2014 - 01:36 PM.


#5 kokolul

kokolul
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 17 January 2014 - 09:17 PM

Yea i tried turning off and it did nothing to help also the CPU was good a few days ago for like 2 hours then it just went back to having huge CPU not really sure what is causing it though 



#6 polskamachina

polskamachina

  • Malware Response Team
  • 3,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 20 January 2014 - 12:11 AM

Hi kokolul :)
 
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
 
Let me know if you have any questions.
 
polskamachina

#7 kokolul

kokolul
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 22 January 2014 - 02:39 AM

Sorry it took a bit was kinda busy but here is the log. the log is about 31k and i cant upload so ill made it into a reply


ComboFix 14-01-22.01 - kokolul 01/22/2014   2:15.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3581.2260 [GMT -5:00]
Running from: c:\users\kokolul\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-22 to 2014-01-22  )))))))))))))))))))))))))))))))
.
.
2014-01-22 07:30 . 2014-01-22 07:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-22 07:07 . 2014-01-22 07:07 40392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D7A1C7B-D9A3-4A51-852E-FD423BD3128B}\MpKslbbcf73e1.sys
2014-01-22 07:00 . 2013-12-16 06:54 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5D7A1C7B-D9A3-4A51-852E-FD423BD3128B}\mpengine.dll
2014-01-21 04:25 . 2013-12-16 06:54 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-18 13:01 . 2014-01-18 13:01 -------- d-----w- c:\program files\Bethesda Softworks
2014-01-18 12:59 . 2005-04-04 04:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2014-01-18 12:59 . 2005-04-04 04:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2014-01-18 12:59 . 2005-04-04 04:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2014-01-18 12:59 . 2005-04-04 03:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2014-01-18 12:59 . 2005-04-04 04:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2014-01-18 12:59 . 2014-01-18 12:59 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2014-01-18 12:59 . 2014-01-18 12:59 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2014-01-18 12:46 . 2009-02-24 23:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2014-01-18 12:46 . 2014-01-18 12:47 -------- d-----w- c:\program files\MagicDisc
2014-01-17 01:39 . 2014-01-17 01:39 -------- d-----w- c:\program files\AGEIA Technologies
2014-01-17 01:28 . 2012-12-29 10:26 6263784 ----a-w- c:\windows\system32\nvopencl.dll
2014-01-17 01:28 . 2012-12-29 10:26 12641120 ----a-w- c:\windows\system32\nvwgf2um.dll
2014-01-17 01:28 . 2012-12-29 10:26 8904632 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-01-17 01:28 . 2012-12-29 10:26 20450232 ----a-w- c:\windows\system32\nvoglv32.dll
2014-01-17 01:28 . 2012-12-29 10:26 7931896 ----a-w- c:\windows\system32\nvcuda.dll
2014-01-17 01:28 . 2012-12-29 10:26 2720696 ----a-w- c:\windows\system32\nvcuvid.dll
2014-01-17 01:28 . 2012-12-29 10:26 1985976 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-01-17 01:28 . 2012-12-29 10:26 17560504 ----a-w- c:\windows\system32\nvcompiler.dll
2014-01-17 01:23 . 2014-01-17 01:23 -------- d-----w- C:\NVIDIA
2014-01-16 09:34 . 2014-01-16 09:34 -------- d-----w- c:\program files\SystemRequirementsLab
2014-01-16 09:34 . 2014-01-16 09:34 -------- d-----w- c:\programdata\SystemRequirementsLab
2014-01-16 06:34 . 2014-01-16 06:34 -------- d-----w- c:\windows\en
2014-01-16 06:32 . 2014-01-16 06:32 -------- dc----w- c:\windows\system32\DRVSTORE
2014-01-16 06:32 . 2012-03-08 23:32 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2014-01-16 06:27 . 2014-01-16 06:27 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2014-01-16 06:15 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2014-01-16 06:15 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2014-01-16 06:15 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2014-01-16 06:13 . 2014-01-16 06:13 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\21ee08051cf128203\MeshBetaRemover.exe
2014-01-16 06:13 . 2014-01-16 06:13 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\19cb83051cf128202\DXSETUP.exe
2014-01-16 06:13 . 2014-01-16 06:13 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\19cb83051cf128202\dsetup32.dll
2014-01-16 06:13 . 2014-01-16 06:13 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\19cb83051cf128202\DSETUP.dll
2014-01-16 06:13 . 2014-01-16 06:13 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\11c22b551cf128201\DXSETUP.exe
2014-01-16 06:13 . 2014-01-16 06:13 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\11c22b551cf128201\dsetup32.dll
2014-01-16 06:13 . 2014-01-16 06:13 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\11c22b551cf128201\DSETUP.dll
2014-01-16 04:52 . 2014-01-16 04:53 -------- d-----w- c:\program files\Core Temp
2014-01-16 01:32 . 2014-01-16 01:31 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{476FBC94-9335-4FF9-AA43-EB15AB63132A}\gapaengine.dll
2014-01-16 01:31 . 2014-01-16 01:31 -------- d-----w- C:\history
2014-01-15 23:17 . 2014-01-15 23:18 -------- d-----w- c:\program files\Microsoft Security Client
2014-01-15 23:14 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 21:52 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2014-01-15 09:09 . 2014-01-15 09:09 -------- d-----w- c:\users\UpdatusUser
2014-01-15 09:07 . 2013-01-31 11:21 53024 ----a-w- c:\windows\system32\OpenCL.dll
2014-01-15 09:06 . 2014-01-15 09:06 -------- d-----w- c:\programdata\NVIDIA Corporation
2014-01-15 09:04 . 2012-12-29 10:26 889784 ----a-w- c:\windows\system32\nvdispgenco32.dll
2014-01-15 09:04 . 2012-12-29 10:26 1017272 ----a-w- c:\windows\system32\nvdispco32.dll
2014-01-15 09:03 . 2014-01-17 01:40 -------- d-----w- c:\program files\NVIDIA Corporation
2014-01-15 08:57 . 2014-01-15 08:57 -------- d-----w- c:\windows\Sun
2014-01-15 08:56 . 2014-01-15 08:56 -------- d-----w- c:\program files\Common Files\Java
2014-01-15 08:56 . 2014-01-15 08:56 -------- d-----w- c:\programdata\Oracle
2014-01-15 08:55 . 2014-01-15 08:55 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-15 08:55 . 2014-01-15 08:55 -------- d-----w- c:\program files\Java
2014-01-15 07:59 . 2014-01-15 07:59 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F7B209D-BC7F-42E3-9FDA-FFC5E91B1A22}\offreg.dll
2014-01-14 05:54 . 2013-12-16 07:54 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F7B209D-BC7F-42E3-9FDA-FFC5E91B1A22}\mpengine.dll
2014-01-13 02:11 . 2014-01-13 02:11 -------- d-----w- c:\program files\Ventrilo
2014-01-13 02:10 . 2014-01-13 02:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2014-01-13 00:17 . 2012-11-20 22:13 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2014-01-13 00:17 . 2012-11-20 22:13 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2014-01-13 00:17 . 2012-11-20 22:13 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-01-13 00:17 . 2012-11-20 22:13 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-01-13 00:17 . 2014-01-13 00:17 -------- d-----w- c:\program files\Razer
2014-01-13 00:17 . 2014-01-13 00:17 -------- d-----w- c:\programdata\Razer
2014-01-12 18:51 . 2014-01-17 02:01 -------- d-----w- c:\program files\World of Warcraft
2014-01-12 18:51 . 2014-01-12 18:51 -------- d-----w- c:\programdata\Blizzard Entertainment
2014-01-12 18:51 . 2014-01-12 18:51 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2014-01-12 18:43 . 2014-01-12 18:43 -------- d-----w- c:\programdata\Battle.net
2014-01-12 03:33 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2014-01-12 03:22 . 2013-08-27 02:47 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-01-12 03:22 . 2013-08-27 02:47 189952 ----a-w- c:\windows\system32\d3d10core.dll
2014-01-12 03:22 . 2013-08-27 02:47 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2014-01-12 03:22 . 2013-08-27 01:52 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2014-01-12 03:22 . 2013-08-27 01:50 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2014-01-12 03:22 . 2013-08-27 02:47 1029120 ----a-w- c:\windows\system32\d3d10.dll
2014-01-12 03:22 . 2013-08-27 01:32 683008 ----a-w- c:\windows\system32\d2d1.dll
2014-01-12 03:22 . 2013-08-27 01:28 1069056 ----a-w- c:\windows\system32\DWrite.dll
2014-01-12 03:22 . 2013-08-27 01:28 798208 ----a-w- c:\windows\system32\FntCache.dll
2014-01-12 01:54 . 2014-01-12 01:54 -------- d-----w- c:\program files\Windows Portable Devices
2014-01-12 01:47 . 2014-01-12 01:47 -------- d-----w- c:\windows\Migration
2014-01-12 01:37 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-01-12 01:37 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-01-12 01:37 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2014-01-12 01:37 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-01-12 01:37 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-01-12 01:36 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-01-12 01:36 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-01-12 01:36 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-01-12 01:27 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2014-01-12 01:26 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2014-01-12 01:26 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-01-11 22:43 . 2014-01-11 22:43 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2014-01-11 22:41 . 2014-01-11 22:41 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2014-01-11 22:41 . 2014-01-11 22:41 252928 ----a-w- c:\windows\system32\dxdiag.exe
2014-01-11 22:41 . 2014-01-11 22:41 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2014-01-11 22:41 . 2014-01-11 22:41 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-01-11 22:41 . 2014-01-11 22:41 519680 ----a-w- c:\windows\system32\d3d11.dll
2014-01-11 22:41 . 2014-01-11 22:41 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2014-01-11 22:41 . 2014-01-11 22:41 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-01-11 22:07 . 2013-08-01 03:16 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-01-11 22:07 . 2013-08-01 02:49 37376 ----a-w- c:\windows\system32\cdd.dll
2014-01-11 22:05 . 2013-07-17 19:41 2048 ----a-w- c:\windows\system32\tzres.dll
2014-01-11 22:05 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2014-01-11 22:05 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2014-01-11 22:05 . 2013-10-24 00:45 304128 ----a-w- c:\program files\Internet Explorer\ieuser.exe
2014-01-11 22:05 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2014-01-11 22:05 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2014-01-11 22:05 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2014-01-11 22:05 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2014-01-11 21:46 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2014-01-11 21:45 . 2013-10-11 02:08 36864 ----a-w- c:\windows\system32\wshcon.dll
2014-01-11 21:44 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-01-11 21:44 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2014-01-11 21:44 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-01-11 21:44 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2014-01-11 21:44 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2014-01-11 21:44 . 2013-06-01 04:06 505344 ----a-w- c:\windows\system32\qedit.dll
2014-01-11 21:44 . 2013-07-16 04:35 615936 ----a-w- c:\windows\system32\themeui.dll
2014-01-11 21:44 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll
2014-01-11 21:44 . 2013-07-08 04:20 172544 ----a-w- c:\windows\system32\wintrust.dll
2014-01-11 21:44 . 2013-07-08 04:16 98304 ----a-w- c:\windows\system32\cryptnet.dll
2014-01-11 21:44 . 2013-07-08 04:16 133120 ----a-w- c:\windows\system32\cryptsvc.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-16 06:16 . 2011-03-28 23:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-01-11 22:41 . 2014-01-11 22:41 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2014-01-10 13:44 . 2014-01-10 13:44 8704 ----a-w- c:\windows\system32\drivers\XAudio.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 83328 ----a-w- c:\windows\system32\drivers\WUDFRd.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 51200 ----a-w- c:\windows\system32\drivers\WUDFPf.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 15872 ----a-w- c:\windows\system32\drivers\ws2ifsl.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 17976 ----a-w- c:\windows\system32\drivers\wmilib.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 35896 ----a-w- c:\windows\system32\drivers\WdfLdr.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 503864 ----a-w- c:\windows\system32\drivers\Wdf01000.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 22072 ----a-w- c:\windows\system32\drivers\wd.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 32768 ----a-w- c:\windows\system32\drivers\watchdog.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 62464 ----a-w- c:\windows\system32\drivers\wanarp.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 20608 ----a-w- c:\windows\system32\drivers\wacompen.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 130616 ----a-w- c:\windows\system32\drivers\vsmraid.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 227896 ----a-w- c:\windows\system32\drivers\volsnap.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 294456 ----a-w- c:\windows\system32\drivers\volmgrx.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 52792 ----a-w- c:\windows\system32\drivers\volmgr.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 110080 ----a-w- c:\windows\system32\drivers\videoprt.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 41472 ----a-w- c:\windows\system32\drivers\viac7.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 20024 ----a-w- c:\windows\system32\drivers\viaide.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 56888 ----a-w- c:\windows\system32\drivers\VIAAGP.SYS.bak
2014-01-10 13:44 . 2014-01-10 13:44 26112 ----a-w- c:\windows\system32\drivers\vgapnp.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 25088 ----a-w- c:\windows\system32\drivers\vga.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 23552 ----a-w- c:\windows\system32\drivers\usbuhci.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 18944 ----a-w- c:\windows\system32\drivers\usbprint.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 225792 ----a-w- c:\windows\system32\drivers\usbport.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 196608 ----a-w- c:\windows\system32\drivers\usbhub.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 39936 ----a-w- c:\windows\system32\drivers\usbehci.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 5888 ----a-w- c:\windows\system32\drivers\usbd.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 73216 ----a-w- c:\windows\system32\drivers\usbccgp.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 68608 ----a-w- c:\windows\system32\drivers\usbcir.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 25728 ----a-w- c:\windows\system32\drivers\USBCAMD2.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 25728 ----a-w- c:\windows\system32\drivers\USBCAMD.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 7680 ----a-w- c:\windows\system32\drivers\umpass.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 34816 ----a-w- c:\windows\system32\drivers\umbus.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 115816 ----a-w- c:\windows\system32\drivers\ulsata2.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 98408 ----a-w- c:\windows\system32\drivers\ulsata.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 238648 ----a-w- c:\windows\system32\drivers\uliahci.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 60984 ----a-w- c:\windows\system32\drivers\ULIAGPKX.SYS.bak
2014-01-10 13:44 . 2014-01-10 13:44 226816 ----a-w- c:\windows\system32\drivers\udfs.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 59448 ----a-w- c:\windows\system32\drivers\UAGP35.SYS.bak
2014-01-10 13:44 . 2014-01-10 13:44 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS.bak
2014-01-10 13:44 . 2014-01-10 13:44 23552 ----a-w- c:\windows\system32\drivers\tssecsrv.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 54328 ----a-w- c:\windows\system32\drivers\termdd.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 71680 ----a-w- c:\windows\system32\drivers\tdx.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 29184 ----a-w- c:\windows\system32\drivers\tdtcp.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 17920 ----a-w- c:\windows\system32\drivers\tdpipe.sys.bak
2014-01-10 13:44 . 2014-01-10 13:44 20992 ----a-w- c:\windows\system32\drivers\tdi.sys.bak
2014-01-10 13:44 . 2014-01-10 13:43 30208 ----a-w- c:\windows\system32\drivers\tcpipreg.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 24576 ----a-w- c:\windows\system32\drivers\tape.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 34920 ----a-w- c:\windows\system32\drivers\sym_u3.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 31848 ----a-w- c:\windows\system32\drivers\sym_hi.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 35944 ----a-w- c:\windows\system32\drivers\symc8xx.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 15288 ----a-w- c:\windows\system32\drivers\swenum.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 330240 ----a-w- c:\windows\system32\drivers\stwrt.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 52992 ----a-w- c:\windows\system32\drivers\stream.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 123960 ----a-w- c:\windows\system32\drivers\Storport.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 146432 ----a-w- c:\windows\system32\drivers\srv2.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 304640 ----a-w- c:\windows\system32\drivers\srv.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 681984 ----a-w- c:\windows\system32\drivers\spsys.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 21048 ----a-w- c:\windows\system32\drivers\spldr.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 17408 ----a-w- c:\windows\system32\drivers\smclib.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 66560 ----a-w- c:\windows\system32\drivers\smb.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 74808 ----a-w- c:\windows\system32\drivers\sisraid4.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 41016 ----a-w- c:\windows\system32\drivers\sisraid2.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 55864 ----a-w- c:\windows\system32\drivers\SISAGP.SYS.bak
2014-01-10 13:43 . 2014-01-10 13:43 13312 ----a-w- c:\windows\system32\drivers\sfloppy.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 12288 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 11776 ----a-w- c:\windows\system32\drivers\sffp_sd.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 13312 ----a-w- c:\windows\system32\drivers\sffdisk.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 19968 ----a-w- c:\windows\system32\drivers\sermouse.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 83456 ----a-w- c:\windows\system32\drivers\serial.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 17920 ----a-w- c:\windows\system32\drivers\serenum.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 88576 ----a-w- c:\windows\system32\drivers\sdbus.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 142904 ----a-w- c:\windows\system32\drivers\scsiport.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 76392 ----a-w- c:\windows\system32\drivers\sbp2port.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 60416 ----a-w- c:\windows\system32\drivers\rspndr.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 8192 ----a-w- c:\windows\system32\drivers\rootmdm.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 37376 ----a-w- c:\windows\system32\drivers\rixdptsk.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 43520 ----a-w- c:\windows\system32\drivers\rimsptsk.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 32256 ----a-w- c:\windows\system32\drivers\rimmptsk.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 181248 ----a-w- c:\windows\system32\drivers\rdpwd.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 6144 ----a-w- c:\windows\system32\drivers\RDPENCDD.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 248832 ----a-w- c:\windows\system32\drivers\rdpdr.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 6144 ----a-w- c:\windows\system32\drivers\RDPCDD.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 224768 ----a-w- c:\windows\system32\drivers\rdbss.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 69120 ----a-w- c:\windows\system32\drivers\rassstp.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 62976 ----a-w- c:\windows\system32\drivers\raspptp.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 76288 ----a-w- c:\windows\system32\drivers\rasl2tp.sys.bak
2014-01-10 13:43 . 2014-01-10 13:43 11776 ----a-w- c:\windows\system32\drivers\rasacd.sys.bak
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Spotify Web Helper"="c:\users\kokolul\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-01-14 1171968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-18 3810304]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"DSUpdateLauncher"="c:\program files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat" [2008-10-29 123]
.
c:\users\kokolul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2014-1-18 576000]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-27 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Remote Access.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
backup=c:\windows\pss\Dell Remote Access.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^kokolul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=c:\users\kokolul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=c:\windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EarthLink Installer]
/C [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 07:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BingDesktop]
2013-11-01 18:37 2353880 ----a-w- c:\program files\Microsoft\BingDesktop\BingDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell DataSafe Online]
2008-11-03 14:54 1745648 ----a-w- c:\program files\Dell DataSafe Online\DataSafeOnline.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2012-12-29 08:26 4129720 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2009-06-16 16:27 92704 ----a-w- c:\windows\System32\nvhotkey.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2012-12-29 08:25 108984 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2012-12-29 08:26 3001272 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 15:58 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RazerGameBooster]
2013-11-22 18:36 61152 ----a-w- c:\program files\Razer\Razer Game Booster\RazerGameBooster.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-11-14 22:42 20584608 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2014-01-14 23:24 6118400 ----a-w- c:\users\kokolul\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-01-14 23:24 1171968 ----a-w- c:\users\kokolul\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
R4 0254751389275070mcinstcleanup;McAfee Application Installer Cleanup (0254751389275070);c:\windows\TEMP\025475~1.EXE [x]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLBBCF73E1
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-17 04:15 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-09 15:01]
.
2014-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-09 15:01]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-22 02:30
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrueSight]
"ImagePath"="\??\"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(624)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2014-01-22  02:34:03
ComboFix-quarantined-files.txt  2014-01-22 07:33
.
Pre-Run: 210,382,577,664 bytes free
Post-Run: 210,454,470,656 bytes free
.
- - End Of File - - 31B580369625AACDD9A579119E259EF4
5C616939100B85E558DA92B899A0FC36

Edited by kokolul, 22 January 2014 - 02:40 AM.


#8 polskamachina

polskamachina

  • Malware Response Team
  • 3,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 23 January 2014 - 12:44 AM

Hi kokolul :)

Have you noticed any change in your CPU usage since ComboFix ran?

polskamachina

#9 kokolul

kokolul
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 23 January 2014 - 02:50 AM

HI!

To be honest not so much i mean sometimes it goes down but its usually up i checked core temp see if it was over heating and it was not so i'm not really sure



#10 polskamachina

polskamachina

  • Malware Response Team
  • 3,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 25 January 2014 - 04:46 PM

Hi kokolul :)

 

Please click on this link and download Process Explorer. You will need to extract the individual files from the zipped file you've downloaded. Select a folder in your pc where you can easily access the program. The executable file is named, procexp.exe Documentation for the program can be found here.

 

Next time you find that your CPU usage is too high, open Process Explorer. Then go to the menu bar at the top of the window, click on View, then check the options for Show Processes From All Users and Show Fractional CPU. There should be  clear indication of what is causing the CPU usage. Expand the specific line which shows the high usage by clicking on the + sign. Please take a screen grab of the report and attach it to your next reply to me.

 

polskamachina



#11 polskamachina

polskamachina

  • Malware Response Team
  • 3,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 14 February 2014 - 01:48 PM

Hi kokolul :)

 

It's been several weeks since you've checked in. Do you still need help with this? If not, this topic will be closed in 48 hours.
 
Let me know if you have any questions.

 

polskamachina



#12 kokolul

kokolul
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 17 February 2014 - 11:45 AM

Sorry i have been busy i was waiting to see if the problem occurred again but it has not. Thank you very much it it has been fixed i thought it keep going but apperently it was Google Chrome acting up so i switched to Firefox and i have not had it happen again. Im guessing it was some sort of virus or something.

 

 

Again thank you very much for all the help it was really frustrating but we got it done!



#13 polskamachina

polskamachina

  • Malware Response Team
  • 3,922 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 23 February 2014 - 11:29 AM

Hi kokolul :)
 
Glad to know things are running smoothly again. Please check out these last set of instructions:
 
Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!
 
FINAL STEPS

If you are not experiencing any other malware related issues, it is time to do our final steps:

  • Any programs that we had you download and/or install can be removed at this time.
  • If we had you create or download any custom fixes, these can be deleted at this time.
  • If we had you download and run ComboFix, here is how to uninstall it:
    • Press and hold the Windows key Windows_Logo_key.gif and then press the letter R on your keyboard.
    • This opens the Run dialog box.
    • Copy and paste the below text inside the text-field:
      • "%userprofile%\desktop\ComboFix" /uninstall
    • Now press ENTER
    • ComboFix will extract its files one last time and you should receive a notification that ComboFix has been uninstalled shortly after.
  • If you used DeFogger to disable your Disk Emulation Software, you can reopen DeFogger and use the "Enable" button.
  • You can download this tool to delete more traces of our tools. Delete the tool itself afterwards.
  • Toggle System Restore OFF and then back ON.
  • You should delete your old, potentially infected System Restore points and create a new, clean restore point.
    • If you are using Windows Vista, read and follow the steps on "How do I turn System Restore on and off?" proceeded by "How do I create a restore point manually?" from this link.
  • Recommended reading material to protect your computer from infection in the future:

Be safe :hello:
polskamachina



#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:24 PM

Posted 27 February 2014 - 06:34 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users