Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 infected strange services and processes and programs created.


  • This topic is locked This topic is locked
7 replies to this topic

#1 spoonman21

spoonman21

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:10:38 AM

Posted 25 January 2014 - 04:33 AM

Below is a DDS scan of my PC.  I was doing a weekly scan when I noticed some strange processes and programs appear that are unfamiliar to me.
 
Can somebody please help me figure this out?
Windows 7 on a Compac dv6 
 
 
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428
Run by ShawnR at 3:14:56 on 2014-01-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8140.6621 [GMT -6:00]
.
AV: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ESET NOD32 Antivirus 7.0 *Enabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\CISVC.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
BHO: AutorunsDisabled - <orphaned>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [WinPatrol PLUS] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoCDBurning = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{40EA544D-5B66-45D0-B343-F58F22191B4B} : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{40EA544D-5B66-45D0-B343-F58F22191B4B}\255656375613 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{40EA544D-5B66-45D0-B343-F58F22191B4B}\54C65667164756D233548373 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{40EA544D-5B66-45D0-B343-F58F22191B4B}\6427F6E64796562703032373 : DHCPNameServer = 192.168.254.254
Filter: AutorunsDisabled - <Clsid value has no data>
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: AutorunsDisabled - <Clsid value has no data>
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ShawnR\AppData\Roaming\Mozilla\Firefox\Profiles\hoz6ssuv.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-3-2 14456]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-9-17 239320]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\System32\drivers\HWiNFO64A.SYS [2013-11-8 31648]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-3-10 204288]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-9-12 1337752]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2013-9-17 157432]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-7-3 1228504]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-3-12 342528]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-3-10 12289472]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-11 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-11 181248]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-7-3 18456]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-1-12 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-10 428136]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2011-7-18 1098344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-7-3 660184]
S3 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2014-1-5 89600]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2014-1-4 21712]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2011-8-12 194624]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2011-8-12 68160]
S3 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
S3 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S3 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2013-8-19 270624]
S3 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
S3 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe [2013-12-17 46904]
S3 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-10 13592]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-4-9 169752]
S3 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-2-24 2413056]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-10 111616]
S3 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
S3 JohnDeereApexService;John Deere Apex Service;C:\Program Files (x86)\GreenStar\Apex2.0\Apex\JohnDeere.ApexWDT.exe [2013-10-31 53360]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
S3 LVUVC64;Logitech Webcam 300(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-7 19456]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\Windows\System32\drivers\rtwlane.sys [2013-5-2 1514568]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-7 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-7 30208]
S3 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-10 2656536]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-7 1255736]
S3 WsAudio_Device(1);WsAudio_Device(1);C:\Windows\System32\drivers\VirtualAudio1.sys [2013-4-21 31080]
S3 WsAudio_Device(2);WsAudio_Device(2);C:\Windows\System32\drivers\VirtualAudio2.sys [2013-4-21 31080]
S3 WsAudio_Device(3);WsAudio_Device(3);C:\Windows\System32\drivers\VirtualAudio3.sys [2013-4-21 31080]
S3 WsAudio_Device(4);WsAudio_Device(4);C:\Windows\System32\drivers\VirtualAudio4.sys [2013-4-21 31080]
S3 WsAudio_Device(5);WsAudio_Device(5);C:\Windows\System32\drivers\VirtualAudio5.sys [2013-4-21 31080]
.
=============== Created Last 30 ================
.
2014-01-17 06:33:01 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-15 03:25:25 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-15 03:25:23 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 03:25:23 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 03:25:23 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 03:25:23 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 03:25:23 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 03:25:23 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 03:25:23 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 03:25:19 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-06 07:01:21 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
2014-01-06 03:56:44 90624 ----a-w- C:\Windows\System32\AESTCo64.dll
2014-01-06 03:56:44 68608 ----a-w- C:\Windows\System32\AESTAR64.dll
2014-01-06 03:56:44 4779520 ----a-w- C:\Windows\System32\stlang64.dll
2014-01-06 03:56:44 442368 ----a-w- C:\Windows\System32\AESTEC64.dll
2014-01-06 03:56:44 221184 ----a-w- C:\Windows\System32\HPToneCtrls64.dll
2014-01-06 03:56:44 162304 ----a-w- C:\Windows\System32\AESTAC64.dll
2014-01-06 03:56:44 1523712 ----a-w- C:\Windows\System32\IDTNC64.cpl
2014-01-06 03:56:44 1128448 ----a-w- C:\Windows\sttray64.exe
2014-01-06 03:56:42 -------- d-----w- C:\Program Files\IDT
2014-01-05 12:12:40 -------- d-----w- C:\Users\ShawnR\AppData\Roaming\WinBatch
2014-01-05 04:29:40 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
2014-01-01 23:34:03 -------- d-----w- C:\FRST
2014-01-01 23:02:30 388096 ----a-r- C:\Users\ShawnR\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-01-01 23:02:30 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-01-01 20:03:17 -------- d-----w- C:\Users\ShawnR\AppData\Roaming\Foxit Software
2014-01-01 20:03:04 -------- d-----w- C:\Program Files (x86)\Foxit Software
2014-01-01 19:23:23 -------- d-----w- C:\Users\ShawnR\AppData\Local\Diagnostics
2014-01-01 14:59:02 -------- d-----w- C:\Users\ShawnR\AppData\Local\Tago_Software
2014-01-01 14:58:33 -------- d-----w- C:\Program Files (x86)\Tago Software
.
==================== Find3M  ====================
.
2014-01-17 06:34:35 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-17 06:34:35 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-05 04:01:50 31648 ----a-w- C:\Windows\System32\drivers\HWiNFO64A.SYS
2013-12-11 03:36:28 8641416 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
.
============= FINISH:  3:15:06.97 ===============
 


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 25 January 2014 - 08:21 PM

Hello,

 

I noticed some strange processes and programs appear that are unfamiliar to me.

Can you please specify which of these processes and programs look unfamiliar and strange to you?

I couldn't yet spot any sign of malicious activity.



#3 spoonman21

spoonman21
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:10:38 AM

Posted 25 January 2014 - 11:43 PM

Hello and thanks for taking time to help me.

Looking at the log you don't see anything wrong?
C:\Windows\system32\CISVC.EXE I've read that this isn't a good thing to have, read on this website.

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-7 30208]


2014-01-15 03:25:23 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 03:25:23 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 03:25:23 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 03:25:23 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 03:25:23 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 03:25:23 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 03:25:23 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 03:25:19 376768 ----a-w- C:\Windows\System32\drivers\netio.sys

Doesn't this look suspicious? If not then i'm sorry for wasting your time.
PC seems to boot fine not too slow but I do scans and visit GRC website and worry bout some ports that arent stealth. I had Outpost firewall but it didnt seem it was set up properly. Now I am back with windows firewall.

Can you suggest some scans and see if anything comes up?

Thanks again.
Shawn

#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 28 January 2014 - 01:08 PM

Hi,

 

no, still not suspicous.

You can run a MBAM scan if you want a second opinion:

 

 

Please download Malwarebytes Anti-Malware and save it to your Desktop.

  • Execute the downloaded setup to install MBAM on your computer.
  • Start MBAM with administator privileges.
  • Open the tab Update and click on Check for Updates.
  • Open the tab Scanner, select Perform Quick Scan and press the Scan button.
  • When the scan is finished click on Show results.
  • Make sure that all the malware found is checked and click on Remove selected. Allow a reboot if one is required.
  • When finished MBAM shows a log file. (It can also be found under the Logs tab.)
    Please copy and paste the contents of this log file in your next reply.

 



#5 spoonman21

spoonman21
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:10:38 AM

Posted 28 January 2014 - 07:13 PM

 
Fair enough I guess. I should be happy with the results, sorry for wasting your time.
 
 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.28.10
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
ShawnR :: SHAWNR-HP [administrator]
 
1/28/2014 6:09:00 PM
mbam-log-2014-01-28 (18-09-00).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 237628
Time elapsed: 2 minute(s), 19 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#6 spoonman21

spoonman21
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:10:38 AM

Posted 28 January 2014 - 07:28 PM

I did a sfc scan of my PC and it found errors and repaired them. I opened the log file once I copied it to a different folder because of access denied. But can you help me how to understand the results the thing is HUGE and doesn't make alot of sense to me.  Please help.



#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 PM

Posted 31 January 2014 - 05:57 PM

Hi,

since this doesn't seem to be a malware related case I suggest you ask in the appropriate Windows 7 forum for assistance with interpreting the sfc log.

#8 spoonman21

spoonman21
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Minnesota
  • Local time:10:38 AM

Posted 03 February 2014 - 12:01 AM

Thank you for your help.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users