Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware threat?


  • This topic is locked This topic is locked
2 replies to this topic

#1 jinxminx

jinxminx

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 01 August 2014 - 01:42 PM

Hi, 

I was running a game booster program from Advanced Care Pro and the diagnosis logs showed repeated attempts to hijack my login I think. I don't know if this is a malware but it sure looks like it. 

 

Here are the logs:

 

01 - Operating System
----------------------------------
 
0101 - Operating System         : Windows 8 64-bit (6.2, Build 9200) (9200.win8_gdr.140502-1507)
0102 - Language                 : English (Regional Setting: English)
0103 - BIOS                     : N56JR.204
0104 - Processor                : Intel® Core™ i7-4700HQ CPU @ 2.40GHz (8 CPUs), ~2.4GHz
0105 - Memory                   : 12288MB RAM
0106 - Available OS Memory      : 12172MB RAM
0107 - Page File                : 3826MB used, 20632MB available
0108 - Windows Dir              : C:\Windows
0109 - DirectX Version          : DirectX 11
0110 - DX Setup Parameters      : Not found
0111 - User DPI Setting         : Using System DPI
0112 - System DPI Setting       : 96 DPI (100 percent)
0113 - DWM DPI Scaling          : Disabled
0114 - DxDiag Version           : 6.02.9200.16384
 
----------------------------------
02 - Processor
----------------------------------
 
0201 - Caption                  : Intel® Core™ i7-4700HQ CPU @ 2.40GHz x8 ~2394MHz
0202 - Current Clock Speed      : 2394MHz
 
----------------------------------
03 - Video Adapter
----------------------------------
 
0301 - Card Name                : Intel® HD Graphics 4600
0302 - Manufacturer             : Intel Corporation
0303 - Chip Type                : Intel® HD Graphics Family
0304 - DAC Type                 : Internal
0305 - Device Key               : Enum\PCI\VEN_8086&DEV_0416&SUBSYS_14AD1043&REV_06
0306 - Display Memory           : 1792 MB
0307 - AdapterRAM               : -2080374784 Byte
0308 - Current Mode             : 1920 x 1080 (32 bit) (60Hz)
0309 - Monitor Name             : Generic PnP Monitor
0310 - Driver Name              : igdumdim64.dll,igd10iumd64.dll,igd10iumd64.dll,igdumdim32,igd10iumd32,igd10iumd32
0311 - Driver Version           : 10.18.0010.3325
0312 - Driver Language          : English
0313 - DDI Version              : 11.1
0314 - Driver Model             : WDDM 1.2
0315 - Driver Beta              : False
0316 - Driver Debug             : False
0317 - Driver Date              : 6/29/2014 06:03:51
0318 - Driver Size              : 12124672
0319 - VDD                      : n/a
0320 - Mini VDD                 : n/a
0321 - Mini VDD Date            : n/a
0322 - Mini VDD Size            : 0
0323 - Device Identifier        : {D7B78E66-4756-11CF-6F7F-A034BBC2C435}
0324 - Vendor ID                : 0x8086
0325 - Device ID                : 0x0416
0326 - SubSys ID                : 0x14AD1043
0327 - Revision ID              : 0x0006
0328 - Driver Strong Name       : oem11.inf:5f63e534dd929195:iHSWM_w8:10.18.10.3325:pci\ven_8086&dev_0416&subsys_14ad1043
0329 - Rank Of Driver           : 00E00001
0330 - Video Accel              : ModeMPEG2_A ModeMPEG2_C ModeWMV9_C ModeVC1_C 
0331 - Deinterlace Caps         : {BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering 
                                  {335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch 
                                  {5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend 
                                  {BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering 
                                  {335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch 
                                  {5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend 
                                  {BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(YV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering 
                                  {335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch 
                                  {5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend 
                                  {BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(NV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering 
                                  {335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(NV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch 
                                  {5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(NV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend 
                                  {BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC1,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering 
                                  {335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC1,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch 
                                  {5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC1,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend 
                                  {BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC2,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering 
                                  {335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch 
                                  {5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend 
                                  {BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC3,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering 
                                  {335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC3,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch 
                                  {5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC3,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend 
                                  {BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC4,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering 
                                  {335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC4,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch 
                                  {5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC4,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend 
0332 - D3D9 Overlay             : Supported
0333 - DXVA-HD                  : Supported
0334 - DDraw Status             : Enabled
0335 - D3D Status               : Enabled
0336 - AGP Status               : Enabled
0337 - Notes                    : No problems found.
 
0338 - OpenGL                   : 6.2.9200.16384 (win8_rtm.120725-1247)
 
----------------------------------
04 - Memory
----------------------------------
 
0401 - Total Memory             : 11.89 GB
0402 - Free Memory              : 9.23 GB
0403 - Total Pagefile           : 23.89 GB
0404 - Free Pagefile            : 20.12 GB
 
0405 - Bank Label               : BANK 0
0406 - Speed                    : 1600 MHz
0407 - Total Width              : 8 Bits
0408 - Capacity                 : 4.00 GB
 
0405 - Bank Label               : BANK 2
0406 - Speed                    : 1600 MHz
0407 - Total Width              : 8 Bits
0408 - Capacity                 : 8.00 GB
 
----------------------------------
05 - Network
----------------------------------
 
0501 - Description              : Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
0502 - Driver Date              : 8-7-2013
0503 - Driver Version           : 10.0.0.263
 
----------------------------------
06 - Motherboard
----------------------------------
 
0601 - Model                    : N56JR
0602 - Manufacturer             : ASUSTeK COMPUTER INC.
 
----------------------------------
07 - Sound Device
----------------------------------
 
0701 - Description              : Speakers (Realtek High Definition Audio)
0702 - Default Sound Playback   : True
0703 - Default Voice Playback   : True
0704 - Hardware ID              : HDAUDIO\FUNC_01&VEN_10EC&DEV_0663&SUBSYS_104314AD&REV_1000
0705 - Manufacturer ID          : 1
0706 - Product ID               : 100
0707 - Type                     : WDM
0708 - Driver Name              : RTKVHD64.sys
0709 - Driver Version           : 6.00.0001.7246
0710 - Driver attributes        : Final Retail
0711 - Date and Size            : 6/22/2014 18:47:57
0713 - Driver Provider          : Realtek Semiconductor Corp.
0714 - Min/Max Sample Rate      : 5373878, 5373878
0715 - Static/Strm HW Mix Bufs  : 5373878, 5373878
0716 - Static/Strm HW 3D Bufs   : 5373878, 5373878
0717 - HW Memory                : 5373886
0718 - Voice Management         : False
0719 - EAX™ 2.0 Listen/Src   : False, False
0720 - I3DL2™ Listen/Src     : False, False
0721 - Notes                    : No problems found.
 
0701 - Description              : Realtek Digital Output (Realtek High Definition Audio)
0702 - Default Sound Playback   : False
0703 - Default Voice Playback   : False
0704 - Hardware ID              : HDAUDIO\FUNC_01&VEN_10EC&DEV_0663&SUBSYS_104314AD&REV_1000
0705 - Manufacturer ID          : 1
0706 - Product ID               : 100
0707 - Type                     : WDM
0708 - Driver Name              : RTKVHD64.sys
0709 - Driver Version           : 6.00.0001.7246
0710 - Driver attributes        : Final Retail
0711 - Date and Size            : 6/22/2014 18:47:57
0713 - Driver Provider          : Realtek Semiconductor Corp.
0714 - Min/Max Sample Rate      : 5373878, 5373878
0715 - Static/Strm HW Mix Bufs  : 5373878, 5373878
0716 - Static/Strm HW 3D Bufs   : 5373878, 5373878
0717 - HW Memory                : 5373886
0718 - Voice Management         : False
0719 - EAX™ 2.0 Listen/Src   : False, False
0720 - I3DL2™ Listen/Src     : False, False
0721 - Notes                    : No problems found.
 
 
----------------------------------
08 - Hard Disk
----------------------------------
 
0801 - Model                    : WDC WD7500BPKX-80HPJT0(Western Digital)
0802 - Media Type               : Fixed hard disk media
0803 - Size                     : 698.64 GB
0804 - Interface Type           : Serial ATA
 
0807 - Caption                  : C:\
0808 - Capacity                 : 279.45 GB
0809 - Free Space               : 204.03 GB
0810 - Drive Type               : 3-Fixed
0811 - File System              : NTFS
 
0807 - Caption                  : D:\
0808 - Capacity                 : 398.07 GB
0809 - Free Space               : 397.43 GB
0810 - Drive Type               : 3-Fixed
0811 - File System              : NTFS
 
----------------------------------
09 - Process
----------------------------------
 
0901 - 0000 Idle                      0 0    0                
0901 - 0004 System                    0 0    0                
0901 - 01c8 smss.exe                  0 0    0   normal       
0901 - 02ec csrss.exe                 0 0    0   normal       
0901 - 034c wininit.exe               0 0    0   high         
0901 - 035c csrss.exe                 1 46   43  normal       
0901 - 0388 winlogon.exe              1 5    0   high         
0901 - 03b0 services.exe              0 0    0   normal       
0901 - 03b8 lsass.exe                 0 0    0   normal       
0901 - 0160 svchost.exe               0 0    0   normal       
0901 - 0188 ASCService.exe            0 0    0   high         C:\Program Files (x86)\IObit\Advanced SystemCare 7
0901 - 00fc nvvsvc.exe                0 0    0   normal       
0901 - 002c svchost.exe               0 0    0   normal       
0901 - 02a8 svchost.exe               0 0    0   normal       
0901 - 02f4 svchost.exe               0 0    0   normal       
0901 - 0360 dwm.exe                   1 22   3   high         
0901 - 0134 svchost.exe               0 0    0   normal       
0901 - 0444 svchost.exe               0 0    0   normal       
0901 - 04e8 nvxdsync.exe              1 32   12  normal       
0901 - 04f0 nvvsvc.exe                1 26   9   normal       
0901 - 0514 svchost.exe               0 0    0   normal       
0901 - 0570 ASLDRSrv.exe              0 0    0   normal       C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey
0901 - 05a8 GFNEXSrv.exe              0 0    0   normal       C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX
0901 - 05d4 AvastSvc.exe              0 0    0   normal       C:\Program Files\AVAST Software\Avast
0901 - 06ec spoolsv.exe               0 0    0   normal       
0901 - 0708 svchost.exe               0 0    0   normal       
0901 - 071c svchost.exe               0 0    0   normal       
0901 - 0734 IMFsrv.exe                0 0    0   normal       C:\Program Files (x86)\IObit\IObit Malware Fighter
0901 - 0794 afwServ.exe               0 0    0   normal       C:\Program Files\AVAST Software\Avast
0901 - 052c armsvc.exe                0 0    0   normal       C:\Program Files (x86)\Common Files\Adobe\ARM\1.0
0901 - 0610 InsOnSrv.exe              0 0    0   normal       C:\Program Files\ASUS\P4G
0901 - 0614 AsusWSWinService.exe      0 0    0   normal       
0901 - 08c8 AdminService.exe          0 0    0   normal       
0901 - 092c SkypeC2CAutoUpdateSvc.exe 0 0    0   normal       C:\Program Files (x86)\Skype\Toolbars\AutoUpdate
0901 - 097c SkypeC2CPNRSvc.exe        0 0    0   normal       C:\Program Files (x86)\Skype\Toolbars\PNRSvc
0901 - 09b8 officeclicktorun.exe      0 0    0   normal       
0901 - 0b70 HeciServer.exe            0 0    0   normal       
0901 - 08d4 daemonu.exe               0 0    0   normal       C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core
0901 - 068c StartMenuServices.exe     0 0    0   normal       C:\Program Files (x86)\IObit\Start Menu 8
0901 - 0c30 Ath_CoexAgent.exe         0 0    0   normal       C:\Program Files (x86)\Bluetooth Suite
0901 - 0ea4 svchost.exe               0 0    0   normal       
0901 - 0f60 dasHost.exe               0 0    0   normal       
0901 - 0f78 dllhost.exe               0 0    0   normal       
0901 - 0bd4 IntelMeFWService.exe      0 0    0   normal       C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService
0901 - 02a0 jhi_service.exe           0 0    0   normal       C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL
0901 - 0e28 LMS.exe                   0 0    0   normal       C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS
0901 - 0908 SearchIndexer.exe         0 0    0   normal       
0901 - 0ecc wmpnetwk.exe              0 0    0   normal       
0901 - 0bd0 WmiPrvSE.exe              0 0    0   normal       
0901 - 10a0 taskhostex.exe            1 13   16  normal       
0901 - 10dc explorer.exe              1 274  247 normal       
0901 - 118c HControl.exe              1 13   5   normal       C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey
0901 - 11a4 Monitor.exe               1 238  37  below normal C:\Program Files (x86)\IObit\Advanced SystemCare 7
0901 - 1210 StartMenu8.exe            1 527  62  normal       C:\Program Files (x86)\IObit\Start Menu 8
0901 - 122c BatteryLife.exe           1 15   9   normal       
0901 - 124c InsOnWMI.exe              1 12   6   normal       C:\Program Files\ASUS\P4G
0901 - 13a4 USBChargerPlus.exe        1 40   8   below normal C:\Program Files (x86)\ASUS\USBChargerPlus
0901 - 13f4 LiveComm.exe              1 4    11  normal       
0901 - 12c4 KBFiltr.exe               1 16   9   normal       C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey
0901 - 0490 ATKOSD2.exe               1 17   12  normal       C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2
0901 - 05a4 DMedia.exe                1 15   5   normal       C:\Program Files (x86)\ASUS\ATK Package\ATK Media
0901 - 0e60 InstallServices64.exe     1 229  78  normal       
0901 - 1314 WmiPrvSE.exe              0 0    0   normal       
0901 - 12ec StartMenu_Hook.exe        1 31   24  normal       C:\Program Files (x86)\IObit\Start Menu 8
0901 - 1274 nvtray.exe                1 66   4   normal       
0901 - 147c AsusTPLoader.exe          1 75   28  below normal 
0901 - 1494 QuickGesture64.exe        1 14   7   above normal 
0901 - 14a4 QuickGesture.exe          1 14   6   above normal C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86
0901 - 1568 AsusTPHelper.exe          1 15   7   below normal 
0901 - 15cc RuntimeBroker.exe         1 4    1   normal       
0901 - 1770 BtvStack.exe              1 39   43  normal       
0901 - 1794 ActivateDesktop.exe       1 9    3   normal       
0901 - 17fc RAVBg64.exe               1 17   15  normal       
0901 - 14ac igfxtray.exe              1 12   5   normal       
0901 - 048c igfxsrvc.exe              1 9    3   normal       
0901 - 155c hkcmd.exe                 1 9    17  normal       
0901 - 0358 igfxpers.exe              1 9    4   normal       
0901 - 1248 ASCTray.exe               1 617  91  normal       C:\Program Files (x86)\IObit\Advanced SystemCare 7
0901 - 1204 PDVD10Serv.exe            1 9    7   normal       C:\Program Files (x86)\CyberLink\PowerDVD10
0901 - 172c brs.exe                   1 9    5   normal       C:\Program Files (x86)\CyberLink\Shared files
0901 - 1610 CLMLSvc.exe               1 15   6   normal       C:\Program Files (x86)\CyberLink\Power2Go
0901 - 1448 avastui.exe               1 142  50  normal       C:\Program Files\AVAST Software\Avast
0901 - 1428 jusched.exe               1 9    2   normal       C:\Program Files (x86)\Common Files\Java\Java Update
0901 - 1884 unsecapp.exe              1 9    4   normal       
0901 - 18fc RAVCpl64.exe              1 54   20  below normal 
0901 - 1944 IMF.exe                   1 143  107 normal       C:\Program Files (x86)\IObit\IObit Malware Fighter
0901 - 1b0c AsusTPCenter.exe          1 80   37  below normal 
0901 - 051c RealTimeProtector.exe     1 45   30  normal       C:\Program Files (x86)\IObit\Advanced SystemCare 7
0901 - 1a54 chrome.exe                1 295  65  normal       C:\Program Files (x86)\Google\Chrome\Application
0901 - 1424 chrome.exe                1 12   4   normal       C:\Program Files (x86)\Google\Chrome\Application
0901 - 1454 taskeng.exe               1 9    3   normal       
0901 - 1680 ASC.exe                   1 2886 99  normal       C:\Program Files (x86)\IObit\Advanced SystemCare 7
0901 - 12d4 gbtray.exe                1 54   43  normal       C:\Program Files (x86)\IObit\Game Booster 3
0901 - 1b84 chrome.exe                1 170  1   below normal C:\Program Files (x86)\Google\Chrome\Application
0901 - 18b8 chrome.exe                1 100  1   below normal C:\Program Files (x86)\Google\Chrome\Application
0901 - 164c chrome.exe                1 864  1   below normal C:\Program Files (x86)\Google\Chrome\Application
0901 - 0dec chrome.exe                1 11   1   normal       C:\Program Files (x86)\Google\Chrome\Application
0901 - 1540 chrome.exe                1 392  1   below normal C:\Program Files (x86)\Google\Chrome\Application
0901 - 1370 chrome.exe                1 352  1   normal       C:\Program Files (x86)\Google\Chrome\Application
0901 - 0fa8 chrome.exe                1 238  1   below normal C:\Program Files (x86)\Google\Chrome\Application
0901 - 10a8 taskeng.exe               0 0    0   below normal 
0901 - 1590 GameBooster.exe           1 1511 79  normal       C:\Program Files (x86)\IObit\Game Booster 3
0901 - 0bdc chrome.exe                1 4    1   normal       C:\Program Files (x86)\Google\Chrome\Application
 
 
----------------------------------
10 - Service
----------------------------------
 
1001 - Adobe Acrobat Update Service - ["C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"]
1001 - Advanced SystemCare Service 7 - [C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe]
1001 - Application Information - [C:\Windows\system32\svchost.exe -k netsvcs]
1001 - ASLDR Service - [C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe]
1001 - ASUS InstantOn Service - [C:\Program Files\ASUS\P4G\InsOnSrv.exe]
1001 - Asus WebStorage Windows Service - ["C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe"]
1001 - AtherosSvc - ["C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"]
1001 - ATKGFNEX Service - [C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe]
1001 - Windows Audio Endpoint Builder - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted]
1001 - Windows Audio - [C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted]
1001 - avast! Antivirus - ["C:\Program Files\AVAST Software\Avast\AvastSvc.exe"]
1001 - avast! Firewall - ["C:\Program Files\AVAST Software\Avast\afwServ.exe"]
1001 - Base Filtering Engine - [C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork]
1001 - Background Intelligent Transfer Service - [C:\Windows\System32\svchost.exe -k netsvcs]
1001 - Computer Browser - [C:\Windows\System32\svchost.exe -k netsvcs]
1001 - Skype Click to Call Updater - ["C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service]
1001 - Skype Click to Call PNR Service - ["C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service]
1001 - Microsoft Office ClickToRun Service - ["C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service]
1001 - Cryptographic Services - [C:\Windows\system32\svchost.exe -k NetworkService]
1001 - Device Association Service - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]
1001 - DHCP Client - [C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted]
1001 - DNS Client - [C:\Windows\system32\svchost.exe -k NetworkService]
1001 - Windows Event Log - [C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted]
1001 - COM+ Event System - [C:\Windows\system32\svchost.exe -k LocalService]
1001 - Function Discovery Provider Host - [C:\Windows\system32\svchost.exe -k LocalService]
1001 - Function Discovery Resource Publication - [C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation]
1001 - Windows Font Cache Service - [C:\Windows\system32\svchost.exe -k LocalService]
1001 - HomeGroup Listener - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted]
1001 - HomeGroup Provider - [C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted]
1001 - IKE and AuthIP IPsec Keying Modules - [C:\Windows\system32\svchost.exe -k netsvcs]
1001 - IMF Service - [C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe]
1001 - Intel® Capability Licensing Service Interface - ["C:\Program Files\Intel\iCLS Client\HeciServer.exe"]
1001 - Intel® ME Service - ["C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe"]
1001 - Intel® Dynamic Application Loader Host Interface Service - ["C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe"]
1001 - CNG Key Isolation - [C:\Windows\system32\lsass.exe]
1001 - Server - [C:\Windows\system32\svchost.exe -k netsvcs]
1001 - Workstation - [C:\Windows\System32\svchost.exe -k NetworkService]
1001 - TCP/IP NetBIOS Helper - [C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted]
1001 - Intel® Management and Security Application Local Management Service - ["C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"]
1001 - Windows Firewall - [C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork]
1001 - Network Connected Devices Auto-Setup - [C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork]
1001 - Network Connections - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted]
1001 - Network List Service - [C:\Windows\System32\svchost.exe -k LocalService]
1001 - Network Location Awareness - [C:\Windows\System32\svchost.exe -k NetworkService]
1001 - Network Store Interface Service - [C:\Windows\system32\svchost.exe -k LocalService]
1001 - NVIDIA Display Driver Service - ["C:\Windows\system32\nvvsvc.exe"]
1001 - NVIDIA Update Service Daemon - ["C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"]
1001 - Peer Networking Identity Manager - [C:\Windows\System32\svchost.exe -k LocalServicePeerNet]
1001 - Peer Networking Grouping - [C:\Windows\System32\svchost.exe -k LocalServicePeerNet]
1001 - Program Compatibility Assistant Service - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]
1001 - Plug and Play - [C:\Windows\system32\svchost.exe -k DcomLaunch]
1001 - Peer Name Resolution Protocol - [C:\Windows\System32\svchost.exe -k LocalServicePeerNet]
1001 - Power - [C:\Windows\system32\svchost.exe -k DcomLaunch]
1001 - User Profile Service - [C:\Windows\system32\svchost.exe -k netsvcs]
1001 - Security Accounts Manager - [C:\Windows\system32\lsass.exe]
1001 - System Event Notification Service - [C:\Windows\system32\svchost.exe -k netsvcs]
1001 - Shell Hardware Detection - [C:\Windows\System32\svchost.exe -k netsvcs]
1001 - Print Spooler - [C:\Windows\System32\spoolsv.exe]
1001 - SSDP Discovery - [C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation]
1001 - StartMenu8 Service - [C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe]
1001 - Superfetch - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]
1001 - Remote Desktop Services - [C:\Windows\System32\svchost.exe -k NetworkService]
1001 - Themes - [C:\Windows\System32\svchost.exe -k netsvcs]
1001 - Distributed Link Tracking Client - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted]
1001 - UPnP Device Host - [C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation]
1001 - Windows Connection Manager - [C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted]
1001 - WinHTTP Web Proxy Auto-Discovery Service - [C:\Windows\system32\svchost.exe -k LocalService]
1001 - Windows Management Instrumentation - [C:\Windows\system32\svchost.exe -k netsvcs]
1001 - WLAN AutoConfig - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]
1001 - Windows Media Player Network Sharing Service - ["C:\Program Files\Windows Media Player\wmpnetwk.exe"]
1001 - Security Center - [C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted]
1001 - Windows Search - [C:\Windows\system32\SearchIndexer.exe /Embedding]
1001 - Windows Driver Foundation - User-mode Driver Framework - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]
1001 - ZAtheros Bt and Wlan Coex Agent - [C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe]
 
----------------------------------
12 - Event Log
----------------------------------
 
1201 - Time                     : 01/08/2014 19:08:33
1202 - Source                   : IMFservice
1203 - Description              : N/A
 
1201 - Time                     : 01/08/2014 19:08:33
1202 - Source                   : IMFservice
1203 - Description              : N/A
 
1201 - Time                     : 01/08/2014 17:25:26
1202 - Source                   : Customer Experience Improvement Program
1203 - Description              : A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005).
 
1201 - Time                     : 01/08/2014 16:06:37
1202 - Source                   : Application Error
1203 - Description              : Faulting application name: Register.exe, version: 7.3.0.836, time stamp: 0x5360d210
                                  Faulting module name: ntdll.dll, version: 6.2.9200.16912, time stamp: 0x53645e25
                                  Exception code: 0xc0000005
                                  Fault offset: 0x000538f4
                                  Faulting process id: 0x16f0
                                  Faulting application start time: 0x01cfad5f7e86b737
                                  Faulting application path: C:\Program Files (x86)\IObit\Advanced SystemCare 7\Register.exe
                                  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
                                  Report Id: c284ad24-1952-11e4-bec7-6c71d9a798ea
                                  Faulting package full name: 
                                  Faulting package-relative application ID: 
 
1201 - Time                     : 01/08/2014 15:04:07
1202 - Source                   : SideBySide
1203 - Description              : Activation context generation failed for "c:\program files (x86)\cyberlink\mediaespresso\devicedetector\DeviceDetector.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
 
1201 - Time                     : 01/08/2014 15:04:07
1202 - Source                   : SideBySide
1203 - Description              : Activation context generation failed for "c:\program files (x86)\cyberlink\mediaespresso\vthum.exe.Manifest". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
 
1201 - Time                     : 01/08/2014 15:04:07
1202 - Source                   : SideBySide
1203 - Description              : Activation context generation failed for "c:\program files (x86)\cyberlink\mediaespresso\MediaEspresso.exe.Manifest". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
 
1201 - Time                     : 01/08/2014 15:03:33
1202 - Source                   : SideBySide
1203 - Description              : Activation context generation failed for "c:\program files (x86)\cyberlink\powerdvd10\Activate.exe". Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
 
1201 - Time                     : 01/08/2014 15:03:29
1202 - Source                   : SideBySide
1203 - Description              : Activation context generation failed for "C:\Program Files (x86)\CyberLink\DVD Suite\PowerStarter.exe.Manifest". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
 
1201 - Time                     : 31/07/2014 15:22:24
1202 - Source                   : SideBySide
1203 - Description              : Activation context generation failed for "c:\program files (x86)\cyberlink\mediaespresso\devicedetector\DeviceDetector.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found. Please use sxstrace.exe for detailed diagnosis.
 
1201 - Time                     : 01/08/2014 18:57:44
1202 - Source                   : volmgr
1203 - Description              : An attempt was made to query the existence of a blank password for an account.
                                  
                                  Subject:
                                   Security ID: S-1-5-21-3403846478-260948124-234360153-1002
                                   Account Name: Smita Mitra
                                   Account Domain: Smita
                                   Logon ID: 0x35358
                                  
                                  Additional Information:
                                   Caller Workstation: SMITA
                                   Target Account Name: UpdatusUser
                                   Target Account Domain: Smita
 
1201 - Time                     : 01/08/2014 18:57:44
1202 - Source                   : Microsoft-Windows-Kernel-General
1203 - Description              : An attempt was made to query the existence of a blank password for an account.
                                  
                                  Subject:
                                   Security ID: S-1-5-21-3403846478-260948124-234360153-1002
                                   Account Name: Smita Mitra
                                   Account Domain: Smita
                                   Logon ID: 0x35358
                                  
                                  Additional Information:
                                   Caller Workstation: SMITA
                                   Target Account Name: HomeGroupUser$
                                   Target Account Domain: Smita
 
1201 - Time                     : 01/08/2014 18:57:37
1202 - Source                   : Microsoft-Windows-Kernel-Boot
1203 - Description              : An attempt was made to query the existence of a blank password for an account.
                                  
                                  Subject:
                                   Security ID: S-1-5-21-3403846478-260948124-234360153-1002
                                   Account Name: Smita Mitra
                                   Account Domain: Smita
                                   Logon ID: 0x35358
                                  
                                  Additional Information:
                                   Caller Workstation: SMITA
                                   Target Account Name: Guest
                                   Target Account Domain: Smita
 
1201 - Time                     : 01/08/2014 17:08:24
1202 - Source                   : Microsoft-Windows-Kernel-General
1203 - Description              : An attempt was made to query the existence of a blank password for an account.
                                  
                                  Subject:
                                   Security ID: S-1-5-21-3403846478-260948124-234360153-1002
                                   Account Name: Smita Mitra
                                   Account Domain: Smita
                                   Logon ID: 0x35358
                                  
                                  Additional Information:
                                   Caller Workstation: SMITA
                                   Target Account Name: Guest
                                   Target Account Domain: Smita
 
1201 - Time                     : 01/08/2014 17:05:18
1202 - Source                   : volmgr
1203 - Description              : An attempt was made to query the existence of a blank password for an account.
                                  
                                  Subject:
                                   Security ID: S-1-5-19
                                   Account Name: LOCAL SERVICE
                                   Account Domain: NT AUTHORITY
                                   Logon ID: 0x3E5
                                  
                                  Additional Information:
                                   Caller Workstation: SMITA
                                   Target Account Name: Administrator
                                   Target Account Domain: Smita
 
1201 - Time                     : 01/08/2014 17:05:18
1202 - Source                   : Microsoft-Windows-Kernel-General
1203 - Description              : An attempt was made to query the existence of a blank password for an account.
                                  
                                  Subject:
                                   Security ID: S-1-5-21-3403846478-260948124-234360153-1002
                                   Account Name: Smita Mitra
                                   Account Domain: Smita
                                   Logon ID: 0x35358
                                  
                                  Additional Information:
                                   Caller Workstation: SMITA
                                   Target Account Name: UpdatusUser
                                   Target Account Domain: Smita
 
1201 - Time                     : 01/08/2014 17:04:30
1202 - Source                   : Microsoft-Windows-Kernel-General
1203 - Description              : An attempt was made to query the existence of a blank password for an account.
                                  
                                  Subject:
                                   Security ID: S-1-5-19
                                   Account Name: LOCAL SERVICE
                                   Account Domain: NT AUTHORITY
                                   Logon ID: 0x3E5
                                  
                                  Additional Information:
                                   Caller Workstation: SMITA
                                   Target Account Name: Administrator
                                   Target Account Domain: Smita
 
1201 - Time                     : 01/08/2014 17:01:13
1202 - Source                   : Service Control Manager
1203 - Description              : The Windows Firewall service started successfully.
 
1201 - Time                     : 01/08/2014 16:17:50
1202 - Source                   : DCOM
1203 - Description              : Windows is starting up.
                                  
                                  This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
 
What should I do? Thanks for your help in advance.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 AM

Posted 06 August 2014 - 09:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 AM

Posted 12 August 2014 - 09:41 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users