Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus needed removed: csrss.exe, winlogon.exe, atiedxx.exe, ePowerEvent


  • This topic is locked This topic is locked
5 replies to this topic

#1 ronnie124

ronnie124

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 18 September 2014 - 02:55 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17280  BrowserJavaVersion: 10.45.2
Run by Victoria Seay at 15:42:11 on 2014-09-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1790.453 [GMT -4:00]
.
AV: AVG AntiVirus 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Users\Victoria Seay\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\Victoria Seay\AppData\Local\Google\Chrome Frame\Application\32.0.1700.107\chrome_frame_helper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Users\Victoria Seay\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Users\Victoria Seay\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uDefault_Page_URL = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Victoria Seay\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Facebook Update] "C:\Users\Victoria Seay\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [ChromeFrameHelper] "C:\Users\Victoria Seay\AppData\Local\Google\Chrome Frame\Application\32.0.1700.107\chrome_frame_helper.exe" --startup
uRun: [GoogleChromeAutoLaunch_B98E14A806FF97D21A234B1CD70C6075] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{8DC9E737-4987-4DFB-8EDC-420B830EAC95} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{908DC40F-DFFB-4A6F-BF16-763FFCF9ABB0} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{91AD514A-8B2C-4D6B-9169-B3A97A52043F} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{F8D07A53-381E-4D11-AAEC-F6C4B48E469C} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{F8D07A53-381E-4D11-AAEC-F6C4B48E469C}\2656C6B696E6E2566663 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F8D07A53-381E-4D11-AAEC-F6C4B48E469C}\445766669656C6460275966496 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{F8D07A53-381E-4D11-AAEC-F6C4B48E469C}\8445340284447373638303 : DHCPNameServer = 192.168.33.1
TCP: Interfaces\{F8D07A53-381E-4D11-AAEC-F6C4B48E469C}\960586F6E656 : DHCPNameServer = 198.224.144.135 198.224.145.135
TCP: Interfaces\{F8D07A53-381E-4D11-AAEC-F6C4B48E469C}\D43644F6E616C6463702642756560275966496 : DHCPNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{F8D07A53-381E-4D11-AAEC-F6C4B48E469C}\E4F62747865627E602C4967686473702C4F657E67656 : DHCPNameServer = 192.168.2.1 10.1.10.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Users\Victoria Seay\AppData\Local\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [PLFSetI] C:\Windows\PLFSetI.exe
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2014-09-18 18:58:43 -------- d--h--w- C:\Users\Victoria Seay\.BackupManager
2014-09-18 18:58:36 -------- d-sh--w- C:\.uuid
2014-09-18 18:58:36 -------- d-----w- C:\Users\Victoria Seay\IOption
2014-09-15 22:28:52 157384 ----a-w- C:\Windows\System32\drivers\ESETOlmarikOlmascoCleaner.sys
2014-09-15 21:20:05 -------- d-----w- C:\Program Files\HitmanPro
2014-09-15 21:13:11 -------- d-----w- C:\ProgramData\HitmanPro
2014-09-15 20:29:15 -------- d-----w- C:\ProgramData\Reimage Protector
2014-09-15 20:28:53 -------- d-----w- C:\Program Files\Reimage
2014-09-15 20:28:49 -------- d-----w- C:\rei
2014-09-15 17:25:36 -------- d-----w- C:\SUPERDelete
2014-09-15 17:24:38 -------- d-----w- C:\Users\Victoria Seay\AppData\Roaming\SUPERAntiSpyware.com
2014-09-15 17:23:59 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-09-15 17:23:58 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-09-15 17:13:53 40720 ----a-w- C:\Windows\System32\Partizan.exe
2014-09-15 17:12:09 -------- d-----w- C:\ProgramData\RegRun
2014-09-15 17:07:36 35816 ----a-w- C:\Windows\SysWow64\drivers\Partizan.sys
2014-09-15 17:07:27 2 --shatr- C:\Windows\winstart.bat
2014-09-15 17:07:23 12800 ----a-w- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
2014-09-15 17:07:20 -------- d-----w- C:\Program Files (x86)\UnHackMe
2014-09-15 02:36:40 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-15 02:35:15 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-15 02:35:15 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-09-15 02:35:15 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-15 02:35:15 -------- d-----w- C:\ProgramData\Malwarebytes
2014-09-15 02:35:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-15 00:48:13 -------- d-----w- C:\Users\Victoria Seay\AppData\Roaming\AVG2015
2014-09-15 00:47:05 -------- d-----w- C:\Users\Victoria Seay\AppData\Roaming\TuneUp Software
2014-09-15 00:44:24 -------- d--h--w- C:\$AVG
2014-09-15 00:44:24 -------- d-----w- C:\ProgramData\AVG2015
2014-09-15 00:43:54 -------- d-----w- C:\Program Files (x86)\AVG
2014-09-15 00:37:56 -------- d--h--w- C:\ProgramData\Common Files
2014-09-15 00:37:55 -------- d-----w- C:\Users\Victoria Seay\AppData\Local\MFAData
2014-09-15 00:37:55 -------- d-----w- C:\Users\Victoria Seay\AppData\Local\Avg2015
2014-09-15 00:37:55 -------- d-----w- C:\ProgramData\MFAData
2014-09-15 00:11:07 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2014-09-15 00:11:07 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2014-09-11 19:48:15 -------- d-----w- C:\Users\Victoria Seay\AppData\Roaming\ProductData
2014-09-11 19:46:59 -------- d-----w- C:\ProgramData\ProductData
2014-09-11 19:46:57 -------- d-----w- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-09-11 19:46:53 -------- d-----w- C:\ProgramData\IObit
2014-09-11 19:46:19 -------- d-----w- C:\Program Files (x86)\IObit
2014-09-11 19:45:59 -------- d-----w- C:\Users\Victoria Seay\AppData\Roaming\IObit
2014-09-11 18:39:58 0 ----a-w- C:\Windows\SysWow64\sho27BC.tmp
2014-09-11 18:22:32 -------- d-sh--w- C:\Users\Victoria Seay\AppData\Local\EmieUserList
2014-09-11 18:22:32 -------- d-sh--w- C:\Users\Victoria Seay\AppData\Local\EmieSiteList
2014-09-11 17:58:40 -------- d-----w- C:\Users\Victoria Seay\AppData\Roaming\LG Electronics
2014-09-11 17:39:36 -------- d-----w- C:\Users\Victoria Seay\AppData\Local\LG Electronics
2014-09-11 17:34:40 -------- d-----w- C:\Program Files (x86)\LG Electronics
2014-09-10 23:18:02 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{122BF273-AE03-4642-99AB-0362491283F5}\mpengine.dll
2014-09-10 23:17:12 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-09-10 23:17:11 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-09-10 23:14:52 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-09-10 23:14:51 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-09-10 23:13:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-10 23:12:59 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-10 23:12:58 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-10 23:12:57 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-10 23:12:57 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-10 01:56:53 0 ----a-w- C:\Windows\SysWow64\shoD5C8.tmp
2014-09-09 21:56:51 -------- d-----w- C:\ProgramData\AVAST Software
2014-09-09 21:55:22 -------- d--h--w- C:\Users\Victoria Seay\AppData\Roaming\GoldenGate
2014-09-09 21:54:30 -------- d-----w- C:\Users\Victoria Seay\AppData\Roaming\Gameo
2014-09-09 21:51:23 -------- d-----w- C:\ProgramData\BoostSoftware
2014-09-09 21:50:10 -------- d-----w- C:\Users\Victoria Seay\AppData\Local\Programs
2014-08-29 04:26:03 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-29 04:26:02 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-29 04:26:02 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-29 04:26:02 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-29 04:26:00 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-29 04:26:00 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-29 04:25:15 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-29 04:25:15 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-27 20:10:40 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-27 20:10:40 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-27 20:10:39 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-21 01:45:10 243480 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
.
==================== Find3M  ====================
.
2014-09-11 19:31:30 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-11 19:31:30 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-07 01:39:52 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-08-05 13:20:00 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-07-25 06:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 03:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-24 18:06:36 247576 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-07-18 19:53:26 313624 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-09 12:23:58 0 ----a-w- C:\Windows\SysWow64\sho7C78.tmp
2014-07-02 13:58:24 270616 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2013-05-12 18:50:19 4126720 ----a-w- C:\Program Files (x86)\GUTA9FC.tmp
.
============= FINISH: 15:46:05.27 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 AM

Posted 18 September 2014 - 03:04 PM

Hi,

can you please tell me what problems you are experiencing? What is wrong with csrss.exe, winlogon.exe and the like?

#3 ronnie124

ronnie124
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 18 September 2014 - 03:15 PM

Its causing my system to run slow and I havent been able to access Citrix or Microsoft Visio.  I was told that was the problem.  When I tried to end process through task manager, it gave me an error message.



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 AM

Posted 18 September 2014 - 03:23 PM

I was told that was the problem.

Who told you that?
csrss.exe and winlogon.exe belong to Windows and of course you cannot and should not even think about killing them.

#5 ronnie124

ronnie124
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 18 September 2014 - 05:18 PM

Even if it does not show my name next to it in the task manager. I chatted with someone who works with internet explorer.

#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:06 AM

Posted 18 September 2014 - 05:29 PM

Yes, this happens when task manager doesn't have elevated privileges (that are needed to query the properties of these system processes). Start task manager (taskmgr.exe) as administrator and you will see those information.




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users