|
|
|
High-spec PC running cripplingly slow
|
|
|
andrew077
Newbie
|
9. May 2012 @ 23:28 |
Link to this message
|
Thanks in advance to anyone who can help out.
Yesterday my PC started running abnormally for the specs it has which is 8GB ram, 3.4 ghz, Win7 64-bit.
Full dxdiag report here
Physical memory usage is at 25% and CPU usage is at around 2%. No processes are taking up any significant amount of memory and I've set everything I can, such as BIOS and all settings in the AMD catalyst control center back to optimal defaults. I've also run virus scans which show no problems.
The problem is, it's unusably slow. Opening folders will freeze up the screen for 20-30 seconds, opening Chrome will stop everything working entirely and Opera just barley works (I'm being interrupted every 20 seconds or so with lag).
The problem started yesterday but I only really noticed it after I installed Dead Space 2 (not sure if this was just coincidental) but in any case, I uninstalled and did a system restore to before it was installed but still no luck. My only thought is perhaps a virus that I'm just not finding.
Can anyone help figure out what's causing this, or show me how I can find out for myself, so I can begin to fix this. Thanks so much
This message has been edited since posting. Last time this message was edited on 9. May 2012 @ 23:28
|
|
Advertisement
|
|
|
|
Senior Member
|
9. May 2012 @ 23:48 |
Link to this message
|
any recent changes made to your machine?any recent downloads.what kind of antivirus,spyware,malware programs are you presently running?how are you on doing regular housekeeping,ie defrag and disk cleanup?post back with the answers and we can work out a course of action.
|
|
andrew077
Newbie
|
10. May 2012 @ 00:00 |
Link to this message
|
I can't recall any major changes since it was working perfectly until last night when the problems started. I think I may have updated my video card drivers a few days ago, but I rolled back the drivers just then and it made no difference. Basically, everything was fine in the morning, then I installed Dead Space 2, played for a bit, came back an hour later and noticed everything was lagging. Like I said, nothing taking up CPU/ram, I uninstalled the game and did a restore to earlier that day (that seems to be the earliest restore point I can choose)
My computer is only about 4-5 weeks old and I've done one defrag and cleanup since.
I use AVG 2012 and Norton which both show no problems.
Thanks again
|
|
andrew077
Newbie
|
10. May 2012 @ 00:07 |
Link to this message
|
Here's a screen of my processes tab if it helps
EDIT: I'm also receiving this error
This message has been edited since posting. Last time this message was edited on 10. May 2012 @ 01:00
|
Senior Member
|
10. May 2012 @ 01:43 |
Link to this message
|
|
nope,doesnt help me.the questions i asked in my earlier post will give me all the info i need.Al.
|
|
andrew077
Newbie
|
10. May 2012 @ 01:53 |
Link to this message
|
|
Okay, I think I answered them all in the previous post though, is there anything else I can provide?
Also, I believe whatever is causing the error message in the second screenshot is what's causing the problem.
|
Senior Member
|
10. May 2012 @ 02:00 |
Link to this message
|
|
sorry,didnt see that post right away.so,download update and run hijack this.dont fix anything at this time,just post the log and we will take it from there.Al
|
|
andrew077
Newbie
|
10. May 2012 @ 02:07 |
Link to this message
|
|
Alright, will do, chkdsk is currently running though so I'll add the hijack this report once Windows starts up again.
|
Senior Member
|
10. May 2012 @ 02:18 |
Link to this message
|
good idea running chkdsk.you may be right about that screenshot.you may just have problem with your antivirus,but before uninstall and reinstall better be sure there isnt something else lurking.
This message has been edited since posting. Last time this message was edited on 10. May 2012 @ 02:20
|
|
andrew077
Newbie
|
10. May 2012 @ 03:41 |
Link to this message
|
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:40:21 PM, on 10/05/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Andrew\AppData\Local\Opera\Opera\temporary_downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKCU\..\Run: [Google Update] "C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8567 bytes
|
|
andrew077
Newbie
|
10. May 2012 @ 04:15 |
Link to this message
|
|
I should also note that chkdsk didn't finish running. It was stuck at 10% (115255 of 1857677) for over 4 hours.
|
Senior Member
|
10. May 2012 @ 11:31 |
Link to this message
|
ok,for starters,you seem to have two antivirus programs on your comp.there can only be one.this,in itself can cause the problem your screenshot shows.after deleting the extra av program,run another hijack this scan and delete the following.
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
after deleting these entries,download,update and run,malwarebytes.delete anything it comes up with.next,download,update,and run,superantispyware,and delete anything it comes up with.then run hjt and post a new log.also post if your comp is any better.
|
|
andrew077
Newbie
|
10. May 2012 @ 20:00 |
Link to this message
|
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:00:27 AM, on 11/05/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Andrew\AppData\Local\Opera\Opera\temporary_downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7407 bytes
|
|
andrew077
Newbie
|
10. May 2012 @ 20:04 |
Link to this message
|
I uninstalled Avast so the only antivirus I had was AVG.
I deleted those files you listed then ran Malwarebytes which showed no threats, then superantivirus which only removed a few tracking cookies.
The problem still exists though. Low CPU/RAM usage but everything is incredibly slow, opening a folder takes about 20 seconds.
When I go out today I'll run chkdsk again and hopefully it doesn't freeze up and actually finishes this time.
|
Senior Member
|
10. May 2012 @ 20:29 |
Link to this message
|
those nasties seem to be coming back.virtually every entry you deleted with hijack this is back.now,download the latest version of combofix.follow the instructions to the letter.disable your antivirus as well.run combofix.do not even so much as drag your mouse across its window while it is running.wait until it finishes and shows a log.post the combofix log as well as another hijack this log.
|
|
andrew077
Newbie
|
10. May 2012 @ 20:57 |
Link to this message
|
ComboFix 12-05-10.04 - Andrew 11/05/2012 10:42:38.2.8 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.8109.6373 [GMT 10:00]
Running from: c:\users\Andrew\AppData\Local\Opera\Opera\temporary_downloads\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-11 to 2012-05-11 )))))))))))))))))))))))))))))))
.
.
2012-05-11 00:45 . 2012-05-11 00:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-10 23:33 . 2012-05-10 23:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-10 23:33 . 2012-05-10 23:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-10 23:32 . 2012-05-10 23:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-10 23:32 . 2012-05-10 23:32 -------- d-----w- c:\programdata\Malwarebytes
2012-05-10 23:32 . 2012-04-04 05:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-10 02:44 . 2012-05-10 04:46 -------- d-----w- c:\windows\SysWow64\Wat
2012-05-10 02:44 . 2012-05-10 04:46 -------- d-----w- c:\windows\system32\Wat
2012-05-10 02:35 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2012-05-10 02:35 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2012-05-10 02:26 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-10 02:26 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-10 02:26 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-10 02:26 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-10 02:26 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-10 02:26 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-10 02:26 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-09 11:33 . 2012-05-09 11:33 -------- d-----w- c:\windows\system32\appmgmt
2012-05-09 11:32 . 2012-05-09 11:32 -------- d-----w- c:\programdata\Solidshield
2012-05-08 05:51 . 2012-05-08 05:51 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-05-08 05:51 . 2012-05-08 05:51 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-05-08 05:51 . 2009-11-25 02:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-05-08 05:51 . 2009-11-25 02:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-05-08 05:51 . 2009-11-25 02:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-05-08 05:51 . 2009-11-25 02:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-05-08 05:51 . 2009-11-25 02:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-05-08 05:51 . 2009-11-25 02:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-05-08 05:51 . 2009-11-25 02:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-05-08 05:51 . 2009-11-25 02:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-05-08 05:51 . 2009-11-25 02:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-05-08 05:51 . 2009-11-25 02:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-05-08 05:26 . 2012-05-08 05:26 -------- d-----w- c:\program files (x86)\RailSimulator.com
2012-05-08 01:39 . 2012-05-08 01:39 -------- d-----w- c:\programdata\ATI
2012-05-08 01:38 . 2012-05-08 01:38 -------- d-----w- c:\programdata\AMD
2012-05-08 01:38 . 2012-05-08 01:38 -------- d-----w- c:\program files (x86)\AMD AVT
2012-05-08 01:38 . 2012-05-08 01:38 -------- d-----w- c:\program files (x86)\AMD APP
2012-05-08 01:36 . 2012-05-08 01:36 -------- d-----w- C:\AMD
2012-05-07 07:05 . 2012-05-07 07:05 -------- d-----w- C:\Brother
2012-05-07 07:05 . 2012-05-07 07:05 -------- d-----w- c:\program files (x86)\Browny02
2012-05-07 07:05 . 2010-05-10 08:45 103736 ----a-w- c:\windows\SysWow64\BRRBTOOL.EXE
2012-05-07 07:05 . 2005-01-17 07:10 45056 ----a-w- c:\windows\SysWow64\BRTCPCON.DLL
2012-05-07 07:05 . 2010-04-02 05:33 25299 ----a-w- c:\windows\SysWow64\BRLM03A.DLL
2012-05-07 07:05 . 2004-08-09 06:42 77824 ----a-w- c:\windows\SysWow64\BRLMW03A.DLL
2012-05-07 07:05 . 2010-08-02 10:57 217088 ------w- c:\windows\SysWow64\NSSearch.dll
2012-05-07 07:05 . 2010-03-15 09:56 2560 ------w- c:\windows\SysWow64\BrDctF2S.dll
2012-05-07 07:05 . 2007-12-13 12:16 5120 ------w- c:\windows\SysWow64\BrDctF2L.dll
2012-05-07 07:05 . 2012-05-07 07:05 -------- d-----w- c:\program files (x86)\Brother
2012-05-07 07:05 . 2010-03-15 09:45 73728 ------w- c:\windows\SysWow64\BrDctF2.dll
2012-05-07 07:05 . 2010-02-05 01:42 180224 ------w- c:\windows\SysWow64\BroSNMP.dll
2012-05-07 07:04 . 2012-05-07 07:06 -------- d-----w- c:\programdata\Brother
2012-05-06 03:19 . 2012-05-06 03:20 -------- d-----w- c:\program files (x86)\Photoshop
2012-05-05 07:26 . 2012-05-05 08:39 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-01 03:04 . 2012-05-01 03:04 -------- d-----w- C:\Games
2012-05-01 03:02 . 2012-05-01 03:02 -------- d-----w- c:\program files\Nexus Mod Manager
2012-04-26 04:26 . 2010-06-29 05:39 2085376 ----a-w- c:\windows\system32\ole32.dll
2012-04-26 04:26 . 2010-06-29 05:35 4582912 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2012-04-26 04:26 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2012-04-26 04:26 . 2010-06-29 04:57 4247040 ----a-w- c:\program files (x86)\Windows NT\Accessories\wordpad.exe
2012-04-26 04:24 . 2010-08-21 06:31 633856 ----a-w- c:\windows\system32\comctl32.dll
2012-04-26 04:24 . 2010-08-21 05:33 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2012-04-26 04:24 . 2011-02-18 06:37 612352 ----a-w- c:\windows\system32\vbscript.dll
2012-04-26 04:24 . 2011-02-18 05:36 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-04-26 04:22 . 2010-08-21 06:38 1024512 ----a-w- c:\windows\system32\wmpmde.dll
2012-04-26 04:21 . 2011-06-15 09:58 212992 ----a-w- c:\windows\system32\odbctrac.dll
2012-04-26 04:20 . 2010-07-29 06:30 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
2012-04-26 04:19 . 2011-07-16 05:04 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-04-26 04:18 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2012-04-26 04:05 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:05 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:05 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-26 04:05 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2012-04-26 04:05 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2012-04-26 04:04 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-26 04:04 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-26 04:04 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:04 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-25 23:55 . 2012-04-26 00:29 -------- d-----w- c:\program files (x86)\Battlefield 3
2012-04-25 23:50 . 2012-04-25 23:50 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-04-25 23:47 . 2012-04-25 23:47 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-25 23:47 . 2012-04-25 23:47 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-25 23:47 . 2012-04-25 23:47 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-25 23:24 . 2011-10-10 06:42 2580552 ----a-r- c:\windows\SysWow64\pbsvc.exe
2012-04-25 08:26 . 2012-04-25 08:26 -------- d--h--w- c:\windows\msdownld.tmp
2012-04-25 08:08 . 2012-04-25 08:08 -------- d-----w- c:\program files (x86)\Remedy Entertainment
2012-04-25 05:55 . 2012-03-07 01:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-25 05:54 . 2012-05-10 23:23 -------- d-----w- c:\programdata\AVAST Software
2012-04-25 05:54 . 2012-04-25 05:54 -------- d-----w- c:\program files\AVAST Software
2012-04-25 02:32 . 2012-04-25 02:32 -------- d-----w- c:\program files (x86)\Valve
2012-04-25 01:32 . 2012-04-26 03:58 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-04-25 01:32 . 2012-05-10 23:53 -------- d-----w- c:\program files (x86)\Steam
2012-04-25 01:30 . 2012-04-25 01:30 -------- d-----w- c:\program files (x86)\TuneUpMedia
2012-04-25 01:24 . 2012-04-27 01:37 -------- d-----w- c:\programdata\TuneUpMedia
2012-04-24 18:25 . 2012-04-24 00:36 -------- d-----w- c:\windows\Panther
2012-04-24 08:57 . 2012-04-24 08:57 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-04-24 08:57 . 2012-05-08 05:52 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-04-24 08:57 . 2012-04-24 08:57 -------- d-----w- c:\windows\PCHEALTH
2012-04-24 08:57 . 2012-04-24 08:57 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-04-24 08:56 . 2012-04-24 08:56 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-04-24 08:56 . 2012-04-24 09:06 -------- d-----w- c:\programdata\Microsoft Help
2012-04-24 08:55 . 2012-04-24 08:55 -------- d-----r- C:\MSOCache
2012-04-24 06:49 . 2012-05-01 03:04 -------- d-----w- c:\program files (x86)\Skyrim
2012-04-24 05:31 . 2012-04-24 05:31 -------- d-----w- c:\program files (x86)\Microsoft WSE
2012-04-24 05:25 . 2012-04-24 05:50 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-04-24 04:49 . 2012-04-24 04:49 -------- d--h--w- c:\programdata\Common Files
2012-04-24 04:49 . 2012-04-24 04:49 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-04-24 04:48 . 2012-05-11 00:47 -------- d-----w- c:\programdata\AVG2012
2012-04-24 04:48 . 2012-05-10 23:22 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-24 03:37 . 2008-03-05 05:56 3786760 ----a-w- c:\windows\SysWow64\D3DX9_37.dll
2012-04-24 03:37 . 2008-03-05 05:56 1420824 ----a-w- c:\windows\SysWow64\D3DCompiler_37.dll
2012-04-24 03:37 . 2008-02-05 13:07 462864 ----a-w- c:\windows\SysWow64\d3dx10_37.dll
2012-04-24 03:37 . 2007-04-04 08:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2012-04-24 03:36 . 2012-04-24 03:36 -------- d-----w- c:\windows\SysWow64\xlive
2012-04-24 03:36 . 2012-04-24 03:36 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-04-24 01:59 . 2012-04-24 01:59 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2012-04-24 01:53 . 2012-04-24 01:53 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2012-04-24 01:35 . 2012-04-24 07:39 -------- d-----w- c:\program files (x86)\Rockstar Games
2012-04-24 01:22 . 2012-04-24 01:22 -------- d-----w- c:\program files (x86)\AVG
2012-04-24 01:17 . 2012-04-24 01:17 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-24 01:17 . 2012-04-24 01:17 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-04-24 01:16 . 2012-04-24 01:23 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-04-24 01:16 . 2012-05-11 00:39 -------- d-----w- c:\programdata\MFAData
2012-04-24 01:13 . 2012-04-17 17:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5483FE5A-84FF-439A-8B15-962C16E631BA}\mpengine.dll
2012-04-24 01:13 . 2012-02-23 00:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-04-24 01:10 . 2012-04-24 01:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-04-24 01:10 . 2012-04-24 01:10 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 12:34 . 2012-04-05 12:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 12:34 . 2012-04-05 12:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-05 12:34 . 2012-04-05 12:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-05 12:33 . 2012-04-05 12:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-05 12:33 . 2012-04-05 12:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-05 12:33 . 2012-04-05 12:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-05 12:32 . 2012-04-05 12:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-05 12:32 . 2012-04-05 12:32 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-04-05 12:32 . 2012-04-05 12:32 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-09 04:07 . 2012-03-09 04:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-03-09 04:06 . 2012-03-09 04:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-02-15 01:01 . 2012-02-15 01:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 01:01 . 2012-02-15 01:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-10_08.08.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-24 00:56 . 2012-05-10 23:56 20304 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-10 23:46 27234 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-04-24 00:37 . 2012-05-10 23:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-24 00:37 . 2012-05-10 08:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-24 00:37 . 2012-05-10 08:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-04-24 00:37 . 2012-05-10 23:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-10 23:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-10 08:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-24 17:08 . 2012-05-10 08:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-24 17:08 . 2012-05-11 00:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-24 17:08 . 2012-05-11 00:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-24 17:08 . 2012-05-10 08:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-26 03:41 . 2012-05-10 08:06 3132 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-04-26 03:41 . 2012-05-11 00:46 3132 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-04-24 00:42 . 2012-05-10 08:10 5350 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1483310787-1519342090-2256575489-1000_UserData.bin
- 2012-05-10 08:07 . 2012-05-10 08:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-11 00:47 . 2012-05-11 00:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-11 00:47 . 2012-05-11 00:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-10 08:07 . 2012-05-10 08:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-05-10 07:58 663664 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-10 23:57 663664 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-10 23:57 124400 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-10 07:58 124400 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-05-10 08:06 312056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-11 00:46 312056 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-26 03:41 . 2012-05-11 00:46 371448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1483310787-1519342090-2256575489-1000-8192.dat
- 2009-07-14 02:34 . 2012-05-10 05:03 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-05-10 08:23 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-04-05 17356424]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-04-25 1242448]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-10 4786048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-06-01 506712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-11 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-24 245760]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-01 192776]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 08:39]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1483310787-1519342090-2256575489-1000Core.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 06:15]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1483310787-1519342090-2256575489-1000UA.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-17 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-17 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-17 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-21 12632168]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-13 2264168]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1483310787-1519342090-2256575489-1000\Software\SecuROM\License information*]
"datasecu"=hex:a1,ad,12,a2,ca,17,92,c1,f4,0b,1e,e7,fc,57,49,02,af,31,3b,06,5c,
fa,e5,d8,df,00,ca,5d,54,85,d0,e7,f7,48,d1,c3,d4,a1,30,0f,ac,e4,26,4a,4d,91,\
"rkeysecu"=hex:26,48,b7,5b,4c,cf,75,69,89,23,98,e1,bd,f1,2a,75
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2012-05-11 10:50:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-11 00:50
ComboFix2.txt 2012-05-10 08:13
.
Pre-Run: 1,501,146,210,304 bytes free
Post-Run: 1,500,712,243,200 bytes free
.
- - End Of File - - 141895D20950CD55401C3441496C00F4
|
|
andrew077
Newbie
|
10. May 2012 @ 21:00 |
Link to this message
|
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:57:27 AM, on 11/05/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Andrew\AppData\Local\Opera\Opera\temporary_downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7440 bytes
|
|
andrew077
Newbie
|
10. May 2012 @ 21:08 |
Link to this message
|
Yeah, I noticed they were back when I posted that.
I tried uninstalling AVG and it said it did, but its still functioning after the reboot.
I ran Combofix and hijackthis again, the logs are posted above.
|
Senior Member
|
10. May 2012 @ 21:46 |
Link to this message
|
well these are stubborn little bstds.try running hjt in safe mode and delete the following entries.then post a new hjt log.
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
as well,run an av scan in safemode as well and delete anything it comes up with.also run malwarebytes and sas in safemode and delete anything they come up with.post back with new logs.
|
|
andrew077
Newbie
|
12. May 2012 @ 04:22 |
Link to this message
|
|
I tried deleting them in safe mode but they (most of them) came straight back. It's gotten to the point of me needing a functional computer taking precedence over saving time by just trying to fix the problem so I've done a fresh install which kept all my old files anyway.
Thankyou so much though, you've been a huge help to someone you didn't even know, I'll send you a PM.
|
|
Advertisement
|
|
|
Senior Member
|
12. May 2012 @ 04:57 |
Link to this message
|
|
good you didnt lose your files.hope all works out.Al.
|
|
