1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Possible Spyware Making Internet Slow

Discussion in 'Windows - Virus and spyware problems' started by Rhazel, Aug 19, 2012.

  1. Rhazel

    Rhazel Regular member

    Joined:
    Jul 15, 2006
    Messages:
    330
    Likes Received:
    0
    Trophy Points:
    26
    Hey Guys,

    First off, the computer in question:

    i7 920
    ex58a ud3r
    ati 5970
    6gb triple channel ram
    etc.

    I'm using Firefox, and recently downloaded the BETA 15 (after slow browsing started) and have a 20mb connection, but get about 8mb.

    A bit of history...not long ago I got a virus/trojan that made all the files on my computer hidden and almost forced me to reformat lol clever. Anyway, I got rid of it with Malwarebytes + MSE. Now since then (At least that's when I noticed) my internet browsing has been ridiculously slow on this comp. Loading youtube or any other site with a lot of data is very tedious. I'm talking in the 1-2mins just to get a page to appear. And I have this other random virus that seems to inject into my explorer.exe making it use 170mb+ (typically 40-50mb) and plays sounds like ads or somehting in the background. I have no idea out to get rid of this with out just restarting explorer.exe task. Luckily, it's infrequent.

    Now, I've tried my laptop and browsing is fine...I've tried chrome/IE on this comp and it's the same slow speed. I've tried scanning my PC with MB + MSE and get nothing. I've tried speedtest.net and get 8mb download and 70kb up...but my ping to a server less than 100km away is 600ms+. The laptop is 60ms to that same server.

    If you guys need any more info, I will supply,

    Cheers!!
     
  2. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,522
    Likes Received:
    15
    Trophy Points:
    68
    malwarebytes is a good program.i would also download,update and run superantispyware and delete anything it comes up with.also need a good antivirus program.scan and follow the directions for removal.after doing this,download,update,and run hijack this.dont fix anything yet,just post a log and we will see what it shows us.one other thing i cant stress enough is "housekeeping".regular disk cleanups,registry cleanups,and disk defrags are necessary to keep your computer running at speed.i use ccleaner for this one.at any rate,post the hjt log and we will get started.
     
  3. Rhazel

    Rhazel Regular member

    Joined:
    Jul 15, 2006
    Messages:
    330
    Likes Received:
    0
    Trophy Points:
    26
    Ok, downloaded, updated and ran superantispyware. While it detected 181 "tracking cookies" and removed them, my internet still isn't up to speed.

    I don't really do any housekeeping, other than a fresh install of windows every 6-8 months, and i have an SSD and remember reading somewhere its no good defragging them due to the way it writes...hot spots or somehting...blah blah

    And now for the Hijack This log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:30:12 PM, on 20/08/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\Fraps\fraps.exe
    C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
    G:\Steam\Steam.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
    C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    C:\Program Files (x86)\Razer\Lachesis\OSD.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Razer\Lachesis\razertra.exe
    C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
    C:\Program Files (x86)\Winamp\winamp.exe
    C:\Program Files (x86)\Last.fm\LastFM.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    C:\Users\Smithy\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
    O4 - HKCU\..\Run: [Steam] "G:\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
    O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    O4 - HKCU\..\Run: [HP Deskjet 3070 B611 series (NET)] "C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN19O370ZR05MQ:NW" -scfn "HP Deskjet 3070 B611 series (NET)" -AutoStart 1
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    --
    End of file - 8591 bytes
     
  4. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,522
    Likes Received:
    15
    Trophy Points:
    68
    ok,you have some things you need to get rid of.run hijack this and use delete the following.

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    after deleting these,run another scan with superantispyware and malwarebytes and delete whatever they come up with.then run another hjt scan and post it .also let us know how the computer is running and any symptoms it might have.cheers.
     
  5. Rhazel

    Rhazel Regular member

    Joined:
    Jul 15, 2006
    Messages:
    330
    Likes Received:
    0
    Trophy Points:
    26
    Here is the log, it appears most of the stuff i checked and went to "fix checked" reappeared. Tried to find a delete function, couldn't find anything. I read the info page and it says O23 is windows NT service stuff and can be hard to delete. Unfortunately, after the scans (superantispyware just found another 21 cookies that i got rid of), the problem is still there.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:19:03 PM, on 20/08/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\Fraps\fraps.exe
    C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
    G:\Steam\Steam.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
    C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
    C:\Program Files (x86)\Razer\Lachesis\OSD.exe
    C:\Program Files (x86)\Razer\Lachesis\razertra.exe
    C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
    C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
    C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Winamp\winamp.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    C:\Program Files (x86)\Last.fm\LastFM.exe
    C:\Users\Smithy\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
    O4 - HKCU\..\Run: [Steam] "G:\Steam\steam.exe" -silent
    O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
    O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    O4 - HKCU\..\Run: [HP Deskjet 3070 B611 series (NET)] "C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN19O370ZR05MQ:NW" -scfn "HP Deskjet 3070 B611 series (NET)" -AutoStart 1
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    --
    End of file - 8516 bytes
     
  6. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,522
    Likes Received:
    15
    Trophy Points:
    68
    ok,now download,update and run a program called combofix.when you run this it is very important that you have no other programs running.also disable your antivirus.let the program run its course and at the end it will produce a log.post the log.dont even run your mouse over the window when its running.i go and have a coffee.yeah with an ssd you dont do the defrag,but disk cleanups and regcleans are still a good idea.
     
    Last edited: Aug 20, 2012
  7. Rhazel

    Rhazel Regular member

    Joined:
    Jul 15, 2006
    Messages:
    330
    Likes Received:
    0
    Trophy Points:
    26
    Done. Left it overnight and didn't touch. Had to run it a second time though as superantispyware decided it needed to do a scan.

    ComboFix 12-08-20.01 - 21/08/2012 2:23.2.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.6142.4468 [GMT 10:00]
    Running from: c:\users\Smithy\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\programdata\EmORwgY3JGqYGe
    c:\windows\SysWow64\muzapp.exe
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\pthreadVC.dll
    c:\windows\SysWow64\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-20 16:51 . 2012-08-20 16:51 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-20 04:24 . 2012-08-20 04:24 -------- d-----w- c:\users\Smithy\AppData\Roaming\SUPERAntiSpyware.com
    2012-08-20 04:23 . 2012-08-20 04:24 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-08-20 04:23 . 2012-08-20 04:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-08-20 03:02 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{160370BE-7D1B-4354-B31D-9FC0BF764908}\mpengine.dll
    2012-08-18 12:48 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-15 17:12 . 2012-08-15 17:12 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-15 17:12 . 2012-08-15 17:12 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-11 03:55 . 2012-08-11 03:55 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-08-11 03:55 . 2012-08-11 03:55 -------- d-----w- c:\program files (x86)\Java
    2012-08-11 03:55 . 2012-08-11 03:55 -------- d-----w- c:\programdata\McAfee
    2012-08-10 03:15 . 2012-08-20 02:51 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2012-08-10 02:39 . 2012-08-10 02:41 -------- d-----w- c:\users\Smithy\AppData\Local\Google
    2012-08-09 13:23 . 2012-08-09 13:23 -------- d-----w- c:\program files\DIFX
    2012-08-09 13:21 . 2010-02-03 01:21 47632 ----a-w- c:\windows\system32\drivers\npf.sys
    2012-08-09 13:21 . 2007-01-19 08:24 25312 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys
    2012-08-09 13:21 . 2012-08-09 13:21 -------- d-----w- c:\program files (x86)\NETGEAR
    2012-08-09 13:21 . 2012-08-09 13:21 -------- d-----w- c:\program files (x86)\Telstra
    2012-08-09 12:16 . 2012-08-09 12:16 -------- d-----w- c:\windows\system32\appmgmt
    2012-08-04 12:32 . 2012-08-09 08:10 -------- d-----w- c:\users\Smithy\AppData\Local\Microsoft Games
    2012-08-03 02:21 . 2012-08-15 08:21 9826504 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-08-01 10:28 . 2012-08-01 10:28 -------- d-----w- c:\users\Smithy\AppData\Roaming\Malwarebytes
    2012-08-01 10:28 . 2012-08-01 10:28 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-01 10:28 . 2012-08-01 10:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-30 12:10 . 2012-07-30 12:10 -------- d-----w- c:\users\Smithy\AppData\Roaming\GameRanger
    2012-07-27 13:00 . 2012-07-27 13:00 -------- d-----w- c:\programdata\Rockstar Games
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-20 16:55 . 2012-03-01 18:15 30528 ----a-w- c:\windows\GVTDrv64.sys
    2012-08-20 16:54 . 2012-03-01 18:13 25640 ----a-w- c:\windows\gdrv.sys
    2012-08-20 05:20 . 2012-03-01 18:43 25640 ----a-w- c:\windows\etdrv.sys
    2012-08-15 05:34 . 2012-03-01 19:35 62134624 ----a-w- c:\windows\system32\MRT.exe
    2012-08-11 03:55 . 2012-05-01 04:33 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-07-04 06:27 . 2012-03-02 05:48 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-07-04 06:27 . 2012-03-02 03:39 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-07-04 06:26 . 2012-03-02 03:39 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-07-03 10:13 . 2012-07-04 21:59 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-07-03 10:13 . 2012-07-04 21:59 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{98526608-CCC7-4805-9F92-66CCF8969727}\gapaengine.dll
    2012-07-03 10:00 . 2012-07-03 10:00 328704 ----a-w- c:\windows\system32\services.exe.68B34ECA92CA8513
    2012-07-03 09:51 . 2012-07-03 09:51 328704 ----a-w- c:\windows\system32\services.exe.E8425EE8BC164017
    2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
    2012-06-11 18:29 . 2011-12-06 03:18 24826368 ----a-w- c:\windows\system32\atio6axx.dll
    2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
    2012-06-11 17:24 . 2011-12-06 03:17 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2012-06-11 17:23 . 2011-12-06 03:16 1090560 ----a-w- c:\windows\system32\aticfx64.dll
    2012-06-11 17:20 . 2011-12-06 03:12 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
    2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
    2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
    2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2012-06-11 17:01 . 2011-12-06 02:51 6914560 ----a-w- c:\windows\system32\atidxx64.dll
    2012-06-11 16:51 . 2011-12-06 02:39 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
    2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2012-06-11 16:45 . 2011-12-06 02:33 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
    2012-06-11 16:43 . 2011-12-06 02:28 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2012-06-11 16:36 . 2011-12-06 02:24 6605824 ----a-w- c:\windows\system32\atiumd64.dll
    2012-06-11 16:27 . 2011-12-06 02:13 539136 ----a-w- c:\windows\system32\atiadlxx.dll
    2012-06-11 16:26 . 2012-04-06 01:11 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2012-06-11 16:26 . 2011-12-06 02:12 17920 ----a-w- c:\windows\system32\atig6pxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
    2012-06-11 16:26 . 2011-12-06 02:12 41984 ----a-w- c:\windows\system32\atig6txx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-06-11 16:25 . 2011-12-06 02:11 54784 ----a-w- c:\windows\system32\atiuxp64.dll
    2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2012-06-11 16:25 . 2011-12-06 02:11 45056 ----a-w- c:\windows\system32\atiu9p64.dll
    2012-06-11 16:24 . 2011-12-06 02:11 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2012-06-11 03:50 . 2012-06-11 03:50 187392 ----a-w- c:\windows\system32\clinfo.exe
    2012-06-11 03:50 . 2012-06-11 03:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll
    2012-06-11 03:50 . 2012-06-11 03:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
    2012-06-11 03:50 . 2012-06-11 03:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll
    2012-06-11 03:50 . 2012-06-11 03:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2012-06-11 03:50 . 2012-06-11 03:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll
    2012-06-11 03:49 . 2012-06-11 03:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll
    2012-06-02 22:19 . 2012-06-24 01:57 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-24 01:57 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-24 01:57 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-24 01:57 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-24 01:57 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-24 01:57 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-24 01:57 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 05:19 . 2012-06-24 01:57 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 05:15 . 2012-06-24 01:57 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-31 04:04 . 2012-06-30 00:42 9013136 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF76CC00-976F-49B2-8EF2-7975BDAAA300}\mpengine.dll
    2012-05-31 02:25 . 2012-03-01 18:32 279656 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="g:\steam\steam.exe" [2012-08-11 1353080]
    "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-05-04 955792]
    "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-05-04 21392]
    "HP Deskjet 3070 B611 series (NET)"="c:\program files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" [2011-03-30 2547048]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2009-11-10 248320]
    "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-02-09 312376]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-05-04 3521424]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2012-08-11 40960]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-17 93712]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-24 99384]
    R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-08-20 25640]
    R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-08-20 30528]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-19 114144]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 203320]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-02 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    R4 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-08-26 285152]
    S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
    S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2009-07-01 30728]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
    S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009-10-16 29952]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-20 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2ed5e579-1873-4ffb-ab9b-a05e702d397f.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    2012-08-20 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 55691aff-e490-4dd7-a1d1-c0413d429d45.job
    - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-26 12681320]
    "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-05-21 6868280]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    "combofix"="c:\combofix\CF6686.3XE" [2010-11-20 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    TCP: DhcpNameServer = 10.0.0.138
    FF - ProfilePath - c:\users\Smithy\AppData\Roaming\Mozilla\Firefox\Profiles\26j17d16.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-BattlEye for A2 - g:\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
    AddRemove-BattlEye for OA - g:\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Razer\Lachesis\OSD.exe
    c:\program files (x86)\Razer\Lachesis\razertra.exe
    c:\program files (x86)\Razer\Lachesis\razerofa.exe
    c:\program files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
    c:\program files\Logitech Gaming Software\Applets\LCDYT.exe
    c:\program files\Logitech Gaming Software\Applets\LCDWebCam.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-21 03:14:15 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-20 17:14
    .
    Pre-Run: 51,890,008,064 bytes free
    Post-Run: 51,152,527,360 bytes free
    .
    - - End Of File - - 4CF789245357F8CC74E9F05C39235521
     
  8. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,522
    Likes Received:
    15
    Trophy Points:
    68
    ok,so any difference? also post a new hjt log.
     
  9. Rhazel

    Rhazel Regular member

    Joined:
    Jul 15, 2006
    Messages:
    330
    Likes Received:
    0
    Trophy Points:
    26
    Ok, so for anyone that cares, I ended up finding the problem!!

    Apparently, I got the previous virus (that hid all my stuff) and a rootkit.boot.sst.b at the same time...through a java vulnerability. So this rootkit thing was loading up my explorer.exe and making my net slow etc. Vipre DID NOT DETECT THIS!!

    So i downloaded some tdsskiller on a hunch from kaspersky and BAM!! Reboot and instant net fastness!!

    IF YOUR EXPLORER.EXE IS ABOVE 50MB AND YOU'RE HAVING ISSUES...TDSSKILLER...GOOGLE IT!!

    Anyway, thanks for your help aldan, i at least have a line of defense now ;-)
     
  10. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,522
    Likes Received:
    15
    Trophy Points:
    68
    i will definitely make a note of that program.glad you got it fixed.
     
  11. patrickjam3s

    patrickjam3s Member

    Joined:
    Aug 30, 2012
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    11
    I would like to contribute to this thread, I'm not experiencing slow internet, but rather performing a cleanup, I do have an issue going on that I have a thread going for, where the pirate bay wont load on only this system,

    right now im running a scan with superantispyware

    I'm going to run HiJackThis next and post my log, if you wouldent mind taking a look aldan and telling me what to remove?

    thanks!


    UPDATE
    so after running superantispyware
    found 1 critical item trojan.dropper/Gen-PHP
    3 unwanted programs: PUP.CNETInstaller, PUP.BabylonToolbar, PUP.iBryte
    and 75 adware tracking cookies

    cleared all of that and ran HijackThis
    Here is the logfile output:
    Running processes:
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Pidgin\pidgin.exe
    C:\Users\patrickjames\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\patrickjames\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\patrickjames\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\patrickjames\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\patrickjames\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\patrickjames\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\patrickjames\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
    C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
    C:\Program Files (x86)\Vuze\Azureus.exe
    C:\Users\patrickjames\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\patrickjames\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\patrickjames\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\patrickjames\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\patrickjames\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\patrickjames\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\patrickjames\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\patrickjames\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\patrickjames\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Users\patrickjames\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\patrickjames\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={E45628BD-837A-4D21-8E1C-67F6E5AEB953}&mid=528647f0c4ab47d0b9dc6939b23b2744-bfe26564ac4f18833622bd3f37bf9cd24b87bc03&lang=en&ds=od011&pr=sa&d=2012-07-20 14:31:10&v=12.1.0.20&sap=hp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files (x86)\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\Elaborate Bytes\CloneCD\CloneCDTray.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\patrickjames\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
    O4 - HKCU\..\Run: [NBJ] ""
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Intel(R) Turbo Boost Technology Monitor 2.0.lnk = C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe

    --
     
    Last edited: Aug 30, 2012
  12. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,522
    Likes Received:
    15
    Trophy Points:
    68
    not a problem.make sure you make a new thread so as not to confuse the issue.
     
  13. patrickjam3s

    patrickjam3s Member

    Joined:
    Aug 30, 2012
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    11
    well I figured that it came down to a maleware and spyware cleanup thats the only reason I did not want to start a new thread but to rather continue on this one since I was going to fallow the same process that you already provided. thats why i posted the HJTlog here as well, see if you could help me identify what needs to go.

    do you think I should start a new thread anyway?
     
  14. scorpNZ

    scorpNZ Active member

    Joined:
    Mar 23, 2005
    Messages:
    3,989
    Likes Received:
    40
    Trophy Points:
    78
    Yes if your not the original topic starter

    unsubbed
     
  15. patrickjam3s

    patrickjam3s Member

    Joined:
    Aug 30, 2012
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    11
    ok sounds good guys, I'm used to the bimmerforums where you dont start a new thread if one exists, I'm a highly active user on their, so I was shooting to not step on toes as I'm a new user to this board,

    will do from now on :)

    Thanks
     
  16. aldan

    aldan Active member

    Joined:
    Mar 24, 2007
    Messages:
    1,522
    Likes Received:
    15
    Trophy Points:
    68
    dont see a new thread but lets go anyways.patrickjam3s,run hijack this again and remove the following.anything with file missing after it.most will probably show up again but none of them look like anything to worry about.then download,update and run malwarebytes,and delete whatever it comes up with.do the same thing with superantispyware.really i wouldnt expect much,it doesnt look like your problem is related to malware,but it wont hurt to try this.
     

Share This Page