Jump to content


Photo

Requesting check for Spyware


  • This topic is locked This topic is locked
2 replies to this topic

#1 Alien300x

Alien300x

    Member

  • Full Member
  • Pip
  • 88 posts

Posted 13 February 2013 - 09:46 PM

Requesting check for malware or spyware. If any found, let me know the names. Thank you.
 
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.02.13.09
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: PC-MAIN [administrator]
 
Protection: Enabled
 
2/13/2013 5:44:51 PM
mbam-log-2013-02-13 (17-44-51).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 326882
Time elapsed: 1 hour(s), 18 minute(s), 46 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457
Run by Owner at 22:35:48 on 2013-02-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6051.3289 [GMT -5:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\ThpSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe
C:\Users\Owner\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Owner\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
uRun: [HP Officejet 6500 E710n-z (NET)] "C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe" -deviceID "CN09Q111CX05JW:NW" -scfn "HP Officejet 6500 E710n-z (NET)" -AutoStart 1
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 65.183.0.76 65.183.0.86
TCP: Interfaces\{12588062-373E-4FB6-A052-2A842C791DBE} : DHCPNameServer = 65.183.0.76 65.183.0.86
TCP: Interfaces\{12588062-373E-4FB6-A052-2A842C791DBE}\16263637 : DHCPNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{12588062-373E-4FB6-A052-2A842C791DBE}\24F6E6E656470234275656B6 : DHCPNameServer = 65.32.1.65 65.32.1.70
TCP: Interfaces\{12588062-373E-4FB6-A052-2A842C791DBE}\4656661657C647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{12588062-373E-4FB6-A052-2A842C791DBE}\54C60274275636F60275946494 : DHCPNameServer = 65.183.0.78 65.183.0.84 192.168.15.1
TCP: Interfaces\{12588062-373E-4FB6-A052-2A842C791DBE}\D6967686F6D656D27657563747 : DHCPNameServer = 65.183.0.76 65.183.0.86
TCP: Interfaces\{50575964-7C64-4C89-A137-FBE4663DCE43} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-mStart Page = about:blank
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 /MAXX3 
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [ThpSrv] C:\Windows\System32\thpsrv /logon
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2008-1-11 33400]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2007-9-4 14872]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54104]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178008]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356376]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-13 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-13 682344]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-5-25 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-7-25 29528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-13 24176]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-5-26 174680]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-19 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-17 1255736]
.
=============== Created Last 30 ================
.
2013-02-13 22:43:59    --------    d-----w-    C:\Users\Owner\AppData\Roaming\Malwarebytes
2013-02-13 22:43:51    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-02-13 22:43:50    24176    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-02-13 22:43:50    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-13 22:43:38    --------    d-----w-    C:\Users\Owner\AppData\Local\Programs
2013-02-13 09:20:28    76232    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0223DD5D-D101-4022-85DF-46E8E2A59FA4}\offreg.dll
2013-02-11 20:50:19    --------    d-----w-    C:\Users\Owner\AppData\Local\Microsoft Games
2013-02-10 06:08:53    74096    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-10 06:08:53    697712    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-09 23:37:08    --------    d-----w-    C:\Users\Owner\AppData\Local\Diagnostics
2013-02-09 02:16:12    9291768    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-02-09 02:16:06    9161176    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0223DD5D-D101-4022-85DF-46E8E2A59FA4}\mpengine.dll
2013-02-09 01:51:47    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2013-02-09 01:51:46    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2013-02-09 01:51:46    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2013-02-09 01:51:46    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2013-02-07 21:35:00    424448    ----a-w-    C:\Windows\System32\KernelBase.dll
2013-02-07 21:28:44    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-02-07 21:26:39    2002432    ----a-w-    C:\Windows\System32\msxml6.dll
2013-02-07 21:26:39    1882624    ----a-w-    C:\Windows\System32\msxml3.dll
2013-02-07 21:26:38    1389568    ----a-w-    C:\Windows\SysWow64\msxml6.dll
2013-02-07 21:26:38    1236992    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2013-02-07 21:25:47    245760    ----a-w-    C:\Windows\System32\OxpsConverter.exe
2013-02-07 21:25:38    55296    ----a-w-    C:\Windows\System32\dhcpcsvc6.dll
2013-02-07 21:25:38    44032    ----a-w-    C:\Windows\SysWow64\dhcpcsvc6.dll
2013-02-07 21:25:38    226816    ----a-w-    C:\Windows\System32\dhcpcore6.dll
2013-02-07 21:25:38    193536    ----a-w-    C:\Windows\SysWow64\dhcpcore6.dll
2013-02-07 21:25:32    3149824    ----a-w-    C:\Windows\System32\win32k.sys
2013-02-07 21:25:07    950128    ----a-w-    C:\Windows\System32\drivers\ndis.sys
2013-02-07 21:25:07    41472    ----a-w-    C:\Windows\System32\drivers\RNDISMP.sys
2013-02-07 21:24:51    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-02-07 21:24:51    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-02-07 21:24:42    750592    ----a-w-    C:\Windows\System32\win32spl.dll
2013-02-07 21:24:42    492032    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-02-07 21:23:50    478208    ----a-w-    C:\Windows\System32\dpnet.dll
2013-02-07 21:23:50    376832    ----a-w-    C:\Windows\SysWow64\dpnet.dll
2013-02-07 21:23:40    68608    ----a-w-    C:\Windows\System32\taskhost.exe
2013-02-07 21:18:56    800768    ----a-w-    C:\Windows\System32\usp10.dll
2013-02-07 21:18:56    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
2013-01-20 21:27:14    --------    d-----w-    C:\Program Files\Microsoft Synchronization Services
2013-01-20 21:26:50    --------    d-----w-    C:\Program Files\Microsoft SQL Server Compact Edition
2013-01-20 21:25:01    --------    d-----w-    C:\Program Files (x86)\Microsoft Visual Studio 8
2013-01-17 22:36:41    --------    d-----w-    C:\Windows\PCHEALTH
2013-01-17 22:33:57    --------    d-----w-    C:\Program Files\Microsoft Analysis Services
2013-01-17 22:33:57    --------    d-----w-    C:\Program Files (x86)\Microsoft Analysis Services
.
==================== Find3M  ====================
.
2013-01-17 06:28:58    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2012-12-07 13:20:16    441856    ----a-w-    C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31    2746368    ----a-w-    C:\Windows\System32\gameux.dll
2012-12-07 12:26:17    308736    ----a-w-    C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43    2576384    ----a-w-    C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04    30720    ----a-w-    C:\Windows\System32\usk.rs
2012-12-07 11:20:03    43520    ----a-w-    C:\Windows\System32\csrr.rs
2012-12-07 11:20:03    23552    ----a-w-    C:\Windows\System32\oflc.rs
2012-12-07 11:20:01    45568    ----a-w-    C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01    44544    ----a-w-    C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01    20480    ----a-w-    C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00    20480    ----a-w-    C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59    20480    ----a-w-    C:\Windows\System32\pegi.rs
2012-12-07 11:19:58    46592    ----a-w-    C:\Windows\System32\fpb.rs
2012-12-07 11:19:57    40960    ----a-w-    C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57    21504    ----a-w-    C:\Windows\System32\grb.rs
2012-12-07 11:19:57    15360    ----a-w-    C:\Windows\System32\djctq.rs
2012-12-07 11:19:56    55296    ----a-w-    C:\Windows\System32\cero.rs
2012-12-07 11:19:55    51712    ----a-w-    C:\Windows\System32\esrb.rs
2012-11-30 05:45:35    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35    243200    ----a-w-    C:\Windows\System32\wow64.dll
2012-11-30 05:45:35    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2012-11-30 04:54:00    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59    274944    ----a-w-    C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48    338432    ----a-w-    C:\Windows\System32\conhost.exe
2012-11-30 02:44:06    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59    6144    ---ha-w-    C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59    4608    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-19 16:23:48    152576    ----a-w-    C:\Windows\SysWow64\msclmd.dll
2012-11-19 16:23:47    175616    ----a-w-    C:\Windows\System32\msclmd.dll
2012-11-17 03:46:06    54104    ----a-w-    C:\Windows\System32\drivers\kltdi.sys
2012-11-17 03:46:06    29528    ----a-w-    C:\Windows\System32\drivers\klmouflt.sys
2012-11-17 03:46:04    29016    ----a-w-    C:\Windows\System32\drivers\klkbdflt.sys
.
============= FINISH: 22:36:23.50 ===============
 

 Results of screen317's Security Check version 0.99.57  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Google Chrome 23.0.1271.64  
 Google Chrome 24.0.1312.57  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Internet Security 2013 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 2013 klwtblfs.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 


#2 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 14 February 2013 - 09:57 PM

Hello Alien300x.

 

Please create a Restore point. Give it a description like "Before MBAR". (If needed: How to create Restore Point).
 
Please run the new Malwarebytes Anti-Rootkit.
Download Malwarebytes Anti-Rootkit from here.

  • Unzip the contents to a folder on the Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as adminsistrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#3 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 24 February 2013 - 12:07 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of UNITE
Support SpywareInfo Forum - click the button