Jump to content

Could someone please verify this for me

backpain
 Share

Recommended Posts

backpain

backpain

Posted
Posted

Post Merged

We look for post with 0 replies, so when you reply to your own topic, we assume you're being helped.

Please be patient, someone will assist you as soon as possible.

Hi i'm running a relatively new Samsung laptop, on windows 8. Recently i noticed some strange extremely high usage of the disk, network, memory and cpu. This is strange considering that it's a new 6GB RAM i5 machine that never gets heavily used. I managed to resolve the process issues with a combination or restarts/updates/scans. But again today my computer just seems ridiculously slow again. I have ran a scan with AVG which found nothing, nor did CCleaner or MBAM.

I will attach the MBAM, HJT, DDS logs below and hopefully someone could shed some light.

Thanks for your time:

MBAM


Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.04.23.07
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16540
Alex :: ALEX-SAMSUNG [administrator]
Protection: Enabled
23/04/2013 23:50:21
mbam-log-2013-04-23 (23-50-21).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 386855
Time elapsed: 30 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

HJT


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:40:11, on 24/04/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\PacificPoker\bin\casinopoker\bin\casinoApp.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
--
End of file - 8704 bytes

DDS


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.17.2
Run by Alex at 0:39:03 on 2013-04-24
Microsoft Windows 8  6.2.9200.0.1252.44.2057.18.6030.3805 [GMT 1:00]
.
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\Program Files\Elantech\ETDService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\PacificPoker\bin\casinopoker\bin\casinoApp.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\windows\system32\dwm.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\windows\system32\taskhostex.exe
C:\windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\dashost.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\notepad.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://samsung13.msn.com
uDefault_Page_URL = hxxp://samsung13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-System: DisableCAD = dword:1
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{ACDB0F7C-D7F9-4CC1-85B1-CD78B869E0A8} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{ACDB0F7C-D7F9-4CC1-85B1-CD78B869E0A8}\35B4954363939393 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{ACDB0F7C-D7F9-4CC1-85B1-CD78B869E0A8}\D696B656 : DHCPNameServer = 213.120.234.22 213.120.234.46
TCP: Interfaces\{EC9CBE7B-3D92-4A55-92DA-92751318CB17} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
x64-Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\Drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\Drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\Drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\Drivers\avgrkx64.sys [2013-2-8 45880]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2012-11-17 645952]
R1 Avgfwfd;AVG network filter service;C:\windows\System32\Drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\Drivers\avgidsdrivera.sys [2013-2-26 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\Drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgwfpa;AVG Firewall Driver;C:\windows\System32\Drivers\avgwfpa.sys [2013-2-24 247608]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-9-14 216192]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-2-19 1418184]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-2-19 282624]
R2 Easy Launcher;Easy Launcher;C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2012-10-19 1593976]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2012-10-18 90992]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-11-17 128896]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-11-17 165760]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-11-17 364416]
R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-9-14 323584]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\windows\System32\Drivers\btath_flt.sys [2012-11-17 88728]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\Drivers\btath_a2dp.sys [2012-11-17 344216]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\windows\System32\Drivers\btath_avdt.sys [2012-11-17 114840]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\windows\System32\Drivers\btath_bus.sys [2012-11-17 33944]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\Drivers\btath_hcrp.sys [2012-11-17 178840]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\Drivers\btath_lwflt.sys [2012-11-17 76952]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\Drivers\btath_rcp.sys [2012-11-17 135832]
R3 BtFilter;BtFilter;C:\windows\System32\Drivers\btfilter.sys [2012-11-17 575128]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
R3 ETD;Samsung PS/2 Port Input Device;C:\windows\System32\Drivers\ETD.sys [2012-10-18 325488]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528]
R3 RadioHIDMini;Radio HID Mini-driver;C:\windows\System32\Drivers\RadioHIDMini.sys [2012-8-5 23408]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2012-11-17 719504]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\windows\System32\Drivers\avgboota.sys [2012-10-26 20912]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-2-27 4937264]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-23 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-23 701512]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\Drivers\ssudbus.sys [2012-9-19 102368]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-4-23 25928]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\Drivers\ssudmdm.sys [2012-9-19 203104]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
.
=============== Created Last 30 ================
.
2013-04-23 22:42:06 -------- d-----w- C:\Users\Alex\AppData\Roaming\Malwarebytes
2013-04-23 22:41:59 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-04-23 22:41:59 -------- d-----w- C:\ProgramData\Malwarebytes
2013-04-23 22:41:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-23 22:41:47 -------- d-----w- C:\Users\Alex\AppData\Local\Programs
2013-04-23 20:52:02 388096 ----a-r- C:\Users\Alex\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-04-23 20:52:02 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-04-23 20:38:26 -------- d-----w- C:\Users\Alex\AppData\Local\ElevatedDiagnostics
2013-04-22 21:18:57 -------- d-----w- C:\Users\Alex\AppData\Local\Unity
2013-04-21 23:06:22 -------- d-----w- C:\Users\Alex\AppData\Roaming\PacificPoker
2013-04-21 23:06:16 -------- d-----w- C:\Program Files (x86)\PacificPoker
2013-04-21 17:24:15 193200 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10199.bin
2013-04-20 02:43:25 -------- d-----w- C:\Program Files\CCleaner
2013-04-19 12:26:35 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF3A2954-1569-4550-9F0D-2E6446526B62}\mpengine.dll
2013-04-18 13:30:32 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-04-16 16:48:30 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-14 15:50:27 282744 ------w- C:\windows\System32\MpSigStub.exe
2013-04-14 03:12:28 -------- d-----w- C:\Users\Alex\AppData\Roaming\AVG2013
2013-04-14 03:11:00 -------- d-----w- C:\Users\Alex\AppData\Roaming\TuneUp Software
2013-04-14 03:08:47 -------- d--h--w- C:\$AVG
2013-04-14 03:08:46 -------- d-----w- C:\ProgramData\AVG2013
2013-04-14 03:05:44 -------- d-----w- C:\Program Files (x86)\AVG
2013-04-14 02:53:59 -------- d--h--w- C:\ProgramData\Common Files
2013-04-14 02:53:59 -------- d-----w- C:\Users\Alex\AppData\Local\MFAData
2013-04-14 02:53:59 -------- d-----w- C:\Users\Alex\AppData\Local\Avg2013
2013-04-14 02:53:59 -------- d-----w- C:\ProgramData\MFAData
2013-04-13 18:58:26 4041728 ----a-w- C:\windows\System32\win32k.sys
2013-04-13 18:47:31 6991592 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-04-12 21:36:36 375808 ----a-w- C:\windows\SysWow64\ReAgent.dll
2013-04-12 21:36:36 1011200 ----a-w- C:\windows\System32\reseteng.dll
2013-04-06 01:56:51 -------- d-----w- C:\Users\Alex\AppData\Local\Diagnostics
2013-04-02 13:54:54 -------- d-----w- C:\Users\Alex\AppData\Roaming\WebApp
.
==================== Find3M  ====================
.
2013-04-16 16:48:25 861088 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-04-16 16:48:25 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-04-02 22:08:01 78176 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-02 22:08:01 692576 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-03-02 10:57:48 337128 ----a-w- C:\windows\System32\drivers\USBXHCI.SYS
2013-03-02 10:57:46 77544 ----a-w- C:\windows\System32\drivers\storahci.sys
2013-03-02 10:57:46 332520 ----a-w- C:\windows\System32\drivers\storport.sys
2013-03-02 10:57:46 283880 ----a-w- C:\windows\System32\drivers\spaceport.sys
2013-03-02 10:45:20 148712 ----a-w- C:\windows\System32\drivers\tpm.sys
2013-03-02 10:45:19 194792 ----a-w- C:\windows\System32\drivers\sdbus.sys
2013-03-02 10:45:10 125160 ----a-w- C:\windows\System32\drivers\dumpsd.sys
2013-03-02 10:39:39 495336 ----a-w- C:\windows\System32\drivers\vhdmp.sys
2013-03-02 10:39:38 69864 ----a-w- C:\windows\System32\drivers\pdc.sys
2013-03-02 10:39:32 327912 ----a-w- C:\windows\System32\drivers\Classpnp.sys
2013-03-02 09:59:37 2231528 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-03-02 09:59:36 411880 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2013-03-02 08:24:08 34304 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-03-02 08:23:43 83968 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-03-02 08:23:43 125952 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-03-02 08:23:30 893952 ----a-w- C:\windows\SysWow64\winmde.dll
2013-03-02 08:23:30 1338880 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2013-03-02 08:23:28 601088 ----a-w- C:\windows\SysWow64\Windows.Globalization.dll
2013-03-02 08:23:28 504320 ----a-w- C:\windows\SysWow64\Windows.Security.Authentication.OnlineId.dll
2013-03-02 08:23:19 8857088 ----a-w- C:\windows\SysWow64\twinui.dll
2013-03-02 08:23:19 246784 ----a-w- C:\windows\SysWow64\ubpm.dll
2013-03-02 08:23:04 356352 ----a-w- C:\windows\SysWow64\SettingSync.dll
2013-03-02 08:23:04 100864 ----a-w- C:\windows\SysWow64\SettingSyncInfo.dll
2013-03-02 08:22:36 357888 ----a-w- C:\windows\SysWow64\netcfgx.dll
2013-03-02 08:22:32 5091840 ----a-w- C:\windows\SysWow64\mstscax.dll
2013-03-02 08:22:18 361984 ----a-w- C:\windows\SysWow64\MFMediaEngine.dll
2013-03-02 08:22:17 850944 ----a-w- C:\windows\SysWow64\mfasfsrcsnk.dll
2013-03-02 08:21:56 550912 ----a-w- C:\windows\SysWow64\drvstore.dll
2013-03-02 08:21:52 36352 ----a-w- C:\windows\SysWow64\DevDispItemProvider.dll
2013-03-02 08:21:40 309760 ----a-w- C:\windows\SysWow64\BCP47Langs.dll
2013-03-02 08:21:39 2033664 ----a-w- C:\windows\SysWow64\authui.dll
2013-03-02 08:21:32 145408 ----a-w- C:\windows\SysWow64\powercfg.cpl
2013-03-02 02:44:59 448512 ----a-w- C:\windows\System32\SettingSync.dll
2013-03-02 02:44:59 128512 ----a-w- C:\windows\System32\SettingSyncInfo.dll
2013-03-02 02:44:41 455168 ----a-w- C:\windows\System32\netcfgx.dll
2013-03-02 02:44:41 117248 ----a-w- C:\windows\System32\NdisImPlatform.dll
2013-03-02 02:44:38 5978624 ----a-w- C:\windows\System32\mstscax.dll
2013-03-02 02:44:30 468992 ----a-w- C:\windows\System32\MFMediaEngine.dll
2013-03-02 02:44:29 1048576 ----a-w- C:\windows\System32\mfasfsrcsnk.dll
2013-03-02 02:44:08 703488 ----a-w- C:\windows\System32\drvstore.dll
2013-03-02 02:44:07 150016 ----a-w- C:\windows\System32\discan.dll
2013-03-02 02:44:05 49152 ----a-w- C:\windows\System32\DevDispItemProvider.dll
2013-03-02 02:43:59 1933312 ----a-w- C:\windows\System32\wbem\cimwin32.dll
2013-03-02 02:43:56 389120 ----a-w- C:\windows\System32\BCP47Langs.dll
2013-03-02 02:43:55 2302464 ----a-w- C:\windows\System32\authui.dll
2013-03-02 02:43:51 2146304 ----a-w- C:\windows\System32\actxprxy.dll
2013-03-02 02:43:50 156160 ----a-w- C:\windows\System32\powercfg.cpl
2013-03-02 02:15:53 26112 ----a-w- C:\windows\System32\drivers\mouhid.sys
2013-03-01 04:56:33 156672 ----a-w- C:\windows\System32\drivers\rfcomm.sys
2013-03-01 04:56:18 30720 ----a-w- C:\windows\System32\drivers\monitor.sys
2013-03-01 04:55:37 1175040 ----a-w- C:\windows\System32\drivers\bthport.sys
2013-02-26 22:40:46 246072 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2013-02-24 22:37:28 247608 ----a-w- C:\windows\System32\drivers\avgwfpa.sys
2013-02-21 10:30:16 1766912 ----a-w- C:\windows\SysWow64\wininet.dll
2013-02-21 10:29:39 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-02-21 10:29:37 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-02-21 10:29:37 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07 2240512 ----a-w- C:\windows\System32\wininet.dll
2013-02-21 10:15:00 915968 ----a-w- C:\windows\System32\uxtheme.dll
2013-02-21 10:14:09 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-02-21 10:14:05 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-02-19 09:53:00 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2013-02-15 07:58:59 39936 ----a-w- C:\windows\apppatch\apppatch64\acspecfc.dll
2013-02-15 06:35:40 444416 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-02-12 01:30:04 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2013-02-12 00:56:19 53760 ----a-w- C:\windows\System32\UXInit.dll
2013-02-12 00:17:50 20992 ----a-w- C:\windows\System32\drivers\usb8023.sys
2013-02-08 03:37:56 116536 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
2013-02-08 03:37:54 311096 ----a-w- C:\windows\System32\drivers\avgloga.sys
2013-02-08 03:37:50 71480 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2013-02-08 03:37:42 206136 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2013-02-08 03:37:40 45880 ----a-w- C:\windows\System32\drivers\avgrkx64.sys
2013-02-07 01:33:01 754176 ----a-w- C:\windows\SysWow64\actxprxy.dll
2013-02-05 22:31:11 622080 ----a-w- C:\windows\System32\drivers\srv2.sys
2013-02-05 22:29:09 370688 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2013-02-05 22:28:48 247808 ----a-w- C:\windows\System32\drivers\srvnet.sys
2013-02-05 22:28:36 215552 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2013-02-02 11:19:44 496872 ----a-w- C:\windows\System32\drivers\usbhub.sys
2013-02-02 11:19:44 446184 ----a-w- C:\windows\System32\drivers\USBHUB3.SYS
2013-02-02 11:19:33 61672 ----a-w- C:\windows\System32\drivers\crashdmp.sys
2013-02-02 10:54:54 1933544 ----a-w- C:\windows\System32\drivers\ntfs.sys
2013-02-02 10:28:54 993512 ----a-w- C:\windows\System32\drivers\ndis.sys
2013-02-02 09:42:07 2207232 ----a-w- C:\windows\SysWow64\PrintConfig.dll
2013-02-02 08:40:58 375808 ----a-w- C:\windows\SysWow64\wbem\WmiPrvSE.exe
2013-02-02 08:40:55 80896 ----a-w- C:\windows\SysWow64\tasklist.exe
2013-02-02 08:40:55 79360 ----a-w- C:\windows\SysWow64\taskkill.exe
2013-02-02 08:40:36 155136 ----a-w- C:\windows\SysWow64\XpsRasterService.dll
2013-02-02 08:40:35 370688 ----a-w- C:\windows\SysWow64\WWanAPI.dll
2013-02-02 08:40:27 131072 ----a-w- C:\windows\SysWow64\wbem\WmiDcPrv.dll
2013-02-02 08:40:26 410624 ----a-w- C:\windows\SysWow64\wlroamextension.dll
2013-02-02 08:40:22 197632 ----a-w- C:\windows\SysWow64\Windows.Networking.Connectivity.dll
2013-02-02 08:40:22 10792448 ----a-w- C:\windows\SysWow64\Windows.UI.Xaml.dll
2013-02-02 08:39:59 325632 ----a-w- C:\windows\SysWow64\schannel.dll
2013-02-02 08:39:47 18432 ----a-w- C:\windows\SysWow64\npmproxy.dll
2013-02-02 08:39:34 55296 ----a-w- C:\windows\SysWow64\nlaapi.dll
2013-02-02 08:39:34 15872 ----a-w- C:\windows\SysWow64\nlmproxy.dll
.
============= FINISH:  0:39:14.01 ===============

Not to double post but some food for thought could it possibly be an infected computer on the same network that has effectively infected the router, or is this not really a possibility? I just really can't understand how/why I have got what seems to me a clever virus when it's a new well looked after computer, that is assuming there is a virus.

Just wanted to bring this back onto the first page after a week without a reply, have I missed something?

Sluggishness is persisting despite anything i try. :wacko:

Link to post
Share on other sites
  • 2 weeks later...
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello backpain and welcome to MalwareBytes forum.

Please do not use Quote or Code boxes around any logs that I ask for. You actually make it harder for us to read when you do that.

Uninstall Hijackthis as it is way behind modern times, and in any event will not reflect all that we may need on a Windows 8 system.

Did you purchase AVG 2013 ? If you have not, I would advise on uninstalling it and turning on the Windows Defender built into WIN8.

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  • If this system is Windows 8/7 or VISTA, then Right-click on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe and select Run as Administrator.
  • Otherwise, on Windows XP, doubleclick on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe file to start the tool.
  • You will see a screen similar to this:
    Drweb-cureit-1_zps34a2f747.gif
    Click the checkbox to participate, and then click on Continue button.
  • Next
    Drweb-cureit-2_zpsee7bdcb6.gif
    Click on Select onjects for scanning
  • Next
    Drweb-cureit-3_zps137b4332.gif
    Put a checkmark by clicking on the boxes as shown.
    Do not select Temporary files or System Restore points.
    Then click on Start scanning button
  • The scan in progress will be shown like this
    Drweb-cureit-4_zps211037d0.gif
  • IF something is detected, you will see a screen similar to this
    Drweb-cureit-5_zpsd7be6acf.gif
    For each item "detected", click on the Action column down arrow, like this
    Drweb-cureit-8_zpsb099f9d5.gif
    Your options will be Cure or Ignore
    IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
    Typically, you will keep the Cure default.
    Then click on the Neutralize button.
  • When the actions are completed, you will see this
    Drweb-cureit-7_zpsd290a127.gif
  • Click on the green Open Report line. It will pop-up the report in NOTEPAD.
    Save the report to your desktop. The report will be called Cureit.log
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, attach the log Cureit.log you saved previously in your next reply.

Re-Enable your antivirus program when all done.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.