Jump to content

Possibly Infected? High usage with LSM.EXE?


Recommended Posts

Hello! I've just signed up to see if I could get any help from you guys and girls over at Malwarebytes, I've been having issues with my PC lately, as of yesterday, spools had an error and I chose to click the ignore button, thinking it may have just been a temporary thing that wouldn't be too much of a problem. 

 

This morning when I logged on, I checked out my Processes on Task Manager and noticed that LSM.exe was using about 50% of the power, which was strange for me to see, as I hadn't seen it use so much before, I did a google search on the process and found it was linked to remote assistance, now, I've used remote assistance before on a different program called 'Teamviewer', I assumed it wasn't related to that at all, since I hadn't used it after booting up.

 

In any case, if there's anybody that's able to help resolve my problems, it would be greatly appreciated, I'll include the DDS and Attach Files beneath.

DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.21.2Run by Sam at 5:33:07 on 2013-08-31Microsoft Windows 7 Enterprise   6.1.7601.1.1252.44.1033.18.3583.2164 [GMT 1:00].AV: avast! Antivirus *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\nvvsvc.exeC:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\taskhost.exeC:\Windows\Explorer.EXEC:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Windows\system32\conhost.exeF:\Program Files\TeamViewer\Version8\TeamViewer_Service.exeC:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\AVG Secure Search\vprot.exeC:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\Java\jre7\bin\javaw.exeC:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exeC:\Windows\system32\conhost.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\System32\alg.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Windows\system32\ctfmon.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Users\Sam\Downloads\RogueKiller.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k secsvcs.============== Pseudo HJT Report ===============.uSearch Bar = PreserveuProxyServer = 173.203.98.31:3128uProxyOverride = <local>BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dllBHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllTB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dllTB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.5.0.2\AVG Secure Search_toolbar.dlluRun: [KPeerNexonEU] c:\nexon\nexon_eu_downloader\nxEULauncher.exeuRun: [LocalSessionManager] "c:\users\sam\appdata\roaming\lsm.exe"uRun: [sysXboot] "c:\program files\java\jre7\bin\javaw.exe" -jar "c:\users\sam\appdata\local\temp\sysXboot8782537466555708928.jar"mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /noguimRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -smRun: [vProt] "c:\program files\avg secure search\vprot.exe"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [Nvtmru] "c:\program files\nvidia corporation\nvidia update core\nvtmru.exe"mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"uPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"TCP: NameServer = 192.168.0.1TCP: Interfaces\{BE736C3E-735B-46F2-B50B-316D149E8619} : DHCPNameServer = 192.168.0.1Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dllHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.5.0\ViProtocol.dllAppInit_DLLs= c:\progra~1\nvidia~1\nvstre~1\rxinput.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.62\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromeHosts: 0.0.0.0 nwmaster.bioware.comHosts: 0.0.0.0 nw2master.bioware.comHosts: 0.0.0.0 nwn2.master.gamespy.com============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-10 49376]R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-10 175176]R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-5-26 770344]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-5-26 369584]R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-4 37664]R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2013-5-20 90112]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-5-26 29816]R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-5-26 66336]R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-10 46808]R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe [2013-8-16 14592288]R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-8-14 3291008]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-7-25 414496]R2 TeamViewer8;TeamViewer 8;f:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-5-6 3467768]R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.5.0\ToolbarUpdater.exe [2013-8-16 1643184]R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-8-16 34592]R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\razer\razer game booster\driver\WinRing0.sys [2013-8-20 14416]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 Desura Install Service;Desura Install Service;c:\program files\common files\desura\desura_service.exe [2013-5-24 131912]S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2013-3-14 23456]S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-5-26 72832]S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-5-15 14848]S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-5-15 49664]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-5-27 1343400].=============== Created Last 30 ================.2013-08-31 04:27:25	15616	----a-w-	c:\windows\system32\TrueSight.sys2013-08-31 04:04:28	--------	d-----w-	c:\users\sam\appdata\roaming\ParetoLogic2013-08-31 04:04:28	--------	d-----w-	c:\users\sam\appdata\roaming\DriverCure2013-08-31 04:04:18	--------	d-----w-	c:\program files\common files\ParetoLogic2013-08-31 04:04:14	--------	d-----w-	c:\programdata\ParetoLogic2013-08-31 04:04:14	--------	d-----w-	c:\program files\ParetoLogic2013-08-31 03:37:13	60872	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{bec2a469-e89c-4164-aa1e-2d8e6f0d3d1e}\offreg.dll2013-08-30 17:05:11	1692160	----a-w-	c:\users\sam\appdata\roaming\lsm.exe2013-08-27 01:04:04	--------	d-----w-	c:\program files\Fiddler22013-08-21 22:19:36	9245984	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys2013-08-21 22:19:36	893728	----a-w-	c:\windows\system32\nvdispgenco3232641.dll2013-08-21 22:19:36	586016	----a-w-	c:\windows\system32\NvFBC.dll2013-08-21 22:19:36	2789152	----a-w-	c:\windows\system32\nvcuvid.dll2013-08-21 22:19:36	22100768	----a-w-	c:\windows\system32\nvoglv32.dll2013-08-21 22:19:36	2007328	----a-w-	c:\windows\system32\nvcuvenc.dll2013-08-21 22:19:36	17560352	----a-w-	c:\windows\system32\nvcompiler.dll2013-08-21 22:19:36	1049376	----a-w-	c:\windows\system32\nvdispco3232641.dll2013-08-21 22:19:35	7695320	----a-w-	c:\windows\system32\nvcuda.dll2013-08-21 22:19:35	6329552	----a-w-	c:\windows\system32\nvopencl.dll2013-08-21 22:19:35	515360	----a-w-	c:\windows\system32\NvIFR.dll2013-08-20 19:05:46	--------	d-----w-	c:\users\sam\appdata\local\Razer2013-08-16 18:57:03	--------	d-----w-	C:\NvidiaLogging2013-08-16 18:56:12	34592	----a-w-	c:\windows\system32\drivers\nvvad32v.sys2013-08-16 18:56:12	28448	----a-w-	c:\windows\system32\nvaudcap32v.dll.==================== Find3M  ====================.2013-08-21 17:28:07	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl2013-08-21 17:28:07	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe2013-08-16 13:37:58	37664	----a-w-	c:\windows\system32\drivers\avgtpx86.sys2013-07-26 06:02:18	53024	----a-w-	c:\windows\system32\OpenCL.dll2013-07-26 06:02:18	2630304	----a-w-	c:\windows\system32\nvapi.dll2013-07-26 06:02:18	13626160	----a-w-	c:\windows\system32\nvwgf2um.dll2013-07-26 06:02:18	12944800	----a-w-	c:\windows\system32\nvd3dum.dll2013-07-26 04:01:51	4266784	----a-w-	c:\windows\system32\nvcpl.dll2013-07-26 04:01:51	3006752	----a-w-	c:\windows\system32\nvsvc.dll2013-07-26 04:01:47	662816	----a-w-	c:\windows\system32\nvvsvc.exe2013-07-26 04:01:46	62752	----a-w-	c:\windows\system32\nvshext.dll2013-07-26 04:01:45	209184	----a-w-	c:\windows\system32\nvmctray.dll2013-07-25 22:19:16	571168	----a-w-	c:\windows\system32\nvStreaming.exe2013-06-27 21:05:09	770344	----a-w-	c:\windows\system32\drivers\aswSnx.sys2013-06-27 21:05:09	175176	----a-w-	c:\windows\system32\drivers\aswVmm.sys2013-06-18 11:05:38	348160	----a-w-	c:\windows\system32\msvcr71.dll2013-06-08 11:13:19	2706432	----a-w-	c:\windows\system32\mshtml.tlb.============= FINISH:  5:33:29.17 ===============
.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Enterprise Boot Device: \Device\HarddiskVolume3Install Date: 26/05/2012 12:11:06System Uptime: 31/08/2013 04:32:38 (1 hours ago).Motherboard: ASUSTeK Computer INC. |  | P5G41T-M LXProcessor: Intel(R) Pentium(R) D CPU 3.00GHz | LGA775 | 3000/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 37 GiB total, 5.994 GiB free.D: is FIXED (NTFS) - 37 GiB total, 9.722 GiB free.E: is FIXED (NTFS) - 37 GiB total, 0.14 GiB free.F: is FIXED (NTFS) - 112 GiB total, 26.147 GiB free.G: is FIXED (NTFS) - 37 GiB total, 9.719 GiB free.H: is CDROM ()L: is FIXED (NTFS) - 75 GiB total, 24.938 GiB free..==== Disabled Device Manager Items =============.Class GUID: Description: Device ID: USB\VID_0B97&PID_7732\6&1C0D306E&0&1Manufacturer: Name: PNP Device ID: USB\VID_0B97&PID_7732\6&1C0D306E&0&1Service: .==== System Restore Points ===================.RP224: 30/08/2013 16:55:38 - Scheduled Checkpoint.==== Installed Programs ======================.7 Days to Die 1.00Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.6)Adobe Shockwave Player 12.0Apple Application SupportApple Mobile Device SupportApple Software UpdateArmA 2 Free Uninstallavast! Free AntivirusAVG Security ToolbarBad PiggiesBandicamBandisoft MPEG-1 DecoderBitTorrentCCleanerCube World version 0.0.1DesuraEurope MapleStoryFallout2FaçadeFiddlerFlashOffliner 1.0Fraps (remove only)Freemake Video Converter version 3.1.2FTL version 1.03.1GIMP 2.6.11Google ChromeGoogle Update HelperIrfanView (remove only)iTunesJava 7 Update 21Java Auto UpdaterLeague of LegendsMedia Player Codec Pack 4.2.6Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft ReaderMicrosoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319Microsoft XNA Framework Redistributable 4.0Movie Maker 6.0 for Windows 7 (32-bit)Mozilla Firefox 21.0 (x86 en-GB)Mozilla Maintenance ServiceMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MUSHclient (remove only)NeverwinterNeverwinter NightsNeverwinter Nights 2 CompleteNVIDIA 3D Vision Controller Driver 326.41NVIDIA 3D Vision Driver 326.41NVIDIA Control Panel 326.41NVIDIA GeForce Experience 1.6NVIDIA Graphics Driver 326.41NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.13.0604NVIDIA Stereoscopic 3D DriverNVIDIA Update 7.2.17NVIDIA Update ComponentsNVIDIA Virtual Audio 1.2.1OpenALosu!Portal 2PowerISORazer Game BoosterRealtek High Definition Audio DriverRegCure ProScribblenauts UnlimitedSecondLifeViewer (remove only)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)SHIELD StreamingSkype Click to CallSkype™ 6.6SteamswMSMSystem Requirements Lab CYRITeamSpeak 3 ClientTeamViewer 8TerrariaUnity Web PlayerUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)VLC media player 1.1.7WinRAR 4.20 beta 2 (32-bit).==== Event Viewer Messages From Past Week ========.31/08/2013 05:24:00, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.31/08/2013 05:23:56, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.31/08/2013 04:35:59, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.30/08/2013 19:52:53, Error: Microsoft-Windows-SharedAccess_NAT [34001]  - The ICS_IPV6 failed to configure IPv6 stack.27/08/2013 12:08:13, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.27/08/2013 01:30:48, Error: Service Control Manager [7034]  - The Hotspot Shield Monitoring Service service terminated unexpectedly.  It has done this 1 time(s)..==== End Of File ===========================
Link to post
Share on other sites

Thought it would also be worth the mention I've also ran RogueKiller, the report is as followed.

RogueKiller V8.6.7 [Aug 28 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits versionStarted in : Normal modeUser : Sam [Admin rights]Mode : Scan -- Date : 08/31/2013 05:30:02| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 10 ¤¤¤[RUN][HJNAME] HKCU\[...]\Run : LocalSessionManager ("C:\Users\Sam\AppData\Roaming\lsm.exe" [-]) -> FOUND[RUN][SUSP PATH] HKCU\[...]\Run : sysXboot ("C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Sam\AppData\Local\Temp\sysXboot8782537466555708928.jar" [7][-]) -> FOUND[RUN][HJNAME] HKUS\S-1-5-21-264821928-3135040146-2873433161-1000\[...]\Run : LocalSessionManager ("C:\Users\Sam\AppData\Roaming\lsm.exe" [-]) -> FOUND[RUN][SUSP PATH] HKUS\S-1-5-21-264821928-3135040146-2873433161-1000\[...]\Run : sysXboot ("C:\Program Files\Java\jre7\bin\javaw.exe" -jar "C:\Users\Sam\AppData\Local\Temp\sysXboot8782537466555708928.jar" [7][-]) -> FOUND[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (173.203.98.31:3128) -> FOUND[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Scheduled tasks : 4 ¤¤¤[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{7BF1CC42-B823-48DB-8BA7-5199FAAFEC88}.exe - --uninstall=1 [x] -> FOUND[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv.job : C:\Windows\TEMP\{9CAA848C-44DE-4CE6-BAA5-4E09E2F74088}.exe - --uninstall=1 [x] -> FOUND[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_HP_rmv : C:\Windows\TEMP\{9CAA848C-44DE-4CE6-BAA5-4E09E2F74088}.exe - --uninstall=1 [x] -> FOUND[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{7BF1CC42-B823-48DB-8BA7-5199FAAFEC88}.exe - --uninstall=1 [x] -> FOUND¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 2 ¤¤¤[FF][PROXY] 3mtwtsi0.default : user_pref("network.proxy.hxxp", "81.27.79.181"); -> FOUND[FF][PROXY] 3mtwtsi0.default : user_pref("network.proxy.hxxp_port", 8080); -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection :  ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts0.0.0.0 nwmaster.bioware.com0.0.0.0 nw2master.bioware.com0.0.0.0 nwn2.master.gamespy.com¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: WDC WD800JD-75MSA2 ATA Device +++++--- User ---[MBR] ecfcef2f81414722e2a5f1832879cd45[BSP] cf42810ed9eb59b389d280cc8e4491c9 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 37997 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 77915250 | Size: 38240 MoUser = LL1 ... OK!User = LL2 ... OK!+++++ PhysicalDrive1: WDC WD800JD-75MSA2 ATA Device +++++--- User ---[MBR] daed6d00ec0b82edbfd0b833451922c8[BSP] fc6ba2952bc033bbfb09ddf58d6845b8 : Windows XP MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 38144 MoUser = LL1 ... OK!User = LL2 ... OK!+++++ PhysicalDrive2: WDC WD800JD-75MSA2 ATA Device +++++--- User ---[MBR] 89fa62110b0563c95bbbb8e43641c518[BSP] b3cf129848b62bb1e7fc4a301f985215 : Windows Vista MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 38144 MoUser = LL1 ... OK!User = LL2 ... OK!+++++ PhysicalDrive3: WDC WD800JD-75MSA2 ATA Device +++++--- User ---[MBR] 4f4df3d4dae6e8a333cbd1121e23146b[BSP] a959b41e7a003d37dff809ab0d53678f : Empty MBR CodePartition table:0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 114471 MoUser = LL1 ... OK!User = LL2 ... OK!+++++ PhysicalDrive4: WDC WD800JD-75MSA2 ATA Device +++++--- User ---[MBR] abd708209e0043f15f2bb23ce9840956[BSP] c150e0a6ae78fff94ef2e9ee4811f563 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_08312013_053002.txt >>
Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.