Jump to content

Random logins / Random locks / hundreds of audits


trens

Recommended Posts

This started a while back and I never really thought much about it.

Taskmgr.exe will randomly become unresponsive when trying to use it.

This happens quite often and sometimes it will affect other applictions as well.

I left my computer while it was doing a windows update. So it was in the process of shutting down so I went to take a name for four hours.

When I came back my computer was logged into under my account. I checked the event log and there are literally 20-40 Anonymous type 3 logons and a few that originate from a laptop I have. I was sleeping and I thought that the laptop was turned off.

01:52:32 tRens IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 53960, Process: firefox.exe)

02:08:48 tRens IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 54916, Process: svchost.exe)

02:08:48 tRens IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 54917, Process: svchost.exe)

02:08:48 tRens IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 54919, Process: svchost.exe)

02:08:48 tRens IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 54920, Process: svchost.exe)

02:08:48 tRens IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 54921, Process: svchost.exe)

02:08:48 tRens IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 54922, Process: svchost.exe)

01:24:08 tRens IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 52251, Process: sdtray.exe)

01:11:19 tRens IP-BLOCK 89.149.227.72 (Type: outgoing, Port: 41834, Process: skype.exe)

00:39:19 tRens IP-BLOCK 208.87.32.69 (Type: outgoing, Port: 49322, Process: svchost.exe)

01:28:08 tRens IP-BLOCK 208.87.32.69 (Type: outgoing)

01:43:04 tRens IP-BLOCK 208.87.32.69 (Type: outgoing)

I do not know what to exactly due and I'm tired of dealing with this already.

MBAM

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7782

Windows 6.1.7601 Service Pack 1 (Safe Mode)

Internet Explorer 9.0.8112.16421

9/23/2011 8:11:40 PM

mbam-log-2011-09-23 (20-11-40).txt

Scan type: Quick scan

Objects scanned: 188248

Time elapsed: 27 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 9.0.8112.16421

Run by tRens at 20:13:46 on 2011-09-23

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.11117 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Spybot - Search & Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

M:\AppsNotOnC\firefox\firefox.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mWinlogon: Userinit=userinit.exe

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - m:\AppsNotOnC\spybot\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - M:\AppsNotOnC\Java\bin\jp2ssv.dll

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [NUSB3MON] "M:\appsnotonc\NeCusb3\Application\nusb3mon.exe"

mRun: [Malwarebytes' Anti-Malware] M:\AppsNotOnC\mbam\mbamgui.exe /starttray

mRun: [sDTray] "m:\AppsNotOnC\spybot\SDTray.exe"

mRun: [spybot-S&D Cleaning] "M:\AppsNotOnC\spybot\SDCleaner.exe" /autoclean

mRun: [WinPatrol] M:\AppsNotOnC\wpatrol\winpatrol.exe -expressboot

StartupFolder: C:\Users\tRens\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\tRens\AppData\Roaming\Dropbox\bin\Dropbox.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - m:\AppsNotOnC\spybot\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{B31B8E3F-A178-4171-B17E-1BEFF52D3015} : DhcpNameServer = 192.168.1.1

Notify: SDWinLogon - SDWinLogon.dll

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - m:\AppsNotOnC\spybot\SDHelper.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - M:\AppsNotOnC\Java\bin\jp2ssv.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [NUSB3MON] "M:\appsnotonc\NeCusb3\Application\nusb3mon.exe"

mRun-x64: [Malwarebytes' Anti-Malware] M:\AppsNotOnC\mbam\mbamgui.exe /starttray

mRun-x64: [sDTray] "m:\AppsNotOnC\spybot\SDTray.exe"

mRun-x64: [spybot-S&D Cleaning] "M:\AppsNotOnC\spybot\SDCleaner.exe" /autoclean

mRun-x64: [WinPatrol] M:\AppsNotOnC\wpatrol\winpatrol.exe -expressboot

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\tRens\AppData\Roaming\Mozilla\Firefox\Profiles\e9xf5whv.default\

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: M:\AppsNotOnC\Java\bin\new_plugin\npdeployJava1.dll

FF - plugin: M:\AppsNotOnC\Java\bin\new_plugin\npjp2.dll

.

============= SERVICES / DRIVERS ===============

.

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 VaneFltr;Lachesis Mouse Driver;C:\Windows\system32\drivers\Lachesis.sys --> C:\Windows\system32\drivers\Lachesis.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

S1 SDHookDriver;Spybot-S&D 2 Hook Driver;M:\AppsNotOnC\spybot\SDHookDrv64.sys [2011-9-22 48888]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-22 13592]

S2 MBAMService;MBAMService;M:\AppsNotOnC\mbam\mbamservice.exe [2011-9-22 366152]

S2 SDHookService;Spybot S&D 2 Live Protection Service;M:\AppsNotOnC\spybot\SDHookSvc.exe [2011-9-22 130976]

S2 SDScannerService;Spybot-S&D 2 Scanner Service;M:\AppsNotOnC\spybot\SDFSSvc.exe [2011-9-22 1082800]

S2 SDUpdateService;Spybot-S&D 2 Updating Service;M:\AppsNotOnC\spybot\SDUpdSvc.exe [2011-9-22 1149864]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;M:\AppsNotOnC\spybot\SDWSCSvc.exe [2011-9-22 169624]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-9-22 79360]

S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-23 2255464]

.

=============== Created Last 30 ================

.

2011-09-23 22:53:08 980072 ----a-w- C:\Windows\System32\nvvsvc.exe

2011-09-23 22:53:08 836200 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll

2011-09-23 22:53:08 61544 ----a-w- C:\Windows\System32\nvshext.dll

2011-09-23 22:53:08 6136936 ----a-w- C:\Windows\System32\nvcpl.dll

2011-09-23 22:53:08 3021416 ----a-w- C:\Windows\System32\nvsvc64.dll

2011-09-23 22:53:08 117864 ----a-w- C:\Windows\System32\nvmctray.dll

2011-09-23 22:53:06 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2011-09-23 22:52:47 29288 ----a-w- C:\Windows\System32\nvhdap64.dll

2011-09-23 22:52:47 174184 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2011-09-23 22:52:47 1426536 ----a-w- C:\Windows\System32\nvhdagenco642040.dll

2011-09-23 22:50:59 -------- d-----w- C:\NVIDIA

2011-09-23 20:26:15 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-09-23 19:54:15 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57DFFE1B-91D8-49B4-BFEA-3B7542D514E5}\offreg.dll

2011-09-23 19:54:14 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57DFFE1B-91D8-49B4-BFEA-3B7542D514E5}\mpengine.dll

2011-09-23 04:35:16 -------- d-----w- C:\Users\tRens\AppData\Local\Mozilla

2011-09-23 04:27:59 -------- d-----w- C:\Users\tRens\AppData\Roaming\WinPatrol

2011-09-23 04:27:56 -------- d-----w- C:\ProgramData\InstallMate

2011-09-23 04:12:00 -------- d-----w- C:\Users\tRens\AppData\Local\ElevatedDiagnostics

2011-09-23 03:44:31 -------- d-----w- C:\Program Files (x86)\ESET

2011-09-23 02:55:06 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2011-09-23 01:16:46 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-09-23 01:16:42 17272 ----a-w- C:\Windows\System32\sdnclean64.exe

2011-09-23 00:59:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-09-23 00:19:01 525544 ----a-w- C:\Windows\System32\deployJava1.dll

2011-09-22 21:14:33 -------- d-----w- C:\Windows\System32\SPReview

2011-09-22 21:14:28 -------- d-----w- C:\Windows\System32\EventProviders

2011-09-22 21:14:00 48976 ----a-w- C:\Windows\System32\netfxperf.dll

2011-09-22 21:14:00 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2011-09-22 21:12:59 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2011-09-22 21:11:52 9049936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-22 21:04:29 -------- d-----w- C:\Windows\SysWow64\Wat

2011-09-22 21:04:29 -------- d-----w- C:\Windows\System32\Wat

2011-09-22 20:21:57 -------- d-----w- C:\ProgramData\CCP

2011-09-22 20:21:46 -------- d-----w- C:\Users\tRens\AppData\Local\CCP

2011-09-22 20:13:29 -------- d-----w- C:\Program Files (x86)\Common Files\Creative

2011-09-22 20:13:25 -------- d-----w- C:\Program Files (x86)\Common Files\Creative Labs Shared

2011-09-22 20:13:21 -------- d-----w- C:\Program Files\Creative

2011-09-22 20:13:08 121856 ----a-w- C:\Windows\System32\cttele64.dll

2011-09-22 20:13:07 110592 ----a-w- C:\Windows\SysWow64\cttele32.dll

2011-09-22 20:13:05 89088 ----a-w- C:\Windows\System32\CmdRtr64.DLL

2011-09-22 20:13:05 73728 ----a-w- C:\Windows\SysWow64\CmdRtr.DLL

2011-09-22 20:13:05 228352 ----a-w- C:\Windows\System32\APOMgr64.DLL

2011-09-22 20:13:05 176128 ----a-w- C:\Windows\SysWow64\APOMngr.DLL

2011-09-22 20:12:44 61440 ------w- C:\Windows\SysWow64\CTChkAud.dll

2011-09-22 20:12:44 166912 ------w- C:\Windows\SysWow64\CTOPT352.dll

2011-09-22 20:02:33 49664 ------w- C:\Windows\System32\CTChkAud.dll

2011-09-22 20:02:33 42496 ------w- C:\Windows\System32\AddCat.exe

2011-09-22 20:02:33 183296 ------w- C:\Windows\System32\CTOPT352.dll

2011-09-22 20:01:39 -------- d-----r- C:\Program Files (x86)\Skype

2011-09-22 07:03:49 642944 ----a-w- C:\Windows\System32\winload.efi

2011-09-22 07:00:43 -------- d-----w- C:\Windows\Panther

2011-09-22 06:54:06 -------- d-----w- C:\Users\tRens\riotsGamesLogs

2011-09-22 06:53:57 -------- d-----w- C:\Users\tRens\AppData\Roaming\LolClient

2011-09-22 06:48:27 -------- d-----w- C:\Users\tRens\AppData\Roaming\NVIDIA

2011-09-22 06:37:00 -------- d-----w- C:\Users\tRens\AppData\Roaming\Dropbox

2011-09-22 06:35:02 7062 ----a-w- C:\Windows\SysWow64\audiopid.vxd

2011-09-22 06:34:46 -------- d--h--w- C:\Program Files (x86)\Creative Installation Information

2011-09-22 06:34:34 -------- d-----w- C:\Program Files (x86)\Creative

2011-09-22 06:34:22 466520 ----a-w- C:\Windows\System32\wrap_oal.dll

2011-09-22 06:34:22 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2011-09-22 06:34:22 123480 ----a-w- C:\Windows\System32\OpenAL32.dll

2011-09-22 06:34:22 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2011-09-22 06:34:22 -------- d-----w- C:\Program Files (x86)\OpenAL

2011-09-22 06:32:59 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-09-22 06:31:41 -------- d-----w- C:\Users\tRens\AppData\Local\Downloaded Installations

2011-09-22 06:30:08 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9AAD3989-DA85-4D42-8E84-B2894CE69A8D}\gapaengine.dll

2011-09-22 06:30:02 270720 ------w- C:\Windows\System32\MpSigStub.exe

2011-09-22 06:27:36 -------- d-----w- C:\Users\tRens\AppData\Local\Google

2011-09-22 06:27:30 -------- d-----w- C:\Users\tRens\AppData\Local\Deployment

2011-09-22 06:27:30 -------- d-----w- C:\Users\tRens\AppData\Local\Apps

2011-09-22 06:27:05 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-09-22 06:27:04 -------- d-sh--w- C:\Windows\Installer

2011-09-22 06:27:04 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-09-22 06:25:51 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation

2011-09-22 06:24:01 -------- d-----w- C:\Users\tRens\AppData\Roaming\Intel Corporation

2011-09-22 06:21:19 557848 ----a-w- C:\Windows\System32\drivers\iaStor.sys

2011-09-22 06:21:07 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2011-09-22 06:21:02 -------- d-----w- C:\Intel

2011-09-22 03:14:41 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation

2011-09-22 03:14:40 2560616 ----a-w- C:\Windows\System32\nvsvcr.dll

2011-09-22 03:14:35 -------- d-----w- C:\Program Files\NVIDIA Corporation

.

==================== Find3M ====================

.

2011-09-22 21:23:03 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-09-22 21:23:03 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-08-03 11:50:00 8355944 ----a-w- C:\Windows\System32\nvwgf2umx.dll

2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

.

============= FINISH: 20:14:01.28 ===============

GMER

was empty

I have attached the require attach.txt as attach.zip.

I would appreciate any help what soever.

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.