Jump to content

Multiple instances of explorer.exe on Vista


Recommended Posts

Posted

I've noticed lately that my laptop is showing multiple instances of explorer.exe in the task manager. I've run MB and MS Essentials, everything is now coming back "clean", but still seeing this issue. Usually CPU usage % for 1 or 2 will hit 25-30%. Here's the content of the HJT log:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:52:42 PM, on 2014-02-24
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16533)

Boot mode: Normal

Running processes:
C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program Files (x86)Hewlett-PackardMediaDVDDVDAgent.exe
C:Program Files (x86)Hewlett-PackardTouchSmartMediaTSMAgent.exe
C:Program Files (x86)Hewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe
C:Program Files (x86)Hewlett-PackardMediaTVTVAgent.exe
C:Program Files (x86)HpHP Software Updatehpwuschd2.exe
C:Program Files (x86)AdobeAcrobat 9.0Acrobatacrotray.exe
C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe
C:Program Files (x86)Hewlett-PackardSharedhpqToaster.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbarUser_32.exe
C:Program Files (x86)Malwarebytes' Anti-Malwarembam.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:UsersPatrickDownloadsHijackThis (1).exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:Program Files (x86)TechSmithSnagit 10SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~2MICROS~2Office14GROOVEEX.DLL
O2 - BHO: (no name) - {95CFEC51-7780-FC20-7EBA-2921A87886E3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:PROGRA~2MICROS~2Office14URLREDIR.DLL
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:Program Files (x86)MicrosoftInternet Explorer Developer ToolbarIEDevToolbar.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:Program Files (x86)MSNToolbar3.0.0541.0msneshellx.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - d:Program Files (x86)Microsoft Visual Studio 10.0Common7IDEPrivateAssembliesMicrosoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:Program Files (x86)MSNToolbar3.0.0541.0msneshellx.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:Program Files (x86)TechSmithSnagit 10SnagitIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
O4 - HKLM..Run: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [DVDAgent] "C:Program Files (x86)Hewlett-PackardMediaDVDDVDAgent.exe"
O4 - HKLM..Run: [TSMAgent] "C:Program Files (x86)Hewlett-PackardTouchSmartMediaTSMAgent.exe"
O4 - HKLM..Run: [CLMLServer for HP TouchSmart] "C:Program Files (x86)Hewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe"
O4 - HKLM..Run: [TVAgent] "C:Program Files (x86)Hewlett-PackardMediaTVTVAgent.exe"
O4 - HKLM..Run: [uCam_Menu] "C:Program Files (x86)Hewlett-PackardMediaWebcamMUITransferMUIStartMenu.exe" "C:Program Files (x86)Hewlett-PackardMediaWebcam" update "SoftwareHewlett-PackardMediaWebcam"
O4 - HKLM..Run: [updateLBPShortCut] "C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkLabelPrint" UpdateWithCreateOnce "SoftwareCyberLinkLabelPrint2.5"
O4 - HKLM..Run: [updatePSTShortCut] "C:Program Files (x86)CyberLinkDVD SuiteMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkDVD Suite" UpdateWithCreateOnce "SoftwareCyberLinkPowerStarter"
O4 - HKLM..Run: [updateP2GoShortCut] "C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkPower2Go" UpdateWithCreateOnce "SOFTWARECyberLinkPower2Go6.0"
O4 - HKLM..Run: [updatePDIRShortCut] "C:Program Files (x86)CyberLinkPowerDirectorMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkPowerDirector" UpdateWithCreateOnce "SOFTWARECyberLinkPowerDirector7.0"
O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Javajre6binjusched.exe"
O4 - HKLM..Run: [WirelessAssistant] C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe
O4 - HKLM..Run: [HP Software Update] C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [Adobe Acrobat Speed Launcher] "C:Program Files (x86)AdobeAcrobat 9.0AcrobatAcrobat_sl.exe"
O4 - HKLM..Run: [Acrobat Assistant 8.0] "C:Program Files (x86)AdobeAcrobat 9.0AcrobatAcrotray.exe"
O4 - HKLM..Run: [QlbCtrl.exe] "C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" /Start
O4 - HKLM..Run: [bCSSync] "C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe" /DelayServices
O4 - HKLM..Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:Program Files (x86)CiscoCisco AnyConnect Secure Mobility Clientvpnui.exe" -minimized
O4 - HKLM..RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAQQBFAEEAWQAtAFQAMwBMAFUARQAtAE4ATAAzAEQAQQAtAEMAQgBVAEsASAAtAEoARgA3AE0AOQA"&"inst=NwA3AC0ANAAzADAAOQAwADUAMgAwADIALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AVAAzAC0ARgBQADkAKwA2AC0AQgBBAFIAOQBHACsAMQAtAFQAQgA5ACsAMgAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBGADkATQAxADAAQgArADIALQBYAE8AOQArADEALQBGADkATQAyACsAMQAtAEQARABUACsANAAyADIAMgAzAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEQARAA5ADAARgArADEALQBGADkAMABNADEAMgBBAFQAKwAxAC0ARgA5ADAATQAxADIAQQArADEALQBGADkAMABNADEAMgBBAEIAKwAxAC0AVQA5ADUAKwAxAC0ARgA5ADAATQAxADIAQQBUAEIATgArADEA"&"prod=90"&"ver=9.0.894
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [swg] "C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"
O4 - HKCU..Run: [AWZworks] regsvr32.exe C:UsersPatrickAppDataLocalAWZworksfftpigbnhowpkfe.dll
O4 - HKCU..RunOnce: [CryptoUpdate] C:Windowssystem32rundll32.exe "C:UsersPatrickAppDataRoamingMicrosoftCryptoRSAcert_v42_0.tpl",Crypt
O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program Files (x86)Common FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~2Office14EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:PROGRA~2MICROS~2Office14ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:Program Files (x86)MicrosoftInternet Explorer Developer ToolbarIEDevToolbar.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "d:Program Files (x86)Fiddler2Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "d:Program Files (x86)Fiddler2Fiddler.exe" (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://reviews.cnet.com
O15 - Trusted Zone: http://www.vonage.com
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E3372C1F-AFE6-4A3B-90F9-83B2E9B42C82} (ADTCKS.KSLauncher) - http://online.appdev.com/inline/ADTCKS.CAB
O18 - Protocol: a5res - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL
O18 - Protocol: XBasic - (no CLSID) - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:Program Files (x86)Common FilesMicrosoft SharedOFFICE14MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:Windowssystem32browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:Windowssystem32agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:Windowssystem32Ati2evxx.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:Windowssystem32DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Unknown owner - C:Program Files (x86)Hewlett-PackardHP Health Checkhphc_service.exe (file missing)
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:Program Files (x86)Hewlett-PackardSharedhpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:Windowssystem32Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program Files (x86)Common FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: @%windir%system32inetsrviisres.dll,-30007 (IISADMIN) - Unknown owner - C:Windowssystem32inetsrvinetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program Files (x86)Common FilesLightScribeLSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:Program Files (x86)CDBurnerXPNMSAccessU.exe
O23 - Service: Norton Internet Security - Unknown owner - C:Program Files (x86)Norton Internet SecurityEngine16.0.0.125ccSvcHst.exe (file missing)
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:Program Files (x86)SMINSTBLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program Files (x86)CyberLinkShared filesRichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:Program Files (x86)WinPcaprpcapd.exe
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:Program Files (x86)SkypeUpdaterUpdater.exe
O23 - Service: @%SystemRoot%system32SLsvc.exe,-101 (slsvc) - Unknown owner - C:Windowssystem32SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:WindowsSystem32DriverStoreFileRepositorystwrt64.inf_1b06afceSTacSV64.exe (file missing)
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:Program Files (x86)Hewlett-PackardMediaTVKernelTVTVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:Program Files (x86)Hewlett-PackardMediaTVKernelTVTVSched.exe
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:Program Files (x86)CiscoCisco AnyConnect Secure Mobility Clientvpnagent.exe
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

--
End of file - 17906 bytes

 

  • Administrator
Posted

Please post your Malwarebytes Anti-Malware and SuperAntiSpyware logs. Also, as they may be lengthy please wrap them in Code tags (the < > button).

Posted

Please post your Malwarebytes Anti-Malware and SuperAntiSpyware logs. Also, as they may be lengthy please wrap them in Code tags (the < > button).

I'm running a full scan MB right now. When it's finished I'll post the contents. Thanks!

Posted

Hi mj12, any luck with those logs?

Still working on them. My laptop has a button to disable the WiFi and I've noticed that this issue happens only when there's an active connection to the internet. For example, I disable WiFi and kill all the explorer.exe processes except the one for the desktop. I start up the task manager and monitor the processes that are running, at this point there's only explorer.exe process. When I enable the WiFi, within a couple of minutes the number explorer.exe processes start stacking up, eventually eating up 100% of the CPU. Back to the HJT log... notice this suspicious line:

O4 - HKCU..Run: [AWZworks] regsvr32.exe C:Users<my user name>AppDataLocalAWZworksfftpigbnhowpkfe.dll 

A Google search for the name of that dll turned up nothing... quite odd

 

And this one:

O4 - HKCU..RunOnce: [CryptoUpdate] C:Windowssystem32rundll32.exe "C:Users<my user name>AppDataRoamingMicrosoftCryptoRSAcert_v42_0.tpl",Crypt

A Google search for the name of that file found nothing as well. I don't know much about crypto or RSA, but putting this sort of thing in a user's %appdata% folder seems suspicious as well. Hopefully I'll get those logs posted this weekend.

 

Thanks for the follow-up.

  • Administrator
Posted

Both of those entries are indeed malicious. If Malwarebytes, SUPERANtiSpyware and other anti-malware softwares are unable to remove them then we can remove them manually.

Posted

Here's the MalwareBytes log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.24.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
<user name> :: <user name>-PC [administrator]

2014-02-24 09:03:04 AM
mbam-log-2014-02-24 (09-03-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 323820
Time elapsed: 1 hour(s), 35 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:Users<user name>AppDataLocalAWZworksfftpigbnhowpkfe.dll (VirTool.Vbcrypt) -> Delete on reboot.

Registry Keys Detected: 1
HKLMSOFTWAREMicrosoftInternet ExplorerAdvancedOptionsTBH (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCUControl Paneldon't load|wscui.cpl (Hijack.SecurityCenter) -> Data: No -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)


Files Detected: 3
C:Users<user name>AppDataLocalAWZworksfftpigbnhowpkfe.dll (VirTool.Vbcrypt) -> Delete on reboot.
C:Users<user name>AppDataLocalTemp11392585335196.exe (Trojan.Happili) -> Quarantined and deleted successfully.
C:Users<user name>AppDataLocalTempcbbvevwq.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.

(end)

 

The fftpigbnhowpkfe.dll & cert_v42_0.tpl files have been manually removed. I suspect that something else has been infected causing the virus/malware to reload after numerous restarts. Subsequent runs of MalwareBytes and SUPERAntiSpyware aren't finding anything.The SUPERAntiSpyware log is too large to post, so I've attached the file to this reply. Only ad tracking cookes were found by SUPERAntiSpyware.

SUPERAntiSpyware Scan Log - 03-01-2014 - 09-44-38.txt

  • Administrator
Posted

It may be worth trying Malwarebytes Anti-Rootkit, to see what it finds and if it removes anything.

Posted

It may be worth trying Malwarebytes Anti-Rootkit, to see what it finds and if it removes anything.

It didn't find anything.

  • Administrator
Posted

Please post a new HijackThis log. We'll see if anything the scans found was successfully removed.

Posted

Please post a new HijackThis log. We'll see if anything the scans found was successfully removed.

I'll get it posted in the next day or two. I've got another laptop to hold me over until then. Thanks!

Posted

Please post a new HijackThis log. We'll see if anything the scans found was successfully removed.

Here is the latest HijackThis log:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:25:24 PM, on 2014-03-11
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16533)
Boot mode: Safe mode with network support


Running processes:
C:UsersPatrickDownloadsHijackThis.exe


R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = 
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = 
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:Program Files (x86)TechSmithSnagit 10SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~2MICROS~2Office14GROOVEEX.DLL
O2 - BHO: (no name) - {95CFEC51-7780-FC20-7EBA-2921A87886E3} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:PROGRA~2MICROS~2Office14URLREDIR.DLL
O2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:Program Files (x86)MicrosoftInternet Explorer Developer ToolbarIEDevToolbar.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:Program Files (x86)MSNToolbar3.0.0541.0msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - d:Program Files (x86)Microsoft Visual Studio 10.0Common7IDEPrivateAssembliesMicrosoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:Program Files (x86)MSNToolbar3.0.0541.0msneshellx.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:Program Files (x86)TechSmithSnagit 10SnagitIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
O4 - HKLM..Run: [StartCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [DVDAgent] "C:Program Files (x86)Hewlett-PackardMediaDVDDVDAgent.exe"
O4 - HKLM..Run: [TSMAgent] "C:Program Files (x86)Hewlett-PackardTouchSmartMediaTSMAgent.exe"
O4 - HKLM..Run: [CLMLServer for HP TouchSmart] "C:Program Files (x86)Hewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe"
O4 - HKLM..Run: [TVAgent] "C:Program Files (x86)Hewlett-PackardMediaTVTVAgent.exe"
O4 - HKLM..Run: [UCam_Menu] "C:Program Files (x86)Hewlett-PackardMediaWebcamMUITransferMUIStartMenu.exe" "C:Program Files (x86)Hewlett-PackardMediaWebcam" update "SoftwareHewlett-PackardMediaWebcam"
O4 - HKLM..Run: [UpdateLBPShortCut] "C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkLabelPrint" UpdateWithCreateOnce "SoftwareCyberLinkLabelPrint2.5"
O4 - HKLM..Run: [UpdatePSTShortCut] "C:Program Files (x86)CyberLinkDVD SuiteMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkDVD Suite" UpdateWithCreateOnce "SoftwareCyberLinkPowerStarter"
O4 - HKLM..Run: [UpdateP2GoShortCut] "C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkPower2Go" UpdateWithCreateOnce "SOFTWARECyberLinkPower2Go6.0"
O4 - HKLM..Run: [UpdatePDIRShortCut] "C:Program Files (x86)CyberLinkPowerDirectorMUITransferMUIStartMenu.exe" "C:Program Files (x86)CyberLinkPowerDirector" UpdateWithCreateOnce "SOFTWARECyberLinkPowerDirector7.0"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program Files (x86)Javajre6binjusched.exe"
O4 - HKLM..Run: [WirelessAssistant] C:Program Files (x86)Hewlett-PackardHP Wireless AssistantHPWAMain.exe
O4 - HKLM..Run: [HP Software Update] C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [Adobe Acrobat Speed Launcher] "C:Program Files (x86)AdobeAcrobat 9.0AcrobatAcrobat_sl.exe"
O4 - HKLM..Run: [Acrobat Assistant 8.0] "C:Program Files (x86)AdobeAcrobat 9.0AcrobatAcrotray.exe"
O4 - HKLM..Run: [QlbCtrl.exe] "C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" /Start
O4 - HKLM..Run: [BCSSync] "C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe" /DelayServices
O4 - HKLM..Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:Program Files (x86)CiscoCisco AnyConnect Secure Mobility Clientvpnui.exe" -minimized
O4 - HKLM..RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAQQBFAEEAWQAtAFQAMwBMAFUARQAtAE4ATAAzAEQAQQAtAEMAQgBVAEsASAAtAEoARgA3AE0AOQA"&"inst=NwA3AC0ANAAzADAAOQAwADUAMgAwADIALQBCAEEAKwAxAC0ASwBWADMAKwA3AC0AVAAzAC0ARgBQADkAKwA2AC0AQgBBAFIAOQBHACsAMQAtAFQAQgA5ACsAMgAtAEYATAArADkALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBGADkATQAxADAAQgArADIALQBYAE8AOQArADEALQBGADkATQAyACsAMQAtAEQARABUACsANAAyADIAMgAzAC0AUwBUADkAMABGAEEAUABQACsAMQAtAEQARAA5ADAARgArADEALQBGADkAMABNADEAMgBBAFQAKwAxAC0ARgA5ADAATQAxADIAQQArADEALQBGADkAMABNADEAMgBBAEIAKwAxAC0AVQA5ADUAKwAxAC0ARgA5ADAATQAxADIAQQBUAEIATgArADEA"&"prod=90"&"ver=9.0.894
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [swg] "C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program Files (x86)Common FilesAdobeCalibrationAdobe Gamma Loader.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~2Office14EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:PROGRA~2MICROS~2Office14ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:Program Files (x86)MicrosoftInternet Explorer Developer ToolbarIEDevToolbar.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "d:Program Files (x86)Fiddler2Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "d:Program Files (x86)Fiddler2Fiddler.exe" (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://reviews.cnet.com
O15 - Trusted Zone: http://www.vonage.com
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E3372C1F-AFE6-4A3B-90F9-83B2E9B42C82} (ADTCKS.KSLauncher) - http://online.appdev.com/inline/ADTCKS.CAB
O18 - Protocol: a5res - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL
O18 - Protocol: XBasic - (no CLSID) - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:Program Files (x86)Common FilesMicrosoft SharedOFFICE14MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:Windowssystem32browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:Program FilesSUPERAntiSpywareSASCORE64.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:Windowssystem32agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:Windowssystem32Ati2evxx.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:Program Files (x86)Hewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:Windowssystem32DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Unknown owner - C:Program Files (x86)Hewlett-PackardHP Health Checkhphc_service.exe (file missing)
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:Program Files (x86)Hewlett-PackardSharedhpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:Windowssystem32Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program Files (x86)Common FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: @%windir%system32inetsrviisres.dll,-30007 (IISADMIN) - Unknown owner - C:Windowssystem32inetsrvinetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program Files (x86)Common FilesLightScribeLSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:Program Files (x86)CDBurnerXPNMSAccessU.exe
O23 - Service: Norton Internet Security - Unknown owner - C:Program Files (x86)Norton Internet SecurityEngine16.0.0.125ccSvcHst.exe (file missing)
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:Program Files (x86)SMINSTBLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program Files (x86)CyberLinkShared filesRichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:Program Files (x86)WinPcaprpcapd.exe
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:Program Files (x86)SkypeUpdaterUpdater.exe
O23 - Service: @%SystemRoot%system32SLsvc.exe,-101 (slsvc) - Unknown owner - C:Windowssystem32SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:WindowsSystem32DriverStoreFileRepositorystwrt64.inf_1b06afceSTacSV64.exe (file missing)
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:Program Files (x86)Hewlett-PackardMediaTVKernelTVTVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:Program Files (x86)Hewlett-PackardMediaTVKernelTVTVSched.exe
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:Program Files (x86)CiscoCisco AnyConnect Secure Mobility Clientvpnagent.exe
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)


--
End of file - 16915 bytes
  • Administrator
Posted

Looking through I don't see anything malicious. If possible, provide a log from Normal Mode also.

 

I'd also recommend switching away from AVG to something like Microsoft Security Essentials or avast.

Posted

Looking through I don't see anything malicious. If possible, provide a log from Normal Mode also.

 

I'd also recommend switching away from AVG to something like Microsoft Security Essentials or avast.

Will do. I no longer use AVG, but MS Security Essentials as you suggested. What you're seeing are artifacts left over from an AVG installation. Not sure why they didn't get cleaned out when AVG was uninstalled several months ago.

  • Administrator
Posted

If you're using my Anti-Malware Toolkit, there is an AVG Uninstaller option towards the bottom.

  • Administrator
Posted

Interesting find and good to hear it seems to be clean.

 

Once you've got a clean bill of health, you may want to read the PC Security guide.

  • 3 weeks later...
  • Administrator
Posted

The issue this thread has been opened for has been resolved.

If you need continued support, please start a new thread and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here: PC Cleanup

It is recommended that you review our PC Security wiki page to help secure your computer and protect it.

Guest
This topic is now closed to further replies.
×
×
  • Create New...