Jump to content


Photo
- - - - -

Infection?

Started by Trav, Jun 27 2012 11:00 PM

  • This topic is locked This topic is locked
18 replies to this topic

#1 Trav

Trav

    Regular Member

  • Honorary Members
  • PipPip
  • 94 posts

Posted 27 June 2012 - 11:00 PM

!!==Summary==!!

Greetings,
I'd noticed my machine was running a bit laggy, so I ran two malwarebytes scans and found the following. I've also attached a hijack this log. I tried to run D.D.S., but after 15 minutes of it running without any progress I decided to kill it. It is actually currently hung on my system, and I cannot end the process via the task manager process lists, so I'll probably have to perform a forced shut-down. This is somewhat odd, I disabled Avast! and my firewall and cannot think of any other script blocking programs that could be interfering. Any assistance that could be provided would be appreciated.

EDIT: I decided to also run a trendmicro root kit scanner. I doubt almost anything in it is actually a rootkit, but in the off chance I missed something I decided to post the contents amidst the other logs included.

!!==Log 1 - Malwarebytes==!!
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.27.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Amun-Ra 13 :: SEKHMET [administrator]

6/27/2012 5:36:58 PM
mbam-log-2012-06-27 (17-36-58).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 73605
Time elapsed: 19 minute(s), 16 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Amun-Ra 13\Local Settings\Temp\IWantThis.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

(end)


!!==Log 2 - Malwarebytes==!!

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.27.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Amun-Ra 13 :: SEKHMET [administrator]

6/27/2012 6:21:42 PM
mbam-log-2012-06-27 (18-21-42).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 510979
Time elapsed: 3 hour(s), 38 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\RECYCLER\S-1-5-21-682003330-1035525444-725345543-1004\Dc56.exe (PUP.AdBundle) -> Quarantined and deleted successfully.

(end)

!!==Log 3 - Hijack This==!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:43:10 PM, on 6/27/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Game Booster 3\gbtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\AutoTask\AutoTask.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\System Explorer\SystemExplorer.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LOLReplay\LOLRecorder.exe
C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Documents and Settings\Amun-Ra 13\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: SearchCore for Browsers - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\SEARCH~1\BROWSE~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AutoTask] "C:\Program Files\AutoTask\AutoTask.exe" /STARTUP
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SystemExplorerAutoStart] "C:\Program Files\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: LOLRecorder.lnk = C:\Program Files\LOLReplay\LOLRecorder.exe
O4 - Global Startup: NETGEAR WNA3100 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: WSWNA3100 - Unknown owner - C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe

--
End of file - 12600 bytes

!!==Log 4 - Trend Micro RootkitBuster==!!

+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 5.0.0.1061
| Computer Name: SEKHMET
| OS version: 5.1-2600
| User Name: Amun-Ra 13
+----------------------------------------------------


--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--
MBR unsupported disk type
No hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Root : 448b0d8
SubKey : Windows
ValueName : DeviceNotSelectedTimeout
Data : 15
ValueType : 1
AccessType: 0
FullLength: 71
DataSize : 6
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Root : 448b0d8
SubKey : Windows
ValueName : GDIProcessHandleQuota
Data : 10000
ValueType : 4
AccessType: 0
FullLength: 71
DataSize : 4
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Root : 448b0d8
SubKey : Windows
ValueName : Spooler
Data : yes
ValueType : 1
AccessType: 0
FullLength: 71
DataSize : 8
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Root : 448b0d8
SubKey : Windows
ValueName : swapdisk
Data :
ValueType : 1
AccessType: 0
FullLength: 71
DataSize : 2
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Root : 448b0d8
SubKey : Windows
ValueName : TransmissionRetryTimeout
Data : 90
ValueType : 1
AccessType: 0
FullLength: 71
DataSize : 6
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Root : 448b0d8
SubKey : Windows
ValueName : USERProcessHandleQuota
Data : 10000
ValueType : 4
AccessType: 0
FullLength: 71
DataSize : 4
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Root : 448b0d8
SubKey : Windows
ValueName : LoadAppInit_DLLs
Data : 1
ValueType : 4
AccessType: 0
FullLength: 71
DataSize : 4
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Root : 448b0d8
SubKey : Windows
ValueName : AppInit_DLLs
Data : C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll
ValueType : 1
AccessType: 0
FullLength: 71
DataSize : 166
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg
Root : 448bfc0
SubKey : Cfg
ValueName : s1
Data : 771343423
ValueType : 4
AccessType: 0
FullLength: 61
DataSize : 4
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg
Root : 448bfc0
SubKey : Cfg
ValueName : s2
Data : 285507792
ValueType : 4
AccessType: 0
FullLength: 61
DataSize : 4
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg
Root : 448bfc0
SubKey : Cfg
ValueName : g0
Data : 38 23 E8 D0 BF F2 2D 6F ...
ValueType : 3
AccessType: 0
FullLength: 61
DataSize : 32
[HIDDEN_REGISTRY][Hidden Reg Value]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg
Root : 448bfc0
SubKey : Cfg
ValueName : h0
Data : 1
ValueType : 4
AccessType: 0
FullLength: 61
DataSize : 4
[HIDDEN_REGISTRY][Hidden Reg Key]:
KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
SubKey : 0D79C293C1ED61418462E24595C90D04
FullLength: 94
13 hidden registry entries found.


--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.

--== Service Win32 API Hook List ==--
[HOOKED_SERVICE_API]:
Service API : ZwAddBootEntry
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80616e50
CurrentHandler : 0xb31f1df8
ServiceNumber : 0x9
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAdjustPrivilegesToken
Image Path : C:\WINDOWS\System32\DRIVERS\cmdguard.sys
OriginalHandler : 0x805ec336
CurrentHandler : 0xb3629824
ServiceNumber : 0xb
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAllocateVirtualMemory
Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS
OriginalHandler : 0x805a8ac2
CurrentHandler : 0xb327ea5a
ServiceNumber : 0x11
ModuleName : aswSP.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwAssignProcessToJobObject
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x805d66a0
CurrentHandler : 0xb31f285e
ServiceNumber : 0x13
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwClose
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x805bc538
CurrentHandler : 0xb321ed5d
ServiceNumber : 0x19
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwConnectPort
Image Path : C:\WINDOWS\System32\DRIVERS\cmdguard.sys
OriginalHandler : 0x805a45d8
CurrentHandler : 0xb3628dd0
ServiceNumber : 0x1f
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateEvent
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x8060ee4c
CurrentHandler : 0xb31f72e4
ServiceNumber : 0x23
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateEventPair
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80617196
CurrentHandler : 0xb31f7330
ServiceNumber : 0x24
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateFile
Image Path : C:\WINDOWS\System32\DRIVERS\cmdguard.sys
OriginalHandler : 0x805790a2
CurrentHandler : 0xb362948a
ServiceNumber : 0x25
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateIoCompletion
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80578a80
CurrentHandler : 0xb31f7422
ServiceNumber : 0x26
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateKey
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80623fd6
CurrentHandler : 0xb321e711
ServiceNumber : 0x29
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateMutant
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x8061758e
CurrentHandler : 0xb31f7252
ServiceNumber : 0x2b
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateSection
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x805ab3d0
CurrentHandler : 0xb31f7374
ServiceNumber : 0x32
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateSemaphore
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80614f4c
CurrentHandler : 0xb31f729a
ServiceNumber : 0x33
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateSymbolicLinkObject
Image Path : C:\WINDOWS\System32\DRIVERS\cmdguard.sys
OriginalHandler : 0x805c3a02
CurrentHandler : 0xb362bfa4
ServiceNumber : 0x34
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateThread
Image Path : C:\WINDOWS\System32\DRIVERS\cmdguard.sys
OriginalHandler : 0x805d1038
CurrentHandler : 0xb36287bc
ServiceNumber : 0x35
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwCreateTimer
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80616e5e
CurrentHandler : 0xb31f73dc
ServiceNumber : 0x36
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDeleteBootEntry
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x805c8678
CurrentHandler : 0xb31f1e44
ServiceNumber : 0x3d
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDeleteKey
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80624472
CurrentHandler : 0xb321f423
ServiceNumber : 0x3f
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDeleteValueKey
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80624642
CurrentHandler : 0xb321f6d9
ServiceNumber : 0x41
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwDuplicateObject
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x805be010
CurrentHandler : 0xb31f49a8
ServiceNumber : 0x44
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwEnumerateKey
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80624822
CurrentHandler : 0xb321f28e
ServiceNumber : 0x47
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwEnumerateValueKey
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80624a8c
CurrentHandler : 0xb321f0f9
ServiceNumber : 0x49
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwFreeVirtualMemory
Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS
OriginalHandler : 0x805b2fba
CurrentHandler : 0xb327eb34
ServiceNumber : 0x53
ModuleName : aswSP.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwLoadDriver
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80584172
CurrentHandler : 0xb31f1ad6
ServiceNumber : 0x61
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwMakeTemporaryObject
Image Path : C:\WINDOWS\System32\DRIVERS\cmdguard.sys
OriginalHandler : 0x805bc5dc
CurrentHandler : 0xb3629098
ServiceNumber : 0x69
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwModifyBootEntry
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x805c8678
CurrentHandler : 0xb31f1e90
ServiceNumber : 0x6d
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwNotifyChangeKey
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x806261c4
CurrentHandler : 0xb31f4d1c
ServiceNumber : 0x6f
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwNotifyChangeMultipleKeys
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80624df8
CurrentHandler : 0xb31f2b02
ServiceNumber : 0x70
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenEvent
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x8060ef4c
CurrentHandler : 0xb31f730e
ServiceNumber : 0x72
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenEventPair
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x8061726e
CurrentHandler : 0xb31f7352
ServiceNumber : 0x73
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenFile
Image Path : C:\WINDOWS\System32\DRIVERS\cmdguard.sys
OriginalHandler : 0x8057a1a0
CurrentHandler : 0xb3629666
ServiceNumber : 0x74
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenIoCompletion
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80578b58
CurrentHandler : 0xb31f7446
ServiceNumber : 0x75
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenKey
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x806253b4
CurrentHandler : 0xb321ea6d
ServiceNumber : 0x77
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenMutant
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80617666
CurrentHandler : 0xb31f7278
ServiceNumber : 0x78
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenProcess
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x805cb456
CurrentHandler : 0xb31f4518
ServiceNumber : 0x7a
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenSection
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x805aa3f4
CurrentHandler : 0xb31f73ae
ServiceNumber : 0x7d
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenSemaphore
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80615046
CurrentHandler : 0xb31f72c2
ServiceNumber : 0x7e
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenThread
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x805cb6e2
CurrentHandler : 0xb31f474c
ServiceNumber : 0x80
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwOpenTimer
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80616f80
CurrentHandler : 0xb31f7400
ServiceNumber : 0x83
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwProtectVirtualMemory
Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS
OriginalHandler : 0x805b8426
CurrentHandler : 0xb327eca0
ServiceNumber : 0x89
ModuleName : aswSP.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwQueryKey
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x806256f6
CurrentHandler : 0xb321ef74
ServiceNumber : 0xa0
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwQueryMultipleValueKey
Image Path : C:\WINDOWS\System32\DRIVERS\cmdguard.sys
OriginalHandler : 0x80623124
CurrentHandler : 0xb362b0e8
ServiceNumber : 0xa1
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwQueryObject
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x805c52d4
CurrentHandler : 0xb31f29ce
ServiceNumber : 0xa3
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwQueryValueKey
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x806221fa
CurrentHandler : 0xb321edc6
ServiceNumber : 0xb1
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwRenameKey
Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS
OriginalHandler : 0x806239f8
CurrentHandler : 0xb3288b68
ServiceNumber : 0xc0
ModuleName : aswSP.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwRestoreKey
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x806259b6
CurrentHandler : 0xb321dd84
ServiceNumber : 0xcc
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetBootEntryOrder
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80616e50
CurrentHandler : 0xb31f1edc
ServiceNumber : 0xd3
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetBootOptions
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80616e50
CurrentHandler : 0xb31f1f28
ServiceNumber : 0xd4
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetSecurityObject
Image Path : C:\WINDOWS\System32\DRIVERS\cmdguard.sys
OriginalHandler : 0x805c0636
CurrentHandler : 0xb3629e76
ServiceNumber : 0xed
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetSystemInformation
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x8060fc04
CurrentHandler : 0xb31f1b46
ServiceNumber : 0xf0
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetSystemPowerState
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80653e18
CurrentHandler : 0xb31f1cea
ServiceNumber : 0xf1
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSetValueKey
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80622548
CurrentHandler : 0xb321f52a
ServiceNumber : 0xf7
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwShutdownSystem
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80612e8e
CurrentHandler : 0xb31f1c92
ServiceNumber : 0xf9
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwSystemDebugControl
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x80617faa
CurrentHandler : 0xb31f1d5a
ServiceNumber : 0xff
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwTerminateProcess
Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS
OriginalHandler : 0x805d22d8
CurrentHandler : 0xb327ed60
ServiceNumber : 0x101
ModuleName : aswSP.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwTerminateThread
Image Path : C:\WINDOWS\System32\DRIVERS\cmdguard.sys
OriginalHandler : 0x805d24d2
CurrentHandler : 0xb36289c0
ServiceNumber : 0x102
ModuleName : cmdguard.sys
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwVdmControl
Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS
OriginalHandler : 0x805fba3e
CurrentHandler : 0xb31f1f74
ServiceNumber : 0x10c
ModuleName : aswSnx.SYS
SDTType : 0x0
[HOOKED_SERVICE_API]:
Service API : ZwWriteVirtualMemory
Image Path : C:\WINDOWS\System32\Drivers\aswSP.SYS
OriginalHandler : 0x805b43d4
CurrentHandler : 0xb327ebe0
ServiceNumber : 0x115
ModuleName : aswSP.SYS
SDTType : 0x0
No hidden operating system service hooks found.

--== Dump Hidden Port ==--
No hidden ports found.

--== Dump Kernel Code Patching ==--
No kernel code patching detected.

--== Dump Hidden Services ==--
No hidden services found.

#2 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 29 June 2012 - 03:18 PM

1.Click Start > Settings > Control Panel.
2.Next, open Add/Remove Programs and remove either:
IObit\Advanced SystemCare 5
Searchqu Toolbar
SearchCore for Browsers
Bing Bar


Do you use this program?
System Explorer\SystemExplorer.exe

Next:

Next:
Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
[/list]If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 Trav

Trav

    Regular Member

  • Honorary Members
  • PipPip
  • 94 posts

Posted 29 June 2012 - 03:51 PM

All items removed, and all cleaning tasks performed. May I ask why I was instructed to remove IObit? I rather enjoyed some of the system tools that came packaged with it.

EDIT:

Also, yes I do use System Explorer.

#4 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 29 June 2012 - 03:54 PM

Just trying to get the performance back so anything that's running will make a difference.

Is it running better?
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 29 June 2012 - 05:04 PM

You still with me on this?
We've only just started looking at this.
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#6 Trav

Trav

    Regular Member

  • Honorary Members
  • PipPip
  • 94 posts

Posted 01 July 2012 - 07:28 PM

My apologies, I am still with you. My reply was delayed by a serious system failure.

A few evenings ago I was playing a game called League of Legends with some friends of mine. While running the program I also had skype up so we could chat with one another while playing said game. During the game my Skype account was disconnected, and the games screen cut to black. I still had audio of the game happening though.

Deciding it best to close the process, I ended the games task in the task manager. While looking through the task manager I noticed several strange entries, attempted to take a screenshot of the events but recieved a blank error message informing me of something while the print screen failed to paste into a paint document. I've attempted to replicate what the screen I saw looked like with the image attached.

Things got progressivly worse. While attempting to restore my Skype password (which was now for some reason inexplicably blank) I noticed that websites wern't fully loading. It got so bad I eventually had to kill the browsers I was using in an effort to get a better view of things. My desktop was acting tempramental, icons were discolored, and some were missing, others had black shadows encompassing them. I attempted to open a folder, and it looked like for a split second a folder was opening before suddenly it abruptly closed and another blank error message was displayed on my screen. I'd had enough of all this, and proceeded to manually shutdown the machine.

I've booted it a few times in safe mode and tried to run malwarebytes, running a full system scan. Since I have alot of files I generally set it up and than leave it be. However, after attempting two full system scans the system seems to shut down in the middle of the scans for reasons I can't imagine. A quick scan revealed no infections, but a full scan might be best.

I've managed to load up the machine in normal mode. Loading times seem slower than I remember them, but so far the strange system failures haven't started up again.

Do these sound like signs that my video card / power supply is going out? I've been having some issues with both in the past, but am uncertain how such things would result in Skype crashing.

Any and all advice you could provide would be helpful,
~Trav

EDIT: I have added the image file mentioned earlier and a collection of event log entries I found suspicious.

Attached Files


#7 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 02 July 2012 - 06:37 AM

You can Google those yourself like I did.
Nothing appears to be bad.

It really sounds like a hardware issue to me.
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#8 Trav

Trav

    Regular Member

  • Honorary Members
  • PipPip
  • 94 posts

Posted 02 July 2012 - 01:21 PM

I see, what sort of hardware issue do you think it is? A problem with graphics card / power supply / hard drive? I'm doing some searches myself and am having trouble finding what hardware is implicated by the described symptoms.

#9 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 02 July 2012 - 02:00 PM

I would start with the Graphics card
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#10 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 02 July 2012 - 02:53 PM

Question.

Is it only when you're on the web you notice issues with picture, etc.?

Have you tried both IE and FireFox?
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#11 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 06 July 2012 - 10:30 AM

Do you still need help with this?
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#12 Trav

Trav

    Regular Member

  • Honorary Members
  • PipPip
  • 94 posts

Posted 06 July 2012 - 11:01 AM

I generally am constantly on the internet in one way or another, so although it has surfaced only while I'm using a browser or playing an online game, I'm not sure if that is a good indicator of a correlation.

The graphics card I'm running with is REALLY old, an Nvidia Geforce 8500, so I'm currently ordering in a newer model with a built in fan. After I get that installed in the next few days I'll be in need of your insight if the problem persists.

EDIT: Also, I think the content loss has been occurring while using both Firefox and Google Chrome, but I never use IE so I have as of yet not seen if it also happens there. The content loss isn't confined to the browsers though, it also eventually results in "The Application Failed To Initialize Properly" errors.

#13 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 06 July 2012 - 11:34 AM

"The Application Failed To Initialize Properly"

That could be about anything.

Does it give you a code number like: oxcoooo?
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#14 Trav

Trav

    Regular Member

  • Honorary Members
  • PipPip
  • 94 posts

Posted 06 July 2012 - 11:53 AM

It does, but it is hard to make out due to the obscuring of text.

#15 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 06 July 2012 - 12:08 PM

OK.
Lets see what happens with the new video card when you get it.
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#16 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 15 July 2012 - 08:00 AM

Any update on this issue?
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#17 Trav

Trav

    Regular Member

  • Honorary Members
  • PipPip
  • 94 posts

Posted 15 July 2012 - 11:36 AM

Sorry for the delayed response, it has been hectic around here as of late.

After installing the graphics card and fiddling with it's driver set things seem to be doing better. I haven't noticed any of the strange distortions to icons, and the "application failed to initialize properly" errors are no longer occurring. The system does seem to be a bit slower than I recall it being though, especially on boot up. I doubt that is the graphics card's fault though, probably some other system element getting bogged down.

#18 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 15 July 2012 - 12:07 PM

Lets called this one closed then


Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook

#19 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,228 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 15 July 2012 - 12:07 PM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook
Back to Resolved HijackThis Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Malware Removal Support
  3. Malware Removal Help
  4. Resolved HijackThis Logs
  5. Privacy Policy
  6. Terms of Use ·