Jump to content

mitchsh

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello! About two weeks ago my command prompt kept randomly popping up and something would be typed quickly and then it would disappear. Of course this freaked me the heck out, so I installed Malwarebytes to work with the Norton Antivirus that I have already installed and ran scans with both programs. On those initial scans, Norton found nothing but Malwarebytes found one thing, and here is the log from that initial scan: Database version: v2012.02.22.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Sophia Mitchell :: SOPHIALAPTOP [administrator] Protection: Enabled 2/22/2012 11:22:59 mbam-log-2012-02-22 (11-22-59).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 686522 Time elapsed: 3 hour(s), 19 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Data: http://go.microsoft....Id=57426&Ext=%s -> Quarantined and deleted successfully. Registry Data Items Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bad: (http://www.helpmeope...m/?n=app&ext=%s) Good: (http://shell.windows...edir.asp?Ext=%s) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) So, I thought everything was good because it was quarantined and repaired. Right? Well in the last couple of days my laptop will randomly use a TON of memory, to the point where all of my applications run much more slowly. Malwarebytes pops up every few minutes saying it's blocking some random IP addresses (listed below) and after deciding to look into it it looks like I've got some sort of virus or trojan. So here I am, asking for help. In the past 10 days the following IP adresses have been shown trying to do suspicious activities: 2012/02/22 13:28:00 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 60462, Process: chrome.exe) 2012/02/22 13:28:02 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 60463, Process: chrome.exe) 2012/02/22 13:28:03 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 60464, Process: chrome.exe) 2012/02/22 13:28:03 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 60465, Process: chrome.exe) 2012/02/22 13:28:03 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 60466, Process: chrome.exe) 2012/02/22 13:29:32 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 94.100.30.165 (Type: outgoing, Port: 60608, Process: chrome.exe) 2012/02/22 13:29:32 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 94.100.30.166 (Type: outgoing, Port: 60609, Process: chrome.exe) 2012/02/22 13:29:33 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 94.100.30.167 (Type: outgoing, Port: 60610, Process: chrome.exe) 2012/02/22 13:29:33 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 94.100.30.163 (Type: outgoing, Port: 60611, Process: chrome.exe) 2012/02/22 13:29:33 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 94.100.30.164 (Type: outgoing, Port: 60612, Process: chrome.exe) 2012/02/22 15:08:21 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 95.168.173.155 (Type: outgoing, Port: 61470, Process: chrome.exe) 2012/02/22 15:08:22 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 95.168.173.155 (Type: outgoing, Port: 61471, Process: chrome.exe) 2012/02/22 15:51:06 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 109.163.230.92 (Type: outgoing, Port: 62123, Process: chrome.exe) 2012/02/28 18:14:21 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 64.20.54.67 (Type: outgoing, Port: 62732, Process: firefox.exe) 2012/03/01 14:31:44 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 64.20.54.67 (Type: outgoing, Port: 50058, Process: firefox.exe) 2012/03/01 14:31:44 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 64.20.54.67 (Type: outgoing, Port: 50066, Process: firefox.exe) 2012/03/01 14:36:25 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 64.20.54.67 (Type: outgoing, Port: 50140, Process: chrome.exe) 2012/03/01 14:36:25 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 64.20.54.67 (Type: outgoing, Port: 50141, Process: chrome.exe) 2012/03/01 14:36:25 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 64.20.54.67 (Type: outgoing, Port: 50142, Process: chrome.exe) 2012/03/01 14:39:14 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 91.215.158.80 (Type: outgoing, Port: 50205, Process: chrome.exe) 2012/03/01 14:39:14 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 91.215.158.80 (Type: outgoing, Port: 50207, Process: chrome.exe) 2012/03/01 14:39:14 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 91.215.158.80 (Type: outgoing, Port: 50208, Process: chrome.exe) 2012/03/01 14:39:14 -0500 SOPHIALAPTOP Sophia Mitchell IP-BLOCK 91.215.158.80 (Type: outgoing, Port: 50209, Process: chrome.exe) It seems that literally every time I connect to the internet things are trying to communicate without my knowledge. Which is especially concerning since I used this laptop for banking, work and school. Help! Also I ran a full scan from HijakThis, and here is the log file: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:10:18, on 3/1/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Users\Sophia Mitchell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\AirPort\APAgent.exe C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe C:\Users\Sophia Mitchell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\Sophia Mitchell\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Users\Sophia Mitchell\AppData\Roaming\HP SimpleSave Application\StartHelper.exe C:\Users\Sophia Mitchell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sophia Mitchell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Users\Sophia Mitchell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sophia Mitchell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sophia Mitchell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sophia Mitchell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sophia Mitchell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sophia Mitchell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sophia Mitchell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sophia Mitchell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Sophia Mitchell\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Sophia Mitchell\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://apl.startnow....ion=6.1-x64-SP1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\coIEPlg.dll O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe" O4 - HKLM\..\Run: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Google Update] "C:\Users\Sophia Mitchell\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [chromium] C:\Users\Sophia Mitchell\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - Startup: Dropbox.lnk = Sophia Mitchell\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: HP SimpleSave Monitor.lnk = Sophia Mitchell\AppData\Roaming\HP SimpleSave Application\StartHelper.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O16 - DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} (Recovery ActiveX Control Module) - https://lojackforlap...mweb/testoc.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: BackupService - ArcSoft, Inc. - C:\Users\Sophia Mitchell\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe O23 - Service: Servicio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LogMeIn Rescue (243f8f0c-a1b6-4089-9c46-db7a0c22137c) (LMIRescue_243f8f0c-a1b6-4089-9c46-db7a0c22137c) - Unknown owner - C:\Users\SOPHIA~1\AppData\Local\Temp\LMIR0001.tmp\LMI_Rescue_srv.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.5.0.145\ccSvcHst.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: Remote Procedure Call (RPC) LD (rpcld) - Unknown owner - C:\ProgramData\Rpcnet\Bin\rpcld.exe (file missing) O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files (x86)\SafeConnect\scManager.sys servicestart (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 16892 bytes Also please note that when I ran the scan it said some folders were hidden and couldn't be changed. Not sure if that's normal. What does it look like? Also in the title I meant it keeps blocking two today. Obviously the log shows more than two. Thanks!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.