Results 1 to 4 of 4
  1. #1
    Member
    Join Date
    Apr 2014
    Posts
    2
    Points
    0

    Default I think I have a bot in computer

    Hello, Taz1956 here,
    For about a week, my processes go up to 196, 100% CPU utilization, all 8 gig mem used up, etc.
    I see multiple node.exe processes, and many many netsh.exe multiplying in my process list. I have killed all of these using Zonealarm, but I know I am still infected. I have read that I have a bot on my hands.
    About me, and my Lenovo T61 laptop:

    I went to Chubb Institute for Networking, (so I know a little). Not afraid of the Registry. Security is my passion since computers back in 1985.
    Ok, machine in question>>>>>>>>>>> 2.6ghz, 8gig. mem. win7 sp1, Samsung 500gb ssd, all updates, use Malwarebytes pro, Superantispyware, Spybot Search & Destroy, Zonealarm, HighjackThis!, AVG, RegistryFirstAid. Connected to Actiontec Verizon router-(configured into a bridge) then connected to Netgear N router.

    I am aware of HeartBleed, and acted on it, and have succeeded in removing, and preventing Crypto virus at my company.
    So, here I am with this problem, and my taxes are on this machine, so I am concerned.
    Any help here would be greatful, and when I get more time, I will post more about me, and would love to help others. So, having said that, please look at my attachments of Malwarebytes, Superantispyware, & HighjackThis! log files. Malwarebytes found nothing, Superantispyware found 2, one from google, one from prey, a locator for my laptop if stolen. I removed it from the registry, thinking it could be the source because it uses netsh.exe to find missing machines.
    Thanxs, and you can email me. >>> Removed email for security purposes

    _____________________HighjackThis Log______________________________________________________________________
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:39:22 AM, on 4/13/2014
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.16521)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
    C:\Program Files (x86)\PicPick\picpick.exe
    C:\Users\Robert Reinman\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
    C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
    C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
    C:\Users\Robert Reinman\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
    C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Program Files (x86)\Trillian\trillian.exe
    C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
    C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files\ThinkPad\Bluetooth Software\BluetoothHeadsetProxy.exe
    c:\program files (x86)\trillian\plugins\skypekit.exe
    C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
    C:\Users\Robert Reinman\Documents\Downloads - Firefox\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pcpitstop.com/betapit/browse.asp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files (x86)\TurboTax\Deluxe 2013\32bit\local\dlg\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll
    O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {AF949550-9094-4807-95EC-D1C317803333} - (no file)
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O3 - Toolbar: ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll
    O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\RunOnce: [cmd.exe /C rmdir /Q "C:\MATS\{5E33D30D-D896-4D92-B033-5F45819B2937}\FileBackup\C\Program Files"] cmd.exe /C rmdir /Q "C:\MATS\{5E33D30D-D896-4D92-B033-5F45819B2937}\FileBackup\C\Program Files"
    O4 - HKCU\..\Run: [PicPick Start] C:\Program Files (x86)\PicPick\picpick.exe /startup
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Robert Reinman\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
    O4 - Startup: BUFFALO NAS Navigator2.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
    O4 - Startup: Mozilla Firefox.lnk = C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    O4 - Startup: Mozilla Thunderbird.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    O4 - Startup: NAS Scheduler.lnk = C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
    O4 - Startup: Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe
    O4 - Startup: ZoneAlarm Security.lnk = C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global User Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: Generate - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Password Generator - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: RoboForm Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll
    O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: PC Pitstop: Free PC Scans and Tune-up Utilities
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
    O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: AcPrfMgrSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
    O23 - Service: AcSvc - Lenovo - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    O23 - Service: Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
    O23 - Service: Cron Service (CronService) - Fork Ltd. - C:\Windows\Prey\versions\1.0.8\bin\windows\cronsvc.exe
    O23 - Service: DirMngr - Unknown owner - C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
    O23 - Service: Encrypting File System (EFS) (EFS) - Unknown owner - C:\Windows\System32\lsass.exe
    O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
    O23 - Service: Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe
    O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: LSCWinService - Unknown owner - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: NAS PM Service (NasPmService) - BUFFALO INC. - C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
    O23 - Service: Netlogon - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: NitroPDFReaderDriverCreatorReadSpool3 (NitroReaderDriverReadSpool3) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Power Manager Service (Power Manager DBC Service) - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Paramount Software UK Ltd - C:\Program Files\Macrium\Reflect\ReflectService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - (no file)
    O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: Samsung RAPID Mode Service (SamsungRapidSvc) - Unknown owner - C:\Windows\system32\RAPID\SamsungRapidSvc.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe
    O23 - Service: Software Protection (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
    O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe
    O23 - Service: Virtual Disk (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater18.0.5 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
    O23 - Service: Intel(R) PROSet/Wireless ZeroConfig Service (ZcfgSvc7) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
    O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

    --
    End of file - 19494 bytes

    ____________________Superantispyware Log __________________________________________________________________

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 04/13/2014 at 11:15 AM

    Application Version : 5.7.1018

    Core Rules Database Version : 11164
    Trace Rules Database Version: 8976

    Scan type : Complete Scan
    Total Scan Time : 01:17:35

    Operating System Information
    Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC Off - Administrator

    Memory items scanned : 882
    Memory threats detected : 0
    Registry items scanned : 75720
    Registry threats detected : 0
    File items scanned : 261108
    File threats detected : 2

    Adware.Tracking Cookie
    accounts.google.com [ C:\USERS\ROBERT REINMAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QE0YA9A7.DEFAULT\

    PUP.BundleInstaller
    C:\WINDOWS\PREY\VERSIONS\1.0.8\LIB\CONF\WINDOWS\PREY-CONFIG.EXE









    ____________________Malwarebytes Log _____________________________________________________________________



    Malwarebytes Anti-Malware
    Malwarebytes | Free Anti-Malware & Internet Security Software
    Update, 4/13/2014 4:36:30 AM, SYSTEM, BOB, Scheduler, Malware Database, 2014.4.13.1, 2014.4.13.2,
    Protection, 4/13/2014 4:36:31 AM, SYSTEM, BOB, Protection, Refresh, Starting,
    Protection, 4/13/2014 4:36:31 AM, SYSTEM, BOB, Protection, Malicious Website Protection, Stopping,
    Protection, 4/13/2014 4:36:32 AM, SYSTEM, BOB, Protection, Malicious Website Protection, Stopped,
    Protection, 4/13/2014 4:36:41 AM, SYSTEM, BOB, Protection, Refresh, Success,
    Protection, 4/13/2014 4:36:41 AM, SYSTEM, BOB, Protection, Malicious Website Protection, Starting,
    Protection, 4/13/2014 4:36:41 AM, SYSTEM, BOB, Protection, Malicious Website Protection, Started,
    Protection, 4/13/2014 5:23:17 AM, SYSTEM, BOB, Protection, Malware Protection, Starting,
    Protection, 4/13/2014 5:23:17 AM, SYSTEM, BOB, Protection, Malware Protection, Started,
    Protection, 4/13/2014 5:23:17 AM, SYSTEM, BOB, Protection, Malicious Website Protection, Starting,
    Protection, 4/13/2014 5:23:50 AM, SYSTEM, BOB, Protection, Malicious Website Protection, Started,
    Protection, 4/13/2014 6:10:29 AM, SYSTEM, BOB, Protection, Malware Protection, Starting,
    Protection, 4/13/2014 6:10:29 AM, SYSTEM, BOB, Protection, Malware Protection, Started,
    Protection, 4/13/2014 6:10:29 AM, SYSTEM, BOB, Protection, Malicious Website Protection, Starting,
    Protection, 4/13/2014 6:11:16 AM, SYSTEM, BOB, Protection, Malicious Website Protection, Started,
    Protection, 4/13/2014 6:40:42 AM, SYSTEM, BOB, Protection, Malware Protection, Starting,
    Protection, 4/13/2014 6:40:42 AM, SYSTEM, BOB, Protection, Malware Protection, Started,
    Protection, 4/13/2014 6:40:42 AM, SYSTEM, BOB, Protection, Malicious Website Protection, Starting,
    Protection, 4/13/2014 6:41:47 AM, SYSTEM, BOB, Protection, Malicious Website Protection, Started,
    Protection, 4/13/2014 7:02:13 AM, SYSTEM, BOB, Protection, Malware Protection, Starting,
    Protection, 4/13/2014 7:02:13 AM, SYSTEM, BOB, Protection, Malware Protection, Started,
    Protection, 4/13/2014 7:02:13 AM, SYSTEM, BOB, Protection, Malicious Website Protection, Starting,
    Protection, 4/13/2014 7:02:39 AM, SYSTEM, BOB, Protection, Malicious Website Protection, Started,
    Protection, 4/13/2014 8:10:25 AM, SYSTEM, BOB, Protection, Malware Protection, Starting,
    Protection, 4/13/2014 8:10:25 AM, SYSTEM, BOB, Protection, Malware Protection, Started,
    Protection, 4/13/2014 8:10:25 AM, SYSTEM, BOB, Protection, Malicious Website Protection, Starting,
    Protection, 4/13/2014 8:10:37 AM, SYSTEM, BOB, Protection, Malicious Website Protection, Started,
    Update, 4/13/2014 8:56:01 AM, SYSTEM, BOB, Scheduler, Malware Database, 2014.4.13.2, 2014.4.13.3,
    Protection, 4/13/2014 8:56:03 AM, SYSTEM, BOB, Protection, Refresh, Starting,
    Protection, 4/13/2014 8:56:03 AM, SYSTEM, BOB, Protection, Malicious Website Protection, Stopping,
    Protection, 4/13/2014 8:56:03 AM, SYSTEM, BOB, Protection, Malicious Website Protection, Stopped,
    Protection, 4/13/2014 8:56:07 AM, SYSTEM, BOB, Protection, Refresh, Success,
    Protection, 4/13/2014 8:56:07 AM, SYSTEM, BOB, Protection, Malicious Website Protection, Starting,
    Protection, 4/13/2014 8:56:10 AM, SYSTEM, BOB, Protection, Malicious Website Protection, Started,

    (end)
    Last edited by DonnaB; 04-13-2014 at 04:32 PM. Reason: remove email address

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi Taz1956, Edit your E-Mail out, not a good practice to add that into a public forum.

    Next
    uninstall \Spybot - Search & Destroy from your programs and features menu, it monitors the windows registry and will drive you nuts and also may interfere with any fixing that maybe required.

    Note:
    Everything gets downloaded to the desktop and run as Administrator.

    Lets look at a more detailed report as out lined below for starters..

    Please download OTL to your Desktop
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.[/QUOTE]

    Thanks
    Joe
    Last edited by zep516; 04-13-2014 at 04:28 PM.

  3. #3
    Member
    Join Date
    Apr 2014
    Posts
    2
    Points
    0

    Default

    I dont know why, but I cant reply to this post.
    when I do, my browser, FF, does not show or load my data to the site.

    Taz1956

    i hope this uploads.

  4. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi Taz1956,

    We moved the thread to the spyware forum. Not sure what the trouble is with posting to the topic. Don't attach the log reports, if that's what you may have been trying, just copy an paste them in.

    Thanks
    Joe