PDA

View Full Version : high physical memory usage



orestis
2012-08-17, 23:32
Hallo,

Here is the link of my initial thread :

http://forums.spybot.info/showthread.php?t=66423&highlight=memory+usage

Here is the DDS.txt


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by orestis at 22:40:15 on 2012-08-17
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1023.115 [GMT 3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Droid Explorer\DroidExplorer.Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\WANdisco\Subversion\Apache2\bin\httpd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\WANdisco\Subversion\Apache2\bin\httpd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\orestis\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\Droid Explorer\SDK\tools\adb.exe
C:\Users\orestis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\orestis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\orestis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\orestis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\orestis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\orestis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\orestis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\orestis\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\ERUNT\ERUNT.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={6612BAF0-460A-46C9-88D8-C9B5504F0C1F}
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={6612BAF0-460A-46C9-88D8-C9B5504F0C1F}
uInternet Settings,ProxyServer = proxy.forthnet.gr:8080
uInternet Settings,ProxyOverride = *.local;<local>
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mWinlogon: Userinit=userinit.exe
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SweetPacks Browser Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: SweetPacks Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Google Update] "C:\Users\orestis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [RockMelt Update] "C:\Users\orestis\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
mRun: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
StartupFolder: C:\Users\orestis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3DA6BB0C-BE6A-407C-85A2-42FE216A4138} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{68B5DFC7-F4C9-45A8-8F69-114C177784A9} : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
BHO-X64: SWEETIE - No File
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB-X64: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
mRun-x64: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\orestis\AppData\Roaming\Mozilla\Firefox\Profiles\1ak6jsg8.default\
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={6612BAF0-460A-46C9-88D8-C9B5504F0C1F}
FF - prefs.js: browser.search.defaulturl -
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\Users\orestis\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\orestis\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 DroidExplorerService;DroidExplorer Service;C:\Program Files\Droid Explorer\DroidExplorer.Service.exe [2012-5-3 253952]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\rtl8187.sys --> C:\Windows\system32\DRIVERS\rtl8187.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
S3 ghsdiagMDM;Handset Diagnostic Port;C:\Windows\system32\DRIVERS\ghsdiagMDM.sys --> C:\Windows\system32\DRIVERS\ghsdiagMDM.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2012-08-17 10:59:27 -------- d-----w- C:\Program Files (x86)\Android
2012-08-17 10:43:19 -------- d-----w- C:\ProgramData\SweetIM
2012-08-17 10:43:19 -------- d-----w- C:\Program Files (x86)\SweetIM
2012-08-17 10:42:23 -------- d-----w- C:\Users\orestis\AppData\Roaming\MyPhoneExplorer
2012-08-17 10:41:31 -------- d-----w- C:\Program Files (x86)\MyPhoneExplorer
2012-08-17 09:31:37 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F1636A1-BC8D-4A5F-A242-A6A9828FCC05}\mpengine.dll
2012-08-16 23:21:29 -------- d-----w- C:\Users\orestis\AppData\Local\{698DFCA8-C215-43F1-9600-B96EBEC2A5AC}
2012-08-16 23:21:15 -------- d-----w- C:\Users\orestis\AppData\Local\{A8BBD235-6ADD-4FAF-8579-0DD61FB8C42E}
2012-08-16 11:20:43 -------- d-----w- C:\Users\orestis\AppData\Local\{1CC26236-672C-43BF-A22C-4873D7FAD526}
2012-08-16 11:20:27 -------- d-----w- C:\Users\orestis\AppData\Local\{3EC8965A-F92F-4C05-9E15-E2964F27E78E}
2012-08-15 23:28:23 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-15 23:19:30 -------- d-----w- C:\Users\orestis\AppData\Local\{8B25A9B5-6CC5-45DB-9FD3-D9DB733D1AA5}
2012-08-15 23:19:15 -------- d-----w- C:\Users\orestis\AppData\Local\{A05C8468-3B7F-4602-96B2-505F3D1F5022}
2012-08-15 09:17:56 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 09:17:55 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 09:17:45 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 09:17:44 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 09:17:44 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 09:17:44 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 09:17:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 09:17:27 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 09:17:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 09:17:19 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 09:17:15 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 09:06:26 -------- d-----w- C:\Users\orestis\AppData\Local\{C388B46C-A001-4ED1-ADFE-492B3C16DAE8}
2012-08-15 09:06:14 -------- d-----w- C:\Users\orestis\AppData\Local\{4B6967BE-6A7A-4A9F-9B43-FE4E21431FD4}
2012-08-14 21:05:43 -------- d-----w- C:\Users\orestis\AppData\Local\{AA2EE4F1-E1A8-4641-8F6C-64AA6E8F2965}
2012-08-14 21:05:25 -------- d-----w- C:\Users\orestis\AppData\Local\{74071020-9704-47D3-8546-A64A2C94D305}
2012-08-14 09:04:35 -------- d-----w- C:\Users\orestis\AppData\Local\{820DAA0B-A7F5-4720-90E4-7C572FCCAC70}
2012-08-14 09:04:03 -------- d-----w- C:\Users\orestis\AppData\Local\{0718C5BF-1BFF-4518-B179-E28DC11A3FA2}
2012-08-13 21:03:25 -------- d-----w- C:\Users\orestis\AppData\Local\{75306EDE-4D4D-445D-A5B4-E0EB6AF7C85C}
2012-08-13 09:02:52 -------- d-----w- C:\Users\orestis\AppData\Local\{4E065CC5-485D-4D4C-AF53-E6F639551B7B}
2012-08-13 09:02:38 -------- d-----w- C:\Users\orestis\AppData\Local\{9BAE5FAF-8EE1-429F-B46F-2C5ADF2C19FC}
2012-08-12 21:02:06 -------- d-----w- C:\Users\orestis\AppData\Local\{1E7648DC-4F7D-4D32-BB9D-7AC6E0DCA576}
2012-08-12 21:01:49 -------- d-----w- C:\Users\orestis\AppData\Local\{9EC82F5B-F108-4737-8432-EC982D063989}
2012-08-12 09:01:12 -------- d-----w- C:\Users\orestis\AppData\Local\{931C4E96-BAAF-429A-987C-CF5E585C6B8F}
2012-08-12 09:00:57 -------- d-----w- C:\Users\orestis\AppData\Local\{E326A516-D7F9-49BE-89E5-043C268FB7DF}
2012-08-11 20:34:02 -------- d-----w- C:\Users\orestis\AppData\Local\{0AE224FF-FD91-41EB-B7AD-50E6FAD8A7F0}
2012-08-11 20:33:49 -------- d-----w- C:\Users\orestis\AppData\Local\{1DA38A50-C3B1-4F1D-8A6B-95E894D9DAF3}
2012-08-11 08:33:08 -------- d-----w- C:\Users\orestis\AppData\Local\{E10DA6BD-24DF-43BA-93F0-26E9E2C186A0}
2012-08-11 08:32:52 -------- d-----w- C:\Users\orestis\AppData\Local\{07B99BDF-1DAC-48D5-B87E-A60103CA1877}
2012-08-10 14:00:59 -------- d-----w- C:\Users\orestis\AppData\Local\{AD34B473-FF84-456E-8ABC-890878B6881A}
2012-08-10 14:00:43 -------- d-----w- C:\Users\orestis\AppData\Local\{519D3E4F-E0DE-4428-BA71-1F2EAC550FAE}
2012-08-03 09:22:39 -------- d-----w- C:\Users\orestis\AppData\Local\{843E5684-C6E1-4ED4-B1C0-BCA2DBE56FF0}
2012-08-03 09:22:23 -------- d-----w- C:\Users\orestis\AppData\Local\{259F37B2-D9C5-4549-9C69-CC72A0AA36D9}
2012-08-02 21:21:52 -------- d-----w- C:\Users\orestis\AppData\Local\{8A732B78-4D15-4270-A7FB-E84CC499545A}
2012-08-02 09:21:10 -------- d-----w- C:\Users\orestis\AppData\Local\{A1422F3B-379F-4B3B-BDC7-BD284A3B7F51}
2012-08-02 09:20:58 -------- d-----w- C:\Users\orestis\AppData\Local\{F9CB47A4-0831-4522-BDED-8FCDF8B0B637}
2012-08-01 20:53:26 388096 ----a-r- C:\Users\orestis\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-08-01 20:53:26 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-08-01 18:52:37 -------- d-----w- C:\Users\orestis\AppData\Local\{6E274B60-C62D-4D35-A0B8-5B11A259C23B}
2012-08-01 18:52:26 -------- d-----w- C:\Users\orestis\AppData\Local\{349235D7-2A40-4838-8F1D-C9AB07AD4757}
2012-08-01 06:51:57 -------- d-----w- C:\Users\orestis\AppData\Local\{4550DB35-B293-456A-A25C-D0DE2EF72B65}
2012-08-01 06:51:42 -------- d-----w- C:\Users\orestis\AppData\Local\{C84CE8DD-6C11-47E0-A576-5C0BC130747B}
2012-08-01 05:59:51 -------- d-----w- C:\Users\orestis\AppData\Roaming\Qualcomm
2012-07-31 18:50:57 -------- d-----w- C:\Users\orestis\AppData\Local\{16436759-EAA9-47A2-B7A0-3FAA5801F13C}
2012-07-31 18:50:46 -------- d-----w- C:\Users\orestis\AppData\Local\{4D8BF838-47CC-4CB3-B40F-24FEB6CB7577}
2012-07-30 21:58:05 -------- d-----w- C:\Users\orestis\AppData\Local\{1B657A9A-57AD-4EA3-82A9-64E54AF0F0E5}
2012-07-30 16:39:38 -------- d-----w- C:\Users\orestis\AppData\Roaming\DroidExplorer
2012-07-30 16:36:15 1867264 ----a-r- C:\Users\orestis\AppData\Roaming\Microsoft\Installer\{9F126482-0865-4369-9D54-F015356C5519}\AppIcon.exe
2012-07-30 16:36:08 -------- d-----w- C:\Program Files\Droid Explorer
2012-07-30 09:57:22 -------- d-----w- C:\Users\orestis\AppData\Local\{4022F027-8989-48E6-98F3-C14F2940C678}
2012-07-30 09:57:04 -------- d-----w- C:\Users\orestis\AppData\Local\{CE749542-FBD0-4F1C-B3BA-F4E1B0311174}
2012-07-29 21:56:29 -------- d-----w- C:\Users\orestis\AppData\Local\{58D1A284-0A37-4BF5-B95F-C2378CDA8C59}
2012-07-29 21:56:13 -------- d-----w- C:\Users\orestis\AppData\Local\{3A1386CF-F716-4D82-B3F8-77DBD1AD79B5}
2012-07-29 08:54:12 -------- d-----w- C:\Users\orestis\AppData\Local\{C2ABBE1C-8AD3-48D8-993C-E17F08260E56}
2012-07-29 08:53:54 -------- d-----w- C:\Users\orestis\AppData\Local\{1ACE1F45-00AB-4469-83F5-3B621F7870E8}
2012-07-28 20:52:31 -------- d-----w- C:\Users\orestis\AppData\Local\{E4BEBFC8-BBC2-4D42-B0C2-429BEEDC53FD}
2012-07-28 20:51:02 -------- d-----w- C:\Users\orestis\AppData\Local\{46E00040-88F2-41E1-8C8C-DEE0E054C31F}
2012-07-28 08:49:39 -------- d-----w- C:\Flashtool
2012-07-28 08:32:22 -------- d-----w- C:\Users\orestis\AppData\Local\{F204DC9D-689C-478C-8095-95CA0FE7F13F}
2012-07-28 08:32:11 -------- d-----w- C:\Users\orestis\AppData\Local\{825DB4D8-3F43-4EB1-BD0F-ECB2E929D51E}
2012-07-27 21:56:42 -------- d-----w- C:\Program Files (x86)\Advanced Port Scanner
2012-07-27 21:56:40 -------- d--h--w- C:\ProgramData\Common Files
2012-07-27 20:31:28 -------- d-----w- C:\Users\orestis\AppData\Local\{999C8212-37C0-4D9E-B1C0-ACB56C6C2BE7}
2012-07-27 20:31:13 -------- d-----w- C:\Users\orestis\AppData\Local\{25F500E1-C927-4B27-9B0E-C9E668644A1C}
2012-07-27 08:30:44 -------- d-----w- C:\Users\orestis\AppData\Local\{9CB1B173-FB50-4179-8EFE-0CDD72CB35F7}
2012-07-27 08:30:28 -------- d-----w- C:\Users\orestis\AppData\Local\{85C7E435-D0EF-4CD7-A518-8BA134861F71}
2012-07-26 20:29:54 -------- d-----w- C:\Users\orestis\AppData\Local\{77742EA0-FDCB-4AAE-B3F4-7E350046327F}
2012-07-26 17:35:10 -------- d-----w- C:\Program Files (x86)\QPST
2012-07-26 17:04:35 -------- d-----w- C:\Program Files (x86)\Qualcomm
2012-07-26 08:29:20 -------- d-----w- C:\Users\orestis\AppData\Local\{89518C5B-9590-446E-9770-40EB013E9FB4}
2012-07-26 08:29:05 -------- d-----w- C:\Users\orestis\AppData\Local\{C6BB36E2-B9BB-4CC9-9482-6A1391C39A14}
2012-07-25 19:33:09 -------- d-----w- C:\Program Files (x86)\Sony
2012-07-25 16:14:07 -------- d-----w- C:\Users\orestis\AppData\Local\{B7760B69-B260-4C4A-A4BF-E51B2728B445}
2012-07-25 16:13:51 -------- d-----w- C:\Users\orestis\AppData\Local\{F3CB5B7C-4E2C-4065-8327-4314295C8916}
2012-07-24 20:52:43 -------- d-----w- C:\ProgramData\Sony Ericsson
2012-07-24 20:52:24 -------- d-----w- C:\Program Files (x86)\Sony Ericsson
2012-07-24 20:27:10 -------- d-----w- C:\Users\orestis\AppData\Local\{1AB61068-A652-42D0-A6D3-9A1C611D4E13}
2012-07-24 20:26:55 -------- d-----w- C:\Users\orestis\AppData\Local\{8E696630-2FCB-42E0-8F32-D49B3351A185}
2012-07-23 03:14:24 -------- d-----w- C:\Users\orestis\AppData\Local\{8454FAC1-E1E7-4B2C-9B95-1B0F049DA488}
2012-07-23 03:14:10 -------- d-----w- C:\Users\orestis\AppData\Local\{EEB9F341-C335-4F24-BD55-CF64B4F770F4}
2012-07-22 08:53:47 -------- d-----w- C:\Users\orestis\AppData\Local\{591A800B-F9A3-4259-B615-50147F997149}
2012-07-22 08:53:29 -------- d-----w- C:\Users\orestis\AppData\Local\{926FA360-EEAF-44D1-8DFF-95826A7E19E8}
2012-07-21 14:48:40 -------- d-----w- C:\Users\orestis\AppData\Local\{2684CAC3-136E-40B0-88F9-D85564052E70}
2012-07-21 14:48:30 -------- d-----w- C:\Users\orestis\AppData\Local\{D59DDEE5-32DB-434B-8672-F75E3697B42A}
2012-07-19 20:16:50 -------- d-----w- C:\Users\orestis\AppData\Local\{4969BFBC-EEAC-4CC4-A1BE-134894074AB5}
2012-07-19 20:16:38 -------- d-----w- C:\Users\orestis\AppData\Local\{D132D146-C19A-4D33-AD37-3E35538E6B3D}
.
==================== Find3M ====================
.
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-06 17:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 12:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 12:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 22:42:20.03 ===============

and here is the aswMBR Log :


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-17 23:03:04
-----------------------------
23:03:04.977 OS Version: Windows x64 6.1.7601 Service Pack 1
23:03:04.977 Number of processors: 2 586 0x4B02
23:03:04.978 ComputerName: ORESTIS-PC UserName: orestis
23:03:08.107 Initialize success
23:05:00.158 AVAST engine defs: 12081700
23:05:13.079 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000071
23:05:13.083 Disk 0 Vendor: ST316082 3.42 Size: 152627MB BusType: 3
23:05:13.111 Disk 0 MBR read successfully
23:05:13.114 Disk 0 MBR scan
23:05:13.194 Disk 0 unknown MBR code
23:05:13.208 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:05:13.251 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 78972 MB offset 206848
23:05:13.303 Disk 0 Partition 3 00 83 Linux 38147 MB offset 161941504
23:05:13.359 Disk 0 Partition 4 00 82 Linux swap 3815 MB offset 240066560
23:05:13.475 Disk 0 scanning C:\Windows\system32\drivers
23:05:30.882 Service scanning
23:06:07.299 Modules scanning
23:06:07.300 Disk 0 trace - called modules:
23:06:07.319 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
23:06:07.320 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80021bf2f0]
23:06:07.320 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8001e04c40]
23:06:07.321 5 ACPI.sys[fffff88000f3d7a1] -> nt!IofCallDriver -> \Device\00000071[0xfffffa8001bb19c0]
23:06:08.384 AVAST engine scan C:\Windows
23:06:10.703 AVAST engine scan C:\Windows\system32
23:12:30.223 AVAST engine scan C:\Windows\system32\drivers
23:13:01.662 AVAST engine scan C:\Users\orestis
23:20:18.617 AVAST engine scan C:\ProgramData
23:22:00.457 Scan finished successfully
23:29:41.479 Disk 0 MBR has been saved successfully to "C:\Users\orestis\Desktop\MBR.dat"
23:29:41.501 The log file has been saved successfully to "C:\Users\orestis\Desktop\aswMBR.txt"


Thanks in advance.

orestis
2012-08-23, 00:18
anybody help?

tashi
2012-08-23, 00:32
Hello orestis,

Sticky topic: Waiting for help in the Malware Forum FOUR days or longer? (http://forums.spybot.info/forumdisplay.php?f=37)