Results 1 to 4 of 4

Thread: high memory usage

  1. #1
    Member
    Join Date
    Mar 2007
    Posts
    53

    Default high memory usage

    Hallo guys,

    I have an extreme memory usage in my pc and sometimes it runs terribly slowly displaying the message that the system is out of memory.I have windows 7 64 bit installed.

    Here is the DDS.txt


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by orestis at 22:40:15 on 2012-08-17
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1023.115 [GMT 3:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Droid Explorer\DroidExplorer.Service.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\WANdisco\Subversion\Apache2\bin\httpd.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files (x86)\WANdisco\Subversion\Apache2\bin\httpd.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Users\orestis\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
    C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    C:\Program Files\Droid Explorer\SDK\tools\adb.exe
    C:\Users\orestis\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\orestis\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\orestis\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\orestis\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\orestis\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Users\orestis\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\orestis\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\orestis\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Program Files (x86)\ERUNT\ERUNT.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={6612BAF0-460A-46C9-88D8-C9B5504F0C1F}
    mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={6612BAF0-460A-46C9-88D8-C9B5504F0C1F}
    uInternet Settings,ProxyServer = proxy.forthnet.gr:8080
    uInternet Settings,ProxyOverride = *.local;<local>
    uURLSearchHooks: H - No File
    uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mWinlogon: Userinit=userinit.exe
    BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SweetPacks Browser Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    TB: SweetPacks Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [Google Update] "C:\Users\orestis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [RockMelt Update] "C:\Users\orestis\AppData\Local\RockMelt\Update\RockMeltUpdate.exe" /c
    uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    mRun: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    StartupFolder: C:\Users\orestis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{3DA6BB0C-BE6A-407C-85A2-42FE216A4138} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{68B5DFC7-F4C9-45A8-8F69-114C177784A9} : DhcpNameServer = 192.168.1.254
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    BHO-X64: uTorrentControl2 - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    BHO-X64: SWEETIE - No File
    TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    TB-X64: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    mRun-x64: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\orestis\AppData\Roaming\Mozilla\Firefox\Profiles\1ak6jsg8.default\
    FF - prefs.js: browser.search.selectedEngine - SweetIM Search
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
    FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?crg=3.1010000.10005&barid={6612BAF0-460A-46C9-88D8-C9B5504F0C1F}
    FF - prefs.js: browser.search.defaulturl -
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
    FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
    FF - plugin: C:\Users\orestis\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Users\orestis\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 DroidExplorerService;DroidExplorer Service;C:\Program Files\Droid Explorer\DroidExplorer.Service.exe [2012-5-3 253952]
    R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
    R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
    R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\rtl8187.sys --> C:\Windows\system32\DRIVERS\rtl8187.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
    S3 ghsdiagMDM;Handset Diagnostic Port;C:\Windows\system32\DRIVERS\ghsdiagMDM.sys --> C:\Windows\system32\DRIVERS\ghsdiagMDM.sys [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-08-17 10:59:27 -------- d-----w- C:\Program Files (x86)\Android
    2012-08-17 10:43:19 -------- d-----w- C:\ProgramData\SweetIM
    2012-08-17 10:43:19 -------- d-----w- C:\Program Files (x86)\SweetIM
    2012-08-17 10:42:23 -------- d-----w- C:\Users\orestis\AppData\Roaming\MyPhoneExplorer
    2012-08-17 10:41:31 -------- d-----w- C:\Program Files (x86)\MyPhoneExplorer
    2012-08-17 09:31:37 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F1636A1-BC8D-4A5F-A242-A6A9828FCC05}\mpengine.dll
    2012-08-16 23:21:29 -------- d-----w- C:\Users\orestis\AppData\Local\{698DFCA8-C215-43F1-9600-B96EBEC2A5AC}
    2012-08-16 23:21:15 -------- d-----w- C:\Users\orestis\AppData\Local\{A8BBD235-6ADD-4FAF-8579-0DD61FB8C42E}
    2012-08-16 11:20:43 -------- d-----w- C:\Users\orestis\AppData\Local\{1CC26236-672C-43BF-A22C-4873D7FAD526}
    2012-08-16 11:20:27 -------- d-----w- C:\Users\orestis\AppData\Local\{3EC8965A-F92F-4C05-9E15-E2964F27E78E}
    2012-08-15 23:28:23 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-15 23:19:30 -------- d-----w- C:\Users\orestis\AppData\Local\{8B25A9B5-6CC5-45DB-9FD3-D9DB733D1AA5}
    2012-08-15 23:19:15 -------- d-----w- C:\Users\orestis\AppData\Local\{A05C8468-3B7F-4602-96B2-505F3D1F5022}
    2012-08-15 09:17:56 503808 ----a-w- C:\Windows\System32\srcore.dll
    2012-08-15 09:17:55 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2012-08-15 09:17:45 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2012-08-15 09:17:44 67072 ----a-w- C:\Windows\splwow64.exe
    2012-08-15 09:17:44 559104 ----a-w- C:\Windows\System32\spoolsv.exe
    2012-08-15 09:17:44 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2012-08-15 09:17:27 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-08-15 09:17:27 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-08-15 09:17:27 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-08-15 09:17:19 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-08-15 09:17:15 956928 ----a-w- C:\Windows\System32\localspl.dll
    2012-08-15 09:06:26 -------- d-----w- C:\Users\orestis\AppData\Local\{C388B46C-A001-4ED1-ADFE-492B3C16DAE8}
    2012-08-15 09:06:14 -------- d-----w- C:\Users\orestis\AppData\Local\{4B6967BE-6A7A-4A9F-9B43-FE4E21431FD4}
    2012-08-14 21:05:43 -------- d-----w- C:\Users\orestis\AppData\Local\{AA2EE4F1-E1A8-4641-8F6C-64AA6E8F2965}
    2012-08-14 21:05:25 -------- d-----w- C:\Users\orestis\AppData\Local\{74071020-9704-47D3-8546-A64A2C94D305}
    2012-08-14 09:04:35 -------- d-----w- C:\Users\orestis\AppData\Local\{820DAA0B-A7F5-4720-90E4-7C572FCCAC70}
    2012-08-14 09:04:03 -------- d-----w- C:\Users\orestis\AppData\Local\{0718C5BF-1BFF-4518-B179-E28DC11A3FA2}
    2012-08-13 21:03:25 -------- d-----w- C:\Users\orestis\AppData\Local\{75306EDE-4D4D-445D-A5B4-E0EB6AF7C85C}
    2012-08-13 09:02:52 -------- d-----w- C:\Users\orestis\AppData\Local\{4E065CC5-485D-4D4C-AF53-E6F639551B7B}
    2012-08-13 09:02:38 -------- d-----w- C:\Users\orestis\AppData\Local\{9BAE5FAF-8EE1-429F-B46F-2C5ADF2C19FC}
    2012-08-12 21:02:06 -------- d-----w- C:\Users\orestis\AppData\Local\{1E7648DC-4F7D-4D32-BB9D-7AC6E0DCA576}
    2012-08-12 21:01:49 -------- d-----w- C:\Users\orestis\AppData\Local\{9EC82F5B-F108-4737-8432-EC982D063989}
    2012-08-12 09:01:12 -------- d-----w- C:\Users\orestis\AppData\Local\{931C4E96-BAAF-429A-987C-CF5E585C6B8F}
    2012-08-12 09:00:57 -------- d-----w- C:\Users\orestis\AppData\Local\{E326A516-D7F9-49BE-89E5-043C268FB7DF}
    2012-08-11 20:34:02 -------- d-----w- C:\Users\orestis\AppData\Local\{0AE224FF-FD91-41EB-B7AD-50E6FAD8A7F0}
    2012-08-11 20:33:49 -------- d-----w- C:\Users\orestis\AppData\Local\{1DA38A50-C3B1-4F1D-8A6B-95E894D9DAF3}
    2012-08-11 08:33:08 -------- d-----w- C:\Users\orestis\AppData\Local\{E10DA6BD-24DF-43BA-93F0-26E9E2C186A0}
    2012-08-11 08:32:52 -------- d-----w- C:\Users\orestis\AppData\Local\{07B99BDF-1DAC-48D5-B87E-A60103CA1877}
    2012-08-10 14:00:59 -------- d-----w- C:\Users\orestis\AppData\Local\{AD34B473-FF84-456E-8ABC-890878B6881A}
    2012-08-10 14:00:43 -------- d-----w- C:\Users\orestis\AppData\Local\{519D3E4F-E0DE-4428-BA71-1F2EAC550FAE}
    2012-08-03 09:22:39 -------- d-----w- C:\Users\orestis\AppData\Local\{843E5684-C6E1-4ED4-B1C0-BCA2DBE56FF0}
    2012-08-03 09:22:23 -------- d-----w- C:\Users\orestis\AppData\Local\{259F37B2-D9C5-4549-9C69-CC72A0AA36D9}
    2012-08-02 21:21:52 -------- d-----w- C:\Users\orestis\AppData\Local\{8A732B78-4D15-4270-A7FB-E84CC499545A}
    2012-08-02 09:21:10 -------- d-----w- C:\Users\orestis\AppData\Local\{A1422F3B-379F-4B3B-BDC7-BD284A3B7F51}
    2012-08-02 09:20:58 -------- d-----w- C:\Users\orestis\AppData\Local\{F9CB47A4-0831-4522-BDED-8FCDF8B0B637}
    2012-08-01 20:53:26 388096 ----a-r- C:\Users\orestis\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-08-01 20:53:26 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2012-08-01 18:52:37 -------- d-----w- C:\Users\orestis\AppData\Local\{6E274B60-C62D-4D35-A0B8-5B11A259C23B}
    2012-08-01 18:52:26 -------- d-----w- C:\Users\orestis\AppData\Local\{349235D7-2A40-4838-8F1D-C9AB07AD4757}
    2012-08-01 06:51:57 -------- d-----w- C:\Users\orestis\AppData\Local\{4550DB35-B293-456A-A25C-D0DE2EF72B65}
    2012-08-01 06:51:42 -------- d-----w- C:\Users\orestis\AppData\Local\{C84CE8DD-6C11-47E0-A576-5C0BC130747B}
    2012-08-01 05:59:51 -------- d-----w- C:\Users\orestis\AppData\Roaming\Qualcomm
    2012-07-31 18:50:57 -------- d-----w- C:\Users\orestis\AppData\Local\{16436759-EAA9-47A2-B7A0-3FAA5801F13C}
    2012-07-31 18:50:46 -------- d-----w- C:\Users\orestis\AppData\Local\{4D8BF838-47CC-4CB3-B40F-24FEB6CB7577}
    2012-07-30 21:58:05 -------- d-----w- C:\Users\orestis\AppData\Local\{1B657A9A-57AD-4EA3-82A9-64E54AF0F0E5}
    2012-07-30 16:39:38 -------- d-----w- C:\Users\orestis\AppData\Roaming\DroidExplorer
    2012-07-30 16:36:15 1867264 ----a-r- C:\Users\orestis\AppData\Roaming\Microsoft\Installer\{9F126482-0865-4369-9D54-F015356C5519}\AppIcon.exe
    2012-07-30 16:36:08 -------- d-----w- C:\Program Files\Droid Explorer
    2012-07-30 09:57:22 -------- d-----w- C:\Users\orestis\AppData\Local\{4022F027-8989-48E6-98F3-C14F2940C678}
    2012-07-30 09:57:04 -------- d-----w- C:\Users\orestis\AppData\Local\{CE749542-FBD0-4F1C-B3BA-F4E1B0311174}
    2012-07-29 21:56:29 -------- d-----w- C:\Users\orestis\AppData\Local\{58D1A284-0A37-4BF5-B95F-C2378CDA8C59}
    2012-07-29 21:56:13 -------- d-----w- C:\Users\orestis\AppData\Local\{3A1386CF-F716-4D82-B3F8-77DBD1AD79B5}
    2012-07-29 08:54:12 -------- d-----w- C:\Users\orestis\AppData\Local\{C2ABBE1C-8AD3-48D8-993C-E17F08260E56}
    2012-07-29 08:53:54 -------- d-----w- C:\Users\orestis\AppData\Local\{1ACE1F45-00AB-4469-83F5-3B621F7870E8}
    2012-07-28 20:52:31 -------- d-----w- C:\Users\orestis\AppData\Local\{E4BEBFC8-BBC2-4D42-B0C2-429BEEDC53FD}
    2012-07-28 20:51:02 -------- d-----w- C:\Users\orestis\AppData\Local\{46E00040-88F2-41E1-8C8C-DEE0E054C31F}
    2012-07-28 08:49:39 -------- d-----w- C:\Flashtool
    2012-07-28 08:32:22 -------- d-----w- C:\Users\orestis\AppData\Local\{F204DC9D-689C-478C-8095-95CA0FE7F13F}
    2012-07-28 08:32:11 -------- d-----w- C:\Users\orestis\AppData\Local\{825DB4D8-3F43-4EB1-BD0F-ECB2E929D51E}
    2012-07-27 21:56:42 -------- d-----w- C:\Program Files (x86)\Advanced Port Scanner
    2012-07-27 21:56:40 -------- d--h--w- C:\ProgramData\Common Files
    2012-07-27 20:31:28 -------- d-----w- C:\Users\orestis\AppData\Local\{999C8212-37C0-4D9E-B1C0-ACB56C6C2BE7}
    2012-07-27 20:31:13 -------- d-----w- C:\Users\orestis\AppData\Local\{25F500E1-C927-4B27-9B0E-C9E668644A1C}
    2012-07-27 08:30:44 -------- d-----w- C:\Users\orestis\AppData\Local\{9CB1B173-FB50-4179-8EFE-0CDD72CB35F7}
    2012-07-27 08:30:28 -------- d-----w- C:\Users\orestis\AppData\Local\{85C7E435-D0EF-4CD7-A518-8BA134861F71}
    2012-07-26 20:29:54 -------- d-----w- C:\Users\orestis\AppData\Local\{77742EA0-FDCB-4AAE-B3F4-7E350046327F}
    2012-07-26 17:35:10 -------- d-----w- C:\Program Files (x86)\QPST
    2012-07-26 17:04:35 -------- d-----w- C:\Program Files (x86)\Qualcomm
    2012-07-26 08:29:20 -------- d-----w- C:\Users\orestis\AppData\Local\{89518C5B-9590-446E-9770-40EB013E9FB4}
    2012-07-26 08:29:05 -------- d-----w- C:\Users\orestis\AppData\Local\{C6BB36E2-B9BB-4CC9-9482-6A1391C39A14}
    2012-07-25 19:33:09 -------- d-----w- C:\Program Files (x86)\Sony
    2012-07-25 16:14:07 -------- d-----w- C:\Users\orestis\AppData\Local\{B7760B69-B260-4C4A-A4BF-E51B2728B445}
    2012-07-25 16:13:51 -------- d-----w- C:\Users\orestis\AppData\Local\{F3CB5B7C-4E2C-4065-8327-4314295C8916}
    2012-07-24 20:52:43 -------- d-----w- C:\ProgramData\Sony Ericsson
    2012-07-24 20:52:24 -------- d-----w- C:\Program Files (x86)\Sony Ericsson
    2012-07-24 20:27:10 -------- d-----w- C:\Users\orestis\AppData\Local\{1AB61068-A652-42D0-A6D3-9A1C611D4E13}
    2012-07-24 20:26:55 -------- d-----w- C:\Users\orestis\AppData\Local\{8E696630-2FCB-42E0-8F32-D49B3351A185}
    2012-07-23 03:14:24 -------- d-----w- C:\Users\orestis\AppData\Local\{8454FAC1-E1E7-4B2C-9B95-1B0F049DA488}
    2012-07-23 03:14:10 -------- d-----w- C:\Users\orestis\AppData\Local\{EEB9F341-C335-4F24-BD55-CF64B4F770F4}
    2012-07-22 08:53:47 -------- d-----w- C:\Users\orestis\AppData\Local\{591A800B-F9A3-4259-B615-50147F997149}
    2012-07-22 08:53:29 -------- d-----w- C:\Users\orestis\AppData\Local\{926FA360-EEAF-44D1-8DFF-95826A7E19E8}
    2012-07-21 14:48:40 -------- d-----w- C:\Users\orestis\AppData\Local\{2684CAC3-136E-40B0-88F9-D85564052E70}
    2012-07-21 14:48:30 -------- d-----w- C:\Users\orestis\AppData\Local\{D59DDEE5-32DB-434B-8672-F75E3697B42A}
    2012-07-19 20:16:50 -------- d-----w- C:\Users\orestis\AppData\Local\{4969BFBC-EEAC-4CC4-A1BE-134894074AB5}
    2012-07-19 20:16:38 -------- d-----w- C:\Users\orestis\AppData\Local\{D132D146-C19A-4D33-AD37-3E35538E6B3D}
    .
    ==================== Find3M ====================
    .
    2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-06 17:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 12:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 12:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    .
    ============= FINISH: 22:42:20.03 ===============

    and here is the aswMBR Log :


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-17 23:03:04
    -----------------------------
    23:03:04.977 OS Version: Windows x64 6.1.7601 Service Pack 1
    23:03:04.977 Number of processors: 2 586 0x4B02
    23:03:04.978 ComputerName: ORESTIS-PC UserName: orestis
    23:03:08.107 Initialize success
    23:05:00.158 AVAST engine defs: 12081700
    23:05:13.079 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000071
    23:05:13.083 Disk 0 Vendor: ST316082 3.42 Size: 152627MB BusType: 3
    23:05:13.111 Disk 0 MBR read successfully
    23:05:13.114 Disk 0 MBR scan
    23:05:13.194 Disk 0 unknown MBR code
    23:05:13.208 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    23:05:13.251 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 78972 MB offset 206848
    23:05:13.303 Disk 0 Partition 3 00 83 Linux 38147 MB offset 161941504
    23:05:13.359 Disk 0 Partition 4 00 82 Linux swap 3815 MB offset 240066560
    23:05:13.475 Disk 0 scanning C:\Windows\system32\drivers
    23:05:30.882 Service scanning
    23:06:07.299 Modules scanning
    23:06:07.300 Disk 0 trace - called modules:
    23:06:07.319 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
    23:06:07.320 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80021bf2f0]
    23:06:07.320 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8001e04c40]
    23:06:07.321 5 ACPI.sys[fffff88000f3d7a1] -> nt!IofCallDriver -> \Device\00000071[0xfffffa8001bb19c0]
    23:06:08.384 AVAST engine scan C:\Windows
    23:06:10.703 AVAST engine scan C:\Windows\system32
    23:12:30.223 AVAST engine scan C:\Windows\system32\drivers
    23:13:01.662 AVAST engine scan C:\Users\orestis
    23:20:18.617 AVAST engine scan C:\ProgramData
    23:22:00.457 Scan finished successfully
    23:29:41.479 Disk 0 MBR has been saved successfully to "C:\Users\orestis\Desktop\MBR.dat"
    23:29:41.501 The log file has been saved successfully to "C:\Users\orestis\Desktop\aswMBR.txt"

  2. #2
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default



    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • Press Start Scan but do nothing else as we are just looking for what is there.
    • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
    • Attach the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)

    ----------

  3. #3
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Do you still need help?

  4. #4
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Due to lack of feedback, this topic will now be closed.
    If you are the original poster and you still require help, please start a new thread.

    -------------------

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •