have SP.exe. How to remove?

F

flipp1234567

In Runtime
Messages
234
Location
In a box.
Hi guys. starting yesterday or the day before, i started to notice a decline in the quality of performance of my computer. i was thinking my processor (intel i5-2500k) was starting to give out even though it seemed unlikely.

I just noticed today when i was exiting skype through task manager because it was lagging like all hell, that there was a program called SP.exe running. I immediately end processed it and my cpu usage went from 64%- 15%.

I looked it up and the internet says it's a keylogger. How do i remove it safely and quickly? all of the removal websites, besides symantec, were pretty sus. I've run Malwarebytes (Free) 3 times now and it didn't catch anything.

Thanks in advance :)
 
Post the log in text form please... going to be a lot easier for me to go through it than with pics... You can just copy/paste the contents of the log into a post, or upload the log file as an attachment.
 
Yeah you can use a series of tools:

If Adwcleaner doesn't work try:

Avast and malwarebytes; if this does not work try using Norton Power Eraser (free), and Bitdefender

If those don't work try other options like running ultimate boot cd and using their malware solutions

If that doesn't work try combofix (can be dangerous, only use for last resort)

Just some suggestions:

Maybe try cmd-> netstat -ano and look at the processes associated with PID, then open up task manager and go to view then select columns. Select PID.

Match PID on cmd with task manager. You could have more than one hiding somewhere.

It would say connection established if it was connected to you, if you see listening you are safe
 
SubliminalX7 said:
Yeah you can use a series of tools:

If Adwcleaner doesn't work try:

Avast and malwarebytes; if this does not work try using Norton Power Eraser (free), and Bitdefender
Click to expand...

I don't recommend Avast anymore. See my latest post in the Tech-Forums Top Rated AV thread.
 
My bad. I ran it again just now, and here it is.


Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:03:51 PM, on 2/2/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)

FIREFOX: 35.0.1 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Richard\AppData\Local\Akamai\netsession_win.exe
C:\Users\Richard\AppData\Local\Akamai\netsession_win.exe
C:\Users\Richard\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\puush\puush.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
E:\Origin\Origin.exe
C:\Users\Richard\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\AZiO KB577U Driver\KbClient_FD3.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
C:\Users\Richard\AppData\Roaming\Curse Client\Bin\Curse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Richard\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Richard\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Richard\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Richard\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Richard\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Richard\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Users\Richard\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Launch DearMo DK1000DA] C:\Program Files (x86)\AZiO KB577U Driver\KbClient_FD3.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
O4 - HKLM\..\Run: [Raptr] "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
O4 - HKCU\..\Run: [AIM for Windows] "C:\Users\Richard\AppData\Local\AOL\AIM\aim.exe"
O4 - HKCU\..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Richard\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Richard\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [F.lux] "C:\Users\Richard\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [puush] C:\Program Files (x86)\puush\puush.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [EADM] "E:\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Richard\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Curse.lnk = Richard\AppData\Roaming\Curse Client\Bin\Curse.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.aeriagames.com
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - Unknown owner - C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - E:\Origin\OriginClientService.exe
O23 - Service: PAExec - Power Admin LLC - C:\Windows\PAExec.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\system32\xsherlock.xem

--
End of file - 11329 bytes
 
I believe the Akami\netsession.exe entry is for a download accelerator/manager. I generally don't recommend using download accelerators/managers, so I'd advise to uninstall it from Programs & Features.

I see you're using Raptr.... you may want to be aware of this:
HARDOCP - Raptr Service Hacked, Accounts Compromised

The only entry I saw that'd be considered bad would be this one:
O4 - Startup: PowerReg Scheduler V3.exe

Check that one and delete it in HiJackThis.

Did AdwCleaner come back with anything?
 
You must log in or register to reply here.

Similar threads

R
gigabyte GA-H170M-D3H boot loop power issues , and no display
Replies
5
Views
1K
ripo66
R
M
How to couple Desktop Gaming PC to Laptop for Streaming?
Replies
0
Views
539
motaro38
M
S
How can I get faster Internet?
2
Replies
16
Views
2K
Harays04
H
S
How to check offline PC history in win7
Replies
3
Views
617
Joe C
Joe C
P
ComboFix Replacement
Replies
5
Views
519
PC_Cone
P
Back
Top Bottom