Please help with malware problem

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Want a New HP LaserJet MFP? Trade in your old printer and receive $1,000 in savings!
Trade in your old printer and receive up to $1,000 in saving on a new HP LaserJet Multifunction Printer. Click here for savings!

BleepingComputer.com > Security > Virus, Trojan, Spyware, and Malware Removal Logs

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

DO NOT RUN ComboFix unless requested to.

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Please help with malware problem

Options

archerymonkey75 View Member Profile	Jan 21 2010, 12:21 AM Post #1
New Member Group: Members Posts: 2 Joined: 21-January 10 Member No.: 439,016	My WiFi turns itself off. I believe it is due to Malware. Please help me if possible. Thank you! DDS (Ver_09-12-01.01) - NTFSX64 Run by Adam at 0:15:38.45 on Thu 01/21/2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2289 [GMT -5:00] SP: Spybot - Search and Destroy disabled (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Essentials\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files (x86)\Google\Update\1.2.183.13\GoogleCrashHandler.exe C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe C:\Program Files (x86)\McAfee\MSK\MskSrver.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\SysWOW64\rpcnet.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe C:\Windows\System32\alg.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\atieclxx.exe C:\Windows\system32\taskhost.exe c:\PROGRA~2\mcafee.com\agent\mcagent.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\vds.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\RunDll32.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Adam\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = about:blank mLocal Page = c:\windows\syswow64\blank.htm BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan\scriptsn.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\program files (x86)\sensible vision\fast access\FAIESSO.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [FATrayAlert] c:\program files (x86)\sensible vision\fast access\FATrayMon.exe mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell2.exe" /mode2 mRun: [FAStartup] mRun: [VolPanel] "c:\program files (x86)\creative\sb x-fi mb\volume panel\VolPanlu.exe" /r mRun: [UpdReg] c:\windows\UpdReg.EXE mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [<NO NAME>] mRun: [StartupDelayer] "c:\program files (x86)\r2 studios\startup delayer\Startup Launcher.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files (x86)\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRunOnce: [Launcher] c:\program files (x86)\dell datasafe local backup\components\scheduler\Launcher.exe mRunOnce: [STToasterLauncher] c:\program files (x86)\dell datasafe local backup\toasterLauncher.exe StartupFolder: c:\users\adam\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files (x86)\erunt\AUTOBACK.EXE mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files (x86)\winhttrack\WinHTTrackIEBar.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll Trusted Zone: gross-server DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 TCP: {E89CDC6C-A982-4E67-950F-B4C3AE9838B2} = 0.0.0.0 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll Notify: FastAccess - c:\program files (x86)\sensible vision\fast access\FALogNot.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll LSA: Notification Packages = scecli FAPassSync BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\MSKAPB~1.DLL BHO-X64: McAfee Phishing Filter - No File BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun-x64: [SysTrayApp] c:\program files\idt\wdm\sttray64.exe mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe mRun-x64: [RunDLLEntry] c:\windows\system32\rundll32.exe c:\windows\system32\AmbRunE.dll,RunDLLEntry mRun-x64: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide Hosts: 127.0.0.1 www.spywareinfo.com ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-12 69152] R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-10-29 55280] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-10-29 308296] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 164720] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-29 203264] R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648] R2 FAService;FAService;c:\program files (x86)\sensible vision\fast access\FAService.exe [2009-6-24 2368776] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\logmein hamachi\hamachi-2.exe [2009-10-29 1767816] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328] R2 McProxy;McAfee Proxy Service;c:\progra~2\common~1\mcafee\mcproxy\McProxy.exe [2009-11-5 359952] R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-11-5 155456] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-10-29 172704] R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-9-24 238848] R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-10-8 60416] R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-10-29 317480] R3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe [2009-11-5 606736] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-10-29 102472] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-10-29 49480] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 40832] R3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\system32\drivers\mux.sys [2009-2-18 37424] R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2009-11-9 35112] S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-11-6 133104] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\AL6Licensing.exe [2009-10-29 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2009-10-29 79360] S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-3-20 16896] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-10-29 41032] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-10-29 40904] S3 MUXP;My WiFi PAN Mux-IM Protocol Driver;c:\windows\system32\drivers\mux.sys [2009-2-18 37424] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\intel\wifi\bin\PanDhcpDns.exe [2009-5-21 313104] S3 netw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;c:\windows\system32\drivers\NETw5v64.sys [2009-5-28 5437952] S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152] =============== Created Last 30 ================ 2010-01-21 00:42:14 0 d-----w- c:\program files (x86)\Trend Micro 2010-01-21 00:00:47 65536 --sha-w- c:\users\adam\ntuser.dat{f41b7884-061c-11df-ab3c-002219fb5d47}.TM.blf 2010-01-21 00:00:47 524288 --sha-w- c:\users\adam\ntuser.dat{f41b7884-061c-11df-ab3c-002219fb5d47}.TMContainer00000000000000000002.regtrans-ms 2010-01-21 00:00:47 524288 --sha-w- c:\users\adam\ntuser.dat{f41b7884-061c-11df-ab3c-002219fb5d47}.TMContainer00000000000000000001.regtrans-ms 2010-01-19 21:26:57 0 d-----w- c:\program files (x86)\Microsoft Office Labs 2010-01-15 20:59:11 0 d-----w- c:\users\adam\appdata\roaming\r2 Studios 2010-01-15 20:59:11 0 d-----w- c:\programdata\r2 Studios 2010-01-15 20:59:05 0 d-----w- c:\program files (x86)\r2 Studios 2010-01-15 20:18:37 212352 ------w- c:\windows\system32\MpSigStub.exe 2010-01-15 20:15:53 0 d-----w- c:\program files (x86)\Microsoft Antimalware 2010-01-15 20:15:48 0 d-----w- c:\program files\Microsoft Security Essentials 2010-01-15 19:30:51 0 d-----w- c:\program files (x86)\RealVNC 2010-01-15 19:15:44 0 d-----w- c:\program files\UltraVNC 2010-01-12 20:03:35 70656 ----a-w- c:\windows\syswow64\fontsub.dll 2010-01-12 20:03:35 148480 ----a-w- c:\windows\system32\t2embed.dll 2010-01-12 20:03:35 108544 ----a-w- c:\windows\syswow64\t2embed.dll 2010-01-12 20:03:35 100864 ----a-w- c:\windows\system32\fontsub.dll 2010-01-08 23:44:17 45056 ----a-w- c:\windows\syswow64\HSSICore.dll 2010-01-08 23:44:17 40960 ----a-w- c:\windows\syswow64\HS_live.ocx 2010-01-08 23:44:17 36864 ----a-w- C:\nphssb.dll 2010-01-08 23:44:17 247 ----a-w- C:\nphssb.xpt 2010-01-08 23:44:17 184320 ----a-w- c:\windows\syswow64\OESICore.dll 2010-01-08 23:43:53 0 d-----w- c:\programdata\Homestead 2010-01-08 23:40:49 98136 ----a-w- c:\windows\gzip.exe 2010-01-08 23:40:10 0 d-----w- c:\program files (x86)\Homestead 2010-01-07 06:48:24 0 d-----w- C:\strawberry 2010-01-07 06:20:05 0 d-----w- c:\program files (x86)\Cavaj Java Decompiler 2010-01-07 01:14:21 9216 ----a-w- c:\windows\syswow64\ftlx0411.dll 2010-01-07 01:14:21 9216 ----a-w- c:\windows\system32\ftlx0411.dll 2010-01-07 01:14:21 296960 ----a-w- c:\windows\winhlp32.exe 2010-01-07 01:14:21 195072 ----a-w- c:\windows\syswow64\ftsrch.dll 2010-01-07 01:14:21 195072 ----a-w- c:\windows\system32\ftsrch.dll 2010-01-07 01:14:21 10240 ----a-w- c:\windows\syswow64\ftlx041e.dll 2010-01-07 01:14:21 10240 ----a-w- c:\windows\system32\ftlx041e.dll 2010-01-07 00:29:31 0 d-----w- c:\programdata\Atmel 2010-01-05 19:37:52 0 d-----w- c:\program files (x86)\MetaGeek 2010-01-05 19:27:39 193232 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2010-01-05 19:27:36 53264 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2010-01-05 02:08:24 5752320 ----a-w- c:\windows\syswow64\BCGCBPRO103090.dll 2010-01-05 02:08:19 73728 ----a-w- c:\windows\syswow64\RWUXThemeS.dll 2010-01-05 02:08:19 4419584 ----a-w- c:\windows\syswow64\BCGCBPRO10180.dll 2010-01-05 02:08:19 290904 ----a-w- c:\windows\syswow64\vc6-re200l.dll 2010-01-05 01:48:27 133 ----a-w- c:\users\adam\.octave_hist 2010-01-05 01:43:09 0 d-----w- C:\Octave 2010-01-05 01:25:21 0 d-----w- c:\program files (x86)\Atmel 2010-01-05 01:09:26 0 d-----w- C:\cygwin 2010-01-05 00:59:03 0 d-----w- c:\program files (x86)\Softronics 2010-01-04 18:48:04 0 d-----w- c:\users\adam\appdata\roaming\Yoono 2010-01-04 18:47:41 0 d-----w- c:\program files (x86)\Yoono Desktop 2010-01-04 02:08:56 0 d-----w- c:\users\adam\appdata\roaming\soundcrank 2010-01-04 02:08:50 0 d-----w- c:\program files (x86)\Soundcrank 2010-01-03 02:04:30 215848 ---ha-w- c:\windows\syswow64\mlfcache.dat 2010-01-01 04:20:03 0 d-----w- c:\users\adam\.android 2009-12-25 01:22:10 0 d-----w- c:\programdata\CyberLink 2009-12-23 00:22:26 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard 2009-12-22 05:37:42 524288 --sha-w- c:\users\adam\ntuser.dat{7f3026f6-eeb9-11de-9e46-002219fb5d47}.TMContainer00000000000000000002.regtrans-ms 2009-12-22 05:37:42 524288 --sha-w- c:\users\adam\ntuser.dat{7f3026f6-eeb9-11de-9e46-002219fb5d47}.TMContainer00000000000000000001.regtrans-ms 2009-12-22 05:37:41 65536 --sha-w- c:\users\adam\ntuser.dat{7f3026f6-eeb9-11de-9e46-002219fb5d47}.TM.blf ==================== Find3M ==================== 2010-01-21 05:01:06 51200 ----a-w- c:\windows\syswow64\rpcnet.dll 2009-12-17 19:58:04 318992 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll 2009-12-17 19:58:04 165200 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys 2009-12-17 19:58:04 145360 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2009-11-22 23:53:39 411368 ------w- c:\windows\syswow64\deploytk.dll 2009-11-22 23:53:39 149280 ------w- c:\windows\syswow64\javaws.exe 2009-11-22 23:53:39 145184 ------w- c:\windows\syswow64\javaw.exe 2009-11-22 23:53:39 145184 ------w- c:\windows\syswow64\java.exe 2009-11-19 07:22:46 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2009-11-19 07:22:46 5958656 ----a-w- c:\windows\syswow64\mshtml.dll 2009-11-11 19:50:34 311296 ------w- c:\windows\syswow64\TubeFinder.exe 2009-11-10 17:30:55 51200 ----a-w- c:\windows\syswow64\rpcnet.exe 2009-11-10 17:00:14 2164 ------w- c:\users\adam\appdata\roaming\install.dat 2009-11-07 05:33:03 224302 ------w- c:\windows\hpwins19.dat 2009-11-07 02:02:12 455680 ----a-w- c:\windows\system32\deploytk.dll 2009-11-03 00:51:14 9728 ----a-w- c:\windows\syswow64\wceprv.dll 2009-10-30 02:36:06 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2009-10-30 02:36:06 444952 ------w- c:\windows\syswow64\wrap_oal.dll 2009-10-30 02:36:06 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2009-10-30 02:36:06 109080 ------w- c:\windows\syswow64\OpenAL32.dll 2009-10-29 07:48:16 2048 ----a-w- c:\windows\system32\tzres.dll 2009-10-29 07:22:37 2048 ----a-w- c:\windows\syswow64\tzres.dll 2009-07-14 05:37:38 31548 ------w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 05:37:38 31548 ------w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 05:37:38 291294 ------w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 05:37:38 291294 ------w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:54:24 174 --sh--w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sh--w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ------w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ------w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ------w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ------w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sh--r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:39:53 398848 --sh--w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sh--w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 0:16:57.90 =============== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:12:00 AM, on 1/21/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: c:\PROGRA~2\mcafee.com\agent\mcagent.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O13 - Gopher Prefix: O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CCS\Services\Tcpip\..\{E89CDC6C-A982-4E67-950F-B4C3AE9838B2}: NameServer = 0.0.0.0 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O20 - Winlogon Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FAService - Sensible Vision - c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15500 bytes RootRepeal does not run on 64-bit OS, that is why the log is not posted. Attached File(s) Attach.txt ( 8.5k ) Number of downloads: 3

elise025 View Member Profile	Jan 27 2010, 06:54 AM Post #2
Bleepin' Blonde Group: Moderator Posts: 16,158 Joined: 5-October 07 From: Home Member No.: 160,991	Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems. I will be working on your malware issues, this may or may not solve other issues you may have with your machine. Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer. You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here. ----------------------------------------------------------- If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. We need to see some information about what is happening in your machine. Please perform the following scan: Download DDS by sUBs from one of the following links. Save it to your desktop. DDS.scr DDS.pif Double click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt). Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE Please download GMER from one of the following locations and save it to your desktop: Main Mirror This version will download a randomly named file (Recommended) Zipped Mirror This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Disconnect from the Internet and close all running programs. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress) If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO. Now click the Scan button. If you see a rootkit warning window, click OK. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log. Click the Copy button and paste the results into your next reply. Exit GMER and re-enable all active protection when done. -- If you encounter any problems, try running GMER in Safe Mode. ------------------------------------------------------------- *Please be patient and I'd be grateful if you would note the following* The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post. Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one. In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem If you still need help, please include the following in your next reply A detailed description of your problems A new DDS log (don't forget attach.txt) GMER log Please do NOT post logs as attachments, unless you are unable to copy/paste a log directly in the reply box. Thanks and again sorry for the delay. -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

archerymonkey75 View Member Profile	Jan 28 2010, 12:14 PM Post #3
New Member Group: Members Posts: 2 Joined: 21-January 10 Member No.: 439,016	For the moment, my WiFi card has been working. I still have some weird errors in Event Viewer though, but I am not sure if it is malware or not.

elise025 View Member Profile	Feb 2 2010, 09:09 AM Post #4
Bleepin' Blonde Group: Moderator Posts: 16,158 Joined: 5-October 07 From: Home Member No.: 160,991	Hello, Sorry, I have been away due to some personal problems. Let me know if you still want a checkup, in that case post me the requested logs. -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

elise025 View Member Profile	Feb 7 2010, 06:16 AM Post #5
Bleepin' Blonde Group: Moderator Posts: 16,158 Joined: 5-October 07 From: Home Member No.: 160,991	Due to lack of feedback, this topic is now closed. If you are the original topic starter and you need this topic reopened, please send me a PM. Everyone else, please start a new topic. -------------------- Regards, Elise "The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." *John Milton* Become a BleepingComputer fan on Facebook Follow us on Twitter

« Next Oldest · Virus, Trojan, Spyware, and Malware Removal Logs · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 9th September 2010 - 05:29 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides