BleepingComputer.com: Please help with malware problem

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Please help with malware problem

#1 User is offline   archerymonkey75 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 21-January 10

Posted 21 January 2010 - 12:21 AM

My WiFi turns itself off. I believe it is due to Malware.

Please help me if possible.

Thank you!




DDS (Ver_09-12-01.01) - NTFSX64
Run by Adam at 0:15:38.45 on Thu 01/21/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2289 [GMT -5:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files (x86)\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\vds.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Adam\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
mLocal Page = c:\windows\syswow64\blank.htm
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\program files (x86)\sensible vision\fast access\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [FATrayAlert] c:\program files (x86)\sensible vision\fast access\FATrayMon.exe
mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [FAStartup]
mRun: [VolPanel] "c:\program files (x86)\creative\sb x-fi mb\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey
mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [<NO NAME>]
mRun: [StartupDelayer] "c:\program files (x86)\r2 studios\startup delayer\Startup Launcher.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files (x86)\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Launcher] c:\program files (x86)\dell datasafe local backup\components\scheduler\Launcher.exe
mRunOnce: [STToasterLauncher] c:\program files (x86)\dell datasafe local backup\toasterLauncher.exe
StartupFolder: c:\users\adam\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files (x86)\erunt\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files (x86)\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
Trusted Zone: gross-server
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {E89CDC6C-A982-4E67-950F-B4C3AE9838B2} = 0.0.0.0
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Notify: FastAccess - c:\program files (x86)\sensible vision\fast access\FALogNot.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] c:\program files\idt\wdm\sttray64.exe
mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun-x64: [RunDLLEntry] c:\windows\system32\rundll32.exe c:\windows\system32\AmbRunE.dll,RunDLLEntry
mRun-x64: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-12 69152]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-10-29 55280]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-10-29 308296]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 164720]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-29 203264]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 FAService;FAService;c:\program files (x86)\sensible vision\fast access\FAService.exe [2009-6-24 2368776]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\logmein hamachi\hamachi-2.exe [2009-10-29 1767816]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 McProxy;McAfee Proxy Service;c:\progra~2\common~1\mcafee\mcproxy\McProxy.exe [2009-11-5 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-11-5 155456]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-10-29 172704]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-9-24 238848]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-10-8 60416]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-10-29 317480]
R3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe [2009-11-5 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-10-29 102472]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-10-29 49480]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 40832]
R3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\system32\drivers\mux.sys [2009-2-18 37424]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2009-11-9 35112]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-11-6 133104]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\AL6Licensing.exe [2009-10-29 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2009-10-29 79360]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-3-20 16896]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-10-29 41032]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-10-29 40904]
S3 MUXP;My WiFi PAN Mux-IM Protocol Driver;c:\windows\system32\drivers\mux.sys [2009-2-18 37424]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\intel\wifi\bin\PanDhcpDns.exe [2009-5-21 313104]
S3 netw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;c:\windows\system32\drivers\NETw5v64.sys [2009-5-28 5437952]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]

=============== Created Last 30 ================

2010-01-21 00:42:14 0 d-----w- c:\program files (x86)\Trend Micro
2010-01-21 00:00:47 65536 --sha-w- c:\users\adam\ntuser.dat{f41b7884-061c-11df-ab3c-002219fb5d47}.TM.blf
2010-01-21 00:00:47 524288 --sha-w- c:\users\adam\ntuser.dat{f41b7884-061c-11df-ab3c-002219fb5d47}.TMContainer00000000000000000002.regtrans-ms
2010-01-21 00:00:47 524288 --sha-w- c:\users\adam\ntuser.dat{f41b7884-061c-11df-ab3c-002219fb5d47}.TMContainer00000000000000000001.regtrans-ms
2010-01-19 21:26:57 0 d-----w- c:\program files (x86)\Microsoft Office Labs
2010-01-15 20:59:11 0 d-----w- c:\users\adam\appdata\roaming\r2 Studios
2010-01-15 20:59:11 0 d-----w- c:\programdata\r2 Studios
2010-01-15 20:59:05 0 d-----w- c:\program files (x86)\r2 Studios
2010-01-15 20:18:37 212352 ------w- c:\windows\system32\MpSigStub.exe
2010-01-15 20:15:53 0 d-----w- c:\program files (x86)\Microsoft Antimalware
2010-01-15 20:15:48 0 d-----w- c:\program files\Microsoft Security Essentials
2010-01-15 19:30:51 0 d-----w- c:\program files (x86)\RealVNC
2010-01-15 19:15:44 0 d-----w- c:\program files\UltraVNC
2010-01-12 20:03:35 70656 ----a-w- c:\windows\syswow64\fontsub.dll
2010-01-12 20:03:35 148480 ----a-w- c:\windows\system32\t2embed.dll
2010-01-12 20:03:35 108544 ----a-w- c:\windows\syswow64\t2embed.dll
2010-01-12 20:03:35 100864 ----a-w- c:\windows\system32\fontsub.dll
2010-01-08 23:44:17 45056 ----a-w- c:\windows\syswow64\HSSICore.dll
2010-01-08 23:44:17 40960 ----a-w- c:\windows\syswow64\HS_live.ocx
2010-01-08 23:44:17 36864 ----a-w- C:\nphssb.dll
2010-01-08 23:44:17 247 ----a-w- C:\nphssb.xpt
2010-01-08 23:44:17 184320 ----a-w- c:\windows\syswow64\OESICore.dll
2010-01-08 23:43:53 0 d-----w- c:\programdata\Homestead
2010-01-08 23:40:49 98136 ----a-w- c:\windows\gzip.exe
2010-01-08 23:40:10 0 d-----w- c:\program files (x86)\Homestead
2010-01-07 06:48:24 0 d-----w- C:\strawberry
2010-01-07 06:20:05 0 d-----w- c:\program files (x86)\Cavaj Java Decompiler
2010-01-07 01:14:21 9216 ----a-w- c:\windows\syswow64\ftlx0411.dll
2010-01-07 01:14:21 9216 ----a-w- c:\windows\system32\ftlx0411.dll
2010-01-07 01:14:21 296960 ----a-w- c:\windows\winhlp32.exe
2010-01-07 01:14:21 195072 ----a-w- c:\windows\syswow64\ftsrch.dll
2010-01-07 01:14:21 195072 ----a-w- c:\windows\system32\ftsrch.dll
2010-01-07 01:14:21 10240 ----a-w- c:\windows\syswow64\ftlx041e.dll
2010-01-07 01:14:21 10240 ----a-w- c:\windows\system32\ftlx041e.dll
2010-01-07 00:29:31 0 d-----w- c:\programdata\Atmel
2010-01-05 19:37:52 0 d-----w- c:\program files (x86)\MetaGeek
2010-01-05 19:27:39 193232 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-01-05 19:27:36 53264 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-01-05 02:08:24 5752320 ----a-w- c:\windows\syswow64\BCGCBPRO103090.dll
2010-01-05 02:08:19 73728 ----a-w- c:\windows\syswow64\RWUXThemeS.dll
2010-01-05 02:08:19 4419584 ----a-w- c:\windows\syswow64\BCGCBPRO10180.dll
2010-01-05 02:08:19 290904 ----a-w- c:\windows\syswow64\vc6-re200l.dll
2010-01-05 01:48:27 133 ----a-w- c:\users\adam\.octave_hist
2010-01-05 01:43:09 0 d-----w- C:\Octave
2010-01-05 01:25:21 0 d-----w- c:\program files (x86)\Atmel
2010-01-05 01:09:26 0 d-----w- C:\cygwin
2010-01-05 00:59:03 0 d-----w- c:\program files (x86)\Softronics
2010-01-04 18:48:04 0 d-----w- c:\users\adam\appdata\roaming\Yoono
2010-01-04 18:47:41 0 d-----w- c:\program files (x86)\Yoono Desktop
2010-01-04 02:08:56 0 d-----w- c:\users\adam\appdata\roaming\soundcrank
2010-01-04 02:08:50 0 d-----w- c:\program files (x86)\Soundcrank
2010-01-03 02:04:30 215848 ---ha-w- c:\windows\syswow64\mlfcache.dat
2010-01-01 04:20:03 0 d-----w- c:\users\adam\.android
2009-12-25 01:22:10 0 d-----w- c:\programdata\CyberLink
2009-12-23 00:22:26 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
2009-12-22 05:37:42 524288 --sha-w- c:\users\adam\ntuser.dat{7f3026f6-eeb9-11de-9e46-002219fb5d47}.TMContainer00000000000000000002.regtrans-ms
2009-12-22 05:37:42 524288 --sha-w- c:\users\adam\ntuser.dat{7f3026f6-eeb9-11de-9e46-002219fb5d47}.TMContainer00000000000000000001.regtrans-ms
2009-12-22 05:37:41 65536 --sha-w- c:\users\adam\ntuser.dat{7f3026f6-eeb9-11de-9e46-002219fb5d47}.TM.blf

==================== Find3M ====================

2010-01-21 05:01:06 51200 ----a-w- c:\windows\syswow64\rpcnet.dll
2009-12-17 19:58:04 318992 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2009-12-17 19:58:04 165200 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2009-12-17 19:58:04 145360 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-11-22 23:53:39 411368 ------w- c:\windows\syswow64\deploytk.dll
2009-11-22 23:53:39 149280 ------w- c:\windows\syswow64\javaws.exe
2009-11-22 23:53:39 145184 ------w- c:\windows\syswow64\javaw.exe
2009-11-22 23:53:39 145184 ------w- c:\windows\syswow64\java.exe
2009-11-19 07:22:46 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-11-19 07:22:46 5958656 ----a-w- c:\windows\syswow64\mshtml.dll
2009-11-11 19:50:34 311296 ------w- c:\windows\syswow64\TubeFinder.exe
2009-11-10 17:30:55 51200 ----a-w- c:\windows\syswow64\rpcnet.exe
2009-11-10 17:00:14 2164 ------w- c:\users\adam\appdata\roaming\install.dat
2009-11-07 05:33:03 224302 ------w- c:\windows\hpwins19.dat
2009-11-07 02:02:12 455680 ----a-w- c:\windows\system32\deploytk.dll
2009-11-03 00:51:14 9728 ----a-w- c:\windows\syswow64\wceprv.dll
2009-10-30 02:36:06 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2009-10-30 02:36:06 444952 ------w- c:\windows\syswow64\wrap_oal.dll
2009-10-30 02:36:06 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-30 02:36:06 109080 ------w- c:\windows\syswow64\OpenAL32.dll
2009-10-29 07:48:16 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-29 07:22:37 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-07-14 05:37:38 31548 ------w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ------w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ------w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ------w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sh--w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sh--w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ------w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ------w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ------w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ------w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sh--r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sh--w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sh--w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 0:16:57.90 ===============












Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:00 AM, on 1/21/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - c:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files (x86)\r2 Studios\Startup Delayer\Startup Launcher.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{E89CDC6C-A982-4E67-950F-B4C3AE9838B2}: NameServer = 0.0.0.0
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: FastAccess - c:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FAService - Sensible Vision - c:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15500 bytes



RootRepeal does not run on 64-bit OS, that is why the log is not posted.

Attached File(s)


#2 User is offline   elise025 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 36,047
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 27 January 2010 - 06:54 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt).
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)
  • GMER log

Please do NOT post logs as attachments, unless you are unable to copy/paste a log directly in the reply box.

Thanks and again sorry for the delay.
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#3 User is offline   archerymonkey75 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 21-January 10

Posted 28 January 2010 - 12:14 PM

For the moment, my WiFi card has been working. I still have some weird errors in Event Viewer though, but I am not sure if it is malware or not.

#4 User is offline   elise025 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 36,047
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 02 February 2010 - 09:09 AM

Hello,

Sorry, I have been away due to some personal problems.

Let me know if you still want a checkup, in that case post me the requested logs.
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#5 User is offline   elise025 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 36,047
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 07 February 2010 - 06:16 AM

Due to lack of feedback, this topic is now closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users