Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Microsoft Says It Blocked Attempts at Hacking Midterm Campaigns

Featured Deal: Get 98% off the Ultimate Cisco Certification Bundle: Lifetime Access Deal

huge malware problems that im lost on

Started by StealthReign , Oct 30 2009 11:27 AM

This topic is locked

2 replies to this topic

#1 StealthReign

Members
1 posts
OFFLINE

Local time:05:49 PM

Posted 30 October 2009 - 11:27 AM

my logfiles wont exactly be very specific but i ran malwarebyte's antimalware and spybot search and destroy and cleaned everything they found, even waited another day just to get new updates. Spybot deleted 2 things (double click and something i can't recall) and malware deleted 1 hijacker. I can only do things for more than one minute in safe mode. This is due to my explorer.exe in vista ultimate x64 freezing after that minute has gone by. Advanced System Care 3 and CCleaner cant seem to consistently keep my registry problems at bay and my spyware problems according to ASC are very numerous each time i run it. When i run a disk check in advanced, it errors at 9% after going through about 3 screens of errors. when i run disk check before booting it says it completes but seems to skip around 100k entries toward the end of my disk, after spending 45 minutes deleting entries and fixing them (i cant even watch my percentage because of all the errors) and they never get fixed because the same exact thing happens every time. My problems first started yesterday when i was in class and all of a sudden after i woke up my laptop it reinstalled default drivers for my RAID mirror, after the mirror mysteriously turned off. Any advice that can be given if there is no help from my logfiles would be greatly appreciated, and yes I'm waiting for my windows 7 ultimate upgrade cd to come in the mail.
thank you in advance!!

DDS.txt logfile=

DDS (Ver_09-10-26.01) - NTFSX64 NETWORK
Run by Ed at 12:03:22.85 on Fri 10/30/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.7933.6899 [GMT -4:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\notepad.exe
C:\Users\Ed\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\program files\alienware\command center\aliensense\FAIESSO.dll
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
mRun: [OSD] c:\program files\osd\Launch.exe
mRun: [FATrayAlert] c:\program files\alienware\command center\aliensense\FATrayMon.exe
mRun: [FAStartup]
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {F142B1CA-097D-408B-9460-E501E1070189} = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
Notify: FastAccess - c:\program files\alienware\command center\aliensense\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
mRun-x64: [AlienFX Controller] "c:\program files\alienware\command center\AlienwareAlienFXController.exe"
mRun-x64: [(Default)]
mRun-x64: [OSD CC] %ProgramFiles%\OSD\Launch_CC.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

============= SERVICES / DRIVERS ===============

R0 nvrd64;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd64.sys [2008-8-4 166944]
R0 nvstor64;nvstor64;c:\windows\system32\drivers\nvstor64.sys [2008-8-4 170528]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-8-4 59392]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2009/08/04 07:16:11];c:\program files (x86)\cyberlink\powerdvd8\000.fcl [2009-3-5 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_61047ba1\AESTSr64.exe [2009-8-4 89600]
S2 AlienFusionService;Alienware Fusion Service;c:\program files\alienware\command center\AlienFusionService.exe [2009-4-10 14080]
S2 CustomSvc;Vista Session Launcher Service;c:\program files\osd\Service1.exe [2009-8-4 13312]
S2 FAService;FAService;c:\program files\alienware\command center\aliensense\FAService.exe [2009-3-5 2360584]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files (x86)\common files\nero\nero backitup 4\NBService.exe [2008-12-12 935208]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2009-10-30 1153368]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-8-4 36392]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-8-4 93184]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-9-24 238848]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2008-1-20 27648]
S3 OA007Vid;Creative Camera OA007 Function Driver;c:\windows\system32\drivers\OA007Vid.sys [2009-5-15 310208]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\osd\WinRing0x64.sys [2009-8-4 14544]
S4 ahcix64;ahcix64;c:\windows\system32\drivers\ahcix64.sys [2008-8-4 146944]
S4 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-8-4 163736]

=============== Created Last 30 ================

2009-10-30 15:33:26 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-30 15:33:26 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2009-10-30 15:19:10 0 d-----w- c:\program files (x86)\Trend Micro
2009-10-30 02:24:07 0 d-----w- c:\programdata\NOS
2009-10-29 23:08:33 0 d-----w- c:\programdata\Skype
2009-10-29 19:13:06 0 d-----w- c:\program files (x86)\Unlocker
2009-10-29 18:05:09 2621440 ----a-w- c:\windows\system32\wucltux.dll
2009-10-29 18:04:58 36864 ----a-w- c:\windows\system32\wuapp.exe
2009-10-29 18:04:58 33792 ----a-w- c:\windows\syswow64\wuapp.exe
2009-10-29 18:04:58 185416 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-29 18:04:58 171608 ----a-w- c:\windows\syswow64\wuwebv.dll
2009-10-29 16:18:43 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-10-29 16:18:43 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-29 16:13:17 428544 ----a-w- c:\windows\syswow64\EncDec.dll
2009-10-29 16:13:17 217088 ----a-w- c:\windows\syswow64\psisrndr.ax
2009-10-29 16:13:16 558592 ----a-w- c:\windows\system32\EncDec.dll
2009-10-29 16:13:16 293376 ----a-w- c:\windows\syswow64\psisdecd.dll
2009-10-29 16:13:15 80896 ----a-w- c:\windows\syswow64\MSNP.ax
2009-10-29 16:13:15 375808 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-29 16:13:15 289792 ----a-w- c:\windows\system32\psisrndr.ax
2009-10-29 16:13:15 227328 ----a-w- c:\windows\system32\mpg2splt.ax
2009-10-29 16:13:15 177664 ----a-w- c:\windows\syswow64\mpg2splt.ax
2009-10-29 16:13:15 101376 ----a-w- c:\windows\system32\MSNP.ax
2009-10-29 16:12:05 10624000 ----a-w- c:\windows\syswow64\wmp.dll
2009-10-29 16:12:04 372736 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-29 16:12:04 310784 ----a-w- c:\windows\syswow64\unregmp2.exe
2009-10-29 16:12:01 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-29 16:12:01 8147456 ----a-w- c:\windows\syswow64\wmploc.DLL
2009-10-29 16:11:12 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2009-10-29 16:11:12 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-10-29 16:11:12 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2009-10-29 16:11:11 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-10-29 16:09:11 368128 ----a-w- c:\windows\system32\wmpdxm.dll
2009-10-29 16:08:59 97792 ----a-w- c:\windows\system32\wlanhlp.dll
2009-10-29 16:07:32 791552 ----a-w- c:\windows\system32\localspl.dll
2009-10-29 16:07:31 636928 ----a-w- c:\windows\syswow64\localspl.dll
2009-10-29 16:07:13 93184 ----a-w- c:\windows\system32\mciavi32.dll
2009-10-29 16:07:13 76800 ----a-w- c:\windows\system32\avicap32.dll
2009-10-29 16:07:13 108544 ----a-w- c:\windows\system32\avifil32.dll
2009-10-29 16:07:12 91136 ----a-w- c:\windows\syswow64\avifil32.dll
2009-10-29 16:06:56 202752 ----a-w- c:\windows\system32\wkssvc.dll
2009-10-29 16:06:55 88576 ----a-w- c:\windows\system32\atl.dll
2009-10-29 16:06:55 71680 ----a-w- c:\windows\syswow64\atl.dll
2009-10-29 16:06:55 174592 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-29 16:06:51 82944 ----a-w- c:\windows\system32\msasn1.dll
2009-10-29 16:06:51 61440 ----a-w- c:\windows\syswow64\msasn1.dll
2009-10-29 15:48:21 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 15:48:21 0 d-----w- c:\programdata\Malwarebytes
2009-10-29 15:37:01 0 d-----w- c:\users\ed\appdata\roaming\OpenOffice.org
2009-10-29 15:36:18 238960 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 15:02:11 0 d-sh--w- C:\$RECYCLE.BIN
2009-10-29 07:39:08 10 ----a-w- C:\MOVE_RECOVERY
2009-10-24 00:48:07 0 d-----w- c:\program files\Unreal.Tournament.3.KEYGEN-RELOADED
2009-10-24 00:34:08 0 d-----w- c:\program files\Unreal Tournament 3
2009-10-22 15:51:22 0 d-----w- c:\program files (x86)\HD Tune
2009-10-22 15:49:02 0 d-----w- c:\program files (x86)\Simpli Software
2009-10-18 21:35:10 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2009-10-11 18:45:52 0 d-----w- c:\program files (x86)\Age of Empires II
2009-10-05 19:36:59 0 d-----w- c:\program files\7-Zip
2009-10-03 04:04:29 0 d-----w- c:\program files\iTunes
2009-10-03 04:04:29 0 d-----w- c:\program files (x86)\iTunes
2009-10-02 18:27:58 36 ----a-w- c:\users\ed\.org.eclipse.epp.usagedata.recording.userId

==================== Find3M ====================

2009-10-30 15:09:32 31586 ----a-w- c:\programdata\nvModes.dat
2009-09-10 17:53:48 268800 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 17:30:12 213504 ----a-w- c:\windows\syswow64\msv1_0.dll
2009-08-27 13:47:55 1032704 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:43:42 86528 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 13:32:41 833024 ----a-w- c:\windows\syswow64\wininet.dll
2009-08-27 13:32:28 1174528 ----a-w- c:\windows\syswow64\urlmon.dll
2009-08-27 13:31:28 146432 ----a-w- c:\windows\syswow64\occache.dll
2009-08-27 13:30:22 671232 ----a-w- c:\windows\syswow64\mstime.dll
2009-08-27 13:30:12 3584000 ----a-w- c:\windows\syswow64\mshtml.dll
2009-08-27 13:30:11 458240 ----a-w- c:\windows\syswow64\msfeeds.dll
2009-08-27 13:29:41 28160 ----a-w- c:\windows\syswow64\jsproxy.dll
2009-08-27 13:29:28 270848 ----a-w- c:\windows\syswow64\iertutil.dll
2009-08-27 13:29:27 6069248 ----a-w- c:\windows\syswow64\ieframe.dll
2009-08-27 13:29:25 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2009-08-27 13:29:25 389120 ----a-w- c:\windows\syswow64\iedkcs32.dll
2009-08-27 13:29:25 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2009-08-27 13:29:25 230400 ----a-w- c:\windows\syswow64\ieaksie.dll
2009-08-27 11:27:09 32768 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 10:58:58 26624 ----a-w- c:\windows\syswow64\ieUnatt.exe
2009-08-19 08:31:00 336 ----a-w- c:\program files (x86)\setup.ini
2009-08-14 17:29:27 141312 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 17:29:26 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:29:41 17920 ----a-w- c:\windows\syswow64\netevent.dll
2009-08-14 16:29:41 104960 ----a-w- c:\windows\syswow64\netiohlp.dll
2009-08-14 15:13:04 10752 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 15:13:02 21504 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 15:13:01 12800 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 15:12:59 32256 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 15:12:59 23040 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 15:12:58 10240 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 15:12:57 11264 ----a-w- c:\windows\system32\finger.exe
2009-08-14 14:16:55 9728 ----a-w- c:\windows\syswow64\TCPSVCS.EXE
2009-08-14 14:16:55 17920 ----a-w- c:\windows\syswow64\ROUTE.EXE
2009-08-14 14:16:52 11264 ----a-w- c:\windows\syswow64\MRINFO.EXE
2009-08-14 14:16:51 27136 ----a-w- c:\windows\syswow64\NETSTAT.EXE
2009-08-14 14:16:50 19968 ----a-w- c:\windows\syswow64\ARP.EXE
2009-08-14 14:16:49 8704 ----a-w- c:\windows\syswow64\HOSTNAME.EXE
2009-08-14 14:16:49 10240 ----a-w- c:\windows\syswow64\finger.exe
2009-08-05 14:56:15 4691016 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:37:37 51200 ----a-w- c:\windows\inf\infpub.dat
2009-08-04 14:37:37 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-08-04 14:37:36 86016 ----a-w- c:\windows\inf\infstor.dat
2009-08-04 14:13:51 29480 ----a-w- c:\windows\syswow64\msxml3a.dll
2009-08-04 13:52:57 95472 ----a-w- c:\windows\system32\bcmwlcoi.dll
2009-08-04 13:52:57 3877888 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2009-08-04 13:52:57 3541504 ----a-w- c:\windows\system32\bcmihvui64.dll
2009-05-02 01:48:43 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:14 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:14 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-05-02 01:34:22 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 12:05:20.96 ===============

HiJackThis logfile=

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:03 AM, on 10/30/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18319)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll
O4 - HKLM\..\Run: [OSD] c:\Program Files\OSD\Launch.exe
O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F142B1CA-097D-408B-9460-E501E1070189}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_61047ba1\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Alienware Fusion Service (AlienFusionService) - Alienware - C:\Program Files\Alienware\Command Center\AlienFusionService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Vista Session Launcher Service (CustomSvc) - Unknown owner - C:\Program Files\OSD\Service1.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FAService - Sensible Vision - C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_61047ba1\STacSV64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6722 bytes

and attached is the attach.txt file

just as a side note:
after finding out about my drives separating my winload.exe file went "missing or corrupt". I checked this with a ubuntu 9.4 livecd and the file was exactly copied in the same spot in the system32 folder where it should have been, then i decided to back up and recreate the vista OS with the cd that came with my laptop. if you need any other information please ask!!

Attached Files

Attach.txt 10.15KB 7 downloads

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 m0le

Can U Dig It?

Malware Response Team
34,527 posts
OFFLINE

Gender:Male
Location:London, UK
Local time:09:49 PM

Posted 06 November 2009 - 09:39 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.
Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks

m0le is a proud member of UNITE

Back to top

#3 m0le

Can U Dig It?

Malware Response Team
34,527 posts
OFFLINE

Gender:Male
Location:London, UK
Local time:09:49 PM

Posted 09 November 2009 - 02:45 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.

m0le is a proud member of UNITE