Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Applications Freezing, Recent Malware Problem?


  • This topic is locked This topic is locked
2 replies to this topic

#1 Sheepdisease

Sheepdisease

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:51 PM

Posted 02 March 2010 - 05:42 AM

Hello, I've been having problems for the past few days.

The computer freezes up and I can't even get the task manaager to come up by press control, alt and delete when it happens.

Bitdefender Total Security 2010 (most recent updates) found nothing on the system, Malwarebyte's Anti-Malware picked up some nasties and deleted them after reboot. Now Malwarebyte's Anti-Malware is reporting that unauthorised IP addresses are attempting to connect.

IP ADDRESSES:

14:28:03 All Users MESSAGE Protection started successfully
14:28:07 All Users MESSAGE IP Protection started successfully
14:28:17 All Users IP-BLOCK 117.198.133.200
14:28:37 All Users IP-BLOCK 59.34.86.178
14:29:19 All Users IP-BLOCK 117.198.32.149
14:31:10 All Users IP-BLOCK 208.94.233.37
14:31:10 All Users IP-BLOCK 208.94.233.37
14:31:20 All Users IP-BLOCK 208.94.233.37
14:31:20 All Users IP-BLOCK 208.94.233.37
14:31:20 All Users IP-BLOCK 208.94.233.37
14:31:30 All Users IP-BLOCK 208.94.233.37
14:31:40 All Users IP-BLOCK 208.94.233.37
14:31:40 All Users IP-BLOCK 208.94.233.37
14:31:40 All Users IP-BLOCK 208.94.233.37
14:31:40 All Users IP-BLOCK 208.94.233.37
14:31:40 All Users IP-BLOCK 208.94.233.37
14:31:50 All Users IP-BLOCK 208.94.233.37
14:31:50 All Users IP-BLOCK 208.94.233.37
14:31:50 All Users IP-BLOCK 208.94.233.37
14:31:50 All Users IP-BLOCK 208.94.233.37
14:34:51 All Users IP-BLOCK 117.198.133.200
14:34:51 All Users IP-BLOCK 117.198.133.200
14:35:01 All Users IP-BLOCK 117.198.133.200
14:35:01 All Users IP-BLOCK 89.248.173.61
14:35:01 All Users IP-BLOCK 89.248.173.61
14:35:11 All Users IP-BLOCK 89.248.173.61
14:36:41 All Users IP-BLOCK 89.248.173.61
14:36:41 All Users IP-BLOCK 89.248.173.61
14:41:51 All Users IP-BLOCK 89.209.91.41
14:45:42 All Users IP-BLOCK 58.240.39.212
14:47:13 All Users MESSAGE IP Protection stopped
14:47:13 All Users MESSAGE IP Protection started successfully
14:57:04 All Users IP-BLOCK 117.198.130.135
14:59:44 All Users IP-BLOCK 121.13.92.53
15:00:04 All Users IP-BLOCK 117.198.200.173
15:08:34 All Users MESSAGE Protection started successfully
15:08:38 All Users MESSAGE IP Protection started successfully
15:10:29 All Users MESSAGE IP Protection stopped
15:10:31 All Users MESSAGE Database updated successfully
15:10:32 All Users MESSAGE IP Protection started successfully


Any ideas?

MALWAREBYTE'S ANTI-MALWARE:

Malwarebytes' Anti-Malware 1.44
Database version: 3795
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26/02/2010 13:02:19
mbam-log-2010-02-26 (13-02-19).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 597328
Time elapsed: 4 hour(s), 0 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explo rer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Windows\System32\SYSTEM32 (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\SYSTEM32\DRIVERS (Trojan.Agent) -> Delete on reboot.

Files Infected:
C:\Windows\System32\SYSTEM32\DRIVERS\rtl8187.sys (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\SYSTEM32\DRIVERS\RtlProt.sys (Trojan.Agent) -> Delete on reboot.

HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 15:08:44, on 26/02/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Users\All Users.Study-PC\AppData\Local\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Windows\SysWOW64\CTHELPER.EXE
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\HJT\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:/Users/All Users.Study-PC/AppData/Local/RapidSolution/Videoraptor/WebRip/profile/rrproxy_ie_4b788d5c.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files (x86)\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\All Users.Study-PC\AppData\Roaming\Mozilla\Firefox\Profiles\p607f7vs.default\extensions\{0b 457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [OfficeSyncProcess] C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKCU\..\Run: [Google Update] "C:\Users\All Users.Study-PC\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Digsby.lnk = C:\Program Files (x86)\Digsby\digsby.exe
O4 - Global Startup: µTorrent Peerblock.lnk = C:\Program Files\Peerblock\peerblock.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files (x86)\LeechGet 2009\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files (x86)\LeechGet 2009\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files (x86)\LeechGet 2009\\Parser.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/soft...5109/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Unknown owner - C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SqueezeMySQL - Unknown owner - C:\PROGRA~2\SQUEEZ~2\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TabletServicePen - Unknown owner - C:\windows\system32\Pen_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe

--
End of file - 15091 bytes

Auslogics System Information

--------------------------------------------------------------------------------
*** Operating System ***
--------------------------------------------------------------------------------

Windows Version: Windows Seven (6.1.7600)
License Information: All Users

--------------------------------------------------------------------------------
*** Common Devices ***
--------------------------------------------------------------------------------

System Name: P5K-E
Processor Name: Intel® Core™2 Quad CPU Q6700 @ 2.66GHz
Videocard Name: NVIDIA GeForce 8800 GTX
Installed Memory: 4,095.09 MB

--------------------------------------------------------------------------------
*** Installed Programs ***
--------------------------------------------------------------------------------

Number of Installed Programs: 309 programs
Number of Running Processes: 89 processes
Internet Explorer Version: 8.0.7600.16385 (0)
DirectX Version: 4.09.00.0904
Office Version: 14.0.4536.1000

--------------------------------------------------------------------------------
*** Windows Details ***
--------------------------------------------------------------------------------

Windows Version: Windows Seven (6.1.7600)
Installed: 09/11/2009 01:17:50
Last Reboot: 01/03/2010 22:59:20
Default Internet Client: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Default Mail Client: C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
Language: English (United Kingdom) (ID: $0809)
Country: United Kingdom (Country Code: 44)
Time zone: (UTC) Dublin, Edinburgh, Lisbon, London

--------------------------------------------------------------------------------
*** User Details ***
--------------------------------------------------------------------------------

Registered To: All Users
User Name: All Users
Computer Name: PC

--------------------------------------------------------------------------------
*** Environment ***
--------------------------------------------------------------------------------

ALLUSERSPROFILE C:\ProgramData
APPDATA C:\Users\All Users.Study-PC\AppData\Roaming
ArmServerInfo 00080592
CHROME_RESTART Google Chrome|Whoa! Google Chrome has crashed. Restart now?|LEFT_TO_RIGHT
CHROME_VERSION 4.0.249.89
CLASSPATH .;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles C:\Program Files (x86)\Common Files
CommonProgramFiles(x86) C:\Program Files (x86)\Common Files
CommonProgramW6432 C:\Program Files\Common Files
COMPUTERNAME PC
ComSpec C:\windows\system32\cmd.exe
FP_NO_HOST_CHECK NO
HOMEDRIVE C:
HOMEPATH \Users\All Users.Study-PC
LOCALAPPDATA C:\Users\All Users.Study-PC\AppData\Local
LOGONSERVER \\PC
NO_OO_BREAKPAD browser
NUMBER_OF_PROCESSORS 4
OS Windows_NT
Path C:\Users\All Users.Study-PC\AppData\Local\Google\Chrome\Application;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\PC Connectivity Solution\;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\window s\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Samsung\Samsung PC Studio 3\;C:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\Microsoft Shared\Windows Live
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE x86
PROCESSOR_ARCHITEW6432 AMD64
PROCESSOR_IDENTIFIER Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL 6
PROCESSOR_REVISION 0f0b
ProgramData C:\ProgramData
ProgramFiles C:\Program Files (x86)
ProgramFiles(x86) C:\Program Files (x86)
ProgramW6432 C:\Program Files
PSModulePath C:\windows\system32\WindowsPowerShell\v1.0\Modules\
PUBLIC C:\Users\Public
QTJAVA C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
SESSIONNAME Console
SystemDrive C:
SystemRoot C:\windows
TEMP C:\Users\ALLUSE~1.STU\AppData\Local\Temp
TMP C:\Users\ALLUSE~1.STU\AppData\Local\Temp
USERDOMAIN PC
USERNAME All Users
USERPROFILE C:\Users\All Users.Study-PC
windir C:\windows

--------------------------------------------------------------------------------
*** System Folders ***
--------------------------------------------------------------------------------

AdminTools C:\Users\All Users.Study-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
AltStartup C:\Users\All Users.Study-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
AppData C:\Users\All Users.Study-PC\AppData\Roaming
CDBurnArea C:\Users\All Users.Study-PC\AppData\Local\Microsoft\Windows\Burn\Burn
CommonAdminTools C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
CommonDesktopDir C:\Users\Public\Desktop
CommonAltStartUp C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
CommonAppData C:\ProgramData
CommonDocuments C:\Users\Public\Documents
CommonFavorites C:\Users\All Users.Study-PC\Favorites
CommonMusic C:\Users\Public\Music
CommonPictures C:\Users\Public\Pictures
CommonStartMenu C:\ProgramData\Microsoft\Windows\Start Menu
CommonStartup C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
CommonTemplates C:\ProgramData\Microsoft\Windows\Templates
CommonVideo C:\Users\Public\Videos
Cookies C:\Users\All Users.Study-PC\AppData\Roaming\Microsoft\Windows\Cookies
Desktop C:\Users\All Users.Study-PC\Desktop
DesktopDir C:\Users\All Users.Study-PC\Desktop
Favorites C:\Users\All Users.Study-PC\Favorites
Fonts C:\Windows\Fonts
History C:\Users\All Users.Study-PC\AppData\Local\Microsoft\Windows\History
InternetCache C:\Users\All Users.Study-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files
LocalAppData C:\Users\All Users.Study-PC\AppData\Local
NetHood C:\Users\All Users.Study-PC\AppData\Roaming\Microsoft\Windows\Network Shortcuts
MyMusic D:\Music
MyPictures D:\Pictures
MyVideo D:\Videos
Personal D:\Documents
PrintHood C:\Users\All Users.Study-PC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Programs C:\Users\All Users.Study-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
Profile C:\Users\All Users.Study-PC
ProgramFiles C:\Program Files (x86)
ProgramFilesCommon C:\Program Files (x86)\Common Files
Recent C:\Users\All Users.Study-PC\AppData\Roaming\Microsoft\Windows\Recent
SendTo C:\Users\All Users.Study-PC\AppData\Roaming\Microsoft\Windows\SendTo
StartMenu C:\Users\All Users.Study-PC\AppData\Roaming\Microsoft\Windows\Start Menu
StartUp C:\Users\All Users.Study-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
System C:\Windows\System32
Windows C:\Windows
Templates C:\Users\All Users.Study-PC\AppData\Roaming\Microsoft\Windows\Templates

--------------------------------------------------------------------------------
*** CPU Details ***
--------------------------------------------------------------------------------

Physical Processors: 1
Logical Processors: 4
Processor Vendor: Intel® Corporation
Processor Name: Intel® Core™2 Quad CPU Q6700 @ 2.66GHz
Additional Name: x86 Family 6 Model 15 Stepping 11
Popular Name: Core 2 Quad Q6700
Frequency: 2680 MHz

--------------------------------------------------------------------------------
*** CPU Cache Details ***
--------------------------------------------------------------------------------

Cache Level I: 64 KB

--------------------------------------------------------------------------------
*** BIOS Details ***
--------------------------------------------------------------------------------

BIOS Vendor: American Megatrends Inc.
BIOS Type: AT/AT COMPATIBLE
BIOS Version: 1305
Copyright: A_M_I_ - 6000919
Date: 06/19/2009
Size: 2,048 KB

--------------------------------------------------------------------------------
*** Motherboard Details ***
--------------------------------------------------------------------------------

Motherboard Vendor: ASUSTeK Computer INC.
Motherboard Model: P5K-E
Version: Rev 1.xx
Ports: 33
System Slots: 7

--------------------------------------------------------------------------------
*** Memory Modules ***
--------------------------------------------------------------------------------

Memory Devices Present: 4
Memory Device # 0
Device Locator: DIMM0
Bank Locator: BANK0
Manufacturer: Manufacturer0
Serial Number: SerNum0
Part Number: PartNum0
Memoty Device Type: DDR
Total Width: 64 bits
Data Width: 64 bits
Size: 2048 MB
Speed: 1 ns
Form Factor: DIMM
Memory Device # 1
Device Locator: DIMM1
Bank Locator: BANK1
Manufacturer: Manufacturer1
Serial Number: SerNum1
Part Number: PartNum1
Memoty Device Type: Unknown
Total Width: 65535 bits
Data Width: 65535 bits
Size: 0 MB
Speed: 0 ns
Form Factor: DIMM
Memory Device # 2
Device Locator: DIMM2
Bank Locator: BANK2
Manufacturer: Manufacturer2
Serial Number: SerNum2
Part Number: PartNum2
Memoty Device Type: DDR
Total Width: 64 bits
Data Width: 64 bits
Size: 2048 MB
Speed: 1 ns
Form Factor: DIMM
Memory Device # 3
Device Locator: DIMM3
Bank Locator: BANK3
Manufacturer: Manufacturer3
Serial Number: SerNum3
Part Number: PartNum3
Memoty Device Type: Unknown
Total Width: 65535 bits
Data Width: 65535 bits
Size: 0 MB
Speed: 0 ns
Form Factor: DIMM
Total Installed: 4096 MB

--------------------------------------------------------------------------------
*** Extented Details ***
--------------------------------------------------------------------------------

Technology: 65 nm
Architecture: x86 Family
Stepping: 11
APIC ID: 0
Physical ID: 0
Logical ID: 0
Cores per Package: 4
Logical Units per Package: 4

--------------------------------------------------------------------------------
*** CPU Properties ***
--------------------------------------------------------------------------------

Floating point unit Supported
Virtual mode extension Supported
Debugging extensions Supported
Page size extension Supported
Time stamp counter Supported
Machine specific registers Supported
Physical address extension Supported
Machine check extension Supported
CMPXCHG8 instrucion support Supported
APIC Supported
Fast system call (SYSENTER/SYSEXIT) Supported
Memory type range registers Supported
Page global extension Supported
Conditional move support Supported
Page attribute table Supported
36-bit page size extension Supported
Processor serial number Not Supported
CLFLUSH instruction support Supported
Debug trace store Supported
Thermal monitor and software controlled clock Supported
MMX architecture support Supported
Fast floating point save (FXSAVE/FXRSTOR) Supported
Streaming SIMD instruction support Supported
Streaming SIMD extensions 2 Supported
Self snoop Supported
Hyper-Threading technology Supported
Thermal monitor support Supported
IA-64 Intel Not Supported
Signal break on FERR Supported
Streaming SIMD extensions 3 Supported
MONITOR/MWAIT Supported
CPL qualified debug store Supported
Virtual machine extension Supported
Enhanced SpeedStep Technology Supported
Thermal Monitor 2 Supported
Context Id Not Supported
CMPXCHG16B instrucion support Supported
Send task priority messages Supported
Multiprocessing capable Not Supported
No execute page protection Supported
Extended MMX architecture Not Supported
AMD64/EM64T Supported
Extended 3DNow! extensions Not Supported
3DNow! extensions Not Supported
LAHF/SAHF support Supported
Core multiprocessing legacy Not Supported
Temperature sensor Not Supported
Frequency id Control Not Supported
Voltage id Control Not Supported
Thermal trip Not Supported
Software thermal control Not Supported
Invariant TSC Not Supported

--------------------------------------------------------------------------------
*** Videoadapter Details ***
--------------------------------------------------------------------------------

Video Adapter Name: NVIDIA GeForce 8800 GTX
Video Memory: 0.00 MB
BIOS Date: 02/20/07
Current Resolution: 1680 x 1050 pixels
Current Color Mode: 32 bits per pixel
DirectX Version: 4.09.00.0904

--------------------------------------------------------------------------------
*** Monitor Details ***
--------------------------------------------------------------------------------

Driver Version: 16384
Technology: Raster Display
Refresh Rate: 60 Hz
Font Resolution: 96 dpi
Width/Height/Diagonal in Pixels: 36/36/51
Horizontal Size: 593
Vertical Size: 370

Edited by garmanma, 02 March 2010 - 12:05 PM.


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:51 PM

Posted 07 March 2010 - 04:49 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:51 PM

Posted 12 March 2010 - 11:58 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users