Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winsock issues due to possible Malware or Spyware virus


  • This topic is locked This topic is locked
6 replies to this topic

#1 Dhiman from India

Dhiman from India

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 16 December 2010 - 04:52 AM

Having issues with opening Internet Explorer. It keeps throwing me out and the message i get is "Internet Explorer cannot display the Web Page". On clicking "Diagnose Connection Problem" it shows "Windows has detected a problem with the Winsock provider catalog on this computer" When I restart the Laptop, it works for maybe 5 to 10 min and then again throws me out.
The problem started 3 weeks back when I tried load some application on Forex conversion or possibly Skype (not sure).

Any help to solve this would be greatly appreciated.

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:42 AM

Posted 17 December 2010 - 03:20 AM

Hi,

* Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • In case you already used MBAM previously, please update it before proceeding with the scan. To do this, click the "Update" tab and click the "Check For updates" button.
  • Once the program has loaded and updates were downloaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh DDS log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Edited by miekiemoes, 17 December 2010 - 03:21 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Dhiman from India

Dhiman from India
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 17 December 2010 - 07:55 AM

Thanks for your guidance...have done as mentioned above. Here is the log file from MBAM scan...
------------------------
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5342

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/17/2010 6:12:20 PM
mbam-log-2010-12-17 (18-12-20).txt

Scan type: Quick scan
Objects scanned: 169139
Time elapsed: 6 minute(s), 40 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 6
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 26

Memory Processes Infected:
c:\WINDOWS\gwdrive32.exe (Worm.Palevo) -> 3988 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Advanced HTTPL Enable (Trojan.Tofsee) -> Value: Advanced HTTPL Enable -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\psysnew (Backdoor.Bot) -> Value: psysnew -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Tesyh1 (Backdoor.Bot) -> Value: Tesyh1 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SHELL (Worm.Palevo) -> Value: SHELL -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Worm.Palevo) -> Value: Taskman -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Microsoft Driver Setup (Worm.Palevo) -> Value: Microsoft Driver Setup -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SHELL (Hijack.Shell) -> Bad: (C:\Documents and Settings\dhiman.bhaumik\Application Data\oekx.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1459\fjwbeb.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,EXPLORER.EXE) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1455 (Worm.AutoRun) -> Quarantined and deleted successfully.

Files Infected:
c:\Documents and Settings\dhiman.bhaumik\Local Settings\Temp\747.exe (Trojan.Tofsee) -> Delete on reboot.
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1459\fjwbeb.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\dhiman.bhaumik\application data\125906..exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\dhiman.bhaumik\application data\oekx.exe (Trojan.Downloader) -> Delete on reboot.
c:\documents and settings\dhiman.bhaumik\application data\5667..exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\dhiman.bhaumik\application data\3481887..exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\dhiman.bhaumik\local settings\Temp\0272534.exe (Trojan.Tofsee) -> Quarantined and deleted successfully.
c:\documents and settings\dhiman.bhaumik\local settings\Temp\070.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\documents and settings\dhiman.bhaumik\local settings\Temp\1879377.exe (Trojan.Tofsee) -> Quarantined and deleted successfully.
c:\documents and settings\dhiman.bhaumik\local settings\Temp\375226.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\dhiman.bhaumik\local settings\Temp\66510.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\dhiman.bhaumik\local settings\Temp\6997068.exe (Trojan.Tofsee) -> Quarantined and deleted successfully.
c:\documents and settings\dhiman.bhaumik\local settings\Temp\7225.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\dhiman.bhaumik\local settings\Temp\801303.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\dhiman.bhaumik\local settings\Temp\8380.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\documents and settings\dhiman.bhaumik\local settings\Temp\8812.exe (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\documents and settings\dhiman.bhaumik\local settings\Temp\959224.exe (Trojan.Tofsee) -> Quarantined and deleted successfully.
c:\documents and settings\dhiman.bhaumik\local settings\temporary internet files\Content.IE5\01QR456V\freedom[1].exe (Trojan.Tofsee) -> Quarantined and deleted successfully.
c:\documents and settings\dhiman.bhaumik\local settings\temporary internet files\Content.IE5\AUVVDDUO\psjefwbh[1]._ (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\dhiman.bhaumik\local settings\temporary internet files\Content.IE5\AUVVDDUO\msnmassneger2[1].msn (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\documents and settings\dhiman.bhaumik\local settings\temporary internet files\Content.IE5\ROG0GQ31\freedom[1].exe (Trojan.Tofsee) -> Quarantined and deleted successfully.
c:\documents and settings\dhiman.bhaumik\local settings\temporary internet files\Content.IE5\XRRAB4AQ\msnmassneger[1].msn (Trojan.LVBP) -> Quarantined and deleted successfully.
c:\documents and settings\dhiman.bhaumik\local settings\temporary internet files\Content.IE5\XRRAB4AQ\2011[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\WINDOWS\gwdrive32.exe (Worm.Palevo) -> Delete on reboot.
c:\RECYCLER\s-1-5-21-0243556031-888888379-781863308-1455\Desktop.ini (Worm.AutoRun) -> Quarantined and deleted successfully.

--------------------------

Also attached is the new DDS log...
----------------------------------------


DDS (Ver_10-12-12.02) - NTFSx86
Run by dhiman.bhaumik at 18:18:39.43 on Fri 12/17/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1974.1289 [GMT 5.5:30]

AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OA015Mon.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\igfxsrvc.exe
H:\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OA015Mon] c:\windows\OA015Mon.exe
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [PNMService] c:\program files\intel\intelpnm\PNMService.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DellBtrEvent] d:\program files\dell\reader 2.1\DellBtrEvent.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Advanced DDTML Enable] c:\docume~1\dhiman~1.bha\locals~1\temp\7885343.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: invensys.com
Trusted Zone: invs.com\bi
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth nwprovau

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-9 344712]
R1 DVMIO;DVMIO;d:\program files\dell\reader 2.1\dvmio.sys [2010-5-4 18320]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-24 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-24 27040]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2010-2-8 376688]
R2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\dell\reader 2.1\DVMExportService.exe [2010-5-4 327680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-9-2 13336]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2010-8-25 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2010-6-1 120128]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2010-8-25 147984]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2010-8-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-9-9 69192]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-9-3 59904]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-9-3 113664]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-9-2 134144]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-9-2 144576]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-9-3 33832]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-9-3 168616]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2010-9-9 9049]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-9-3 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-9-3 235520]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-9 91896]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-9 43192]
R3 OA015Afx;Provides a software interface to control audio effects of OA015 camera.;c:\windows\system32\drivers\OA015Afx.sys [2010-9-3 134144]
R3 OA015Vid;Creative Camera OA015 Function Driver;c:\windows\system32\drivers\OA015Vid.sys [2010-9-3 273568]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2010-9-9 115008]
S3 ExtranetAccess;Contivity VPN Service;c:\program files\nortel networks\Extranet_serv.exe [2010-9-9 626688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-9 66536]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]

=============== Created Last 30 ================

2010-12-17 12:26:28 -------- d-----w- c:\docume~1\dhiman~1.bha\applic~1\Malwarebytes
2010-12-17 12:26:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-17 12:26:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-17 12:26:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 12:26:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-16 05:07:10 -------- d-----w- C:\Registry Backup
2010-12-15 14:35:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-12-15 12:46:57 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-12-15 12:46:55 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-12-15 12:46:34 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-12-15 12:41:54 -------- d-----w- c:\docume~1\alluse~1\applic~1\WEBREG
2010-12-15 12:41:22 -------- d-----w- c:\docume~1\dhiman~1.bha\locals~1\applic~1\HP
2010-12-15 12:39:13 320512 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp101.dll
2010-12-15 12:39:13 125440 ----a-w- c:\windows\system32\hpf3l101.dll
2010-12-15 12:39:12 452736 ----a-r- c:\windows\system32\hpzids01.dll
2010-12-15 12:38:36 966656 ----a-r- c:\windows\system32\hpost_p04b.dll
2010-12-15 12:38:36 887296 ----a-r- c:\windows\system32\hposwia_p04b.dll
2010-12-15 12:38:36 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2010-12-15 12:38:36 315392 ----a-r- c:\windows\system32\hposc_p04a.dll
2010-12-15 12:38:34 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2010-12-15 12:38:34 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2010-12-15 12:36:11 -------- d-----w- c:\windows\Cache
2010-12-15 12:36:08 -------- d-----w- c:\program files\Coupons
2010-12-15 12:35:37 -------- d-----w- c:\program files\HP Photo Creations
2010-12-15 12:35:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\HP Photo Creations
2010-12-15 12:35:27 -------- d-----w- c:\docume~1\dhiman~1.bha\applic~1\HpUpdate
2010-12-15 12:31:57 -------- d-----w- c:\program files\common files\HP
2010-12-15 12:31:52 -------- d-----w- c:\program files\common files\Hewlett-Packard
2010-12-15 12:29:24 -------- d-----w- c:\program files\HP
2010-12-15 12:29:15 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-12-15 12:29:15 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-12-15 12:20:18 -------- dc-h--w- c:\windows\ie8
2010-12-01 07:52:12 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-12-01 07:52:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-12-01 07:52:12 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-12-01 07:52:12 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-12-01 07:48:23 -------- d-----w- c:\docume~1\dhiman~1.bha\locals~1\applic~1\CANON_INC
2010-12-01 07:47:30 -------- d-----w- c:\docume~1\dhiman~1.bha\applic~1\ZoomBrowser EX
2010-12-01 07:39:28 -------- d-----w- c:\program files\Canon
2010-12-01 07:36:47 -------- d-----w- c:\program files\common files\Canon
2010-11-24 17:35:00 -------- d-----w- c:\program files\iPod
2010-11-24 17:34:57 -------- d-----w- c:\program files\iTunes
2010-11-22 16:03:37 -------- d-----w- c:\docume~1\dhiman~1.bha\applic~1\Trusteer
2010-11-22 16:01:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Trusteer

==================== Find3M ====================

2010-10-25 03:20:48 82696 ----a-w- c:\windows\system32\lmdimon8.dll
2010-10-25 03:20:48 82184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lmdippr8.dll

============= FINISH: 18:21:26.89 ===============

---------------------------------

Thanks again...waiting to hear from you.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:42 AM

Posted 17 December 2010 - 08:02 AM

Hi,

This looks much better. Looks like Malwarebytes solved your malware related problem already. How are things running now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Dhiman from India

Dhiman from India
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:12 PM

Posted 17 December 2010 - 09:49 AM

Hi Miekiemoes,
Things are holding up so far...its no more throwing me out!...this is surely a great relief. I will test it for a day and report back.

Thanks for your help!

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:42 AM

Posted 17 December 2010 - 09:54 AM

Glad I could help. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:42 AM

Posted 29 December 2010 - 10:52 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users