Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Not sure if any malware.

  • This topic is locked This topic is locked
2 replies to this topic

#1 fixd


  • Members
  • 2 posts
  • Local time:11:03 PM

Posted 31 March 2012 - 09:07 PM

Long boot times, my wireless internet refuses to connect to the wireless until a program requesting internet access opens (Google chrome and attempting to open facebook.com as an example), Hijack this has a bunch of (File missing) on it, my wireless will randomly turn off and I cannot get it back on until I reboot, When attempting to download random things (pictures from facebook, or basically any file (the most recent being an episode of the walking dead I missed) sometimes redirect me to download a program called iViVid (never heard of it), my windows firewall gets shut off and I cannot get it to remain on. My computer screen loses its brightness randomly and than will go back up (usually, from the brightest it can be, to the lowest and back). Sometimes, I'll walk away from the computer and it sits for a matter of minutes and when I come back it restarted with no error message or anything, and probably to worst but not most evident thing ever, my brother logged onto his world of warcraft account from my PC and about 2 hours later it was hacked. I know this is very unusual because I can't even begin to attempt to locate what, if any, trojan/virus thingy I have, but I do have my logs. Also, in my task manager processes area there are these Webkit2webprocess.exe, disnoted.exe (twice) and I read that they can or cannot be a threat. I do have iTunes installed so, I'll let you experts check this out :) Thank you for your time and attempts at correcting my issues here.
(I have a x64 version, so there will not be a Ark.txt)

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by mike at 21:50:58 on 2012-03-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2337 [GMT -4:00]
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
============== Running Processes ===============
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
============== Pseudo HJT Report ===============
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {2B171655-A70C-5C18-B693-6CB5DC269D41} - No File
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Google Update] "C:\Users\mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: DhcpNameServer =
TCP: Interfaces\{E1F12F6E-A3BA-4111-B0DA-02CEBDCC3D2F} : DhcpNameServer =
TCP: Interfaces\{E1F12F6E-A3BA-4111-B0DA-02CEBDCC3D2F}\270216E6460246 : DhcpNameServer =
TCP: Interfaces\{E1F12F6E-A3BA-4111-B0DA-02CEBDCC3D2F}\B454944584D20534F5E4564777F627B6 : DhcpNameServer =
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {2B171655-A70C-5C18-B693-6CB5DC269D41} - No File
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
Hosts: www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;C:\windows\system32\DRIVERS\Lbd.sys --> C:\windows\system32\DRIVERS\Lbd.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-1-10 13336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-12 2152152]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-1-10 2314240]
R3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-12-15 17152]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-10 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-10 135664]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-1-10 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-5 137560]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\windows\system32\DRIVERS\RsFx0103.sys --> C:\windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
=============== Created Last 30 ================
2012-03-31 16:11:44 -------- d-----w- C:\windows\System32\SPReview
2012-03-31 15:36:18 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-31 15:36:17 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 15:36:17 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-03-31 15:32:02 -------- d-----w- C:\windows\System32\EventProviders
2012-03-31 15:14:01 509952 ----a-w- C:\windows\System32\ntshrui.dll
2012-03-31 15:14:01 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll
2012-03-31 15:10:57 77312 ----a-w- C:\windows\System32\packager.dll
2012-03-31 15:10:57 67072 ----a-w- C:\windows\SysWow64\packager.dll
2012-03-31 15:10:55 723456 ----a-w- C:\windows\System32\EncDec.dll
2012-03-31 15:10:55 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
2012-03-31 15:10:52 1731920 ----a-w- C:\windows\System32\ntdll.dll
2012-03-31 15:10:51 1292080 ----a-w- C:\windows\SysWow64\ntdll.dll
2012-03-30 15:41:55 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C518CCA-C6D8-4730-8C23-74013C970F52}\offreg.dll
2012-03-30 15:41:05 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C518CCA-C6D8-4730-8C23-74013C970F52}\mpengine.dll
2012-03-17 12:34:19 -------- d-----w- C:\Program Files\iPod
2012-03-17 12:34:17 -------- d-----w- C:\Program Files\iTunes
2012-03-17 12:34:17 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-15 22:01:11 -------- d-----w- C:\Users\mike\AppData\Local\Temporary Projects
2012-03-15 21:54:45 78872 ----a-w- C:\windows\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-03-15 21:54:45 50200 ----a-w- C:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-03-15 21:54:40 79896 ----a-w- C:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-03-15 21:54:40 111640 ----a-w- C:\windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-03-15 21:53:54 -------- d-----w- C:\windows\System32\RsFx
2012-03-15 21:53:08 -------- d-----w- C:\windows\SysWow64\1033
2012-03-15 21:53:08 -------- d-----w- C:\windows\System32\1033
2012-03-15 21:51:22 -------- d-----w- C:\Program Files\Microsoft SQL Server
2012-03-15 21:48:34 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2012-03-15 21:48:25 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-03-15 21:48:25 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-03-15 21:48:22 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-03-15 21:48:08 205984 ----a-w- C:\ProgramData\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2012-03-15 21:45:13 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-03-15 21:44:08 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2012-03-15 21:44:08 -------- d-----w- C:\Program Files\Microsoft Help Viewer
==================== Find3M ====================
2012-03-31 16:20:43 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2012-03-31 16:20:42 175616 ----a-w- C:\windows\System32\msclmd.dll
2012-02-23 13:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-02-17 23:19:32 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2012-02-17 23:19:32 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-15 15:01:50 52736 ----a-w- C:\windows\System32\drivers\usbaapl64.sys
2012-02-15 15:01:50 4547944 ----a-w- C:\windows\System32\usbaaplrc.dll
2012-02-12 08:13:05 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-01-25 06:33:30 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-01-25 06:27:11 76288 ----a-w- C:\windows\System32\rdpwsx.dll
2012-01-25 06:27:11 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-01-22 21:15:13 2755072 ----a-w- C:\windows\SysWow64\themeui.dll.tmp
2012-01-22 21:15:12 245760 ----a-w- C:\windows\SysWow64\uxtheme.dll.tmp
2012-01-22 21:15:07 44544 ----a-w- C:\windows\System32\themeservice.dll
2012-01-22 21:15:05 332288 ----a-w- C:\windows\System32\uxtheme.dll
2012-01-04 00:48:42 354176 ----a-w- C:\windows\SysWow64\DivXControlPanelApplet.cpl
============= FINISH: 21:52:00.05 ===============

Attached Files

BC AdBot (Login to Remove)


#2 m0le


    Can U Dig It?

  • Malware Response Team
  • 34,527 posts
  • Gender:Male
  • Location:London, UK
  • Local time:04:03 AM

Posted 06 April 2012 - 10:39 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#3 m0le


    Can U Dig It?

  • Malware Response Team
  • 34,527 posts
  • Gender:Male
  • Location:London, UK
  • Local time:04:03 AM

Posted 10 April 2012 - 06:28 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users