Results 1 to 10 of 11

Thread: Remote desktop or virus??or what??

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member hibfree's Avatar
    Join Date
    May 2011
    Location
    California
    Posts
    9

    Default Remote desktop or virus??or what??

    My new laptop was fine for awhile. Then it started acting really funny. Mouse jumping around, files missing and rearranging. Somehow I may have slowed it down, but at the cost of crashing. Spybot beta says I have seven clients. Is this a file sharing problem, a virus or what? I don't feel secure, and I don't know anything about networking and remote desktop, but Windows seems to be quite network friendly these days along with all the lastest versions of adobe products and such. Not sure whats going on but its annoying causing me to restore to factory every few days or so. Anyhoo, anyone give me a hand? Hoping to gain a good method of detecting, removing and preventing further infection or remote control. Thank you much in advance. Your assistence will be appreciated.

    Have an outstanding day!
    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385
    Run by msBhavin at 8:08:22 on 2011-05-27
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2807.1623 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k apphost
    C:\Windows\system32\CISVC.EXE
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\lxblcoms.exe
    C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\msBhavin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03DEXAUW\dds[1].scr
    C:\Windows\SysWOW64\WSCRIPT.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv55c&r=27360511m455l04g4z155a4762j29o
    uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv55c&r=27360511m455l04g4z155a4762j29o
    mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv55c&r=27360511m455l04g4z155a4762j29o
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv55c&r=27360511m455l04g4z155a4762j29o
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    StartupFolder: C:\Users\msBhavin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    Notify: SDWinLogon - SDWinLogon.dll
    mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-7-23 321104]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-5-24 868896]
    R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-22 13336]
    R2 lxbl_device;lxbl_device;C:\Windows\system32\lxblcoms.exe -service --> C:\Windows\system32\lxblcoms.exe -service [?]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-5-24 255744]
    R2 SDFirewallService;Spybot-S&D 2 Firewall Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe [2011-5-24 3585696]
    R2 SDMonitorService;Spybot-S&D 2 Monitoring Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe [2011-5-24 3834456]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-5-24 3515656]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-5-24 3769048]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-5-24 167040]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-7-22 2320920]
    R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-7-22 243232]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 NIS;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\18.0.0.128\ccSvcHst.exe [?]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    S3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-05-27 14:55:02 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2011-05-27 14:54:12 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2011-05-27 14:53:02 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2011-05-27 14:52:50 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2011-05-27 14:31:05 8718160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{57877142-8D7E-4644-8284-FF11A4653D42}\mpengine.dll
    2011-05-27 13:59:04 601424 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C5821D84-C11F-4086-BA34-5DAA6C501364}\gapaengine.dll
    2011-05-26 21:41:52 -------- d-----w- C:\Program Files (x86)\Crazy Browser
    2011-05-26 00:27:03 -------- d-----w- C:\Users\msBhavin\AppData\Local\Cyberlink
    2011-05-25 13:57:50 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2011-05-25 13:57:50 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2011-05-25 13:57:50 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2011-05-25 13:57:50 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2011-05-25 13:57:50 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2011-05-25 13:57:50 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2011-05-25 13:57:50 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2011-05-25 13:57:50 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2011-05-25 13:57:50 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2011-05-25 13:57:49 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2011-05-25 13:57:34 -------- d-----w- C:\Windows\SysWow64\Wat
    2011-05-25 13:57:33 -------- d-----w- C:\Windows\System32\Wat
    2011-05-25 13:15:28 -------- d-----w- C:\Windows\SysWow64\BestPractices
    2011-05-25 13:15:27 -------- d-----w- C:\Windows\System32\BestPractices
    2011-05-25 13:15:25 -------- d-----w- C:\inetpub
    2011-05-25 12:57:54 8718160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{08CB25E3-8514-4863-BFD9-06B71F48BA4E}\mpengine.dll
    2011-05-25 11:41:57 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2011-05-25 11:41:47 -------- d-----w- C:\Program Files\Microsoft Security Client
    2011-05-25 11:41:36 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
    2011-05-25 04:13:57 -------- d-----w- C:\Users\msBhavin\AppData\Local\Microsoft Corporation
    2011-05-25 04:13:24 -------- d-----w- C:\Program Files (x86)\Microsoft Windows 7 Upgrade Advisor
    2011-05-25 03:49:56 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2011-05-25 03:49:29 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2011-05-25 03:48:23 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2011-05-25 03:48:19 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-05-25 02:43:15 -------- d-----w- C:\Users\msBhavin\drivers
    2011-05-25 00:52:25 -------- d-----w- C:\Users\msBhavin\AppData\Local\Adobe
    2011-05-25 00:01:05 145408 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\lxblpp6c.dll
    2011-05-24 23:59:17 -------- d-----w- C:\drivers
    2011-05-24 21:23:36 -------- d-----w- C:\Windows\pss
    2011-05-24 20:07:49 -------- d-----w- C:\ProcAlyzer Dumps
    2011-05-24 19:53:01 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
    2011-05-24 19:52:47 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll
    2011-05-24 19:52:47 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
    2011-05-24 19:52:06 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
    2011-05-24 19:27:46 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2011-05-24 18:52:41 -------- dc----w- C:\Users\msBhavin\AppData\Local\MigWiz
    2011-05-24 18:48:19 -------- d-----w- C:\Users\msBhavin\AppData\Local\Diagnostics
    2011-05-24 18:44:55 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4D62A873-823C-44F0-8743-F5DF1FDDBDEE}\mpengine.dll
    2011-05-24 18:44:53 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-05-24 18:30:38 -------- d-----w- C:\Users\msBhavin\AppData\Local\ElevatedDiagnostics
    2011-05-24 18:16:12 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2011-05-24 18:15:49 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2011-05-24 16:57:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-05-24 16:57:01 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-05-24 16:33:19 714752 ----a-w- C:\Windows\System32\kerberos.dll
    2011-05-24 16:33:19 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2011-05-24 16:32:33 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2011-05-24 16:32:33 723968 ----a-w- C:\Windows\System32\EncDec.dll
    2011-05-24 16:32:32 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
    2011-05-24 16:32:32 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2011-05-24 16:32:32 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-05-24 16:32:32 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
    2011-05-24 16:32:32 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2011-05-24 16:32:32 1118720 ----a-w- C:\Windows\System32\sbe.dll
    2011-05-24 16:20:11 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-05-24 16:20:11 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-05-24 15:53:45 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-05-24 15:53:44 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-05-24 15:53:44 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-05-24 15:50:27 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
    2011-05-24 15:50:27 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    2011-05-24 15:50:26 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2011-05-24 15:50:26 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2011-05-24 15:34:24 148992 ----a-w- C:\Windows\System32\t2embed.dll
    2011-05-24 15:34:24 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
    2011-05-24 15:24:19 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
    2011-05-24 15:24:19 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
    2011-05-24 15:09:16 2080256 ----a-w- C:\Program Files\Windows Mail\msoe.dll
    2011-05-24 15:09:16 1619968 ----a-w- C:\Program Files (x86)\Windows Mail\msoe.dll
    2011-05-24 15:03:01 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-05-24 14:49:07 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
    2011-05-24 14:49:06 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2011-05-24 14:49:06 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
    2011-05-24 14:49:06 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
    2011-05-24 14:22:56 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
    2011-05-24 14:22:56 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
    2011-05-24 14:22:56 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
    2011-05-24 14:13:40 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-05-24 14:13:40 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-05-24 13:54:57 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2011-05-24 13:54:57 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2011-05-24 13:49:23 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-05-24 13:49:22 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-05-24 13:49:22 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-05-24 13:46:47 340992 ----a-w- C:\Windows\System32\schannel.dll
    2011-05-24 13:46:47 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
    2011-05-24 13:46:41 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2011-05-24 13:46:41 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
    2011-05-24 13:46:37 612352 ----a-w- C:\Windows\System32\vbscript.dll
    2011-05-24 13:46:37 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2011-05-24 13:40:34 3133440 ----a-w- C:\Windows\System32\win32k.sys
    2011-05-24 13:35:05 52224 ----a-w- C:\Windows\System32\rtutils.dll
    2011-05-24 13:35:05 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll
    2011-05-24 13:29:44 558592 ----a-w- C:\Windows\System32\spoolsv.exe
    2011-05-24 13:29:41 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-05-24 13:29:41 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2011-05-24 13:29:41 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-05-24 13:29:41 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-05-24 13:25:37 395776 ----a-w- C:\Windows\System32\webio.dll
    2011-05-24 13:25:37 314368 ----a-w- C:\Windows\SysWow64\webio.dll
    2011-05-24 13:25:36 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
    2011-05-24 13:25:25 144384 ----a-w- C:\Windows\System32\cdd.dll
    2011-05-24 13:25:10 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
    2011-05-24 13:25:10 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
    2011-05-24 13:25:08 1739176 ----a-w- C:\Windows\System32\ntdll.dll
    2011-05-24 13:25:07 1293120 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2011-05-24 13:22:28 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
    2011-05-24 13:22:28 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
    2011-05-24 13:22:28 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
    2011-05-24 13:22:26 1877504 ----a-w- C:\Windows\System32\msxml3.dll
    2011-05-24 13:22:26 1233920 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2011-05-24 13:22:22 640896 ----a-w- C:\Windows\System32\winload.efi
    2011-05-24 13:22:22 603976 ----a-w- C:\Windows\System32\winload.exe
    2011-05-24 13:22:22 556928 ----a-w- C:\Windows\System32\winresume.efi
    2011-05-24 13:22:22 518160 ----a-w- C:\Windows\System32\winresume.exe
    2011-05-24 13:22:22 20352 ----a-w- C:\Windows\System32\kdusb.dll
    2011-05-24 13:22:22 19328 ----a-w- C:\Windows\System32\kd1394.dll
    2011-05-24 13:22:22 17792 ----a-w- C:\Windows\System32\kdcom.dll
    2011-05-24 13:21:58 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2011-05-24 13:21:58 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2011-05-24 13:15:12 3138048 ----a-w- C:\Windows\System32\mstscax.dll
    2011-05-24 13:15:12 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2011-05-24 13:15:12 1097216 ----a-w- C:\Windows\System32\mstsc.exe
    2011-05-24 13:15:12 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2011-05-24 11:16:35 -------- d-----w- C:\Windows\NAPP_Dism_Log
    2011-05-24 10:59:23 -------- d-----w- C:\Users\msBhavin\AppData\Roaming\Intel Corporation
    2011-05-24 10:59:10 -------- d-----w- C:\Users\msBhavin\AppData\Local\Apps
    2011-05-24 10:59:07 -------- d-----w- C:\Users\msBhavin\AppData\Local\Deployment
    2011-05-24 10:58:36 -------- d-----w- C:\Users\msBhavin\AppData\Local\VirtualStore
    2011-05-24 10:44:52 -------- d-----w- C:\ProgramData\Best Buy pc app
    2011-05-24 10:44:51 -------- dc-h--w- C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}
    2011-05-24 10:44:00 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
    2011-05-24 10:44:00 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
    2011-05-24 10:43:58 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2011-05-24 10:43:21 -------- d-----w- C:\Program Files (x86)\Microsoft
    2011-05-24 10:43:07 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
    2011-05-24 10:42:43 -------- d-----w- C:\Windows\PCHEALTH
    2011-05-24 10:42:32 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\497535851cc19ff\DSETUP.dll
    2011-05-24 10:42:32 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\497535851cc19ff\DXSETUP.exe
    2011-05-24 10:42:32 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\497535851cc19ff\dsetup32.dll
    2011-05-24 10:42:09 141402440 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc7879.tmp
    2011-05-24 10:42:03 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
    2011-05-24 10:40:03 -------- d-----w- C:\ProgramData\OEM
    2011-05-24 10:39:42 -------- d-----w- C:\Program Files (x86)\Common Files\CyberLink
    2011-05-24 10:38:58 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2011-05-24 10:38:58 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2011-05-24 10:38:58 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
    2011-05-24 10:36:39 -------- d-----w- C:\Program Files\Elantech
    2011-05-24 10:34:36 -------- d-----w- C:\Program Files (x86)\Launch Manager
    2011-05-24 10:33:40 -------- d-----w- C:\Program Files (x86)\Video Web Camera
    2011-05-24 10:30:16 3 ----a-w- C:\Windows\System32\PLD_Framework.cmd
    2011-05-24 10:28:46 -------- d-----w- C:\Program Files\Common Files\Intel
    2011-05-24 10:28:45 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 8:09:09.03 ===============

    Attachment 7906

    http://forums.spybot.info/showthread.php?t=62780
    Last edited by tashi; 2011-05-27 at 19:14. Reason: Added link to original topic in Spybot forum :-)
    FREEMONGER

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    hi hibfree,

    As another check for possible malware you can download and run the free version of Malwarebytes.

    During the install process it will update. Do a full system scan. When its done it will produce a log automatically which you copy/paste in your reply.
    How Can I Reduce My Risk?

  3. #3
    Junior Member hibfree's Avatar
    Join Date
    May 2011
    Location
    California
    Posts
    9

    Default How goes it!

    ThankYou, ThankYou, ThankYou!


    Let's get to it then!
    I apoligize for any delays. I have connectivity issues from time to time and time and time again. Weird today, I spent half the day trying to get online because my machine says either I'm not connected or I have limited connectivity. Eventually I launched IE anyway, and lo and behold, I am connected. The icon shows I'm not connected at all but when I open the window it says I have limited connection. Normally when it says limited connection I cannot use the internet at all. I am attempting to use an external network adapter in addition to my internal one. They both worked all day yesterday, I thought I had it licked. NOT! Also, my troubleshooting doesn't work as of today. Windows update may have been the culprit. TTYL!

    FReeMOnger!



    What are the most precious gifts you can give? They are the only two things you can take with you when you go to meet your maker. These are your gifts to the Creator, who has given you the gift of life with free will but no memory or proof (or knowledge) of his existence. Choosing Him is something entirely created and nourished by you! What else could you possibly give the Creator? He's already made everything in the universe! Love and KNowledge are the ultimate gifts! You ARE the Beloved, you are the gift to Life. Peace and freedom be unto YOU!


    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org
    Database version: 6796
    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385
    6/7/2011 4:37:12 AM
    mbam-log-2011-06-07 (04-37-12).txt
    Scan type: Full scan (C:\|D:\|E:\|)
    Objects scanned: 248499
    Time elapsed: 15 minute(s), 25 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)
    FREEMONGER

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    hi,

    Yes its been awhile but no problem. The malwarebytes log cant look any better.
    If you use a router, a reboot of that may help your connection issues.
    How Can I Reduce My Risk?

  5. #5
    Junior Member hibfree's Avatar
    Join Date
    May 2011
    Location
    California
    Posts
    9

    Default Is that a wrap?

    I am happy to hear all looks good. Any other advice or possible areas of concern would be appreciated. I'm a bit skeptical that all is well with my machine. Reassurance is what I'm looking for, or remedy please.Thank you for your time and have an outstanding day!

    FREEMONGER

  6. #6
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    Hi,

    We can see if combofix can dig up anything. There is a guide to read first, read through the guide then apply the directions on your own machine.

    Guide to using Combofix
    How Can I Reduce My Risk?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •