Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: System Security issue


23 Feb 2012   #1

Windows 7 Home Premium 64bit
 
 
System Security issue

Hi I am new to this forum i have found that it is one of the best sources for help in all things windows 7 so i registered for so help with security issues with my pc... i have a dell inspiron N7101 running windows 7 home premium x64...

Now i believe i have a few infections yet i have scanned and scanned with Kaspersky Internet Security 2012 with setting set to max... but i still feel that though Kaspersky say there is no threats found, that i am infected... I have also used TDSSkiller...
can someone give me incite on the hijack this log....

so here is the hijack this log results:

Code:
 
Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Opera\opera.exe
C:\Users\arshlock\Desktop\Programs\PC\Apps\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: hello.vbs
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3E9183B-9A75-40AE-9A2B-3D47FFDA85DE}: NameServer = 192.168.1.1,192.168.1.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: SNMP Trap (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
 
--
End of file - 9144 bytes
also forgot to mention that on my network monitor i have noticed something that resolves as view.atdmt.com as a destination called from my pc...
Please Help


My System SpecsSystem Spec
.

23 Feb 2012   #2

Windows 7 Professional SP1 64-bit
 
 

Why do you think you are infected, and why do you think you have multiple infections? Knowing the symptoms will give us a lot of insight. Have you tried scanning with Malwarebytes? Which is in my opinion it is the best on-demand scanner available.

I'll look at the hijack log some more but at first glace the only things that jump out at me are all the things that say "file missing" and the Unlocker program. What exactly have you used unlocker for, if you don't mind sharing?
My System SpecsSystem Spec
23 Feb 2012   #3

Windows 7 Home Premium 64bit
 
 

i use the unlocker program to unlock locked Handles on processes that become unresponsive... and the file is missing is the big reason i believe i have become infected... and the only symptoms i have is that almost all my programs have been unresponsive, and it takes an absurdly long time to kill them with the task manager... like 10-20 min. for them to close... also one instance of svchost.exe uses over 240mb of memory... not to mention that when my network is idle i some times see absurd amounts of data transfered like 25-50gb when the network is idle... also i recently underwent a major syn flood on my network... though i was able to stop it... it did some significant damage to my net... but what i have noticed most and give me the impression that there is some sorta infection(s) is that every so often my cursor moves the text cursor to odd points of a paragraph... if that makes since... normally i am able to deal with these things on my own... but my gut tells me there is something serious here....
My System SpecsSystem Spec
.


23 Feb 2012   #4

Windows 7 Enterprise x64 SP1 Version 6.1 Build 7601
 
 

Why don't you just reinstall windows?

time involved into scanning and finding viruses in your comp is usualy 100 times more then reinstalling everything.
furthermore you can't be 100% shore to clean your comp completly.

saving comp from viruses is done in real time, not when comp is already compromised(to late).
My System SpecsSystem Spec
23 Feb 2012   #5

Windows 7 Home Premium 64bit
 
 

i cant afford to reinstall... trust me if i could i would... would cost me close to $600-$700 for me to that...
My System SpecsSystem Spec
23 Feb 2012   #6

Windows 7 Professional SP1 64-bit
 
 

Then run full scans with MBAM & SuperAntiSpyware in my sig for starters.
My System SpecsSystem Spec
23 Feb 2012   #7

Windows 7 Professional SP1 64-bit
 
 

Quote   Quote: Originally Posted by meezy View Post
i use the unlocker program to unlock locked Handles on processes that become unresponsive... and the file is missing is the big reason i believe i have become infected...
Could be a current or past virus, or the files could have just become corrupt. You could try running the system file checker.

SFC /SCANNOW Command - System File Checker

Quote:
and the only symptoms i have is that almost all my programs have been unresponsive, and it takes an absurdly long time to kill them with the task manager... like 10-20 min. for them to close... also one instance of svchost.exe uses over 240mb of memory...
The large size of the svchost is not all that weird. svchost contain several windows services. Your computer being slow can be caused by any number of things but a virus is a fair guess.

Quote:
not to mention that when my network is idle i some times see absurd amounts of data transfered like 25-50gb when the network is idle... also i recently underwent a major syn flood on my network... though i was able to stop it... it did some significant damage to my net...
Networking is not my forte.


Quote:
but what i have noticed most and give me the impression that there is some sorta infection(s) is that every so often my cursor moves the text cursor to odd points of a paragraph... if that makes since... normally i am able to deal with these things on my own... but my gut tells me there is something serious here....
The cursor moving is actually a common thing that I am not aware of being an indication of an actual problem and am not aware of a fix.

Try running the system file checker as I mentioned above and Malwarebytes. Also, did some reading up on Unlocker and have read several reports that is installs several toolbars without informing you, unless you read through the entire EULA that it is going to and even one claim that it installs malware.

Quote:
would cost me close to $600-$700 for me to that
I doubt that is true. You live in the US where you could obtain a new copy of Windows 7 for a couple hundred dollars, which you don't even need to do. You can get a disc from anybody and use the product key that came with your computer to reinstall windows.
My System SpecsSystem Spec
23 Feb 2012   #8

Windows 7 Home Premium 64bit
 
 

in the process of such scans...
you know come to think about it all this started happening after a feud with a script kiddy on wow...
My System SpecsSystem Spec
23 Feb 2012   #9

Windows 7 Home Premium 64bit
 
 

Quote:
I doubt that is true. You live in the US where you could obtain a new copy of Windows 7 for a couple hundred dollars, which you don't even need to do. You can get a disc from anybody and use the product key that came with your computer to reinstall windows.
its not the reinstall of windows that will cost me i have windows 7 installation disc and my PK... its the cost of all my other Product Keys that i cannot reuse for there are maxed out... i have a total of 24 pc's on my network and my commercial key for KIS is maxed... will cost 200+ to renew... my office 2010 is maxed.... my autocad is maxed.... the cost is to renew all my prog... Product keys.... and to think of it it would be more... if i have to get autocad again...
My System SpecsSystem Spec
23 Feb 2012   #10

Windows 7 Professional SP1 64-bit
 
 

Usually a phone call and explanation of having to reinstall Windows will get you around such problems but I'll agree that some companies 1) don't care, and 2) will actually be happy about you having to re-purchase their software.
My System SpecsSystem Spec
Reply

 System Security issue




Thread Tools



Similar help and support threads for2: System Security issue
Thread Forum
Control Panel\System and Security\System BIOS Version\Model? General Discussion
Security Issue System Security
Solved Network security issue Network & Sharing
Ad-Hoc Security Issue System Security
Security Setting issue System Security
Please help me! Security issue Network & Sharing
This is a Security issue, but more!!! System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 01:02 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33