System Security issue

Page 1 of 4 123 ... LastLast

  1. meezy
    Posts : 17
    Windows 7 Home Premium 64bit
       New #1

    System Security issue


    Hi I am new to this forum i have found that it is one of the best sources for help in all things windows 7 so i registered for so help with security issues with my pc... i have a dell inspiron N7101 running windows 7 home premium x64...

    Now i believe i have a few infections yet i have scanned and scanned with Kaspersky Internet Security 2012 with setting set to max... but i still feel that though Kaspersky say there is no threats found, that i am infected... I have also used TDSSkiller...
    can someone give me incite on the hijack this log....

    so here is the hijack this log results:

    Code:
     
Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Opera\opera.exe
C:\Users\arshlock\Desktop\Programs\PC\Apps\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: hello.vbs
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3E9183B-9A75-40AE-9A2B-3D47FFDA85DE}: NameServer = 192.168.1.1,192.168.1.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: SNMP Trap (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
 
--
End of file - 9144 bytes
    also forgot to mention that on my network monitor i have noticed something that resolves as view.atdmt.com as a destination called from my pc...
    Please Help
    Last edited by Brink; 24 Feb 2012 at 00:21. Reason: code box
      My Computer
    Quote Quote

  3. Petey7
    Posts : 2,963
    Windows 7 Professional SP1 64-bit
       New #2

    Why do you think you are infected, and why do you think you have multiple infections? Knowing the symptoms will give us a lot of insight. Have you tried scanning with Malwarebytes? Which is in my opinion it is the best on-demand scanner available.

    I'll look at the hijack log some more but at first glace the only things that jump out at me are all the things that say "file missing" and the Unlocker program. What exactly have you used unlocker for, if you don't mind sharing?
      My Computer
    Quote Quote

  4. meezy
    Posts : 17
    Windows 7 Home Premium 64bit
    Thread Starter
       New #3

    i use the unlocker program to unlock locked Handles on processes that become unresponsive... and the file is missing is the big reason i believe i have become infected... and the only symptoms i have is that almost all my programs have been unresponsive, and it takes an absurdly long time to kill them with the task manager... like 10-20 min. for them to close... also one instance of svchost.exe uses over 240mb of memory... not to mention that when my network is idle i some times see absurd amounts of data transfered like 25-50gb when the network is idle... also i recently underwent a major syn flood on my network... though i was able to stop it... it did some significant damage to my net... but what i have noticed most and give me the impression that there is some sorta infection(s) is that every so often my cursor moves the text cursor to odd points of a paragraph... if that makes since... normally i am able to deal with these things on my own... but my gut tells me there is something serious here....
      My Computer
    Quote Quote

  6. codekiddy
    Posts : 145
    Windows 7 Enterprise x64 SP1 Version 6.1 Build 7601
       New #4

    Why don't you just reinstall windows?

    time involved into scanning and finding viruses in your comp is usualy 100 times more then reinstalling everything.
    furthermore you can't be 100% shore to clean your comp completly.

    saving comp from viruses is done in real time, not when comp is already compromised(to late).
      My Computer
    Quote Quote

  7. meezy
    Posts : 17
    Windows 7 Home Premium 64bit
    Thread Starter
       New #5

    i cant afford to reinstall... trust me if i could i would... would cost me close to $600-$700 for me to that...
      My Computer
    Quote Quote

  8. C-11
    Posts : 640
    Windows 7 Professional SP1 64-bit
       New #6

    Then run full scans with MBAM & SuperAntiSpyware in my sig for starters.
      My Computer
    Quote Quote

  10. Petey7
    Posts : 2,963
    Windows 7 Professional SP1 64-bit
       New #7

    meezy said:
    i use the unlocker program to unlock locked Handles on processes that become unresponsive... and the file is missing is the big reason i believe i have become infected...
    Could be a current or past virus, or the files could have just become corrupt. You could try running the system file checker.

    SFC /SCANNOW Command - System File Checker

    and the only symptoms i have is that almost all my programs have been unresponsive, and it takes an absurdly long time to kill them with the task manager... like 10-20 min. for them to close... also one instance of svchost.exe uses over 240mb of memory...
    The large size of the svchost is not all that weird. svchost contain several windows services. Your computer being slow can be caused by any number of things but a virus is a fair guess.

    not to mention that when my network is idle i some times see absurd amounts of data transfered like 25-50gb when the network is idle... also i recently underwent a major syn flood on my network... though i was able to stop it... it did some significant damage to my net...
    Networking is not my forte.


    but what i have noticed most and give me the impression that there is some sorta infection(s) is that every so often my cursor moves the text cursor to odd points of a paragraph... if that makes since... normally i am able to deal with these things on my own... but my gut tells me there is something serious here....
    The cursor moving is actually a common thing that I am not aware of being an indication of an actual problem and am not aware of a fix.

    Try running the system file checker as I mentioned above and Malwarebytes. Also, did some reading up on Unlocker and have read several reports that is installs several toolbars without informing you, unless you read through the entire EULA that it is going to and even one claim that it installs malware.

    would cost me close to $600-$700 for me to that
    I doubt that is true. You live in the US where you could obtain a new copy of Windows 7 for a couple hundred dollars, which you don't even need to do. You can get a disc from anybody and use the product key that came with your computer to reinstall windows.
      My Computer
    Quote Quote

  11. meezy
    Posts : 17
    Windows 7 Home Premium 64bit
    Thread Starter
       New #8

    in the process of such scans...
    you know come to think about it all this started happening after a feud with a script kiddy on wow...
      My Computer
    Quote Quote

  12. meezy
    Posts : 17
    Windows 7 Home Premium 64bit
    Thread Starter
       New #9

    I doubt that is true. You live in the US where you could obtain a new copy of Windows 7 for a couple hundred dollars, which you don't even need to do. You can get a disc from anybody and use the product key that came with your computer to reinstall windows.
    its not the reinstall of windows that will cost me i have windows 7 installation disc and my PK... its the cost of all my other Product Keys that i cannot reuse for there are maxed out... i have a total of 24 pc's on my network and my commercial key for KIS is maxed... will cost 200+ to renew... my office 2010 is maxed.... my autocad is maxed.... the cost is to renew all my prog... Product keys.... and to think of it it would be more... if i have to get autocad again...
      My Computer
    Quote Quote

  13. Petey7
    Posts : 2,963
    Windows 7 Professional SP1 64-bit
       New #10

    Usually a phone call and explanation of having to reinstall Windows will get you around such problems but I'll agree that some companies 1) don't care, and 2) will actually be happy about you having to re-purchase their software.
      My Computer
    Quote Quote

 
Page 1 of 4 123 ... LastLast

  Related Discussions
I normally use MSN as my home page when I browse with IE10 as my default browser. This morning when I checked my email I had a message that purported to be from Microsoft that stated thew following: Microsoft account Security alert We think that someone else might have accessed the...
Since I have a clean installation of Windows 7, it no longer shows me my Acer specs in Control Panel\System and Security\System, can I get it back some how? Something to do with my drivers not being signed? Or something?
Ad-Hoc Security Issue
in System Security

Ok I hope you can help me out here. I'm convinced this is a security issue. From time to time my laptop drops wireless signal & when I try to re-connect to my router, I notice there's this available ad-hoc network to connect to called hp.nomodel etc... I of course have never connected to this...
Please help me! Security issue
in Network & Sharing

Hi all.. sorry about the uppercase title but Im desperate.. I have a sony vaio windows 7, since Im 20 and my mom wanted to use my laptop at times I HAD to make her an independent account and manage my sharing and security settings, so I denied her account all permissions etc.. but now I cant...
OK..... I need some help!! My first born to be named after the individual who can exorcise the demons from my laptop. I am pretty Windows savvy, my weakest points are controlling arcane environmental settings in the registry, and perhaps a few other things..... But other than that, I am solid....
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 16:53.
Find Us