Jump to content


Photo

Skytel.exe - "Unknown?"


  • This topic is locked This topic is locked
42 replies to this topic

#1 StayStation

StayStation

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 18 November 2009 - 12:59 PM

Hello,

Recently, I've just felt like checking any programs currently running on my computer, and came across "Skytel.exe." After a quick Google search, I discovered what it does, and I know it's made by Realtek Semiconductor Corp. However, when I scan the processes set to enable at startup, the "Manufacturer" is listed as "Unknown;" for some reason, that really bothers me.

Is this something I should be concerned about, or is it totally ordinary?

Thanks for your time and consideration! :)

Fresh HiJackThis Log:

"Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:11 PM, on 11/18/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\owner\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/optonline
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
O13 - Gopher Prefix:
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 6326 bytes"


P.S. I don't know if this could be useful information, but it's running from "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run."

Edited by StayStation, 18 November 2009 - 01:24 PM.
HijackThis log requested.


#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 21 November 2009 - 01:14 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#3 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 24 November 2009 - 08:44 PM

H StayStationi, and Welcome Back

Sorry it has taken so long to get to you, but the board has been very busy lately, and all the Helpers here are volunteers.

I assume you have a Realtec chipset in your soundcard or built into your motherboard?
The file not being signed isn't somethnig I would worry about.

If you are concerned about it, you can upload the file to VirusTotal and scan it and post the results.

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • If the program won't start, go to MBAM's program folder (normally C:\Program Files\Malwarebytes' Anti-Malware), rename mbam.exe to a random file name (keep the .exe extension) and double-click on it to start the program.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply along with a fresh HijackThis log.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Please run HijackThis and click "Do a system scan only." Place a check next to the following entry (if still there):

O2 - BHO: (no name) - MRI_DISABLED - (no file)

Now close all browser and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entry you checked.

Please post a new HijackThis log, the log from MBAM, and the results of scanning Skytel.exe at VirusTotal (if you scanned it).

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#4 StayStation

StayStation

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 25 November 2009 - 07:53 AM

Hello TheJoker,

Wow, you were the first person to help me out here in my inaugural post two years ago when my old computer gave me trouble, and now you're the first to help me with my new one. Very cool, but anyway, here are the logs you requested:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:06 AM, on 11/25/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\owner\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/optonline
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
O13 - Gopher Prefix:
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 6369 bytes


Malwarebytes' Anti-Malware 1.41
Database version: 3228
Windows 6.0.6001 Service Pack 1

11/25/2009 8:14:29 AM
mbam-log-2009-11-25 (08-14-29).txt

Scan type: Quick Scan
Objects scanned: 83610
Time elapsed: 2 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


A folder was saved on my computer that includes the data from the Malwarebytes' scan; is it okay to delete it at this point?

As for the whole Skytel.exe thing, I do have a "Realtek HD Audio Manager" icon in my taskbar, so I would venture a guess that it's all legit. I was just a little thrown off by the fact that the file wasn't signed by any specific publisher.

Many thanks for the assistance! :)

#5 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 25 November 2009 - 10:29 PM

Wow, you were the first person to help me out here in my inaugural post two years ago

:D

A folder was saved on my computer that includes the data from the Malwarebytes' scan; is it okay to delete it at this point?

You could uninstall MBAM and delete any MBAM folder that wasn't removed by the uninstall, but I would keep MBAM, it's an excellent scanner, and the on-demand version (doesn't provide real-time protection) is free. I would periodically update the scanner and scan your system.

I see no other problem. :thumbup:

Windows Vista does not show Run in the Start Menu by default.
You can access it by pressing "Windows" and the "R" keys simultaneously.

You can also customize the Start Menu by:
  • Right-click on the taskbar, then select “Properties“.
  • Click on “Start Menu” tab, then click on “Customize“.
  • Check “Run command“, and click OK.
I recommend clearing all your TEMP files and Recycle Bin now:
Click on Start > Run
In the Run command line, type CLEANMGR
In the windows that opens, you can select a drive (C: is the default), Click OK
On the Disk Cleanup tab, check:
  • Downloaded Program Files
  • Temporary Internet Files and
  • Recycle Bin
  • Temporary Files
Click OK > Yes

To help keep malware off your system:
  • Keep Windows updated at Windows Update or Microsoft Update.
  • Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
  • Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
  • Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
  • Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
  • Don't click on links received in instant message programs.
  • In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
  • A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...2002/hosts.htm.
  • I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955
Does your problem appear resolved?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#6 StayStation

StayStation

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 27 November 2009 - 11:40 AM

Frankly, I never had any noticeable problems to begin with, TheJoker. I was just curious as to why Skytel.exe was unsigned, but I'm glad I posted a HijackThis log as it made me aware of that extraneous BHO.

Thank you for the assistance, and I'd like to wish you and yours a belated Happy Thanksgiving! :thumbup:

#7 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 27 November 2009 - 05:07 PM

Glad we could help, and you have a good Thanksgiving also! :)

Reopened

Edited by TheJoker, 03 December 2009 - 09:02 AM.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#8 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 03 December 2009 - 09:01 AM

Reopened at request of topic owner.

Hi StayStation, please let me know what the continuing problem is and post a new HijakThis log.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#9 StayStation

StayStation

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 03 December 2009 - 09:24 AM

Hello TheJoker,

I'm sorry for being such a pain in the neck, but I noticed some odd behavior over the last few days. I was hoping that you could help and/or make a few things clear for me.

A day or so after you originally assisted me, I received a warning telling me that Dell Dock was trying to connect to the Internet; it had never done that before, so I blocked whatever it was doing. Yesterday (December 2, 2009 at 2:00 PM), according to Trend Micro, wuauserv was automatically allowed to alter something on my system. Today, after upgrading to Service Pack 2 through Windows' Automatic Update feature, Skytel.exe was automatically allowed to become a Startup program, and a few hours later, wuauserv was given the go-ahead a second time (both times Trend Micro's "Unauthorized Change Prevention" log claimed the program modified my system's Security Policy).

Full scans by MBAM and Trend Micro Internet Security in both Normal and Safe modes show nothing, so I was wondering, is this something I should be concerned about?

Finally, here's the HijackThis log you requested:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:18 AM, on 12/3/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\owner\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/optonline
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O13 - Gopher Prefix:
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 5847 bytes


Thank you again, and I apologize for taking up your time.

EDIT: Apparently, wuauserv is at it again. According to Trend Micro, the service was "allowed" to do something a third time at 2:06 PM. The following is what appears in the "Details" section of Trend Micro's "Unauthorized Change Prevention" log:

Types:
n/a

Detected Resource or Process ID:
/

Infected File:
wuauserv

Policy Violate:
Security Policy Modification

Action Taken:
Allow

Edited by StayStation, 03 December 2009 - 03:52 PM.


#10 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 03 December 2009 - 10:12 PM

I don't see anything wrong with your HijackThis log.

A day or so after you originally assisted me, I received a warning telling me that Dell Dock was trying to connect to the Internet

I found a few other instances of people wondering why it was trying to connect to the Internet, but I didn't see an answer. It may not be malicious.

Yesterday (December 2, 2009 at 2:00 PM), according to Trend Micro, wuauserv was automatically allowed to alter something on my system.

Windows Update Service may have updated the ActiveX controls that it uses to verify your system as a legitimate version of Windows. That's particularly likely as you say the next day you upgraded to Service Pack 2 through Windows' Automatic Update service.

Skytel.exe was automatically allowed to become a Startup program

It's not showing as a startup program in your HijackThis log.

I don't think you necessarily have a problem.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
Please post a new HijackThis log and the log from ESET's online scan and note any errors encountered.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#11 StayStation

StayStation

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 03 December 2009 - 10:25 PM

Hello TheJoker,

I tried the ESTOnlineScanner, but I keep getting an error message from Microsoft Windows telling me that IE refuses to work.

I noticed that the wuauserv program made another change, so I can only guess that it does so every time I sign off from this computer.

Finally, I've noticed that the CPU usage in my Task Manager seems to constantly fluctuate between low percentages and high percentages even though I only have FireFox running. In addition, certain applications seem to be taking longer to start up than before.

#12 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 03 December 2009 - 10:28 PM

I tried the ESTOnlineScanner, but I keep getting an error message from Microsoft Windows telling me that IE refuses to work.

Is that only when trying to use the ESET Online Scanner, or can you open IE and use the browser normally otherwise?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#13 StayStation

StayStation

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 03 December 2009 - 10:31 PM

I tried the ESTOnlineScanner, but I keep getting an error message from Microsoft Windows telling me that IE refuses to work.

Is that only when trying to use the ESET Online Scanner, or can you open IE and use the browser normally otherwise?


I can use it normally otherwise.

#14 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 03 December 2009 - 10:36 PM

Some systems have trouble with some online scanners. You can uninstall it from Control Panel's Add or Remove Programs if you got that far.

Let's try this scanner instead.Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#15 StayStation

StayStation

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 03 December 2009 - 10:43 PM

It's telling me that it may fail to start if another Anti-Virus is running. Forgive me, as I'm computer illiterate, but how do I go about turning Trend Micro off? Or do I even need to do that?

Edited by StayStation, 03 December 2009 - 10:43 PM.


#16 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 03 December 2009 - 10:49 PM

It should start and scan even with another antivirus program running. You don't want to turn off your resident protection as this is a scanner that will only detect and log, it won't provide any protection from malware or clean anything. Any malware that it detects need to be removed manually after examining the log, which is why posting the log from it is important (if anything is detected).

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#17 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 03 December 2009 - 10:50 PM

Never mind, I just checked and it now says that it's only for 32-bit version of Windows. I'll be back in a moment.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#18 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 03 December 2009 - 10:57 PM

Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore.
  • Download The Avira AntiVir Rescue System from here.
  • Just double-click on the rescue system package to burn it to a CD/DVD.
  • Then please use that CD/DVD with Avira Rescue System to boot your computer (you may need to change your boot drive order in your system's BIOS setup).
You'll get a boot option to either boot from hard drive or AntiVir Rescue System.
Posted Image

Press the number 2 on your keyboard to boot into AntiVir Rescue System.

Please wait until drivers are loaded and Main menu shows. Then please select the second option “Scan your system with AntiVir” and hit Enter.
Posted Image

Under Configuration, please select Scan all files, Try to repair infected files and Rename files if they cannot be removed?.
Posted Image

Then please start the scan.

The Avira AntiVir Rescue System wil now
  • repair a damaged system,
  • rescue data,
  • scan the system for virus infections.

Was anything detected?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#19 StayStation

StayStation

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 03 December 2009 - 11:01 PM

Unfortunately, I don't have access to a clean CD/DVD at the moment.

As we're talking, Kaspersky is still updating the database, so is there any chance that might work?

#20 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 03 December 2009 - 11:10 PM

It might. I found conflicting documentation on whether it would work or not. If not, I would use the other scanner once you have an unused CD/DVD to write the scanner to. If the Kaspersky scan works, please save and post the log since as I said it only detects and you are left to manually remove anything.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#21 StayStation

StayStation

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 03 December 2009 - 11:17 PM

It might. I found conflicting documentation on whether it would work or not. If not, I would use the other scanner once you have an unused CD/DVD to write the scanner to. If the Kaspersky scan works, please save and post the log since as I said it only detects and you are left to manually remove anything.


Alright, I'll give Kaspersky a shot. It's scanning my system, and seems to be aware of the fact that I'm running Windows Vista SP2 with a 64-bit interface, so I'm assuming it has a chance. I'll post the results.

P.S. At the bottom, it says "Attention: Anti-virus may be unavailable if your computer already has another anti-virus application installed and running." I'm assuming I should ignore this?

#22 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 03 December 2009 - 11:21 PM

Yes, ignore that. If you disabled your current antivirus, your system would potentially be vulnerable as the online Kaspersky scanner provides no protection.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#23 StayStation

StayStation

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 04 December 2009 - 01:18 AM

Kapersky finished its scan after a little over an hour—apparently, nothing was found. However, I did notice that it was unable to scan for "viruses, worms, Trojans, [and] rootkits" due to the fact that I still had my Trend Micro Internet Security active, so I'm not sure if the scan really did anything of value.

EDIT: Can malware possibly hide within a legit program causing security scans to miss them? I know they can masquerade as certain files, but I'm pretty sure that a large majority of antivirus software tends to find those.

Edited by StayStation, 04 December 2009 - 07:21 AM.


#24 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 04 December 2009 - 08:43 AM

Viruses spread by infecting legitimate files, but it doesn't make them impossible to find. If there is also a rootkit infecting the system, it can make then harder to find.

I just tested the online scanner with my scanner still active, and it didn't detect a test threat, but it could be because my antivirus blocked access to it. How are you hooked to the Internet, are you behind a router?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#25 StayStation

StayStation

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 04 December 2009 - 08:46 AM

This computer is directly hooked up to Cablevision/Optimum Online, as my television and landline telephone are only a few feet from the computer.

Edited by StayStation, 04 December 2009 - 08:53 AM.


#26 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 04 December 2009 - 08:54 AM

You can't directly connect to a cable service without at least a cable modem. Do you know if your cable modem has a router built it, or if there is a router between the cable modem and your computer?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#27 StayStation

StayStation

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 04 December 2009 - 09:18 AM

I have a cable modem, but no router as I'm not hooked up to a network of computers. Is that what you want to know? I'm sorry, as I said earlier, I'm computer illiterate, so please forgive my clueless responses.

#28 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 04 December 2009 - 09:48 AM

That's what I was after. Since you don't have a router, do you have the Windows firewall turned on?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#29 StayStation

StayStation

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 04 December 2009 - 09:54 AM

That's what I was after. Since you don't have a router, do you have the Windows firewall turned on?


I apologize, apparently I DO have a router. After looking at a few images on Google, I learned that it's called the "WebSTAR DPC2100".

I'm at least learning something from this conversation, so hopefully, I won't make this mistake again. :-)

No, I have Trend Micro Personal Firewall turned on. Windows Firewall is on the computer, but it's obviously set to "Off."

EDIT: I believe the router is built in, as searches for "WebSTAR cable modem" yield the same pictures.

Edited by StayStation, 04 December 2009 - 09:58 AM.


#30 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 04 December 2009 - 10:25 AM

apparently I DO have a router. After looking at a few images on Google, I learned that it's called the "WebSTAR DPC2100".

It looks like that is just a cable modem, and doesn't have a router build in.
Here's a user manual"
http://www.timewarne...WebSTAR-DPC2100

I have Trend Micro Personal Firewall turned on. Windows Firewall is on the computer, but it's obviously set to "Off."

My error. Since you don't have a blank CD to burn the Rescue Disk (nothing needs rescuing, it's just that it allows scanning the system without booting from your hard drive) temporarily completely close Trend Micro Internet Security and turn on the Windows Firewall. Then re-do the scan with the Kaspersky online scanner. When finished, turn off the Windows Firewall and restart Trend Micro Internet Security. Did you get the same results of nothing found?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#31 StayStation

StayStation

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 04 December 2009 - 11:53 AM

Since you don't have a blank CD to burn the Rescue Disk (nothing needs rescuing, it's just that it allows scanning the system without booting from your hard drive) temporarily completely close Trend Micro Internet Security and turn on the Windows Firewall. Then re-do the scan with the Kaspersky online scanner. When finished, turn off the Windows Firewall and restart Trend Micro Internet Security. Did you get the same results of nothing found?


Well, I manually turned off everything in Trend Micro and turned on Windows Firewall for Kaspersky's scan, but I found nothing when it was done. Did you expect those results?

When I signed off last night at around 3:00 AM, I noticed that wuauserv was automatically allowed to make security policy modifications again—whatever that means—so I'm not sure what's going on at this point.

P.S. The option to scan for "viruses, worms, Trojans [and] rootkits" was still grayed out.

Edited by StayStation, 04 December 2009 - 12:06 PM.


#32 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 04 December 2009 - 12:21 PM

Well, I manually turned off everything in Trend Micro and turned on Windows Firewall for Kaspersky's scan, but I found nothing when it was done. Did you expect those results?....

P.S. The option to scan for "viruses, worms, Trojans [and] rootkits" was still grayed out.

If that option was grayed out, I don't think it was working properly for you, and that would be one reason for not detecting anything (if that option had not been grayed out, and nothing was detected, I'd say your system was clean, but we don't have anything to base that on yet.

What you'll need to do is obtain a blank CD/DVD disc you can write to, and scan with the previous instructions I left for the Avira Rescue Disk. You will either need to save the log from it to a blank floppy, or write down what it detects and cleans (if anything). If that doesn't detect anything, then I'd say the system is clean.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#33 StayStation

StayStation

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 04 December 2009 - 12:38 PM

What you'll need to do is obtain a blank CD/DVD disc you can write to, and scan with the previous instructions I left for the Avira Rescue Disk. You will either need to save the log from it to a blank floppy, or write down what it detects and cleans (if anything). If that doesn't detect anything, then I'd say the system is clean.


I will try that tonight, if possible.

One question: If I choose the "Rename files, if they cannot be removed?" option, doesn't that have a chance of doing very bad things to my system? If a certain file is necessary for my computer to run, but cannot find it because it's been renamed, won't it just crash permanently?

Thank you for all of the assistance, TheJoker.

Edited by StayStation, 04 December 2009 - 12:39 PM.


#34 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 04 December 2009 - 12:50 PM

I don't think that's likely to happen.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#35 StayStation

StayStation

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 04 December 2009 - 01:14 PM

I don't think that's likely to happen.


:sorry:

I sincerely didn't mean that in a negative way. I'm just so afraid that I'm going to somehow mess something up, and have to worry about buying a whole new computer. So, I wanted to ask just in case.

#36 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 04 December 2009 - 04:15 PM

I sincerely didn't mean that in a negative way.

I never thought you did. :)

In general, if there was a malware file referenced in the winlogon section of your registry and the file was removed (or renamed) without removing the registry entry that loaded it, it's possible that the system would not boot, but there are ways to fix that, such as booting from a Linux based bootable CD and adding an empty "dummy" file, and then the system can boot and the bad registry entry can be removed. You have a 64-bit version of Windows, and that's much better at protecting itself than a 32-bit version. I don't think you'll have a problem.

Do you backup your system? You may want to consider a good backup program that supports system recovery like Paragon Software's Backup & Recovery 10 Free Edition or the free edition of Marcium Reflect. Both are available in 32 and 64 bit versions, and both support system recovery through use of a bootable recovery CD.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#37 StayStation

StayStation

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 04 December 2009 - 05:06 PM

In general, if there was a malware file referenced in the winlogon section of your registry and the file was removed (or renamed) without removing the registry entry that loaded it, it's possible that the system would not boot, but there are ways to fix that, such as booting from a Linux based bootable CD and adding an empty "dummy" file, and then the system can boot and the bad registry entry can be removed. You have a 64-bit version of Windows, and that's much better at protecting itself than a 32-bit version. I don't think you'll have a problem.


No offense, but because I'm computer illiterate, everything you just typed is all Greek to me. :lol:

Do you backup your system? You may want to consider a good backup program that supports system recovery like Paragon Software's Backup & Recovery 10 Free Edition or the free edition of Marcium Reflect. Both are available in 32 and 64 bit versions, and both support system recovery through use of a bootable recovery CD.


I've never had to back anything up as I only use this computer to surf the net and watch YouTube videos. My only concern is the amount of money it'd cost to purchase a new computer.

By the way, I purchased a few blank CD-Rs this evening, and I've already moved the Rescue CD Wizard from my E:/ drive to one of them. All I have to do is put the disc in, restart, and follow your instructions, correct? You wrote, "(Y)ou may need to change your boot drive order in your system's BIOS setup," but will that be covered by simply pressing the two button shortly after restarting my system?

EDIT: It keeps telling me that burning the CD has failed.

Edited by StayStation, 04 December 2009 - 05:32 PM.


#38 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 04 December 2009 - 05:43 PM

I purchased a few blank CD-Rs this evening, and I've already moved the Rescue CD Wizard from my E:/ drive to one of them.

You can't simply copy the file you downloaded to CD. You need to place a blank, unused CD in the CD drive and in Windows Explorer, double-click on rescuecd.exe that you downloaded to your hard drive and the program will burn a copy of Avira Rescue CD to the blank CD.

All I have to do is put the disc in, restart, and follow your instructions, correct? You wrote, "(Y)ou may need to change your boot drive order in your system's BIOS setup," but will that be covered by simply pressing the two button shortly after restarting my system?

Possibly. If you do that and it doesn't boot from the CD, you will need to change the boot order in your system BIOS setup. If you aren't sure how to do that, you should check the documentation that came with your system. Basically, when you start the system, you will see a message on the screen that will tell you what key to press to enter your BIOS setup (often the Del key). Once you do that, you need to change the boot order for your system to boot from CD before booting from the hard drive. After scanning, you will need to restore the original setting to boot from the hard drive. Remember, that's only if it doesn't boot from the CD instead of the hard drive.

Alternatively, when you start your system you may have the option to enter a boot menu where you could tell it to boot from the CD (if your system has a boot menu option), which is a one-time option iwth nothing to have to change back afterwards. In my system for instance, I get a message after I power it on to hit F8 to enter the boot menu and I can select the CD drive instead of the hard drive.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#39 StayStation

StayStation

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 04 December 2009 - 05:48 PM

You can't simply copy the file you downloaded to CD. You need to place a blank, unused CD in the CD drive and in Windows Explorer, double-click on rescuecd.exe that you downloaded to your hard drive and the program will burn a copy of Avira Rescue CD to the blank CD.


I figured that out, but as I mentioned in my previous post, after clicking on the rescuecd icon and putting a blank CD-R in my E:/ drive, the program keeps telling me that it failed to burn the program to the disc.

EDIT: It turns out that the CDs I was using were damaged somehow. I have it on a disc now, and will begin scanning soon.

Edited by StayStation, 04 December 2009 - 06:15 PM.


#40 StayStation

StayStation

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 04 December 2009 - 07:18 PM

I finished the scan, but AntiVir Rescue System's update failed for some reason. So, I had to use the definitions from May. I have no idea how that may impact the results.

The following was in AntiVir's window when the scan was finished:

Warning: The file "antivir.vdf" is more than 14 days old
VDF version: 7.1.4.27 created 27 May 2009
AntiVir license: 149995 for AntiVir Rescue System
checking the master boot record of drive 128
error (2): cannot read record
auto excluding /sys/ from scans (is a special fs)
auto excluding /proc from scans (is a special fs)
checking drive/path (list): /media/devices/
------scan results------
directories: 27327
scanned files: 238383
alerts: 0
suspicions: 0
scan time: 00:27:24
------------------------------


For the heck of it, here's a fresh HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:27 PM, on 12/4/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\owner\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optimum.net/optonline
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O13 - Gopher Prefix:
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 5848 bytes


Finally, I wanted to add that a new icon appeared just as I was about to post this; it stated that it's called "Problem Reports and Solutions" and is able to fix computer problems online. I've never heard of it, and I figured that it couldn't hurt to bring it up here. In addition, the program "wuauserv" hasn't done anything since 3:00 AM, but I don't know if that's permanent.

#41 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 04 December 2009 - 09:56 PM

I wanted to add that a new icon appeared just as I was about to post this; it stated that it's called "Problem Reports and Solutions" and is able to fix computer problems online. I've never heard of it, and I figured that it couldn't hurt to bring it up


http://en.wikipedia....s_and_Solutions

Problem Reports and Solutions is a Control Panel applet included in Windows Vista and Windows Server 2008. It keeps a record of all system and application issues and errors detailed by Windows Error Reporting, as well as presents a list of all existing possible solutions to errors.


For the online scanners that didn't work, remember that while you have a 64-bit version of Windows, not everything will work with the 64-bit version of Internet Explorer or Firefox (if you have that installed). When you do an online scan, it should be with the 32-bit browser version (IE will be a better choice for online scans but Firefox will work with some online scanners. When you start your browser to do an online scan, you should right-click on the shortcut for the browser and select "Run as Administrator".

If you want to try a different online scanner you can try F-Secure Online Scanner, but I don't think you're infected at all. Scanning hasn't found anything, and everything you've described has been from a legitimate part of Windows.

Create a Restore Point
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Click on “open System Protection”.
  • On the System Protection tab in System Properties click on Create.
  • Give the restore point an appropriate name and click Create.
  • When the "The restore point was created successfully" window appears, click OK
Run Disk Cleanup
  • Go to Start > Run and type the below line:
    cleanmgr
  • Click OK
    • If you have more than one drive, select the drive Windows is installed on
    • Click OK
  • When Disk Cleanup opens, select the More Options tab
  • In the System Restore section (bottom of window), click Cleanup
    • In the confirmation window that opens, click Yes
  • Now click on the Disk Cleanup tab and select the following items:
    • Downloaded Program Files
    • Temporary Internet Files
    • Recycle Bin
    • Temporary Files
  • Click OK
  • in the confirmation window, select Yes (Disk Cleanup will close).
To help keep malware off your system:
  • Keep Windows updated at Windows Update or Microsoft Update.
  • Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others.
  • Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety.
  • Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware.
  • Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety.
  • Don't click on links received in instant message programs.
  • In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons.
  • A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at http://www.mvps.org/...2002/hosts.htm.
  • I recommend reading Tony Klein's article So How did I get Infected in the First Place? at http://www.spywarein...showtopic=60955
Does your problem appear resolved?

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005


#42 StayStation

StayStation

    Member

  • Full Member
  • Pip
  • 68 posts

Posted 05 December 2009 - 07:20 AM

If you want to try a different online scanner you can try F-Secure Online Scanner, but I don't think you're infected at all.


Nah, but the link is appreciated. If everything looks okay, chances are good that I'm just being overly suspicious.

Does your problem appear resolved?


Yes, and thank you for taking the time to assist me. :D

#43 TheJoker

TheJoker

    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,476 posts

Posted 06 December 2009 - 10:56 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005





Member of UNITE
Support SpywareInfo Forum - click the button