Thread: suspected nasties - please take a look @ log
View Single Post
Old 06-29-2009, 10:08 PM   #1 (permalink)
cduval04
Registered User
 
Join Date: Mar 2009
Posts: 10
OS: Vista


suspected nasties - please take a look @ log
Hi I am fairly good at keeping my computer clean..infact kind of obsessive about it..I am a 5th year IT major so I like to uphold my reputation and keep my computers tidy .but I think I may have a few nasties that are going undetected and causing ie to crash.

right now ie crashing is my only symptom (only ie firefox works fine). I am thinking maybe just a malicious add on? I tried running ie with no add ons and that worked for a few minutes but then crashed again. it crashes right when I open the browser. After that I tried upgrading from ie 7 to 8 .I scanned with windows defender, superantispyware, and nod32. Yes all these malware programs are installed on my computer, but only one has realtime protection, the other 2 are just used as scanners, since one program doesn't always pick up everything.

so could someone out there with malware detection experience please help me and take a look at my log below?

any help would be appreciated. thanks!


DDS (Ver_09-06-26.01) - NTFSx86
Run by Carlie at 0:18:50.21 on Tue 06/30/2009
Internet Explorer: 8.0.6001.18702
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2442 [GMT -4:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\wsqmcons.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Carlie\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {1C67BD5F-A9EA-4FD0-A1D8-0AD71E86D48A} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ISUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
uRun: [updateMgr] c:\program files\adobe\adobe acrobat 7.0\acrobat\AdobeUpdateManager.exe AcPro7_0_0 -reboot 1
uRun: [AutoplayDevice] regsvr32 /s /u "c:\users\carlie\appdata\local\autoplay\AutoplayDevice.dll"
uRun: [PrinterQueueViewClass] regsvr32 /s /u "c:\users\carlie\appdata\local\printerqueueview\PrinterQueueViewClass.dll"
uRun: [Registry Cleaner Scheduler] "c:\program files\cleanmypc\registry cleaner\RCHelper.exe" /startup
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\carlie\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: {8203C137-0225-4E8B-9533-7660BBE26B9C} = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: IASAttribute - {a24f7021-26f6-4dd6-96EC-049F4764aba5} - c:\program files\common files\ias\IASAttribute.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli DPPWDFLT

================= FIREFOX ===================

FF - ProfilePath - c:\users\carlie\appdata\roaming\mozilla\firefox\profiles\3n1xbgdu.default\
FF - plugin: c:\program files\adobe\adobe acrobat 7.0\acrobat\browser\nppdf32.dll

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-8-18 34312]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_2ba5baa4\AEstSrv.exe [2008-9-23 73728]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-2-29 1053944]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-5-2 161048]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-8-18 468224]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-2-29 548352]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-9-25 29736]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-9-23 54784]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-1-29 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-9-23 149208]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-9-23 277624]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]

=============== Created Last 30 ================

2009-06-29 23:57 <DIR> --d----- c:\program files\Trend Micro
2009-06-29 23:02 <DIR> --d----- c:\users\carlie\appdata\roaming\CleanMyPC Software
2009-06-29 23:02 <DIR> --d----- c:\program files\CleanMyPC
2009-06-29 21:42 1,852,416 a------- c:\windows\system32\wisoutlit.dll
2009-06-29 21:42 <DIR> --d----- c:\program files\wisco
2009-06-29 20:45 <DIR> --d----- c:\users\carlie\appdata\roaming\R-Mail for Outlook
2009-06-29 20:45 <DIR> --d----- c:\program files\R-Mail for Outlook
2009-06-29 20:42 <DIR> --d----- c:\program files\MunSoft
2009-06-29 19:52 <DIR> --d----- c:\users\carlie\appdata\roaming\GetRightToGo
2009-06-29 19:12 <DIR> --d----- c:\program files\common files\IAS
2009-06-29 13:10 <DIR> --d----- c:\program files\Recovery Toolbox for Excel
2009-06-29 12:59 <DIR> --d----- c:\program files\MSECache
2009-06-29 03:12 2,048 a------- c:\windows\system32\tzres.dll
2009-06-28 17:42 <DIR> --d----- c:\program files\BodyMedia
2009-06-28 17:41 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-28 17:30 <DIR> a-d----- c:\programdata\TEMP
2009-06-28 15:27 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-28 15:27 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-28 15:27 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-28 15:27 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-28 15:27 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-28 15:23 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2009-06-28 15:23 296,960 a------- c:\windows\system32\gdi32.dll
2009-06-28 15:23 376,832 a------- c:\windows\system32\winhttp.dll
2009-06-28 15:23 2,033,152 a------- c:\windows\system32\win32k.sys
2009-06-28 15:23 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-06-28 15:23 562,176 a------- c:\windows\system32\msdtcprx.dll
2009-06-28 15:23 38,912 a------- c:\windows\system32\xolehlp.dll
2009-06-28 15:23 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-06-28 15:23 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-06-28 15:23 1,191,936 a------- c:\windows\system32\msxml3.dll
2009-06-28 15:21 2,868,736 a------- c:\windows\system32\mf.dll
2009-06-28 15:21 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-06-28 15:21 94,720 a------- c:\windows\system32\logagent.exe
2009-06-28 15:21 1,645,568 a------- c:\windows\system32\connect.dll
2009-06-28 15:21 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-06-28 15:21 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-06-28 15:12 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-06-28 15:12 83,456 a------- c:\windows\system32\wudriver.dll
2009-06-28 15:12 162,064 a------- c:\windows\system32\wuwebv.dll
2009-06-28 15:12 31,232 a------- c:\windows\system32\wuapp.exe

==================== Find3M ====================

2009-06-28 17:42 86,016 a------- c:\windows\inf\infstrng.dat
2009-06-28 17:42 86,016 a------- c:\windows\inf\infstor.dat
2009-06-28 17:42 51,200 a------- c:\windows\inf\infpub.dat
2009-04-23 08:42 636,928 a------- c:\windows\system32\localspl.dll
2008-09-24 20:30 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 0:19:11.75 ===============
Attached Files
File Type: zip attach.zip (89.0 KB, 4 views)
Last edited by cduval04; 06-29-2009 at 10:31 PM.
cduval04 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here