|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
03-22-2008, 09:58 PM
|
#1 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 25
OS: Vista Premium 64 bit SP1
|
[SOLVED] UAC Show all processes closes Task Manager and IE7 makes new clicks maybe in
Hello, here's the deal. Two days ago, I noticed 2 problems/changes with the operation of my OS. 1st, I started hearing multiple clicking noises while using IE7, (it seemed like it was trying to load instances of something, but nothing popped up, some may have coincided with banner ads), however, that did not happen previously. The click noise is one in the windows default sounds, but not the one I usually only hear once when clicking a link. I checked if my sound profile had been changed and saw nothing different. The clicks also happen randomly in explorer with no open network connections, say sometimes when I'm simply navigating folders or opening a program. I've been running IE7 for months and this behavior is definately new. Does not happen in Firefox.
Then 2nd, in order to start investigating the issue, while administrator, I opened the task manager and opened the processes tab. When I clicked "show processes from all users" button the UAC opens for confirmation, I confirm the action, and then the task manager just closes, and does not reopen to show everything. That never happened before either. I've tried using the task manager from both the task bar and ctrl-alt-del with the same results, however, when I navigate to taskmanger.exe in win\sys32 folder and right click and run as administrator, it opens automatically showing processes from all users. Hmmmm... After searching the web to no avail for a possible OS bug or any related articles, and after running multiple scan tools with nothing found, I thought I might have something I'm not catching. If it turns out not to be malware, I'll gladly repost question in different thread section without logs. Thanks for any help in advance. STEP 1: Checked both suggested lists against remove programs list and found none of the programs listed. Step 2: Tried to Panda Scan in both IE7 and Firefox, even enabled cookies and popups, but it would not auto prompt the loader, and would not scan, so no Panda Log. Step 3: I saw the suggested protection of Spyblaster and IE Spyad, but thought I would wait to see if this is ultimately necessary, as I am already running Spybot, AVG Antivirus, AVG antispyware, Avira Antivir, A squared, and of course Win Defender, and Win Firewall. Step 4: I am always up to date with updates. Step 5: For Vista - Dds scan logs. Deckard's System Scanner v20071014.68 Run by Artist on 2008-03-22 22:54:39 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 4 Restore Point(s) -- 4: 2008-03-22 08:40:34 UTC - RP244 - Scheduled Checkpoint 3: 2008-03-21 05:51:11 UTC - RP243 - Windows Update 2: 2008-03-21 02:21:15 UTC - RP242 - Scheduled Checkpoint 1: 2008-03-20 09:03:07 UTC - RP241 - Windows Vista Service Pack 1 Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-03-22 22:58:52 Platform: Windows Vista Service Pack 1 (6.00.6001) MSIE: Internet Explorer (7.00.6000.16386) Boot mode: Normal Running processes: C:\Windows\SOUNDMAN.EXE E:\Program Files 3\RocketDock\RocketDock.exe C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe E:\Program Files 3\Logitech\Quick Cam 10\QuickCam10.exe C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe C:\Users\Artist\Desktop\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files 3\Java\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~2\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "E:\Program Files 3\Logitech\Quick Cam 10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [EPSON Stylus CX3800 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIACA.EXE /FU "C:\Windows\TEMP\E_S7C16.tmp" /EF "HKCU" O4 - HKCU\..\Run: [RocketDock] "E:\Program Files 3\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files 3\Java\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files 3\Java\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - E:\Program Files 3\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\Program Files O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files (x86)\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files (x86)\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\Program Files (x86)\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files (x86)\Grisoft\AVG7\avgemc.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown owner - C:\Program Files O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - C:\Windows\system32\ZuneWlanCfgSvc.exe -- End of file - 9677 bytes -- HijackThis Fixed Entries (C:\Program Files (x86)\Hijack This\backups\) ------ backup-20071115-135749-774 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02...PUplden-us.cab backup-20071115-135749-857 O4 - HKLM\..\Run: [MSConfig] "C:\Program Files (x86)\msconfig.exe" /auto -- File Associations ----------------------------------------------------------- .js - JSFile - shell\open\command - %SystemRoot%\SysWow64\CScript.exe "%1" %* .vbs - VBSFile - shell\open\command - %SystemRoot%\SysWow64\CScript.exe "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 ACPI (Microsoft ACPI Driver) - c:\windows\system32\drivers\acpi.sys (file missing) R0 atapi (IDE Channel) - c:\windows\system32\drivers\atapi.sys (file missing) R0 CLFS (Common Log (CLFS)) - c:\windows\system32\clfs.sys (file missing) R0 crcdisk (Crcdisk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing) R0 disk (Disk Driver) - c:\windows\system32\drivers\disk.sys (file missing) R0 Ecache (ReadyBoost Caching Driver) - c:\windows\system32\drivers\ecache.sys (file missing) R0 FileInfo (File Information FS MiniFilter) - c:\windows\system32\drivers\fileinfo.sys (file missing) R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing) R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing) R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing) R0 msisadrv (ISA/EISA Class Driver) - c:\windows\system32\drivers\msisadrv.sys (file missing) R0 Mup - c:\windows\system32\drivers\mup.sys (file missing) R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing) R0 nvstor - c:\windows\system32\drivers\nvstor.sys (file missing) R0 nvstor64 - c:\windows\system32\drivers\nvstor64.sys (file missing) R0 partmgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing) R0 pci (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys (file missing) R0 pciide - c:\windows\system32\drivers\pciide.sys (file missing) R0 spldr (Security Processor Loader Driver) - c:\windows\system32\drivers\spldr.sys (file missing) R0 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing) R0 volmgr (Volume Manager Driver) - c:\windows\system32\drivers\volmgr.sys (file missing) R0 volmgrx (Dynamic Volume Manager) - c:\windows\system32\drivers\volmgrx.sys (file missing) R0 volsnap (Storage volumes) - c:\windows\system32\drivers\volsnap.sys (file missing) R0 Wdf01000 (Kernel Mode Driver Frameworks service) - c:\windows\system32\drivers\wdf01000.sys (file missing) R1 AFD (Ancilliary Function Driver for Winsock) - c:\windows\system32\drivers\afd.sys (file missing) R1 AvgAsC64 (AVG Anti-Spyware Clean Driver) - c:\windows\system32\drivers\avgasc64.sys (file missing) R1 AvgCln64 (AVG7 Clean Driver (x64)) - c:\windows\system32\drivers\avgcln64.sys (file missing) R1 AvgMfx64 (AVG Minifilter x64 Resident Driver) - c:\windows\system32\drivers\avgmfx64.sys (file missing) R1 cdrom (CD-ROM Driver) - c:\windows\system32\drivers\cdrom.sys (file missing) R1 DfsC (DFS Namespace Client Driver) - c:\windows\system32\drivers\dfsc.sys (file missing) R1 kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys (file missing) R1 kbdhid (Keyboard HID Driver) - c:\windows\system32\drivers\kbdhid.sys (file missing) R1 mouclass (Mouse Class Driver) - c:\windows\system32\drivers\mouclass.sys (file missing) R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing) R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing) R1 netbt - c:\windows\system32\drivers\netbt.sys (file missing) R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing) R1 nsiproxy (NSI proxy service) - c:\windows\system32\drivers\nsiproxy.sys (file missing) R1 Null - c:\windows\system32\drivers\null.sys (file missing) R1 PSched (QoS Packet Scheduler) - c:\windows\system32\drivers\pacer.sys (file missing) R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing) R1 rdbss (Redirected Buffering Sub Sysytem) - c:\windows\system32\drivers\rdbss.sys (file missing) R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing) R1 RDPENCDD (RDP Encoder Mirror Driver) - c:\windows\system32\drivers\rdpencdd.sys (file missing) R1 Serial (Serial port driver) - c:\windows\system32\drivers\serial.sys (file missing) R1 Smb (Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)) - c:\windows\system32\drivers\smb.sys (file missing) R1 tdx (NetIO Legacy TDI Support Driver) - c:\windows\system32\drivers\tdx.sys (file missing) R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys (file missing) R1 VgaSave - c:\windows\system32\drivers\vga.sys (file missing) R1 Wanarpv6 (Remote Access IPv6 ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing) R2 avgntflt - c:\windows\system32\drivers\avgntflt.sys (file missing) R2 lltdio (Link-Layer Topology Discovery Mapper I/O Driver) - c:\windows\system32\drivers\lltdio.sys (file missing) R2 luafv (UAC File Virtualization) - c:\windows\system32\drivers\luafv.sys (file missing) R2 PEAUTH - c:\windows\system32\drivers\peauth.sys (file missing) R2 rspndr (Link-Layer Topology Discovery Responder) - c:\windows\system32\drivers\rspndr.sys (file missing) R2 secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing) R2 tcpipreg (TCP/IP Registry Compatibility) - c:\windows\system32\drivers\tcpipreg.sys (file missing) R3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - c:\windows\system32\drivers\rtkvac64.sys (file missing) R3 AmdK8 (AMD K8 Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing) R3 AmdLLD64 (AMD Low Level Device Driver) - c:\windows\system32\drivers\amdlld64.sys (file missing) R3 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\asyncmac.sys (file missing) R3 AvgWFPx64 (AVG7 Firewall Driver x64) - c:\windows\system32\drivers\avgwfpx64.sys (file missing) R3 bowser - c:\windows\system32\drivers\bowser.sys (file missing) R3 DXGKrnl (LDDM Graphics Subsystem) - c:\windows\system32\drivers\dxgkrnl.sys (file missing) R3 fastfat (FAT12/16/32 File System Driver) - c:\windows\system32\drivers\fastfat.sys (file missing) R3 fdc (Floppy Disk Controller Driver) - c:\windows\system32\drivers\fdc.sys (file missing) R3 flpydisk (Floppy Disk Driver) - c:\windows\system32\drivers\flpydisk.sys (file missing) R3 HidUsb (Microsoft HID Class Driver) - c:\windows\system32\drivers\hidusb.sys (file missing) R3 HTTP - c:\windows\system32\drivers\http.sys (file missing) R3 iScsiPrt (iScsiPort Driver) - c:\windows\system32\drivers\msiscsi.sys (file missing) R3 ksthunk (Kernel Streaming Thunks) - c:\windows\system32\drivers\ksthunk.sys (file missing) R3 LVPr2M64 (Logitech LVPr2M64 Driver) - c:\windows\system32\drivers\lvpr2m64.sys (file missing) R3 LVUSBS64 (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbs64.sys (file missing) R3 monitor (Microsoft Monitor Class Function Driver Service) - c:\windows\system32\drivers\monitor.sys (file missing) R3 mouhid (Mouse HID Driver) - c:\windows\system32\drivers\mouhid.sys (file missing) R3 mpsdrv (Windows Firewall Authorization Driver) - c:\windows\system32\drivers\mpsdrv.sys (file missing) R3 MRxDAV (WebDav Client Redirector Driver) - c:\windows\system32\drivers\mrxdav.sys (file missing) R3 mrxsmb (SMB MiniRedirector Wrapper and Engine) - c:\windows\system32\drivers\mrxsmb.sys (file missing) R3 mrxsmb10 (SMB 1.x MiniRedirector) - c:\windows\system32\drivers\mrxsmb10.sys (file missing) R3 mrxsmb20 (SMB 2.0 MiniRedirector) - c:\windows\system32\drivers\mrxsmb20.sys (file missing) R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing) R3 NdisTapi (Remote Access NDIS TAPI Driver) - c:\windows\system32\drivers\ndistapi.sys (file missing) R3 NdisWan (Remote Access NDIS WAN Driver) - c:\windows\system32\drivers\ndiswan.sys (file missing) R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing) R3 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing) R3 NVENETFD (NVIDIA nForce Networking Controller Driver) - c:\windows\system32\drivers\nvmfdx64.sys (file missing) R3 nvlddmkm - c:\windows\system32\drivers\nvlddmkm.sys (file missing) R3 ohci1394 (Texas Instruments OHCI Compliant IEEE 1394 Host Controller) - c:\windows\system32\drivers\ohci1394.sys (file missing) R3 Parport (Parallel port driver) - c:\windows\system32\drivers\parport.sys (file missing) R3 PID_0928 (Logitech QuickCam Express(PID_0928)) - c:\windows\system32\drivers\lv561v64.sys (file missing) R3 PptpMiniport (WAN Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing) R3 Rasl2tp (WAN Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing) R3 RasPppoe (Remote Access PPPOE Driver) - c:\windows\system32\drivers\raspppoe.sys (file missing) R3 RasSstp (WAN Miniport (SSTP)) - c:\windows\system32\drivers\rassstp.sys (file missing) R3 RDPWD (RDP Winstation Driver) - c:\windows\system32\drivers\rdpwd.sys (file missing) R3 RTSTOR (USB Mass Storage Device) - c:\windows\system32\drivers\rtstor64.sys (file missing) R3 Serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys (file missing) R3 srv - c:\windows\system32\drivers\srv.sys (file missing) R3 srv2 - c:\windows\system32\drivers\srv2.sys (file missing) R3 srvnet - c:\windows\system32\drivers\srvnet.sys (file missing) R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys (file missing) R3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing) R3 tssecsrv (Terminal Services Security Filter Driver) - c:\windows\system32\drivers\tssecsrv.sys (file missing) R3 tunmp (Microsoft Tun Miniport Adapter Driver) - c:\windows\system32\drivers\tunmp.sys (file missing) R3 tunnel (Microsoft IPv6 Tunnel Miniport Adapter Driver) - c:\windows\system32\drivers\tunnel.sys (file missing) R3 umbus (UMBus Enumerator Driver) - c:\windows\system32\drivers\umbus.sys (file missing) R3 usbccgp (Microsoft USB Generic Parent Driver) - c:\windows\system32\drivers\usbccgp.sys (file missing) R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys (file missing) R3 usbhub (USB2 Enabled Hub) - c:\windows\system32\drivers\usbhub.sys (file missing) R3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - c:\windows\system32\drivers\usbohci.sys (file missing) R3 WUDFRd - c:\windows\system32\drivers\wudfrd.sys (file missing) R4 cdfs (CD/DVD File System Reader) - c:\windows\system32\drivers\cdfs.sys (file missing) S3 agp440 (Intel AGP Bus Filter) - c:\windows\system32\drivers\agp440.sys (file missing) S3 BrFiltLo (Brother USB Mass-Storage Lower Filter Driver) - c:\windows\system32\drivers\brfiltlo.sys (file missing) S3 BrFiltUp (Brother USB Mass-Storage Upper Filter Driver) - c:\windows\system32\drivers\brfiltup.sys (file missing) S3 BrUsbSer (Brother MFC USB Serial WDM Driver) - c:\windows\system32\drivers\brusbser.sys (file missing) S3 drmkaud (Microsoft Kernel DRM Audio Descrambler) - c:\windows\system32\drivers\drmkaud.sys (file missing) S3 E1G60 (Intel(R) PRO/1000 NDIS 6 Adapter Driver) - c:\windows\system32\drivers\e1g6032e.sys (file missing) S3 exfat (exFAT File System Driver) - c:\windows\system32\drivers\exfat.sys (file missing) S3 Filetrace - c:\windows\system32\drivers\filetrace.sys (file missing) S3 gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - c:\windows\system32\drivers\gagp30kx.sys (file missing) S3 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys (file missing) S3 IPNAT (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing) S3 IRENUM (IR Bus Enumerator) - c:\windows\system32\drivers\irenum.sys (file missing) S3 LVcKap64 (Logitech AEC Driver) - c:\windows\system32\drivers\lvckap64.sys (file missing) S3 LVMVDrv (Logitech Machine Vision Engine Loader) - c:\windows\system32\drivers\lvmvdrv.sys (file missing) S3 Modem - c:\windows\system32\drivers\modem.sys (file missing) S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing) S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - c:\windows\system32\drivers\mspclock.sys (file missing) S3 MSPQM (Microsoft Streaming Quality Manager Proxy) - c:\windows\system32\drivers\mspqm.sys (file missing) S3 MsRPC - c:\windows\system32\drivers\msrpc.sys (file missing) S3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - c:\windows\system32\drivers\mstee.sys (file missing) S3 NativeWifiP (NativeWiFi Filter) - c:\windows\system32\drivers\nwifi.sys (file missing) S3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing) S3 nv_agp (NVIDIA nForce AGP Bus Filter) - c:\windows\system32\drivers\nv_agp.sys (file missing) S3 QWAVEdrv (QWAVE driver) - c:\windows\system32\drivers\qwavedrv.sys (file missing) S3 sffp_mmc (SFF Storage Protocol Driver for MMC) - c:\windows\system32\drivers\sffp_mmc.sys (file missing) S3 sffp_sd (SFF Storage Protocol Driver for SDBus) - c:\windows\system32\drivers\sffp_sd.sys (file missing) S3 Tcpip6 (Microsoft IPv6 Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing) S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing) S3 U6000ALL (U6000 TV Box(ALL)) - c:\windows\system32\drivers\u6000all.sys (file missing) S3 uagp35 (Microsoft AGPv3.5 Filter) - c:\windows\system32\drivers\uagp35.sys (file missing) S3 uliagpkx (Uli AGP Bus Filter) - c:\windows\system32\drivers\uliagpkx.sys (file missing) S3 usbprint (Microsoft USB PRINTER Class) - c:\windows\system32\drivers\usbprint.sys (file missing) S3 usbscan (USB Scanner Driver) - c:\windows\system32\drivers\usbscan.sys (file missing) S3 USBSTOR (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys (file missing) S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing) S3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing) S3 WpdUsb - c:\windows\system32\drivers\wpdusb.sys (file missing) S4 adp94xx - c:\windows\system32\drivers\adp94xx.sys (file missing) S4 adpahci - c:\windows\system32\drivers\adpahci.sys (file missing) S4 adpu160m - c:\windows\system32\drivers\adpu160m.sys (file missing) S4 adpu320 - c:\windows\system32\drivers\adpu320.sys (file missing) S4 aic78xx - c:\windows\system32\drivers\djsvs.sys (file missing) S4 aliide - c:\windows\system32\drivers\aliide.sys (file missing) S4 amdide - c:\windows\system32\drivers\amdide.sys (file missing) S4 arc - c:\windows\system32\drivers\arc.sys (file missing) S4 arcsas - c:\windows\system32\drivers\arcsas.sys (file missing) S4 Brserid (Brother MFC Serial Port Interface Driver (WDM)) - c:\windows\system32\drivers\brserid.sys (file missing) S4 BrSerWdm (Brother WDM Serial driver) - c:\windows\system32\drivers\brserwdm.sys (file missing) S4 BrUsbMdm (Brother MFC USB Fax Only Modem) - c:\windows\system32\drivers\brusbmdm.sys (file missing) S4 BTHMODEM (Bluetooth Serial Communications Driver) - c:\windows\system32\drivers\bthmodem.sys (file missing) S4 circlass (Consumer IR Devices) - c:\windows\system32\drivers\circlass.sys (file missing) S4 cmdide - c:\windows\system32\drivers\cmdide.sys (file missing) S4 Compbatt (Microsoft Composite Battery Driver) - c:\windows\system32\drivers\compbatt.sys (file missing) S4 elxstor - c:\windows\system32\drivers\elxstor.sys (file missing) S4 HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - c:\windows\system32\drivers\hdaudbus.sys (file missing) S4 HidBth (Microsoft Bluetooth HID Miniport) - c:\windows\system32\drivers\hidbth.sys (file missing) S4 HidIr (Microsoft Infrared HID Driver) - c:\windows\system32\drivers\hidir.sys (file missing) S4 HpCISSs - c:\windows\system32\drivers\hpcisss.sys (file missing) S4 i2omp - c:\windows\system32\drivers\i2omp.sys (file missing) S4 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys (file missing) S4 iaStorV (Intel RAID Controller Vista) - c:\windows\system32\drivers\iastorv.sys (file missing) S4 iirsp - c:\windows\system32\drivers\iirsp.sys (file missing) S4 intelide - c:\windows\system32\drivers\intelide.sys (file missing) S4 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing) S4 IPMIDRV - c:\windows\system32\drivers\ipmidrv.sys (file missing) S4 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing) S4 iteatapi (ITEATAPI_Service_Install) - c:\windows\system32\drivers\iteatapi.sys (file missing) S4 iteraid (ITERAID_Service_Install) - c:\windows\system32\drivers\iteraid.sys (file missing) S4 LSI_FC - c:\windows\system32\drivers\lsi_fc.sys (file missing) S4 LSI_SAS - c:\windows\system32\drivers\lsi_sas.sys (file missing) S4 LSI_SCSI - c:\windows\system32\drivers\lsi_scsi.sys (file missing) S4 megasas - c:\windows\system32\drivers\megasas.sys (file missing) S4 mpio (Microsoft Multi-Path Bus Driver) - c:\windows\system32\drivers\mpio.sys (file missing) S4 Mraid35x - c:\windows\system32\drivers\mraid35x.sys (file missing) S4 msahci - c:\windows\system32\drivers\msahci.sys (file missing) S4 msdsm (Microsoft Multi-Path Device Specific Module) - c:\windows\system32\drivers\msdsm.sys (file missing) S4 nfrd960 - c:\windows\system32\drivers\nfrd960.sys (file missing) S4 nvraid - c:\windows\system32\drivers\nvraid.sys (file missing) S4 pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing) S4 Processor (Processor Driver) - c:\windows\system32\drivers\processr.sys (file missing) S4 ql2300 (QLogic Fibre Channel Miniport Driver) - c:\windows\system32\drivers\ql2300.sys (file missing) S4 ql40xx (QLogic iSCSI Miniport Driver) - c:\windows\system32\drivers\ql40xx.sys (file missing) S4 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys (file missing) S4 sbp2port (SBP-2 Transport/Protocol Bus Driver) - c:\windows\system32\drivers\sbp2port.sys (file missing) S4 sermouse (Serial Mouse Driver) - c:\windows\system32\drivers\sermouse.sys (file missing) S4 sffdisk (SFF Storage Class Driver) - c:\windows\system32\drivers\sffdisk.sys (file missing) S4 sfloppy (High-Capacity Floppy Disk Drive) - c:\windows\system32\drivers\sfloppy.sys (file missing) S4 SiSRaid2 - c:\windows\system32\drivers\sisraid2.sys (file missing) S4 SiSRaid4 - c:\windows\system32\drivers\sisraid4.sys (file missing) S4 Sym_hi - c:\windows\system32\drivers\sym_hi.sys (file missing) S4 Sym_u3 - c:\windows\system32\drivers\sym_u3.sys (file missing) S4 Symc8xx - c:\windows\system32\drivers\symc8xx.sys (file missing) S4 udfs - c:\windows\system32\drivers\udfs.sys (file missing) S4 uliahci - c:\windows\system32\drivers\uliahci.sys (file missing) S4 UlSata - c:\windows\system32\drivers\ulsata.sys (file missing) S4 ulsata2 - c:\windows\system32\drivers\ulsata2.sys (file missing) S4 usbcir (eHome Infrared Receiver (USBCIR)) - c:\windows\system32\drivers\usbcir.sys (file missing) S4 usbuhci (Microsoft USB Universal Host Controller Miniport Driver) - c:\windows\system32\drivers\usbuhci.sys (file missing) S4 viaide - c:\windows\system32\drivers\viaide.sys (file missing) S4 vsmraid - c:\windows\system32\drivers\vsmraid.sys (file missing) S4 WacomPen (Wacom Serial Pen HID Driver) - c:\windows\system32\drivers\wacompen.sys (file missing) S4 Wd (Microsoft Watchdog Timer Driver) - c:\windows\system32\drivers\wd.sys (file missing) S4 WmiAcpi (Microsoft Windows Management Interface for ACPI) - c:\windows\system32\drivers\wmiacpi.sys (file missing) S4 ws2ifsl (Winsock IFS driver) - c:\windows\system32\drivers\ws2ifsl.sys (file missing) -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files (x86)\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler> R2 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe (file missing) R2 SBSDWSCService (SBSD Security Center Service) - c:\program files (x86)\spybot - search & destroy\sdwinsec.exe R2 slsvc (Software Licensing) - c:\windows\system32\slsvc.exe (file missing) R2 Spooler (Print Spooler) - c:\windows\system32\spoolsv.exe (file missing) S3 ALG (Application Layer Gateway Service) - c:\windows\system32\alg.exe (file missing) S3 DFSR (DFS Replication) - c:\windows\system32\dfsr.exe (file missing) S3 KeyIso (CNG Key Isolation) - c:\windows\system32\lsass.exe (file missing) S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing) S3 Netlogon - c:\windows\system32\lsass.exe (file missing) S3 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe (file missing) S3 RpcLocator (Remote Procedure Call (RPC) Locator) - c:\windows\system32\locator.exe (file missing) S3 SNMPTRAP (SNMP Trap) - c:\windows\system32\snmptrap.exe (file missing) S3 UI0Detect (Interactive Services Detection) - c:\windows\system32\ui0detect.exe (file missing) S3 vds (Virtual Disk) - c:\windows\system32\vds.exe (file missing) S3 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe (file missing) S3 wmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing) S3 ZuneWlanCfgSvc (Zune Wireless Configuration Service) - c:\windows\system32\zunewlancfgsvc.exe (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Files created between 2008-02-22 and 2008-03-22 ----------------------------- 2008-03-22 16:57:59 0 d-------- C:\Users\All Users\Avira 2008-03-22 16:57:59 0 d-------- C:\Program Files (x86)\Avira 2008-03-21 23:25:01 691545 --a------ C:\Windows\unins000.exe 2008-03-21 23:25:01 2542 --a------ C:\Windows\unins000.dat 2008-03-20 05:23:58 0 d-------- C:\PerfLogs 2008-03-06 20:48:48 0 d-------- C:\Program Files (x86)\ImgBurn 2008-03-05 02:37:48 0 d-------- C:\Windows\Sun 2008-03-05 02:36:17 0 d-------- C:\Program Files (x86)\uTorrent 2008-03-04 17:56:03 0 d-------- C:\Program Files (x86)\Microsoft Silverlight 2008-03-03 07:45:42 0 d-------- C:\Program Files (x86)\GraphCalc 2008-02-25 18:43:35 49152 --a------ C:\Windows\system32\lwext.dll <Not Verified; Geniatech; Geniatech livewire> 2008-02-25 18:43:35 20480 --a------ C:\Windows\system32\KTM.exe <Not Verified; ; KTM ????> 2008-02-25 18:43:35 675913 --a------ C:\Windows\system32\IRReceive.exe 2008-02-25 18:43:35 28672 --a------ C:\Windows\system32\Hookdll.dll <Not Verified; ; Hookdll Dynamic Link Library> 2008-02-25 18:43:35 167936 --a------ C:\Windows\system32\GTTunerCard.dll <Not Verified; ; GTTunerCard Module> 2008-02-25 18:43:34 122880 --a------ C:\Windows\system32\RmCard.dll 2008-02-25 18:43:34 204800 --a------ C:\Windows\system32\GTVendor.dll <Not Verified; Geniatech Inc.; > 2008-02-25 18:43:34 24576 --a------ C:\Windows\system32\34I2Curd.dll <Not Verified; Philips; Philips 34I2Curd> 2008-02-25 18:38:53 0 d-------- C:\Program Files (x86)\Common Files\ArcSoft 2008-02-25 18:38:25 212480 --a------ C:\Windows\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit> 2008-02-25 18:36:07 0 d-------- C:\Program Files (x86)\Mydrv -- Find3M Report --------------------------------------------------------------- 2008-03-22 20:00:18 0 d-------- C:\Program Files (x86)\Hijack This 2008-03-22 00:16:14 0 d-------- C:\Users\Artist\AppData\Roaming\AVG7 2008-03-20 05:33:55 174 --ahs---- C:\Program Files (x86)\desktop.ini 2008-03-20 05:26:38 0 d-------- C:\Program Files (x86)\Windows Sidebar 2008-03-20 05:26:38 0 d-------- C:\Program Files (x86)\Windows Mail 2008-03-20 05:26:38 0 d-------- C:\Program Files (x86)\Windows Calendar 2008-03-20 05:26:37 0 d-------- C:\Program Files (x86)\Windows Photo Gallery 2008-03-20 05:26:37 0 d-------- C:\Program Files (x86)\Windows Collaboration 2008-03-20 05:26:33 0 d-------- C:\Program Files (x86)\Windows Defender 2008-03-18 00:46:46 0 d-------- C:\Users\Artist\AppData\Roaming\Adobe 2008-03-17 20:54:30 0 d-------- C:\Users\Artist\AppData\Roaming\Mozilla 2008-03-10 20:58:42 0 d--h----- C:\Program Files (x86)\InstallShield Installation Information 2008-03-10 02:26:27 0 d-------- C:\Users\Artist\AppData\Roaming\EPSON 2008-03-06 21:34:53 0 d-------- C:\Users\Artist\AppData\Roaming\ImgBurn 2008-03-06 01:14:55 0 d-------- C:\Users\Artist\AppData\Roaming\uTorrent 2008-03-04 17:45:17 0 d-------- C:\Users\Artist\AppData\Roaming\Grisoft 2008-02-25 19:20:12 0 d-------- C:\Users\Artist\AppData\Roaming\ArcSoft 2008-02-25 18:38:53 0 d-------- C:\Program Files (x86)\Common Files 2008-02-25 18:36:55 0 d-------- C:\Program Files (x86)\Common Files\InstallShield 2008-02-23 17:01:23 47616 --a------ C:\Windows\system32\pdf995mon64.dll 2008-02-20 04:35:48 0 d-------- C:\Users\Artist\AppData\Roaming\ZoomBrowser EX 2008-02-19 22:56:46 0 d-------- C:\Program Files (x86)\MSN Messenger 2008-02-03 19:17:21 0 d-------- C:\Users\Artist\AppData\Roaming\Amazon 2008-02-03 17:48:59 0 d-------- C:\Users\Artist\AppData\Roaming\TaxCut 2008-01-26 01:57:45 0 d-------- C:\Users\Artist\AppData\Roaming\Macromedia 2008-01-26 01:55:30 0 d-------- C:\Program Files (x86)\Common Files\Macromedia -- Registry Dump --------------------------------------------------------------- -- Hosts ----------------------------------------------------------------------- 127.0.0.1 hityou.com 127.0.0.1 www.hityou.com 127.0.0.1 180searchassistant.com 127.0.0.1 www.180searchassistant.com 127.0.0.1 180solutions.com 127.0.0.1 www.180solutions.com 127.0.0.1 bis.180solutions.com 127.0.0.1 config.180solutions.com 127.0.0.1 cts.180solutions.com 127.0.0.1 downloads.180solutions.com 7892 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-03-22 23:01:18 ------------ Attach extra: Thanks again for any help. Last edited by AtomicBartender; 03-22-2008 at 10:15 PM. Reason: Forgot to say that if it's not malware I'll repost in correct section |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
03-25-2008, 10:08 PM
|
#2 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 25
OS: Vista Premium 64 bit SP1
|
Re: UAC Show all processes closes Task Manager and IE7 makes new clicks maybe infecte
Bump
Other symptoms. IE is slowed down, and loads much slower. Clicks I mentioned seem very random. Saw qksz.net trying to load something in browser bottom bar, just now and edited this message to reflect such. Googled it and seems like this might be related to malware. Last edited by AtomicBartender; 03-25-2008 at 10:13 PM. Reason: new info |
|
|
|
|
03-25-2008, 10:27 PM
|
#3 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,042
OS: WinXP and Vista
|
Re: UAC Show all processes closes Task Manager and IE7 makes new clicks maybe infecte
Hello AtomicBartender,
Nothing is jumping out at me here. Let's see if Kaspersky's online scanner picks up on anything. Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html Answer Yes, when prompted to install an ActiveX component.
|
|
|
|
|
03-26-2008, 01:41 AM
|
#4 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 25
OS: Vista Premium 64 bit SP1
|
Re: UAC Show all processes closes Task Manager and IE7 makes new clicks maybe infecte
Hello Ried, thank you for looking at my post. After hearing that my dss scan looked clean ( I am aware that it doesn't catch everything), and after a clean Kasper. scan, I am suspecting it probably has to do more with some form of file or OS corruption. I may eventually post a different thread in the correct area to investigate further, or I may resort to the ole sys restore, restore point, fresh install options. Seeing as Vista SP1 was just released, and although I have it installed, unfortunately Windows just seems to work better when programs are loaded/layered onto the OS in a certain order. Needless to say, over my time working with windows and IE, I tend to be using Firefox more and more, as well as my interest in an OS like Kubuntu increases.
If I do change it up, I will try the Spywareblaster and guard as per suggestions in the general security forum, to see how they work. Here is the Kaspersky scan, I turned off all active antivirus protection prior to scan, but still had some locked files (don't know if these are standardly locked). If there is something else I should do next, just let me know, Thanks again. ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, March 26, 2008 3  18 AMOperating System: Microsoft Windows Vista, Service Pack 1 (Build 6001) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 26/03/2008 Kaspersky Anti-Virus database records: 663967 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ M:\ Scan Statistics: Total number of scanned objects: 131155 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 01:31:32 Infected Object Name / Virus Name / Last Action C:\Boot\BCD Object is locked skipped C:\Boot\BCD.LOG Object is locked skipped C:\Deckard\System Scanner\backup\Windows\temp\ASPNETSetup_00000.log Object is locked skipped C:\Deckard\System Scanner\backup\Windows\temp\ASPNETSetup_00001.log Object is locked skipped C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080318-131925-0.log Object is locked skipped C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080318-131936-0.log Object is locked skipped C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080319-164554-0.log Object is locked skipped C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080319-164603-0.log Object is locked skipped C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080320-043958-0.log Object is locked skipped C:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080320-044012-0.log Object is locked skipped C:\Deckard\System Scanner\backup\Windows\temp\LVCOMSX.LOG Object is locked skipped C:\Deckard\System Scanner\backup\Windows\temp\VistaSP1_InstallPerf_142855.sqm Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6de9cb26d2b98c01ec4e9e8b34824aa2_e8c7d7c3-ada8-470c-a05a-544685bf6455 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\76944fb33636aeddb9590521c2e8815a_e8c7d7c3-ada8-470c-a05a-544685bf6455 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9138e44cb3b2866be9258023d293542a_e8c7d7c3-ada8-470c-a05a-544685bf6455 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d6d986f09a1ee04e24c949879fdb506c_e8c7d7c3-ada8-470c-a05a-544685bf6455 Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_e8c7d7c3-ada8-470c-a05a-544685bf6455 Object is locked skipped C:\ProgramData\Microsoft\User Account Pictures\Family.dat Object is locked skipped C:\ProgramData\Microsoft\User Account Pictures\Shaolin Monk.dat Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Speech\Files\MSASR\SP_30F8679F3DF14F1F978FDBA7BCDB9063.dat Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Speech\Files\MSASR\SP_84FE99E483ED475EBD23582743C017F9.dat Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Speech\Files\MSASR\SP_97D261BA2E264BDF9436514EFBED0707.dat Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Windows\UsrClass.dat{a2547ab0-d680-11dc-adcb-00016cfaf112}.TM.blf Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Windows\UsrClass.dat{a2547ab0-d680-11dc-adcb-00016cfaf112}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Windows\UsrClass.dat{a2547ab0-d680-11dc-adcb-00016cfaf112}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Windows Defender\FileTracker\{C10999BF-C02E-467D-BD88-899BDF30C9F0} Object is locked skipped C:\Users\Artist\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped C:\Users\Artist\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped C:\Users\Artist\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped C:\Users\Artist\NTUSER.DAT Object is locked skipped C:\Users\Artist\ntuser.dat.LOG1 Object is locked skipped C:\Users\Artist\ntuser.dat.LOG2 Object is locked skipped C:\Users\Artist\NTUSER.DAT{a2547aae-d680-11dc-adcb-00016cfaf112}.TM.blf Object is locked skipped C:\Users\Artist\NTUSER.DAT{a2547aae-d680-11dc-adcb-00016cfaf112}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Users\Artist\NTUSER.DAT{a2547aae-d680-11dc-adcb-00016cfaf112}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Windows\Debug\PASSWD.LOG Object is locked skipped C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped C:\Windows\Logs\CBS\CBS.log Object is locked skipped C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped C:\Windows\Logs\DPX\setupact.log Object is locked skipped C:\Windows\Logs\DPX\setuperr.log Object is locked skipped C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped C:\Windows\security\database\secedit.sdb Object is locked skipped C:\Windows\SoftwareDistribution\EventCache\{AA08A084-8047-4B25-9BCD-BA528045359B}.bin Object is locked skipped C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped C:\Windows\WindowsUpdate.log Object is locked skipped C:\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_2b166a33f17217b5\dnary.xsd Object is locked skipped C:\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_2d4d2c2fee5d2889\dnary.xsd Object is locked skipped C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd Object is locked skipped Scan process completed. |
|
|
|
|
03-26-2008, 08:17 PM
|
#5 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,042
OS: WinXP and Vista
|
Re: UAC Show all processes closes Task Manager and IE7 makes new clicks maybe infecte
Hiya,
Yes, in this scan, those locked files are normal. At this point, it's your choice which direction take. Personally, I'd opt to System Restore and see if that smoothes things out. If not, you can try discussing this with the folks in the Windows Vista Support section and see if they have any ideas for you. 
|
|
|
|
|
03-29-2008, 03:29 AM
|
#6 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 25
OS: Vista Premium 64 bit SP1
|
Re: UAC Show all processes closes Task Manager and IE7 makes new clicks maybe infecte
I tried a few of the restores I had, and the fourth one back fixed it. However, I wanted the Vista SP1 that I had installed since then, as well as a few other things, so I ended up doing a fresh install to get rid of the many files windows leaves all over the place. I now have everything back on, with no problem. After your separate review I am confident it was a software issue. Should the problem arise again, I will approach it from a software technical support issue point of view. Thanks again Ried for all your help. I will mark the issue as solved.
|
|
|
|
|
03-29-2008, 11:14 PM
|
#7 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 27,042
OS: WinXP and Vista
|
Re: [SOLVED] UAC Show all processes closes Task Manager and IE7 makes new clicks mayb
You're welcome, AtomicBartender. Glad to hear you worked it out.
Take care. 
|
|
|
|
| Thread Tools | |
|
|
