Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Looking for the smart ones to calm me of my fears....

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Looking for the smart ones to calm me of my fears....

Unread postby lop0kus » July 20th, 2011, 2:19 am

My computer has been acting up just as they usually do. It could be worse considering all the not good junk I have on it. But, I did get a few issues that came up in the Performance Information. And I'll be honest, I have this fear that this weirdo guy might be doing some remote access thing to my computer. Because when I see him he talks of me doing something to his computer and I have no clue. But, just to be safe maybe you could find out if so?

DDS
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.19088
Run by useR at 23:22:59 on 2011-07-19
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2813.1676 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\useR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\useR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\useR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\useR\AppData\Local\Temp\RtkBtMnt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Windows\helppane.exe
C:\Windows\system32\rundll32.exe
C:\Users\useR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\useR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\useR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\useR\Downloads\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_5515
uSearch Bar = Preserve
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_5515
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... spire_5515
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6172\SiteAdv.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: LivingPlay Text: {4a0ba746-d4d6-41a6-81ef-413e52b5f8d6} - c:\program files\livingplay\lplaytl.dll
BHO: LivingPlay: {5be1ed16-e6dd-4c4e-a596-6cfd5ee7c1ee} - c:\program files\livingplay\livingplaylib32.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6172\SiteAdv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [cdloader] "c:\users\user\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [SiteAdvisor] c:\program files\siteadvisor\6172\SiteAdv.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [eRecoveryService]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Skytel] Skytel.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6172\SiteAdv.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-12-4 201288]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-12-4 79304]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-12-4 35240]
R3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2008-12-4 40488]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2008-12-4 33800]
.
=============== Created Last 30 ================
.
2011-07-19 06:37:33 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e4051cb8-42c6-42a2-8d79-6d166876901b}\mpengine.dll
2011-07-13 05:10:11 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 05:10:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-13 05:10:04 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-09 01:34:57 -------- d-----w- c:\programdata\ImTOO
2011-07-09 01:34:57 -------- d-----w- c:\program files\ImTOO
2011-07-09 01:23:12 -------- d-----w- c:\program files\WMV9_VCM
2011-07-09 00:52:50 -------- d-----w- c:\users\user\appdata\local\WMTools Downloaded Files
2011-07-09 00:52:11 -------- d-----w- c:\program files\Movie Maker 2.6
2011-07-09 00:48:11 7046 ----a-w- c:\users\user\ffdshow.reg
2011-07-09 00:45:59 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2011-07-09 00:45:57 -------- d-----w- c:\program files\InstaCodecs
2011-07-09 00:45:42 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-07-02 20:10:54 -------- d-----w- c:\program files\Vegas Casino Online
2011-07-02 19:56:43 -------- d-----w- c:\program files\Rushmore Casino
2011-06-30 01:48:33 -------- d-----w- c:\users\user\appdata\local\Microsoft Games
2011-06-28 21:53:54 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-28 12:07:27 -------- d-----w- c:\program files\Panda Security
2011-06-28 05:42:29 -------- d-----w- c:\program files\iPod
2011-06-28 05:42:13 -------- d-----w- c:\program files\iTunes
2011-06-28 05:10:14 -------- d-----w- c:\users\user\appdata\roaming\PeerNetworking
2011-06-27 21:20:17 -------- d-----w- c:\users\user\appdata\local\Mozilla
2011-06-26 13:52:54 -------- d-----w- c:\users\user\appdata\local\Unity
2011-06-26 13:52:08 -------- d-----w- c:\users\user\appdata\local\Deployment
2011-06-25 14:34:31 -------- d-----w- c:\programdata\3DVIAMP
2011-06-25 14:33:46 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2011-06-25 14:33:46 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2011-06-25 14:33:45 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2011-06-25 14:33:44 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2011-06-25 14:33:42 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2011-06-25 14:33:40 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2011-06-25 14:33:14 -------- d-----w- c:\program files\3DVIA
2011-06-25 14:28:47 -------- d-----w- c:\users\user\appdata\local\3DVIA
2011-06-25 05:47:34 -------- d-----w- c:\program files\Silver Oak Casino
2011-06-24 23:06:53 -------- d-----w- c:\users\user\appdata\roaming\Mayflower
2011-06-24 23:06:53 -------- d-----w- c:\programdata\Mayflower
2011-06-24 23:06:27 -------- d-----w- c:\program files\Mayflower
2011-06-24 23:05:20 -------- d-----w- c:\programdata\PopCap Games
2011-06-24 23:05:20 -------- d-----w- c:\program files\PopCap Games
2011-06-24 15:04:10 -------- d-----w- c:\program files\Real Vegas Online
2011-06-24 04:44:27 -------- d-----w- c:\program files\99 Slot Machine
2011-06-24 04:24:44 -------- d-----w- c:\program files\DesertNightsCasino
2011-06-22 20:38:59 -------- d-----w- c:\users\user\appdata\local\Apps
2011-06-21 09:51:16 -------- d-----w- c:\users\user\.thumbnails
2011-06-21 08:24:56 -------- d-----w- c:\users\user\.gimp-2.6
2011-06-21 08:24:54 -------- d-----w- c:\users\user\.gegl-0.0
2011-06-21 08:17:05 -------- d-----w- c:\program files\Gimp-2.0
.
==================== Find3M ====================
.
2011-06-22 21:06:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-21 01:47:25 1611 ----a-w- c:\windows\system32\drivers\etc\mvps.bat
2011-05-28 06:08:58 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10:26 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-25 01:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 14:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 14:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-04 10:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-02 17:16:14 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25:10 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25:09 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24:50 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24:42 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24:40 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 05:58:12 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-04-26 05:58:12 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-04-21 13:58:27 273408 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 23:24:33.93 ===============
And I uploaded the attach.txt because I read something about not posting it.

Thanks!
lop0kus
Active Member
 
Posts: 1
Joined: July 20th, 2011, 1:06 am
Advertisement
Register to Remove

Re: Looking for the smart ones to calm me of my fears....

Unread postby Cypher » July 20th, 2011, 12:44 pm

Posting Logs as Attachments

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section Logs posted as attachments explains why you should not post attachments unless the helper assisting you requests that you do so. Thank you for your understanding.

This topic is now closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 22 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware