Author Topic: [Inactive] possible malware - no wireless internet, network suddenly "hidden"  (Read 3097 times)

0 Members and 1 Guest are viewing this topic.

Offline littleghoul

  • Bronze Member
  • Posts: 16
I was playing on facebook (I know) - using my laptop and my home wireless network, when I noticed my account said something to the effect that I was now accessing my account with my iphone (which I'm not) then my account started sending links using the chat box.  

I immediately closed the window and turned off my computer, it was late and I didn't have time to mess with it.  I logged on to facebook using my desktop that is not wireless and changed my password hoping that would help then went to bed.
That was Thursday night, then I got a people bug and was puking - so I never had a chance to address the issue until today.
I restarted the laptop to assess the damage and could not get online using my wireless connection.  It is showing my network as unknown and public.  Plus a new network named "virus completed2". I hope that is not me.
I ran a Norton scan, which found nothing and the Norton power eraser which found nothing.
I can get online by plugging in to my ethernet adapter, but not wirelessly.
I also don't have access to my system files.  I had to use an elevated command prompt just to be able to save my hijack this log file - which is right here

Here is my Hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:29:40 PM, on 2/25/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Users\TeamSkeie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TeamSkeie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TeamSkeie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TeamSkeie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Constant Guard Protection Suite (COM) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files (x86)\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe  /s
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\TeamSkeie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Constant Guard.lnk = C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Secure Backup and Share Status.lnk = C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: Comcast Secure Backup & Share Backup Service (ComcastSecureBackupSharebackup) - Secure Backup and Share - C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14379 bytes


IM STILL A LITTLE SICK SO I MAY BE ON AND OFF THE COMPUTER AS MY STOMACH ALLOWS.  ANY HELP WILL BE GREATLY APPRECIATED.


« Last Edit: February 25, 2012, 06:28:06 pm by Hoov »



Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7283
Re: possible malware - no wireless internet, network suddenly "hidden"
« Reply #1 on: February 25, 2012, 03:49:42 pm »
We no longer use HJT at SpywareHammer, go to this link at the top of the forum [NEW Instructions!] What Do I Do First? follow those instructions and post the DDS logs as a reply here, do not start a new log..

Thank you for your understanding,

kevinf80

Offline littleghoul

  • Bronze Member
  • Posts: 16
Re: possible malware - no wireless internet, network suddenly "hidden"
« Reply #2 on: February 25, 2012, 04:09:06 pm »
Is this the right one??

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by TeamSkeie at 14:03:47 on 2012-02-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3835.1785 [GMT -8:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SecureBackupShare\ComcastSecureBackupSharestat.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\SFT\GuardedID\x64\GIDD.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\TeamSkeie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TeamSkeie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TeamSkeie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TeamSkeie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Users\TeamSkeie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/?_bc=1
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Google Update] "C:\Users\TeamSkeie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [QuickFinder Scheduler] "C:\Program Files (x86)\WordPerfect Office 11\Programs\QFSCHD110.EXE"
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe  /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECURE~1.LNK - C:\Program Files (x86)\SecureBackupShare\ComcastSecureBackupSharestat.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{4174BE0A-A7D0-4062-8AD1-A29666782BAF} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5A7998AA-E9F0-4F6A-8878-05F8E19BEA49}\05552505C4544425 : DhcpNameServer = 192.168.0.1 205.171.3.25 192.168.1.1
TCP: Interfaces\{5A7998AA-E9F0-4F6A-8878-05F8E19BEA49}\157756374775966496 : DhcpNameServer = 192.168.9.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{5A7998AA-E9F0-4F6A-8878-05F8E19BEA49}\C416155796E64716 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{5A7998AA-E9F0-4F6A-8878-05F8E19BEA49}\C616175796E64716 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{5A7998AA-E9F0-4F6A-8878-05F8E19BEA49}\C696E6B6379737 : DhcpNameServer = 24.121.74.2 24.121.85.2 207.192.213.44
TCP: Interfaces\{5A7998AA-E9F0-4F6A-8878-05F8E19BEA49}\D697177756374763039313 : DhcpNameServer = 192.168.0.1 205.171.3.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64:     Canon Easy-WebPrint EX BHO - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
BHO-X64:     Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
BHO-X64:     Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64:     URLRedirectionBHO - No File
BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll
BHO-X64:     Constant Guard Protection Suite (COM) - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [QuickFinder Scheduler] "C:\Program Files (x86)\WordPerfect Office 11\Programs\QFSCHD110.EXE"
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe  /s
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-2-15 1157240]
R1 ComcastSecureBackupShareFilter;ComcastSecureBackupShareFilter;C:\Windows\system32\DRIVERS\ComcastSecureBackupShare.sys --> C:\Windows\system32\DRIVERS\ComcastSecureBackupShare.sys [?]
R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120224.002\IDSviA64.sys [2012-2-24 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ComcastSecureBackupSharebackup;Comcast Secure Backup & Share Backup Service;C:\Program Files\SecureBackupShare\ComcastSecureBackupSharebackup.exe [2010-12-14 16104]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-2-15 65096]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [2012-2-7 130008]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-7 138360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-25 136176]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-25 136176]
S3 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]
S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 370024]
.
=============== Created Last 30 ================
.
2012-02-25 20:32:17   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{FF1F3A71-859A-429B-B739-5D9467471C48}
2012-02-25 20:31:55   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{420BE253-F853-414A-AABF-1A7FF393B6B9}
2012-02-24 20:30:34   89960   ----a-w-   C:\Windows\SysWow64\SQSRVRES.DLL
2012-02-24 20:30:34   73064   ----a-w-   C:\Windows\SysWow64\perf-MSSQL$MSSMLBIZ-sqlctr10.3.5500.0.dll
2012-02-24 19:48:14   515584   ----a-w-   C:\Windows\System32\timedate.cpl
2012-02-24 19:48:14   478720   ----a-w-   C:\Windows\SysWow64\timedate.cpl
2012-02-24 19:48:07   498688   ----a-w-   C:\Windows\System32\drivers\afd.sys
2012-02-24 19:48:02   509952   ----a-w-   C:\Windows\System32\ntshrui.dll
2012-02-24 19:48:01   442880   ----a-w-   C:\Windows\SysWow64\ntshrui.dll
2012-02-24 19:48:00   3145728   ----a-w-   C:\Windows\System32\win32k.sys
2012-02-24 19:46:47   690688   ----a-w-   C:\Windows\SysWow64\msvcrt.dll
2012-02-24 19:46:47   634880   ----a-w-   C:\Windows\System32\msvcrt.dll
2012-02-24 18:54:23   388096   ----a-r-   C:\Users\TeamSkeie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-24 18:54:23   --------   d-----w-   C:\Program Files (x86)\Trend Micro
2012-02-23 19:21:42   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\NPE
2012-02-23 19:18:08   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{7F6E72D0-6783-4819-8C9F-C0657517A1BB}
2012-02-23 19:17:45   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{5FD112E0-F352-45BB-8C06-C906A368CFD8}
2012-02-23 01:41:15   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{65C151F2-F2A0-47D9-B418-05254063B58D}
2012-02-23 01:40:52   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{ED8A8B94-A544-4D8C-A293-E68CDD4D35B3}
2012-02-22 04:28:25   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{CB6A300B-3F93-4A8A-AC5A-2FD8EC9719EB}
2012-02-22 04:28:02   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{A53E92E7-3038-41DB-BDF9-D13F01EE4E58}
2012-02-21 16:27:31   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{59B38CA6-9F3F-4435-BA5D-6806AF521CA3}
2012-02-21 16:27:19   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{25E2C054-EC1E-4CCA-858D-F9E2D3AF2818}
2012-02-20 17:52:26   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{B9E7CAAB-46B8-4364-9588-91FE590A8EE2}
2012-02-20 17:52:14   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{16273431-3C11-4ACD-AA8D-107736F3F392}
2012-02-20 05:52:00   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{2E61BA1C-C717-4AB8-B681-9042CEE831F6}
2012-02-20 05:51:48   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{F7BDB036-9CE0-409F-B6EC-821BB7DF15C5}
2012-02-19 17:51:31   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{BD4C8A47-98F5-4078-81C3-06CE86CAFE79}
2012-02-19 17:51:18   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{256E4752-D7B4-4EE9-AA7A-C44756D54109}
2012-02-18 20:23:41   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{89346296-13C5-4184-98C9-EBE6FD9A8E7E}
2012-02-18 20:23:13   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{B5B51E95-0DCC-42A9-A18E-B9FEFCC0F3F1}
2012-02-17 17:36:04   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{7D181A2C-AAD4-4743-AC7D-4A863A1D7E77}
2012-02-17 17:35:41   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{D2FB50A7-D18D-49C5-B8FC-A02AADD1C908}
2012-02-17 05:31:35   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{418E9D78-E186-482B-A51F-2B5A3B2DB0AD}
2012-02-17 05:31:14   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{9CE2D14E-2DF8-43DB-A0BA-25BC58BE749A}
2012-02-16 17:16:55   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{A30B2E77-19FE-4EA1-ADA5-F49B0569F899}
2012-02-16 17:16:28   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{C40F4232-1469-460A-A717-73C9510C3F38}
2012-02-15 21:37:23   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{56557B1D-EC51-440C-A7B8-0FAF8349A60C}
2012-02-15 21:37:00   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{429F6B3D-BF85-405A-91F8-675BAC8B35BB}
2012-02-14 21:12:26   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{5B086471-2FF7-44E2-9CC5-32C20848039C}
2012-02-14 21:12:04   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{D55AC510-F477-4E35-AAF0-02E0EB8E68BB}
2012-02-13 22:23:42   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{86F3F376-4448-4ABA-A2F9-CD0935E30376}
2012-02-13 22:23:19   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{ECAC03ED-1CC7-4C6E-99B6-17BB5FD2DA86}
2012-02-13 01:45:55   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{E4387551-C5E7-43C8-A324-DAFA66EBFB7A}
2012-02-13 01:45:33   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{E4278534-D0ED-4290-9C4A-D38D5116CB51}
2012-02-11 22:50:46   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{8F762DB5-0BEE-4A05-A9E2-361238F0CBF7}
2012-02-11 22:50:24   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{8EE9CCBE-2FE5-43FA-9C69-627800799DFD}
2012-02-11 07:44:53   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{B241E346-AF1E-4F6C-AFE3-893168F4F45F}
2012-02-11 07:44:31   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{C7695B76-8E6F-4227-AD1E-8D2F047DF9B1}
2012-02-10 19:10:06   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{3DBCBF45-636C-4FFE-ABE2-E22AA8A0154A}
2012-02-10 19:09:45   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{8383F27A-3CB3-4A53-9963-D56B566D71F1}
2012-02-10 07:09:17   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{7B5398C8-8764-4AA5-92FF-CB0F9EB3EC87}
2012-02-10 07:08:54   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{AF0AC1C4-1807-41BD-877B-2D9739269409}
2012-02-09 18:31:54   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{263F993F-4ADA-48EC-B8BB-7FD6709DA05F}
2012-02-09 18:31:31   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{648D0AC2-1B43-4EBC-83CF-2570D3913651}
2012-02-09 05:19:44   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{0E39A0EF-C26A-4C88-BF53-33DEB7608BF0}
2012-02-09 05:19:22   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{863F8D4C-B473-4A6E-BE23-7FC961FD1EC2}
2012-02-08 17:18:54   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{95C7EBFA-B3D9-4CC7-9374-30FB8F82F1C1}
2012-02-08 17:18:33   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{16045B5D-9841-437E-8CE2-5625A4A686AE}
2012-02-07 22:21:46   912504   ----a-w-   C:\Windows\System32\drivers\N360x64\0502000.00D\symefa64.sys
2012-02-07 22:21:46   744568   ----a-w-   C:\Windows\System32\drivers\N360x64\0502000.00D\srtsp64.sys
2012-02-07 22:21:46   450680   ----a-w-   C:\Windows\System32\drivers\N360x64\0502000.00D\symds64.sys
2012-02-07 22:21:46   40568   ----a-w-   C:\Windows\System32\drivers\N360x64\0502000.00D\srtspx64.sys
2012-02-07 22:21:46   386168   ----a-w-   C:\Windows\System32\drivers\N360x64\0502000.00D\symnets.sys
2012-02-07 22:21:46   171128   ----a-r-   C:\Windows\System32\drivers\N360x64\0502000.00D\ironx64.sys
2012-02-07 22:21:29   --------   d-----w-   C:\Windows\System32\drivers\N360x64\0502000.00D
2012-02-07 20:05:35   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{C1FA2325-0FBA-4F80-9652-EFC4BEAD5958}
2012-02-07 20:05:13   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{2FD43534-87B9-4A8A-9835-7A988D3A2DE3}
2012-02-07 07:17:50   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{5B93A869-AB26-4C47-B09E-6038E603001C}
2012-02-07 07:17:28   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{B2FD18C3-65E0-4764-95B7-58B6E6738B93}
2012-02-06 16:25:24   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{27508D80-9F90-40CA-9F96-61C8C1C6E39B}
2012-02-06 16:25:02   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{D8BA20FD-4E05-4724-905C-92E0F441368B}
2012-02-06 04:24:31   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{DECFF1CB-AEC3-4BE1-8390-7AF79860EF3F}
2012-02-06 04:24:03   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{6990E142-7B87-408E-98DB-1AA5DD177579}
2012-02-06 00:50:23   --------   d-----w-   C:\Program Files\iPod
2012-02-06 00:50:22   --------   d-----w-   C:\Program Files\iTunes
2012-02-06 00:50:22   --------   d-----w-   C:\Program Files (x86)\iTunes
2012-02-04 01:40:14   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{FF14D5C9-06ED-4A4D-9505-AF129235FFFA}
2012-02-04 01:40:00   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{C43855BF-4BD0-4E34-AA1B-D4CAD95AFC40}
2012-02-02 18:12:20   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{420385D6-4A96-4BD6-A95E-3AF632A6535D}
2012-02-02 18:11:58   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{AE9A1907-C97D-4594-B3B9-A2B5DE0E04A7}
2012-02-02 05:02:20   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{E67767C5-107C-429B-AA19-127A2124F9E6}
2012-02-02 05:01:58   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{1827D9B0-64BB-4739-B87F-5FCECE869DAD}
2012-02-01 20:20:16   1292080   ----a-w-   C:\Windows\SysWow64\ntdll.dll
2012-02-01 20:20:15   1731920   ----a-w-   C:\Windows\System32\ntdll.dll
2012-02-01 20:20:04   77312   ----a-w-   C:\Windows\System32\packager.dll
2012-02-01 20:20:04   67072   ----a-w-   C:\Windows\SysWow64\packager.dll
2012-02-01 15:48:28   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{7A2A8B2F-7D87-44D8-861D-1E8EFC9F7CC7}
2012-02-01 15:48:06   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{8DA85EE7-FF1A-4052-A83C-54B95D20FEB9}
2012-01-31 19:23:05   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{95C76580-CF70-447E-8D0E-75F9EA229DE3}
2012-01-31 19:22:42   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{D5F158F7-AFD9-4979-BA8F-824D943F9239}
2012-01-30 21:55:24   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{FF633BF3-432A-42A5-A94D-2CE94705B02E}
2012-01-30 21:55:02   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{A293A9D6-7E51-41DC-A31C-1073889356DE}
2012-01-30 01:49:53   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{86635FF7-BC2A-47C3-BD2C-5258CB5673C8}
2012-01-30 01:49:38   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{D5C52699-A45A-40A3-A8EF-AC442D276224}
2012-01-28 17:50:54   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{988ED037-C51B-4225-A615-AC54FB50FA6E}
2012-01-28 17:50:32   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{89870A03-6330-4194-8EE0-66DEC2607AD7}
2012-01-28 02:23:56   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{27AEFB15-32A3-4D3E-A8AC-4830ED320114}
2012-01-28 02:23:37   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{AEFDD34E-515A-4803-B6F8-AEAA52977C03}
2012-01-27 14:12:59   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{62CDA46E-86F1-4981-AB63-21961CB8A0C3}
2012-01-27 14:12:38   --------   d-----w-   C:\Users\TeamSkeie\AppData\Local\{338F75E0-C88C-4D2C-8101-3755FDC78305}
2012-01-26 22:43:03   --------   d-----w-   C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
.
==================== Find3M  ====================
.
2012-02-23 19:02:40   472808   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2012-02-22 02:23:17   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-19 21:42:38   60304   ----a-w-   C:\Users\TeamSkeie\g2mdlhlpx.exe
2011-12-16 08:47:38   1188864   ----a-w-   C:\Windows\System32\wininet.dll
2011-12-16 07:54:22   981504   ----a-w-   C:\Windows\SysWow64\wininet.dll
2011-12-16 06:44:38   1638912   ----a-w-   C:\Windows\System32\mshtml.tlb
2011-12-16 06:09:17   1638912   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 14:04:26.38 ===============

Offline littleghoul

  • Bronze Member
  • Posts: 16
Re: possible malware - no wireless internet, network suddenly "hidden"
« Reply #3 on: February 25, 2012, 04:12:06 pm »
Here is the other log file

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/20/2010 8:17:16 AM
System Uptime: 2/24/2012 12:11:17 PM (26 hours ago)
.
Motherboard: Hewlett-Packard |  | 143F
Processor: AMD Turion(tm) II P540 Dual-Core Processor | Socket S1G4 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 447 GiB total, 378.535 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 2.726 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 0 GiB total, 0.087 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP121: 2/20/2012 3:20:28 PM - Scheduled Checkpoint
RP122: 2/23/2012 11:01:16 AM - Installed Java(TM) 6 Update 31
RP123: 2/24/2012 9:07:05 AM - Windows Modules Installer
RP124: 2/24/2012 10:54:01 AM - Installed HiJackThis
RP125: 2/24/2012 11:48:33 AM - Windows Update
RP126: 2/24/2012 12:23:51 PM - Windows Update
.
==== Installed Programs ======================
.
.
Acrobat.com
Adobe AIR
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
Amazon Kindle
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Bejeweled 2 Deluxe
Bing Bar
Bing Rewards Client Installer
Business Contact Manager for Microsoft Outlook 2010
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.1
Canon MX870 series User Registration
Canon Speed Dial Utility
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CinemaNow Media Manager
Constant Guard Protection Suite
Corel Applications
CyberLink DVD Suite
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DVD Menu Pack for HP MediaSmart Video
Energy Star Digital Logo
erLT
ESU for Microsoft Windows 7
Google Chrome
Google Earth
Google Update Helper
GoToMeeting 5.1.0.880
GuardedID
Hewlett-Packard ACLM.NET v1.1.2.0
HiJackThis
HP Advisor
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
Hulu Desktop
IDES4 Music Data Management Software
IDT Audio
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
LabelPrint
LightScribe System Software
Logitech SetPoint
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
Mobipocket Reader 6.2
Movie Theme Pack for HP MediaSmart Video
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Online Backup
Norton Security Suite
PhotoNow!
Power2Go
PowerDirector
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
Recovery Manager
Roxio CinemaNow 2.0
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Service Pack 3 for SQL Server 2008 (KB2546951)
Sibelius Scorch (ActiveX Only)
Sql Server Customer Experience Improvement Program
Times Reader
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update Installer for WildTangent Games App
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WordPerfect Office 11
.
==== Event Viewer Messages From Past Week ========
.
2/25/2012 9:32:32 AM, Error: bowser [8003]  - The master browser has received a server announcement from the computer SKEIE-2008 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4174BE0A-A7D0-4062-8AD1-A29666782BAF}. The master browser is stopping or an election is being forced.
2/24/2012 12:27:32 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001]  - The ICS_IPV6 failed to configure IPv6 stack.
2/24/2012 12:24:49 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
2/24/2012 12:14:13 PM, Error: Service Control Manager [7022]  - The Diagnostic Service Host service hung on starting.
2/24/2012 12:13:43 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/23/2012 9:44:23 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{4174BE0A-A7D0-4062-8AD1-A29666782BAF} because another computer on the network has the same name.  The server could not start.
2/23/2012 2:32:19 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
2/23/2012 2:11:55 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
2/23/2012 2:11:54 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
2/23/2012 2:08:41 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/23/2012 2:08:40 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/23/2012 2:08:40 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/23/2012 2:08:40 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/23/2012 2:08:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/23/2012 2:08:37 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
2/23/2012 2:08:33 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/23/2012 2:06:37 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD BHDrvx64 ComcastSecureBackupShareFilter DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
2/23/2012 2:06:37 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/23/2012 2:06:37 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
2/23/2012 2:06:37 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
2/23/2012 2:06:37 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
2/23/2012 2:06:37 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
2/23/2012 2:06:37 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
2/23/2012 2:06:37 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
2/23/2012 2:06:37 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
2/23/2012 2:06:37 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
2/23/2012 11:56:26 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  and APPID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  to the user TeamSkeie-HP\TeamSkeie SID (S-1-5-21-2936744551-1845201072-548879614-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/23/2012 1:50:44 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
2/23/2012 1:49:11 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service lltdsvc with arguments "" in order to run the server: {5BF9AA75-D7FF-4AEE-AA2C-96810586456D}
2/23/2012 1:05:55 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
2/23/2012 1:05:39 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  BHDrvx64 ComcastSecureBackupShareFilter discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
2/22/2012 8:14:07 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
2/22/2012 8:14:07 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IDVaultSvc service.
.
==== End Of File ===========================

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 25207
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.Also tell me any other problems you are having, no matter how small or long you have been dealing with them.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

Now onto trying to fix your computer.


The first thing I would do is to secure your Facebook account. Go to this page, http://www.facebook.com/hacked, log in and then click on the button and follow the instructions.

Once you have that rolling,

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot''s Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes'' Anti-Malware
    • Launch Malwarebytes'' Anti-Malware
    • Then click Finish.
    MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
    On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
    • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    • When the scan is finished, a message box will say "The scan completed successfully. Click ''Show Results'' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    Back at the main Scanner screen:
    • Click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM''s database version and your operating system.
    • Exit MBAM when done.
    Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


    Also let me know if you notice any other problems with your computer.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline littleghoul

    • Bronze Member
    • Posts: 16
    OK in answer to your questions:
    1. I haven't really done anything other than checking my router settings and checking my other devices to make sure the problem was with my laptop. I ran Norton, as I said earlier and it found nothing, and I went through the windows links to try and fix the wireless problem.  It tells me that it was unable to connect to my hidden network N (which is not hidden- it can name it and everything). or it connects but tells me there is no internet access. Im using a linksys wireless b, and have no problems with my wireless printer, wii or kindle using the same router.  I rebooted the router and played with the settings on it, but nothing worked and in the end I just went back to my original router settings.
    I guess I'm not having any other problems other than several months ago I lost my ability to print from Wordperfect.  I figure there is a conflict somewhere and since I can print from Word and everywhere else, it hasn't been a problem.  I haven't bothered trying to fix it.

    2. no prob.  I haven't posted anywhere else so the job's all yours :-)

    3.  So far your instructions are VERY detailed and easy to follow, will let you know if I ever get confused

    4. I always have faith :-)

    5.  I'm stuck with you to the bitter end.  Should we say some vows??

    I use Comcast Secure Backup and Share and I have all of my files being backed up.  I don't think I have my system getting backed up though.  Let me know if this is a problem.

    I don't have software that I am aware of that encrypts to my harddrive.  I don't really know which software WOULD encript to my harddrive, so I guess I'm not much help there.  Perhaps the log files I posted earlier will tell you if I have any such software.

    This computer belongs only to me, and to my husband when he fights me for it.  I'm the only IT department.

    I secured my facebook account - pretty much just had me change my password again - but it did notify them of the problem so that's good.  Thanks for the link!

    I downloaded and ran MBAM. - here are the results


    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.25.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    TeamSkeie :: TEAMSKEIE-HP [administrator]

    Protection: Enabled

    2/25/2012 8:32:01 PM
    mbam-log-2012-02-25 (20-32-01).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 196891
    Time elapsed: 5 minute(s), 19 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    HMMMM - so does that mean I am not infected and it was a total coincidence that I lost my wireless capability after the facebook hack?

    Offline littleghoul

    • Bronze Member
    • Posts: 16
    I just tried to access wireless network - not successful
    "windows was unable to connect" I clicked on troubleshoot link, it reset the network adapter, didn't resolve the problem.  Told me to investigate router and access point issues.

    my network shows in the list of networks in range when I click on the wireless icon in the notification area.  Funny, that it doesn't show my network security though.  I says
    Name:  Mlskeie
    Signal strength:  Excellent
    Radio Type:  802.11b
    SSID:  Mlskeie

    I am using WEP security, since that is all my lynksys wireless B router allows.  I have the correct key entered under properties.
    thought this little bit of info might help - don't know.

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25207
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    About the backup, as long as your personal files are backed up, the rest can be recreated as needed. About the encryption, it is pretty ,much if you don't know what it is, then you don't have it. No worries there. As for Malwarebytes' Anti-Malware not finding anything, that may mean you are clean, but it really means that it found nothing. There are other baddies out there that Malwarebytes' Anti-Malware doesn't see.

    Try turning your WEP security off and see if you can connect.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline littleghoul

    • Bronze Member
    • Posts: 16
    ok, wierd,  It connects but creates a new one
    Mlskeie 2
    internet access
    public network

    Shows as mlskeie on my list, but at the very top is shows it as mlskeie 2, and does not recognize it as my home network.

    Offline littleghoul

    • Bronze Member
    • Posts: 16
    it just popped up a prompt to "select a location for mlskeie 2" as home, public, etc.  I don't know what I should click.  Should I leave it public?  I don't know what the "2" business is about.

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25207
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    It sounds like the first connection is not fully recognized.

    Click Start. click run, type: cmd, and press CTRL+SHIFT+Enter
    Type: netsh winsock reset, and then press the ENTER key.
    Type: Exit and press ENTER.
    Restart the computer.

    Now see if the original connection can be made.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline littleghoul

    • Bronze Member
    • Posts: 16
    I tried it.  No change.  still can't connect using WEP and when it's turned off it creates the mlskeie 2 server.

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25207
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    Unplug the power to the router (or modem) and reboot the computer at the same time. See if you can connect with WEP enabled.

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

    Offline littleghoul

    • Bronze Member
    • Posts: 16
    tried it, no change.  Actually i had to reboot the router the first go round too because I lost internet to everything, but that's not uncommon with this router.

    On a side note, my network shows up differently on the list of available networks - there is no "check box" for  the connect automatically setting and when I rest my curser on it, there is no line for security type - not even to say unsecured.  The other networks listed all have the name, signal strength, security type, radio type, and ssid.  Mine is missing the security type.  Plus, when I click on it, it does not prompt me to enter the network security key.

    Offline Hoov

    • Malware Removal Mentors
    • Global Moderator
    • Diamond Member
    • Posts: 25207
    • Unwilling part owner of Gov't. Motors and Chrysler
      • Hoov's Personal Site
    It is possible there is something causing the problems.

    * Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

    Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

    Please include the C:\ComboFix.txt in your next reply for further review.

    Note:
    Do not mouseclick combofix''s window while it''s running. That may cause it to stall

    Consumer Security

    If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!