Need help with laptop

Help
2012-03-26
2014-04-15
  • Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:02:31 AM, on 2012-03-26
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\drivers\audio\r190031\stacsv.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\WINDOWS\system32\ScholasticAgent\bin\AgentService.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ScholasticAgent\jre\0\bin\javaw.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\BtTray.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\queenbee.VLDOMAIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\queenbee.VLDOMAIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\queenbee.VLDOMAIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\queenbee.VLDOMAIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\queenbee.VLDOMAIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\queenbee.VLDOMAIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\queenbee.VLDOMAIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\queenbee.VLDOMAIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Documents and Settings\queenbee.VLDOMAIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Documents and Settings\queenbee.VLDOMAIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run:  "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run:  "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run:  "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run:  "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run:  C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run:  "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run:  %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run:  %SystemRoot%\system32\AESTFltr.exe /NoDlg
    O4 - HKLM\..\Run:  nwiz.exe /installquiet
    O4 - HKLM\..\Run:  RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run:  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run:  "C:\Program Files\Pando Networks\Media Booster\PMB.exe"
    O4 - HKCU\..\Run:  "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run:  C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run:  "C:\Documents and Settings\queenbee.VLDOMAIN\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    O4 - HKCU\..\Run:  "C:\Documents and Settings\queenbee.VLDOMAIN\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" -type=service
    O4 - HKUS\S-1-5-21-2000478354-1770027372-839522115-500\..\Run:  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Administrator')
    O4 - HKUS\S-1-5-21-2000478354-1770027372-839522115-500\..\Run:  C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
    O4 - HKUS\S-1-5-21-2000478354-1770027372-839522115-500\..\Run:  "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (User 'Administrator')
    O4 - HKUS\S-1-5-21-2000478354-1770027372-839522115-500\..\Run:  C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (User 'Administrator')
    O4 - HKUS\S-1-5-21-2000478354-1770027372-839522115-500\..\Run:  "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (User 'Administrator')
    O4 - HKUS\S-1-5-21-2000478354-1770027372-839522115-500\..\Run:  C:\Program Files\Pando Networks\Media Booster\PMB.exe (User 'Administrator')
    O4 - HKUS\S-1-5-21-2000478354-1770027372-839522115-500\..\Run:  C:\Documents and Settings\Administrator\Local Settings\Application Data\srlnypxye\qwdfyoctssd.exe (User 'Administrator')
    O4 - HKUS\S-1-5-21-734575759-1666220108-1305410765-1005\..\Run:  C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'queenbee')
    O4 - HKUS\S-1-5-18\..\Run:  "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce:  %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run:  "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce:  %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - S-1-5-21-2000478354-1770027372-839522115-500 Startup: Stardock ObjectDock.lnk.disabled (User 'Administrator')
    O4 - S-1-5-21-2000478354-1770027372-839522115-500 Startup: ZooskMessenger.lnk.disabled (User 'Administrator')
    O4 - S-1-5-21-2000478354-1770027372-839522115-500 User Startup: Stardock ObjectDock.lnk.disabled (User 'Administrator')
    O4 - S-1-5-21-2000478354-1770027372-839522115-500 User Startup: ZooskMessenger.lnk.disabled (User 'Administrator')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.netflix.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VLDomain.local
    O17 - HKLM\Software\..\Telephony: DomainName = VLDomain.local
    O17 - HKLM\System\CCS\Services\Tcpip\..\{11820B59-6C56-44F1-94BA-D8A6D5CCB160}: NameServer = 10.29.0.64,10.5.0.7,10.5.0.8
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VLDomain.local
    O17 - HKLM\System\CS1\Services\Tcpip\..\{11820B59-6C56-44F1-94BA-D8A6D5CCB160}: NameServer = 10.29.0.64,10.5.0.7,10.5.0.8
    O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = VLDomain.local
    O17 - HKLM\System\CS4\Services\Tcpip\..\{11820B59-6C56-44F1-94BA-D8A6D5CCB160}: NameServer = 10.29.0.64,10.5.0.7,10.5.0.8
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    O23 - Service: FlipShare Server (FlipShareServer) - Unknown owner - C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: ScholasticAgent - Unknown owner - C:\WINDOWS\system32\ScholasticAgent\bin\AgentService.exe
    O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
    O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r190031\stacsv.exe
    O23 - Service: NTRU TSS v1.2.1.27 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    • End of file - 15340 bytes
     
  • Hi,

    Sorry for the late reply but could you please explain quickly the behavior happening on your machine?

    Thanks

     
  • Hi queenbee,

    You have probably been studiously ignored as you have given too little information to assist you. From a brief scan of the orphan listing however I can already tell a few things about your system.

    Other than the fact your Dell is full of crapware, the following line points to a little critter running around inside your machine:

    O4 - HKUS\S-1-5-21-2000478354-1770027372-839522115-500\..\Run:  C:\Documents and Settings\Administrator\Local Settings\Application Data*srlnypxye\qwdfyoctssd.exe* (User 'Administrator')

    Why an administrator level random named executable should be running from your data area is something you may wish to ponder.

    Of course you have other issues, but that should be enough to start you off on your voyage of discovery.

    This forum should not be where you post a report of the output of HiJackthis and ask for help to solve your laptop problems - for that go to reputed websites such as MajorGeeks, BleepingComputer, TrendMicro, who will assist you with malware removal. Avoid prevx. Make sure you follow the rules of each of these web sites and give a full and accurate description of your problem and supply the requested information.

    This post was made to indicate the power of HiJackthis as part of a comprehensive toolkit to assist with identification of problems.

    BB

     
  • Please open tickets in tickets/support section