I've been working intermittently over a month trying to eliminate/document a virus/malware attack on home PC running Windows Vista Home Premium SP2. I mistakenly clicked what I thought were McAfee popups, but weren't McAfee. The PC now functions in Safe Mode, but locks up early in about any direction I want to go after typical boot & usual desktop display- if I get that far: no printer access in safe mode, no internet, etc. Trying to do anything outside of Safe Mode is nearly impossible. All inserted logs were typed on second computer as can't print or email them and am concerned re putting them on disc or flashdrive & possibly infecting next computer.
There is a possible Recovery(ies) save on disc(s), but would like to attempt that as last resort as subsequent stuff would be lost. Before reading evilfantasy's post of 11/9/07 'Computer Hope Virus and Spyware section Guidelines', I read another post on the same topic in Computer Hope and mistakenly followed it, believing it would fix my PC. I installed/ran ARO 2011 up to the point that they wanted to get paid for more sw/services. That enabled functionality for approx 2 wks, but eventually a couple of "blue screens of death" & errant lock-ups led to consistent problems getting past the start-up mode in a typical reboot. ARO prompts to "Keep these errors", "Fix Them Free", or "Buy Now". "Fix Them Free" entails buying something else from a selection of other vendors and goods. Following is an attempt to provide you the information you request in sequence evilfantasy delineated:
I have anti-virus/security suite installed that comes with 'AT&T Internet Security Suite Powered by McAfee'. At the beginning of this it showed "Real Time Scanning: On" "Updates: Current", "Firewall: On", and "Subscription" Active". I can reach nothing that tells me version or further details. Now- there's an omnipresent display of AT&T/McAfee pop-up of "Your computer is at risk" and "Real Time Scanning is Off". But, in attempting to engage Real-Time Scanning, it momentarily flashes on (green indications), then back off (red indications).
There was nothing noteworthy I recall or have in notes regarding Add or Remove Programs. I know I sifted thru the listings per the sequence request.
3/8- CCleanerSlim installed and ran. No cookies deleted- none I wanted to delete.
3/8- SUPERAntiSpyware installed and ran. Log copied & pasted:
SUPER Antispyware Scan Log
http://www.superantispyware.comGenerated 03/08/2011 at 11:40 PM
Application version: 4.49.1000
Core Rules Database Version: 6553
Trace Rules Database Version: 4365
Scan Type: Complete Scan
Total Scan Time: 01:35:40
Memory Items Scanned: 347
Memory Threats Detected: 0
Registry Items Scanned: 13502
Registry Threats Detected: 0
File Items Scanned: 183893
File Threats Detected: 48
Adware. Tracking Cookie
a.ads2.msads.net [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash
Player#SharedObjects\GSBL3PGD ]
acvs.mediaonenetwork.net [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash
Player#SharedObjects\GSBL3PGD ]
b.ads2.msads.net [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash
Player#SharedObjects\GSBL3PGD ]
banners.securedataimages.com [
C:\Users\DRC\AppData\Roaming\Macromedia\Flash\Player#SharedObjects\GSBL3PGD ]
broadcast.pixmedia.fr [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash
Player#SharedObjects\GSBL3PGD ]
cdn2.invitemedia.com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash
Player#SharedObjects\GSBL3PGD ]
cdn4.invitemedia.com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash
Player#SharedObjects\GSBL3PGD ]
cdn5.invitemedia.com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player#SharedObjects\GSBL3PGD ]
cloudfront.mediamatters.org [
C:\Users\DRC\AppData\Roaming\Macromedia\Flash\Player#SharedObjects\GSBL3PGD ]
content.yieldmanager.edgesuite.net [
C:\Users\DRC\AppData\Roaming\Macromedia\Flash\Player#SharedObjects\GSBL3PGD ]
core.insightexpressai.com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
ia.media-imdb.com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
interclick.com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
m1.2ndn.net com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
m2.media-yoomee.com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
macromedia.com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
media-ut.pictela.net [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
media.entertonement.com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
media.ign.com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
media.kyte.tv [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
media.lintvnews.com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
media.mtvnservices.com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
media.scanscout.com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
media.vmixcore.com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
media1.break.com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
media10.washingtonpost.com [
C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
mediaforgews.com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
msnbcmedia.msn.com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
objects.tremormedia.com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
s0.2mdn.net [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
secure-us.imrworldwide.com com [com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
spe.atdmt.com com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
static.2mdn.net [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
static.xxxmatch.com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
udn.specificclick.net [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
www.naiadsystems.com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
www.nudebeachteens.net [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
www.porntube.com [ C:\Users\DRC\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GSBL3PGD ]
C:\Users\DRC\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected][2].txt
C:\Users\DRC\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected][1].txt
C:\Users\DRC\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected][2].txt
C:\Users\DRC\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected][1].txt
C:\Users\DRC\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected]er[2].txt
C:\Users\DRC\AppData\Roaming\Microsoft\Windows\Cookies\Low\drc@doubleclick[1].txt
C:\Users\DRC\AppData\Roaming\Microsoft\Windows\Cookies\Low\drc@invitemedia[2].txt
C:\Users\DRC\AppData\Roaming\Microsoft\Windows\Cookies\Low\drc@legolas-
Media[1].txt
C:\Users\DRC\AppData\Roaming\Microsoft\Windows\Cookies\Low\drc@pointroll
[1].txt
C:\Users\DRC\AppData\Roaming\Microsoft\Windows\Cookies\Low\drc@serving-
Sys[1].txt
3/13- Loaded & ran Malwarebytes AntiMalware. Log copied & pasted:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.orgDatabase version: 5363
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005
3/13/2011 9:37:44 PM
mbam-log-2011-03-13 (21-37-44).txt
Scan type: Quick Scan
Objects scanned: 156587
Time elapsed: 2 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Valued Infected:0
Registr Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items affected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.orgDatabase version: 5363
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005
3/13/2011 10:22:54 PM
mbam-log-2011-03-13 (22-22-54).txt
Scan type: Full scan (C:\|)
Objects scanned: 319800
Time elapsed: 39 minute(s), 5 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Valued Infected:0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items affected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Java 6 Update 24 is loaded on the problem PC. Windows Installer Service could not be accessed to unload Java 6 Update 5 (in Safe Mode).
3/15- HiJack This installed and run. Log copied & pasted:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:57:02 AM, on 3/15/2011
Platform: Windows Vista sp2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Safe mode
Running processes"
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://att.my.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://att.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start
http://www.att.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer
= :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files (x86)\Yahoo!\Companion\Installs|cpn\yt.d11
F2 - REG:system.ini: UserInit=userinit.exe
01 - Hosts: ::1 localhost
02 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
02- BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D-784B7D6BE0B3} -
C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
02- BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-OBBC1D38A37E} -
C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
02- BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files
(x86)\Common Files\McAfee\System Core\ScriptSn.20110222190658.dll
02- BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -
c:\PROGR~2\mcafee\SITEAD~1\mcieplg.dll
02- BHO: Java(tm) Plug-In- 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -
C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
02- BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program
Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
03 - Toolbar: Yahoo! Toobar - {EF99BDC32-C1FB-11D-892F-0090271D4F88} - C:\Program
Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
03 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
- c:\PROGR~2\mcafee\SITEAD~1\mcieplg.dll
04 - HKLM\..\Run: [StartCCC] "C:Program Files (x86)\ATI
Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe
04 - HKLM\..\Run: [LedKey] CNYHKey.exe
04 - HKLM\..\Run: [Smart Copy] "C:\Program Files (x86)\IOI\Smart
Copy\ButtonMonitor.exe" -A
04 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)
\CyberLink\Power2Go\MUITransfer|MUIStartMenu.exe" "C:\Program Files (x86)
\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
Update\HPWuSchd2.exe
04 - HKLM\..\Run: [RetroExpress] C:\PROGRA~2\RETROS~1\RETROS~1.0\RetroExpress.exe
/h
04 - HKLM\..\Run: [GrooveMonitor] "C:Program Files (x86)\Microsoft
Office\Office12\GrooveMonitor.exe"
04 - HKLM\..\Run: [Check Point Endpoint Security] "C:\Program Files (x86)
\CheckPoint\Endpoint Connect\TrGUI.exe"
04 - HKLM\..\Run: [SunJavaUpdatSched] "C:\Program Files (x86)\Common
Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)
\Adobe\Reader 8.0\Reader\Reader_sl.exe"
04 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0
\AdobeARM.exe"
04 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe"
/runkey
04 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common
Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
04 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
04 - HKCU\..\Run: [AROReminder] C:\Program Files (x86)\ARO 2011\ARO.exe -rem
/detectMem (User 'LOCAL SERVICE')
04 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe
ooberfldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
04 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe
/detectMem (User 'NETWORK SERVICE')
04 - Global Startup: BigFix.lnk = C\Program Files\BigFix\bigfix.exe
04 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)
\HP\Digital Imaging\bin\hpqtra08.exe
08 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2
\MICROS~2\Office12\EXCEL.EXE/3000
09 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
09 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-
5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
09 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
09 - Extra button:HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} -
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpsqp_BHO.dll
016 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlitt-Packard Online Support
Services) -
https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB016 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
016 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) -
http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab016 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} -
http://www.trueswitch.com/TruInstall.exe018 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -
c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
018 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
018 - Protocol: sacore - {5513507E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2
\mcafee\SITEAD~1\mcieplg.dll
022 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-
11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
023 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program
Files\SUPERAntiSpyware\SASCORE64.EXE
023 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner
- C:\Windows\system32\agr64svc.exe (file missing)
023 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner -
- C:\Windows\system32\alg.exe (file missing)
023 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32
\Ati2evxx.exe (file missing)
023 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32
\DFSR.exe (file missing)
023 - Service: Empowering Technology Service (ETService) - Unknown owner -
C:\Program Files\GATEWAY\Gateway Recovery Management\Services\ETService.exe
023 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)
\Gateway Games\Gateway Game Console\GameConsoleService.exe
023 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. -
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
023 - Service: @keyiso.dll,-100 (KeyIso)- Unknown owner - C:\Windows\system32
\lsass.exe (file missing)
023 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files
(x86)\McAfee\SiteAdvisor\McSACore.exe
023 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. -
C:\Program Files\Common Files\McAfee\McSvcHost\McSvcHost.exe
023 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program
Files\Common Files\McAfee\\McSvcHost\McSvcHost.exe
023 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program
Files\Common Files\McAfee\McSvcHost\McSvcHost.exe
023 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program
Files\Common Files\McAfee\McSvcHost\McSvcHost.exe
023 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program
Files\McAfee\VirusScan\mcods.exe
023 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program
Files\Common Files\McAfee\McSvcHost\McSvcHost.exe
023 - Service: McShield - McAfee, Inc. - C:\Program Files\Common
Files\McAfee\SystemCore\mcshield.exe
023 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program
Files\Common Files\McAfee\SystemCore\\mfefire.exe
023 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown
owner - C:\Windows\system32\mfevtps.exe (file missing)
023 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\system32
\msdtc.exe (file missing)
023 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown
owner - C:\Windows\system32\lsass.exe (file missing)
023 - Service: MaxSyncService (NTService1A) - - C:\Program Files (x86)
\Maxtor\Utils\SyncServices.exe
023 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) -
Unknown owner - C:\Windows\system32\lsass.exe (file missing)
023 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC
Corporation - C:\Program Files (x86)\Retrospect\Retrospect Express HD 2.0
\retrorun.exe
023 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner -
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
023 - Service: @%systemroot%\system32\Locater.exe,-2 (RcpLocator) - Unknown owner
- C:\Windows\system32\locator.exe (file missing)
023 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner -
C:\Windows\system32\lsass.exe (file missing)
023 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner -
C:\Windows\system32\SLsvc.exe (file missing)
023 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner
- C:\Windows\system32\snmptrap.exe (file missing)
023 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owern-
C:\Windows\system32\spoolsv.exe (file missing)
023 - Service: Check Point Endpoint Security (TracSrvWrapper) - Check Point
Software Technologies - C:\Program Files (x86)\CheckPoint\Endpoint
Connect\TracSrvWrapper.exe
023 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown
owner - C:\Windows\system32\UI0Detect.exe (file missing)
023 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner -
C:\Windows\system32\vds.exe (file missing)
023 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner -
C:\Windows\system32\vssvc.exe (file missing)
023 - Service: @%Systemroot%\system32\wbem\WmiApSrv.exe,-110 (wmiApSrv) - Unknown
owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
023 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101
(WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media
Player\wmpnetwk.exe (file missing)
023 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file
missing)
--
End of file - 11186 bytes
I tried running the 'Self-Help: Using the Computer Hope HiJack This process Tool'. I have a couple of problems:
1) Some Processes are not "recognized"(?), because I may have "word-wrap
' on? Again, I'm concerned about infecting a 2nd computer by copying the logs (IF I could), and therefore have tried to retype what I see including the spacing (apparently somewhat unsucessfully).
2) Because my Vista is a 64bit OS, I shouldn't trust the Tool anyway?
3) Given both these factors, I should trust the 'Getting your system clean' sequence?
Thanks for any advice you can offer. I've read a success story or two or three regarding malware on this section of Computer Hope. But, it would be fair to say I'm not brimming with confidence re my personal judgement and experience on this topic. Thank you.