Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- McAfee Support Community
- :
- Security Awareness
- :
- Malware
- :
- WebcamDellB.exe using up all the CPU's power ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-16-2009
11:09 AM
WebcamDellB.exe using up all the CPU's power ...
So -- the boss' wife asked for some help with her new Dell laptop -- I set it up for her about three months ago, and it's running sloooowly ....
I checked the active processes, and WebcamDellB.exe is running like a horse with a bushel of hot peppers up its **bleep** -- it's using about 50% of her CPU capacity all the time. And this is (was) a pretty powerful little computer.
So ... maybe there's some geek in Massachusetts watching her at her desk all the time, or maybe there's just a switch somewhere that's been switched.
I know I can click on 'End process' and (likely) stop it right there. But is there something more sinister afoot? Should I be looking for a particular virus?
If not, is there a particular procedure that I should use to end this process, that would keep it from restarting the next time she turns her computer on?
Your help is much appreciated!
I ran HijackThis, and here is the report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:18:22, on 6/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r190031\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Network Associates\common framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PROT_SRV.EXE
C:\WINDOWS\system32\pagents.exe
C:\WINDOWS\system32\PSTARTSR.EXE
C:\WINDOWS\system32\svchost.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtTray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Pointsec\P95tray.exe
C:\Program Files\Network Associates\common framework\UdaterUI.exe
C:\Program Files\Protocom\SecureLogin\slproto.exe
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\program files\dell printers\Additional Color Laser Software\Updater\DLUPDR.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\common framework\McTray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\PROGRA~1\Protocom\SECURE~1\slbroker.exe
C:\Program Files\IG Advantage\Igconsys\ConSched.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DellTPad\Apntex.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Protocom\SecureLogin\slwinsso.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\IG Advantage\IGAdvantage.exe
C:\Program Files\IG Advantage\Secsub\SecSub.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
I checked the active processes, and WebcamDellB.exe is running like a horse with a bushel of hot peppers up its **bleep** -- it's using about 50% of her CPU capacity all the time. And this is (was) a pretty powerful little computer.
So ... maybe there's some geek in Massachusetts watching her at her desk all the time, or maybe there's just a switch somewhere that's been switched.
I know I can click on 'End process' and (likely) stop it right there. But is there something more sinister afoot? Should I be looking for a particular virus?
If not, is there a particular procedure that I should use to end this process, that would keep it from restarting the next time she turns her computer on?
Your help is much appreciated!
I ran HijackThis, and here is the report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:18:22, on 6/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r190031\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Network Associates\common framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PROT_SRV.EXE
C:\WINDOWS\system32\pagents.exe
C:\WINDOWS\system32\PSTARTSR.EXE
C:\WINDOWS\system32\svchost.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtTray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Pointsec\P95tray.exe
C:\Program Files\Network Associates\common framework\UdaterUI.exe
C:\Program Files\Protocom\SecureLogin\slproto.exe
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\program files\dell printers\Additional Color Laser Software\Updater\DLUPDR.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\common framework\McTray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\PROGRA~1\Protocom\SECURE~1\slbroker.exe
C:\Program Files\IG Advantage\Igconsys\ConSched.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DellTPad\Apntex.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Protocom\SecureLogin\slwinsso.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\IG Advantage\IGAdvantage.exe
C:\Program Files\IG Advantage\Secsub\SecSub.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
19 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-16-2009
11:10 AM
RE: WebcamDellB.exe using up all the CPU's power ...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.investorsgroup.com/Content/fr/default.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.investorsgroup.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = igproxy.investorsgroup.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = https://home*.investorsgroup.com;https://businesslinkonwinfund.investorsgroup.com;*.ig.bz;*.iga.bz;*.gwl.ca;*.gwl.bz;*mycybrary.londonlife.com;*cybrary.londonlife.com;*.ll.bz;*.grsaccess.com;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SecureLogin IESSO Browser Helper Object - {7DE7B623-A17E-4A0B-94BA-D1B3BA646792} - C:\Program Files\Protocom\SecureLogin\iesso.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe" /mode2
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [Protect Tray] "C:\Program Files\Pointsec\P95tray.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\common framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CacheCheck] C:\WINDOWS\iecache.exe
O4 - HKLM\..\Run: [SecureLogin] "C:\Program Files\Protocom\SecureLogin\slproto.exe"
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DLUPDR] "c:\program files\dell printers\Additional Color Laser Software\Updater\DLUPDR.EXE"
O4 - HKLM\..\Run: [DLQLU] "c:\program files\dell printers\Additional Color Laser Software\Launcher\DLQLU.EXE" /S
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Connectra Patch.lnk = C:\Program Files\IG Advantage\Support\FixConnectra\FixConnectra.exe
O4 - Global Startup: Controleur de Connection GI.lnk = ?
O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.investorsgroup.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = igproxy.investorsgroup.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = https://home*.investorsgroup.com;https://businesslinkonwinfund.investorsgroup.com;*.ig.bz;*.iga.bz;*.gwl.ca;*.gwl.bz;*mycybrary.londonlife.com;*cybrary.londonlife.com;*.ll.bz;*.grsaccess.com;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SecureLogin IESSO Browser Helper Object - {7DE7B623-A17E-4A0B-94BA-D1B3BA646792} - C:\Program Files\Protocom\SecureLogin\iesso.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe" /mode2
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [Protect Tray] "C:\Program Files\Pointsec\P95tray.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\common framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CacheCheck] C:\WINDOWS\iecache.exe
O4 - HKLM\..\Run: [SecureLogin] "C:\Program Files\Protocom\SecureLogin\slproto.exe"
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DLUPDR] "c:\program files\dell printers\Additional Color Laser Software\Updater\DLUPDR.EXE"
O4 - HKLM\..\Run: [DLQLU] "c:\program files\dell printers\Additional Color Laser Software\Launcher\DLQLU.EXE" /S
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Connectra Patch.lnk = C:\Program Files\IG Advantage\Support\FixConnectra\FixConnectra.exe
O4 - Global Startup: Controleur de Connection GI.lnk = ?
O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-16-2009
11:11 AM
RE: WebcamDellB.exe using up all the CPU's power ...
... and the third part:
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231519270077
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://www.769372677.com/sre/ICSScanner.cab
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://www.769372677.com/SNX/CSHELL/extender.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = iga.bz
O17 - HKLM\Software\..\Telephony: DomainName = iga.bz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = iga.bz
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\common framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Pointsec - Unknown owner - C:\WINDOWS\system32\PROT_SRV.EXE
O23 - Service: Pointsec update agent (Pointsec_agent) - Unknown owner - C:\WINDOWS\system32\pagents.exe
O23 - Service: Pointsec service start (Pointsec_start) - Unknown owner - C:\WINDOWS\system32\PSTARTSR.EXE
O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r190031\stacsv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/username1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.gif
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231519270077
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://www.769372677.com/sre/ICSScanner.cab
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://www.769372677.com/SNX/CSHELL/extender.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = iga.bz
O17 - HKLM\Software\..\Telephony: DomainName = iga.bz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = iga.bz
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\common framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Pointsec - Unknown owner - C:\WINDOWS\system32\PROT_SRV.EXE
O23 - Service: Pointsec update agent (Pointsec_agent) - Unknown owner - C:\WINDOWS\system32\pagents.exe
O23 - Service: Pointsec service start (Pointsec_start) - Unknown owner - C:\WINDOWS\system32\PSTARTSR.EXE
O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r190031\stacsv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/username1/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.gif
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-16-2009
11:24 AM
RE: WebcamDellB.exe using up all the CPU's power ...
I first posted the question here: http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=56581 ... and their suggestion is that it looks like a rootkit of some sort, if that helps at all.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-17-2009
05:56 AM
RE: WebcamDellB.exe using up all the CPU's power ...
We don't support HiJackthis logs here. At a quick glance, I don't see anything wrong.
WebcamDellB.exe is a Dell webcam process. If it is not working like it should, you should contact Dell Support.
If you suspect a rootkit, please run RootRepeal in the report tab and select all items. Post the results here.
RootRepeal
WebcamDellB.exe is a Dell webcam process. If it is not working like it should, you should contact Dell Support.
If you suspect a rootkit, please run RootRepeal in the report tab and select all items. Post the results here.
RootRepeal
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-20-2009
11:49 AM
RE: WebcamDellB.exe using up all the CPU's power ...
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Time: 2009/06/20 12:53
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xA8F88000 Size: 851968 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA66BC000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xba0f887e
#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x89e86109
#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xba0f8bfe
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xa9163df0
Stealth Objects
-------------------
Object: Hidden Module [Name: SmithMicro.Common.dll]
Process: Dell.ControlPoint.exe (PID: 3276) Address: 0x00d70000 Size: 94208
Object: Hidden Module [Name: SmithMicro.Common.dll]
Process: Dell.ControlPoint.exe (PID: 3276) Address: 0x011e0000 Size: 94208
Object: Hidden Module [Name: Dell.UCM.Plugin.resources.dll]
Process: Dell.ControlPoint.exe (PID: 3276) Address: 0x01230000 Size: 184320
Object: Hidden Module [Name: SmithMicro.Controls.dll]
Process: Dell.ControlPoint.exe (PID: 3276) Address: 0x03320000 Size: 512000
Object: Hidden Module [Name: Dell.DcpPlugin.dll]
Process: Dell.ControlPoint.exe (PID: 3276) Address: 0x033b0000 Size: 28672
Object: Hidden Module [Name: mscorlib.Resources.dll]
Process: Dell.ControlPoint.exe (PID: 3276) Address: 0x03500000 Size: 323584
Object: Hidden Module [Name: DisplayPluginDLL.dll]
Process: Dell.ControlPoint.exe (PID: 3276) Address: 0x03570000 Size: 77824
Object: Hidden Module [Name: PowerPluginDLL.dll]
Process: Dell.ControlPoint.exe (PID: 3276) Address: 0x03c90000 Size: 126976
Object: Hidden Module [Name: Dell.ControlPoint.resources.dll]
Process: Dell.ControlPoint.exe (PID: 3276) Address: 0x040c0000 Size: 299008
Object: Hidden Module [Name: Dell.UCM.Plugin.dll]
Process: Dell.ControlPoint.exe (PID: 3276) Address: 0x050c0000 Size: 217088
Object: Hidden Module [Name: SmithMicro.Controls.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x00ea0000 Size: 512000
Object: Hidden Module [Name: SmithMicro.Application.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x01360000 Size: 200704
Object: Hidden Module [Name: SmithMicro.Common.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x013c0000 Size: 94208
Object: Hidden Module [Name: Dell.SharedUI.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x03860000 Size: 3600384
Object: Hidden Module [Name: SmithMicro.Message.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x04020000 Size: 86016
Object: Hidden Module [Name: SmithMicro.VpnController.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x04170000 Size: 36864
Object: Hidden Module [Name: VpnWrapper.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x04190000 Size: 53248
Object: Hidden Module [Name: Dell.SharedUI.resources.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x04820000 Size: 1789952
Object: Hidden Module [Name: Dell.UCM.resources.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x04ee0000 Size: 733184
Object: Hidden Module [Name: mscorlib.Resources.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x04c70000 Size: 323584
Object: Hidden Module [Name: msvcm80.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x05230000 Size: 507904
Object: Hidden Module [Name: SmithMicro.AsyncOperations.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x05ab0000 Size: 36864
==EOF==
==================================================
Scan Time: 2009/06/20 12:53
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xA8F88000 Size: 851968 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA66BC000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xba0f887e
#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x89e86109
#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xba0f8bfe
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xa9163df0
Stealth Objects
-------------------
Object: Hidden Module [Name: SmithMicro.Common.dll]
Process: Dell.ControlPoint.exe (PID: 3276) Address: 0x00d70000 Size: 94208
Object: Hidden Module [Name: SmithMicro.Common.dll]
Process: Dell.ControlPoint.exe (PID: 3276) Address: 0x011e0000 Size: 94208
Object: Hidden Module [Name: Dell.UCM.Plugin.resources.dll]
Process: Dell.ControlPoint.exe (PID: 3276) Address: 0x01230000 Size: 184320
Object: Hidden Module [Name: SmithMicro.Controls.dll]
Process: Dell.ControlPoint.exe (PID: 3276) Address: 0x03320000 Size: 512000
Object: Hidden Module [Name: Dell.DcpPlugin.dll]
Process: Dell.ControlPoint.exe (PID: 3276) Address: 0x033b0000 Size: 28672
Object: Hidden Module [Name: mscorlib.Resources.dll]
Process: Dell.ControlPoint.exe (PID: 3276) Address: 0x03500000 Size: 323584
Object: Hidden Module [Name: DisplayPluginDLL.dll]
Process: Dell.ControlPoint.exe (PID: 3276) Address: 0x03570000 Size: 77824
Object: Hidden Module [Name: PowerPluginDLL.dll]
Process: Dell.ControlPoint.exe (PID: 3276) Address: 0x03c90000 Size: 126976
Object: Hidden Module [Name: Dell.ControlPoint.resources.dll]
Process: Dell.ControlPoint.exe (PID: 3276) Address: 0x040c0000 Size: 299008
Object: Hidden Module [Name: Dell.UCM.Plugin.dll]
Process: Dell.ControlPoint.exe (PID: 3276) Address: 0x050c0000 Size: 217088
Object: Hidden Module [Name: SmithMicro.Controls.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x00ea0000 Size: 512000
Object: Hidden Module [Name: SmithMicro.Application.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x01360000 Size: 200704
Object: Hidden Module [Name: SmithMicro.Common.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x013c0000 Size: 94208
Object: Hidden Module [Name: Dell.SharedUI.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x03860000 Size: 3600384
Object: Hidden Module [Name: SmithMicro.Message.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x04020000 Size: 86016
Object: Hidden Module [Name: SmithMicro.VpnController.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x04170000 Size: 36864
Object: Hidden Module [Name: VpnWrapper.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x04190000 Size: 53248
Object: Hidden Module [Name: Dell.SharedUI.resources.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x04820000 Size: 1789952
Object: Hidden Module [Name: Dell.UCM.resources.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x04ee0000 Size: 733184
Object: Hidden Module [Name: mscorlib.Resources.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x04c70000 Size: 323584
Object: Hidden Module [Name: msvcm80.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x05230000 Size: 507904
Object: Hidden Module [Name: SmithMicro.AsyncOperations.dll]
Process: Dell.UCM.exe (PID: 3320) Address: 0x05ab0000 Size: 36864
==EOF==
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-20-2009
02:23 PM
RE: WebcamDellB.exe using up all the CPU's power ...
Based on the results of your RootRepeal log, it does not look like you have a rootkit hiding or protecting itself on your computer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-20-2009
04:46 PM
RE: WebcamDellB.exe using up all the CPU's power ...
OK -- I'm running TrendMicro's HouseCall 6.6 now to see if anything turns up ...
It's running unbearably slowly, and settings keep getting changed ... and there's the thing with the webcam .. something's afoot ...
It's running unbearably slowly, and settings keep getting changed ... and there's the thing with the webcam .. something's afoot ...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-20-2009
04:52 PM
RE: WebcamDellB.exe using up all the CPU's power ...
If it was my machine, I would simply kill the bad process until I figured it out. I might also uninstall the program or look for an updated version that might not have the issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
06-20-2009
06:38 PM
RE: WebcamDellB.exe using up all the CPU's power ...
Hmm ... HouseCall found 25 Grayware/Spyware things on the machine. I've told it to go ahead and clean'em up -- we'll see how that goes ...
Community Help Hub
-
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
- Find Forum FAQs
- Learn How to Earn Badges
- Ask for Help
Join the Community
-
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:
- Get helpful solutions from McAfee experts.
- Stay connected to product conversations that matter to you.
- Participate in product groups led by McAfee employees.
Corporate Headquarters
2821 Mission College Blvd.
Santa Clara, CA 95054 USA