Results 1 to 10 of 14

Thread: Windows Installer po up message - virtumonde?

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Member
    Join Date
    Feb 2009
    Posts
    42

    Default Windows Installer po up message - virtumonde?

    A "Windows Installer" pop up message which just says "installing ..." is repeatedly appearing on screen. The computer doesn't seem to actually be installing anything. There is a "cancel" button which I can click and it does after a minute or so close the box.

    Before this began happening, the computer had been slowing to a crawl (something running constantly in background). I did a system restore, spy bot S&D found a Virtumonde which it removed, and I also ran McAfee virtual technician, which had me install an updated engine.

    I'm wondering if some registry or other changes were made.

    Thank you for any assistance.

    DDS report for above:


    DDS (Ver_10-10-10.03) - NTFSx86
    Run by James Collins at 14:23:35.95 on Sat 10/16/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============


    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://my.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - c:\program files\d-link toolbar\dlinktb.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    mURLSearchHooks: D-Link Toolbar Search Class: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - c:\program files\d-link toolbar\dlinktb.dll
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100915080541.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: D-Link Toolbar Loader: {f01858c7-2a68-4d93-9e22-502eae3917c2} - c:\program files\d-link toolbar\dlinktb.dll
    TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: D-Link Toolbar: {61874dfa-9adf-44e5-8e61-f3913707e7d7} - c:\program files\d-link toolbar\dlinktb.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [Easy Dock] c:\documents and settings\james collins\my documents\rca easyrip\EZDock.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuiKProtect] c:\program files\iomega\quikprotect\StartQuikProtect.exe
    mRun: [RetroExpress] c:\progra~1\retros~1\retros~1.5\RetroExpress.exe /h
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [TimeSink Ad Client] "c:\program files\timesink\adgateway\TSAdBot.exe"
    StartupFolder: c:\documents and settings\james collins\start menu\programs\startup\PowerReg Scheduler V3.exe
    StartupFolder: c:\documents and settings\james collins\start menu\programs\startup\PowerReg Scheduler.exe
    StartupFolder: c:\docume~1\jamesc~1\startm~1\programs\startup\rcadet~1.lnk - c:\documents and settings\james collins\my documents\rca detective\RCADetective.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List
    IE: Easy-WebPrint High Speed Print
    IE: Easy-WebPrint Preview
    IE: Easy-WebPrint Print
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: eastersealsnh.org
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: mcafee.com\us
    Trusted Zone: microsoft.com\www.update
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
    DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v5.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228396190359
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - hxxp://cdn1.acclaimdownloads.com/solidstateion.cab
    DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\jamesc~1\applic~1\mozilla\firefox\profiles\c6yuu406.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\documents and settings\james collins\application data\mozilla\firefox\profiles\c6yuu406.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
    FF - plugin: c:\documents and settings\james collins\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
    FF - plugin: c:\program files\sony\media go\npmediago.dll
    FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    ============= SERVICES / DRIVERS ===============


    =============== Created Last 30 ================

    2010-10-12 19:34:49 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-12 19:34:48 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-12 19:34:38 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-11 00:06:55 -------- d-----w- c:\docume~1\jamesc~1\locals~1\applic~1\Microsoft Help
    2010-10-10 00:34:14 -------- d-----w- c:\program files\Spawn
    2010-10-10 00:03:02 2829 ----a-w- c:\windows\DiabUnin.pif
    2010-10-10 00:03:02 118784 ----a-w- c:\windows\DiabUnin.exe
    2010-10-09 03:51:31 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2010-10-09 03:51:31 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-10-09 03:51:16 -------- d-----w- c:\program files\Microsoft ActiveSync
    2010-10-09 03:51:16 -------- d-----w- c:\program files\common files\L&H
    2010-10-09 03:03:18 5450 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2010-10-08 00:45:50 -------- d-----w- c:\documents and settings\all users\Microsoft
    2010-10-08 00:44:19 364607 ----a-w- c:\program files\common files\microsoft shared\ink\SKCHUI.DLL
    2010-10-08 00:44:18 46432 ----a-w- c:\program files\common files\microsoft shared\office11\MSOXMLMF.DLL
    2010-10-08 00:39:41 -------- d-----w- c:\program files\Microsoft Analysis Services
    2010-10-06 00:34:41 -------- d-----w- c:\program files\D-Link Toolbar
    2010-10-06 00:34:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\D-Link Toolbar
    2010-10-06 00:34:34 -------- d-----w- c:\program files\common files\Software Update Utility
    2010-10-05 23:49:55 -------- d-----w- c:\docume~1\jamesc~1\applic~1\VirtualStore
    2010-10-02 19:16:40 -------- d-----w- C:\Atari2600
    2010-10-02 16:03:20 -------- d-----w- c:\program files\Crimson Editor
    2010-10-02 00:27:05 -------- d-----w- c:\docume~1\jamesc~1\applic~1\Stella
    2010-09-22 22:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2010-09-22 22:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2010-09-22 00:39:37 -------- d-----w- c:\docume~1\jamesc~1\applic~1\McAfee
    2010-09-21 21:55:31 -------- d-----w- c:\program files\Sony Media Go Install
    2010-09-19 13:53:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\RetroExp
    2010-09-19 13:52:59 -------- d-----w- c:\program files\Retrospect
    2010-09-19 13:25:31 19384 ----a-r- c:\windows\system32\drivers\QsFsFltr.sys
    2010-09-19 13:25:21 -------- d-----w- c:\program files\Iomega

    ==================== Find3M ====================

    2010-10-15 22:36:15 235248 -c--a-w- c:\windows\system32\PnkBstrB.xtr
    2010-10-15 22:36:15 235248 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ------w- c:\windows\system32\mfc40u.dll
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2010-09-03 00:17:53 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2010-09-03 00:17:53 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-27 00:49:48 2373712 ----a-w- c:\windows\system32\pbsvc.exe
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ------w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-07-20 22:51:36 1874384736 ----a-w- c:\program files\MSSetupv87.exe
    2009-10-30 16:56:29 85504 ----a-w- c:\program files\Inherit.exe
    2008-03-15 13:58:28 774144 -c--a-w- c:\program files\RngInterstitial.dll

    ============= FINISH: 14:25:31.89 ===============
    Last edited by Blade81; 2010-10-16 at 23:25. Reason: Two posts merged. Helpers look for topics with 0 replies.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •