View Full Version : Think I have XP Smart Security/Antivirus XP/XP Smart Security
frankfolo
2010-04-05, 15:55
Hello,
I got this today and it's been rather stubborn. It's this virus that looks like the stuff that comes with Windows. I disabled TeaTimer, but I think I may have left other antivirus programs running.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:43 AM, on 4/5/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.defaulthomepage.info
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B-Service - Unknown owner - C:\Documents and Settings\Frank Palmer\Application Data\Mikogo Extra\B-Service.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
--
End of file - 12069 bytes
shelf life
2010-04-08, 01:36
hi,
Your log is a few days old, if you still need help, simply reply to my post.
Signs of Malware (http://www.virusvault.us/signs.html)
frankfolo
2010-04-08, 06:29
Hey,
Thanks for replying. I still very much need help. I haven't been using my computer much since my computer was infected, so I don't think much has changed. But I'll post another log if necessary.
shelf life
2010-04-09, 02:44
ok we can start with Malwarebytes. Link and directions:
Please download Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click *Remove Selected.*
*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
frankfolo
2010-04-09, 10:56
Hi,
I downloaded Malwarebytes (mbam-setup-1.45.exe) to my desktop, but every time I attempt to run it it's blocked by xp smart security (ave.exe shows up). I can't install it.
shelf life
2010-04-11, 04:49
ok we can try this, these tools will attempt to disable the 'tricks' that malware can use to prevent real antimalware from running:
Please download Rkill by Grinler and save it to your desktop:
http://download.bleepingcomputer.com/grinler/rkill.pif
Link 2 http://download.bleepingcomputer.com/grinler/rkill.scr
Link 3 http://download.bleepingcomputer.com/grinler/rkill.com
Link 4 http://download.bleepingcomputer.com/grinler/rkill.exe
* Double-click on the Rkill desktop icon to run the tool.
* If using Vista, right-click on it and Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links (link 3 and 4) until the tool runs.
* If the tool does not run from any of the links provided, please let me know.
frankfolo
2010-04-11, 08:43
I downloaded the program to the desktop. Avira Antivir was telling me it was a virus at first, but I turned it off and I was able to download it. I double clicked it and the command prompt popped up for a second and then disappeared. It produced a log file on the C drive. The log said the process it terminated was itself. Is this good?
frankfolo
2010-04-11, 08:51
That is, I downloaded rkill.pif, the first link.
shelf life
2010-04-12, 01:53
ok, delete the current Malwarebytes setup. exe and download it again to your desktop and see if it launches.
Please download Malwarebytes to your desktop:
http://www.malwarebytes.org/mbam.php
Double-click mbam-setup.exe and follow the prompts to install the program.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click *Remove Selected.*
*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
frankfolo
2010-04-12, 05:21
Hi,
I was able to install and run Malware Bytes by running rkill first. I restarted my computer and there is no evidence of XP Smart Security (ave.exe). Here is the log:
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 3978
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
4/11/2010 9:59:11 PM
mbam-log-2010-04-11 (21-59-11).txt
Scan type: Full scan (C:\|)
Objects scanned: 313152
Time elapsed: 1 hour(s), 24 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 2
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Frank Palmer\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Frank Palmer\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\IEXPLORE.EXE") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Frank Palmer\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\system32\iTmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\slNew (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\masm32\tools\makecimp\vcrtdemo\vcrtdemo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\masm32\examples\dialogs\calender\calender.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\masm32\examples\dialogs\tests\tests.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frank Palmer\Local Settings\Temporary Internet Files\Content.IE5\DMLEE6HE\eHb0207ee9V0100f036002R2abf0e7e102Tfb850ab1Q000002fd901801F0020000aJ11000601l0409K28393efe30dP000301080[1] (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM1bfa5ac4.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Frank Palmer\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
shelf life
2010-04-13, 01:55
ok good. If you had XP smart security you would know it. (http://www.virusvault.us/scareware.html) One thing all scareware has in common is balloon messages and popups.
Keep Malwarebytes and note that the free version must be updated manually and a scan started manually. The paid version offers auto updating and a real time protection component.
Lets get one more download also. Link and directions:
Please download DDS (http://download.bleepingcomputer.com/sUBs/dds.scr) and save it to your desktop.
Double click dds.scr to run the tool. When done, DDS.txt will open.
Save both reports to your desktop.
Please Copy/paste both logs in your reply.
frankfolo
2010-04-13, 08:16
I downloaded and ran DDS.txt as per your instructions. My results are posted here.
This is DDS.txt:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Frank Palmer at 0:38:22.40 on Tue 04/13/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1095 [GMT -4:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\Frank Palmer\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.defaulthomepage.info
uInternet Settings,ProxyOverride = *.local
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TpShocks] TpShocks.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
StartupFolder: c:\docume~1\frankp~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ACNotify - ACNotify.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-28 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-28 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-28 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-28 60936]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-12-30 54752]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]
S3 B-Service;B-Service;c:\documents and settings\frank palmer\application data\mikogo extra\B-Service.exe [2009-6-15 185640]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-12 135664]
=============== Created Last 30 ================
2010-04-12 00:30:02 0 d-----w- c:\docume~1\frankp~1\applic~1\Malwarebytes
2010-04-12 00:29:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-12 00:29:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-12 00:29:38 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-12 00:29:38 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-03 04:06:46 0 d-----w- C:\tempbuildplace
2010-04-02 03:11:55 0 d-----w- C:\OpenCV2.0
2010-04-02 02:52:10 0 d-----w- c:\program files\CMake 2.8
2010-03-30 23:51:04 0 d-----w- c:\docume~1\frankp~1\applic~1\Avira
2010-03-28 00:51:44 874 ----a-w- c:\documents and settings\frank palmer\.recently-used.xbel
2010-03-28 00:21:00 0 d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-03-28 00:20:40 0 d-----w- c:\program files\Application Verifier
2010-03-27 23:39:58 0 d-----w- C:\611e68b8039d47a9b721
==================== Find3M ====================
2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-10 13:18:20 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-03-09 08:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-04 17:58:50 1184984 ------r- c:\windows\system32\wvc1dmod.dll
2010-02-23 05:20:02 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2010-02-23 05:18:28 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2010-02-16 17:24:01 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2007-07-13 23:56:05 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2007-07-18 19:29:35 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007071820070719\index.dat
2008-06-25 03:41:40 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008062420080625\index.dat
============= FINISH: 0:39:22.78 ===============
and attach.txt:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/18/2007 3:42:01 PM
System Uptime: 4/12/2010 9:14:34 PM (3 hours ago)
Motherboard: LENOVO | | 7742CTO
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | None | 1974/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 144 GiB total, 93.046 GiB free.
D: is CDROM (UDF)
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) Wireless WiFi Link 4965AGN
Device ID: PCI\VEN_8086&DEV_4230&SUBSYS_11108086&REV_61\4&29E2C51B&0&00E1
Manufacturer: Intel Corporation
Name: Intel(R) Wireless WiFi Link 4965AGN
PNP Device ID: PCI\VEN_8086&DEV_4230&SUBSYS_11108086&REV_61\4&29E2C51B&0&00E1
Service: NETw4x32
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\2A111AA861B03
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\2A111AA861B03
Service: NIC1394
==== System Restore Points ===================
RP280: 1/13/2010 4:36:54 AM - Software Distribution Service 3.0
RP281: 1/13/2010 5:33:12 AM - Software Distribution Service 3.0
RP282: 1/14/2010 4:39:09 AM - Software Distribution Service 3.0
RP283: 1/14/2010 5:23:59 AM - Software Distribution Service 3.0
RP284: 1/16/2010 2:49:10 AM - Software Distribution Service 3.0
RP285: 1/16/2010 1:58:29 PM - Software Distribution Service 3.0
RP286: 1/17/2010 3:00:17 AM - Software Distribution Service 3.0
RP287: 1/17/2010 4:31:38 AM - Software Distribution Service 3.0
RP288: 1/18/2010 2:38:27 AM - Software Distribution Service 3.0
RP289: 1/19/2010 2:36:24 AM - Software Distribution Service 3.0
RP290: 1/20/2010 4:32:15 AM - Software Distribution Service 3.0
RP291: 1/21/2010 4:18:33 AM - Software Distribution Service 3.0
RP292: 1/22/2010 5:52:48 PM - System Checkpoint
RP293: 1/23/2010 3:00:18 AM - Software Distribution Service 3.0
RP294: 1/24/2010 5:38:12 AM - Software Distribution Service 3.0
RP295: 1/24/2010 7:44:01 AM - Software Distribution Service 3.0
RP296: 1/25/2010 3:00:20 AM - Software Distribution Service 3.0
RP297: 1/26/2010 3:00:18 AM - Software Distribution Service 3.0
RP298: 1/27/2010 3:00:17 AM - Software Distribution Service 3.0
RP299: 1/27/2010 6:09:18 AM - Software Distribution Service 3.0
RP300: 1/28/2010 2:06:02 PM - System Checkpoint
RP301: 1/29/2010 1:49:39 AM - Software Distribution Service 3.0
RP302: 1/30/2010 3:00:18 AM - Software Distribution Service 3.0
RP303: 1/30/2010 6:28:10 AM - Software Distribution Service 3.0
RP304: 1/30/2010 8:39:25 PM - Software Distribution Service 3.0
RP305: 2/1/2010 3:00:18 AM - Software Distribution Service 3.0
RP306: 2/1/2010 3:13:29 AM - Software Distribution Service 3.0
RP307: 2/2/2010 12:16:20 AM - Software Distribution Service 3.0
RP308: 2/3/2010 2:14:00 AM - System Checkpoint
RP309: 2/3/2010 3:00:17 AM - Software Distribution Service 3.0
RP310: 2/3/2010 3:44:16 AM - Software Distribution Service 3.0
RP311: 2/4/2010 3:00:19 AM - Software Distribution Service 3.0
RP312: 2/5/2010 3:00:18 AM - Software Distribution Service 3.0
RP313: 2/5/2010 3:07:46 AM - Software Distribution Service 3.0
RP314: 2/5/2010 9:31:48 PM - Software Distribution Service 3.0
RP315: 2/8/2010 2:13:07 AM - System Checkpoint
RP316: 2/8/2010 3:00:16 AM - Software Distribution Service 3.0
RP317: 2/8/2010 3:19:46 AM - Software Distribution Service 3.0
RP318: 2/9/2010 1:45:58 AM - Software Distribution Service 3.0
RP319: 2/10/2010 4:00:18 AM - Software Distribution Service 3.0
RP320: 2/11/2010 3:00:20 AM - Software Distribution Service 3.0
RP321: 2/11/2010 3:39:05 AM - Software Distribution Service 3.0
RP322: 2/11/2010 4:07:21 AM - Software Distribution Service 3.0
RP323: 2/12/2010 5:12:26 PM - Software Distribution Service 3.0
RP324: 2/13/2010 4:13:57 AM - Software Distribution Service 3.0
RP325: 2/13/2010 6:47:59 AM - Software Distribution Service 3.0
RP326: 2/14/2010 1:10:23 AM - Software Distribution Service 3.0
RP327: 2/14/2010 6:43:11 PM - Software Distribution Service 3.0
RP328: 2/15/2010 3:00:18 AM - Software Distribution Service 3.0
RP329: 2/15/2010 4:39:40 AM - Software Distribution Service 3.0
RP330: 2/15/2010 10:27:37 PM - Software Distribution Service 3.0
RP331: 2/16/2010 3:00:18 AM - Software Distribution Service 3.0
RP332: 2/16/2010 6:09:19 AM - Software Distribution Service 3.0
RP333: 2/17/2010 2:47:29 AM - Software Distribution Service 3.0
RP334: 2/18/2010 3:00:20 AM - Software Distribution Service 3.0
RP335: 2/18/2010 4:26:38 AM - Software Distribution Service 3.0
RP336: 2/19/2010 3:00:17 AM - Software Distribution Service 3.0
RP337: 2/19/2010 4:56:01 AM - Software Distribution Service 3.0
RP338: 2/20/2010 3:00:18 AM - Software Distribution Service 3.0
RP339: 2/20/2010 5:24:27 AM - Software Distribution Service 3.0
RP340: 2/21/2010 3:00:18 AM - Software Distribution Service 3.0
RP341: 2/21/2010 6:51:34 AM - Software Distribution Service 3.0
RP342: 2/22/2010 3:00:20 AM - Software Distribution Service 3.0
RP343: 2/22/2010 4:23:56 AM - Software Distribution Service 3.0
RP344: 2/23/2010 3:00:20 AM - Software Distribution Service 3.0
RP345: 2/23/2010 4:58:57 AM - Software Distribution Service 3.0
RP346: 2/24/2010 3:00:18 AM - Software Distribution Service 3.0
RP347: 2/24/2010 8:01:12 AM - Software Distribution Service 3.0
RP348: 2/24/2010 9:56:57 PM - Software Distribution Service 3.0
RP349: 2/28/2010 7:32:14 PM - System Checkpoint
RP350: 3/1/2010 3:00:18 AM - Software Distribution Service 3.0
RP351: 3/1/2010 3:31:11 AM - Software Distribution Service 3.0
RP352: 3/2/2010 2:53:21 AM - Software Distribution Service 3.0
RP353: 3/2/2010 11:24:06 PM - Software Distribution Service 3.0
RP354: 3/3/2010 3:00:19 AM - Software Distribution Service 3.0
RP355: 3/3/2010 4:43:32 AM - Software Distribution Service 3.0
RP356: 3/4/2010 3:00:19 AM - Software Distribution Service 3.0
RP357: 3/4/2010 3:29:20 AM - Software Distribution Service 3.0
RP358: 3/5/2010 3:00:18 AM - Software Distribution Service 3.0
RP359: 3/5/2010 6:49:36 AM - Software Distribution Service 3.0
RP360: 3/6/2010 3:00:18 AM - Software Distribution Service 3.0
RP361: 3/6/2010 6:26:12 AM - Software Distribution Service 3.0
RP362: 3/7/2010 3:00:19 AM - Software Distribution Service 3.0
RP363: 3/7/2010 10:30:56 AM - Software Distribution Service 3.0
RP364: 3/8/2010 3:00:18 AM - Software Distribution Service 3.0
RP365: 3/8/2010 4:16:34 AM - Software Distribution Service 3.0
RP366: 3/8/2010 2:05:20 PM - Software Distribution Service 3.0
RP367: 3/9/2010 3:00:18 AM - Software Distribution Service 3.0
RP368: 3/9/2010 4:27:25 AM - Software Distribution Service 3.0
RP369: 3/10/2010 3:00:17 AM - Software Distribution Service 3.0
RP370: 3/10/2010 1:27:35 PM - Software Distribution Service 3.0
RP371: 3/11/2010 2:38:41 AM - Installed Amazon Unbox Video
RP372: 3/11/2010 3:00:18 AM - Software Distribution Service 3.0
RP373: 3/11/2010 3:07:04 AM - Software Distribution Service 3.0
RP374: 3/11/2010 3:24:04 PM - Software Distribution Service 3.0
RP375: 3/11/2010 11:51:07 PM - Configured Amazon Unbox Video
RP376: 3/12/2010 3:00:20 AM - Software Distribution Service 3.0
RP377: 3/12/2010 5:52:29 AM - Software Distribution Service 3.0
RP378: 3/13/2010 3:00:18 AM - Software Distribution Service 3.0
RP379: 3/13/2010 6:05:22 AM - Software Distribution Service 3.0
RP380: 3/14/2010 4:00:18 AM - Software Distribution Service 3.0
RP381: 3/14/2010 5:24:25 AM - Software Distribution Service 3.0
RP382: 3/15/2010 3:00:19 AM - Software Distribution Service 3.0
RP383: 3/15/2010 3:27:59 AM - Software Distribution Service 3.0
RP384: 3/16/2010 3:00:18 AM - Software Distribution Service 3.0
RP385: 3/16/2010 4:03:04 AM - Software Distribution Service 3.0
RP386: 3/17/2010 12:31:17 AM - Software Distribution Service 3.0
RP387: 3/17/2010 2:28:41 AM - Software Distribution Service 3.0
RP388: 3/18/2010 3:00:21 AM - Software Distribution Service 3.0
RP389: 3/18/2010 5:24:39 AM - Software Distribution Service 3.0
RP390: 3/19/2010 3:00:21 AM - Software Distribution Service 3.0
RP391: 3/19/2010 3:26:50 AM - Software Distribution Service 3.0
RP392: 3/19/2010 2:31:26 PM - Software Distribution Service 3.0
RP393: 3/20/2010 3:00:18 AM - Software Distribution Service 3.0
RP394: 3/20/2010 5:13:26 AM - Software Distribution Service 3.0
RP395: 3/21/2010 3:00:18 AM - Software Distribution Service 3.0
RP396: 3/21/2010 5:43:44 AM - Software Distribution Service 3.0
RP397: 3/22/2010 3:00:18 AM - Software Distribution Service 3.0
RP398: 3/23/2010 3:00:25 AM - Software Distribution Service 3.0
RP399: 3/23/2010 6:00:58 AM - Software Distribution Service 3.0
RP400: 3/24/2010 1:38:38 AM - Software Distribution Service 3.0
RP401: 3/25/2010 2:51:53 AM - Software Distribution Service 3.0
RP402: 3/25/2010 1:35:26 PM - Software Distribution Service 3.0
RP403: 3/27/2010 3:00:20 AM - Software Distribution Service 3.0
RP404: 3/27/2010 4:22:28 AM - Software Distribution Service 3.0
RP405: 3/28/2010 3:39:27 AM - Software Distribution Service 3.0
RP406: 3/30/2010 3:00:18 AM - Software Distribution Service 3.0
RP407: 3/30/2010 3:43:52 AM - Software Distribution Service 3.0
RP408: 3/30/2010 7:59:24 PM - Installed Java(TM) 6 Update 19
RP409: 3/31/2010 3:00:18 AM - Software Distribution Service 3.0
RP410: 3/31/2010 4:32:14 AM - Software Distribution Service 3.0
RP411: 4/1/2010 3:00:18 AM - Software Distribution Service 3.0
RP412: 4/1/2010 4:33:55 AM - Software Distribution Service 3.0
RP413: 4/2/2010 2:45:48 AM - Software Distribution Service 3.0
RP414: 4/3/2010 2:53:24 AM - System Checkpoint
RP415: 4/3/2010 3:00:18 AM - Software Distribution Service 3.0
RP416: 4/3/2010 4:57:08 AM - Software Distribution Service 3.0
RP417: 4/4/2010 5:01:51 AM - Software Distribution Service 3.0
RP418: 4/4/2010 6:22:36 AM - Software Distribution Service 3.0
RP419: 4/5/2010 3:00:19 AM - Software Distribution Service 3.0
RP420: 4/7/2010 2:03:35 AM - Software Distribution Service 3.0
RP421: 4/7/2010 3:00:17 AM - Software Distribution Service 3.0
RP422: 4/9/2010 12:17:37 AM - Software Distribution Service 3.0
RP423: 4/9/2010 3:00:17 AM - Software Distribution Service 3.0
RP424: 4/10/2010 11:14:55 PM - Software Distribution Service 3.0
RP425: 4/11/2010 8:13:56 PM - Software Distribution Service 3.0
RP426: 4/12/2010 3:00:19 AM - Software Distribution Service 3.0
==== Installed Programs ======================
Access Help
Activation Assistant for the 2007 Microsoft Office suites
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Verifier
Aspell 0.6 Dictionary (Language: en)
Aspell Data
Aspell English Dictionary-0.50-2
Avira AntiVir Personal - Free Antivirus
Bonjour
Business Contact Manager for Outlook 2007 SP2
C-Free 4.1 Professional
CCleaner
Client Security Solution
CMake 2.8 a cross-platform, open-source build system
Debugging Tools for Windows (x86)
Diskeeper Lite
Drivers Install For Linksys Easylink Advisor
ERUNT 1.1j
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GIMP 2.6.7
GNU Aspell 0.50-3
Google Toolbar for Internet Explorer
Google Update Helper
GPL Ghostscript 8.57
GPL Ghostscript Fonts
GSview 4.8
GTK+ Runtime 2.10.13 rev a (remove only)
Help Center
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Document Explorer 2008 (KB953196)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format 11 SDK (KB939209)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo Register Manager
InterVideo WinDVD
iTunes
Java Auto Updater
Java DB 10.4.2.1
Java(TM) 6 Update 19
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 16
Junk Mail filter update
Lenovo Registration
Linksys EasyLink Advisor 1.6 (0032)
LyX 1.5.1-1
Maintenance Manager
Malwarebytes' Anti-Malware
MATLAB Component Runtime
MATLAB Student R2007a
mCore
mDriver
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Document Explorer 2008
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Macro Assembler (MASM)
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Small Business Connectivity Components
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86
Microsoft Windows SDK for Windows 7 (7.0)
Microsoft Windows SDK for Windows 7 .NET Documentation (40715)
Microsoft Windows SDK for Windows 7 Common Utilities (40715)
Microsoft Windows SDK for Windows 7 Headers and Libraries (40715)
Microsoft Windows SDK for Windows 7 Samples (40715)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)
Microsoft Windows SDK for Windows 7 Win32 Documentation (40715)
Microsoft Windows SDK Intellisense and Reference Assemblies (40715)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (40715)
MiKTeX 2.6
MinGW 5.1.6
mMHouse
mPfMgr
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mWlsSafe
NVIDIA Drivers
OGA Notifier 2.0.0048.0
On Screen Display
OpenCV SDK
OpenOffice.org Installer 1.0
Panda ActiveScan 2.0
PC-Doctor 5 for Windows
Picasa 2
Pidgin
Presentation Director
Productivity Center Supplement for ThinkPad
PSpice Student 9.1
QuickTime
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Skype Toolbars
Skype™ 4.2
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
SoundMAX
Spybot - Search & Destroy
SpywareBlaster 4.1
System Migration Assistant
System Update
TalkAndWrite
TBS WMP Plug-in
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
TI Connect 1.6
TI NoteFolio Creator
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VP Suite 4.2
Wallpapers
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows SDK Intellidocs
Windows XP Service Pack 3
WinPatrol 2008
WinRAR archiver
XP Themes
Xvid 1.2.2 final uninstall
==== Event Viewer Messages From Past Week ========
4/7/2010 2:07:12 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft PowerPoint 2007 (KB957789).
==== End Of File ===========================
shelf life
2010-04-16, 03:39
That all looks good. You can delete the DDS file off your desktop. On last you can do is a make a new restore point. The how and the why:
One of the features of Windows XP, Vista and Windows7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.(creates a new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot
If all is good, some tips to help you remain malware free:
10 Tips for Reducing/Preventing Your Risk To Malware:
Its no guarantee, but should help to reduce your risk. In no special order:
1) It is essential to keep your OS (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us),(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the auto-update feature. Staying updated is also necessary for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here. (http://secunia.com/vulnerability_scanning/online/)
2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and your then prompted to install software to remedy this. Use the Alt+F4 key to close the window. See also the signs (http://www.virusvault.us/signs.html)that you may have malware on your computer.
3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.
4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem.
5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.
6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website?
7) Consider using limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.*
8) Install and understand the *limitations* of a software firewall.
9) A tool (http://nsslabs.com/general/ie8-hardening-tool.html)for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0, Read the FAQ's.
10) Warez, cracks etc are very popular for carrying all kinds of malware payloads. Using them will cause you all kinds of problems. If you download/install files via p2p (http://www.virusvault.us/p2p.html) networks, then you are also much more likely to encounter malicious code in a downloaded file. Do you really trust the source of the file? Do you really need another malware source?
A longer version in link below.
frankfolo
2010-04-19, 02:30
My computer is running much better now.
Thanks a lot for all your help, I don't know what I would've done without it. This is truly a kind thing you do.
shelf life
2010-04-20, 01:46
Your welcome. Happy safe surfing "out there"
Note that Malwarebytes must be updated manually and a scan started manually. Its good practice to keep it updated by manually checking every few days even if you dont do a scan at that time. The paid version offers auto-updates and a real time protection feature that runs in the background. Happy surfing.