View Full Version : MICROSOFT SECURITY WINDOW keeps poping up
terminator1315
2010-04-15, 07:53
Thank you fello spybot helpers for all the hard work you do for your members.....
I NEED HELP PLAESE. Microsoft Security keeps poping up whenever i start my computer or open the internet explore. This is getting VERY frustrating. HOW DO I GET RID OF THIS NON SENSE. An icon shows up in the bottom right corner (shield) and just keeps running......PLEASE HELP I REALLY NEED MY CUMPUTER BACK UP AND RUNNING ASAP. THANKS FOR YOUR HELP IN ADVANCE..... I can't run any reports because the files I'm down loading and opening give me errors asking what program do you want to use to open this program with. how do I get around this...
I ran the executable file and i hipe that the data posted is acurate......
Scan saved at 6:33:07 PM, on 4/15/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: (no name) - {03D9C0B4-DAD3-411F-9DD4-EC13E0AEFBFe} - C:\WINDOWS\System32\fdeploy32.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PAP7501_Monitor] C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124652851904
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DADAEF8-9CA7-47A3-A163-CA134ACE5C0A}: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: 4881f00e851 - C:\WINDOWS\System32\es32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
shelf life
2010-04-19, 02:00
hi,
Microsoft Security keeps poping up
You sure its the real Windows Security Center and not Scareware? (http://www.virusvault.us/scareware.html)
Your log is a few days old, post back if you still need help.
terminator1315
2010-04-22, 06:41
Thanks again for your help in advance.....Every program that I run the (open with) program comes up asking me what to use or where to locate the program. No executables are being found when I click on anything now and I started having this problem when that stupid Windows Security window popped up and pretended to start scanning and locating viruses on my computer. Evey time I clicked on the internet the Security screen would pop up and start to run. Even when I had shut down and started the computer back up, the Windows Security Screen would pop up again and start running..Here is my newest HiJackthis log. Really hope you can help.....Thanks again
Logfile of HijackThis v1.99.1
Scan saved at 8:25:57 PM, on 4/21/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: (no name) - {03D9C0B4-DAD3-411F-9DD4-EC13E0AEFBFe} - C:\WINDOWS\system32\deskmon32.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [PAP7501_Monitor] C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124652851904
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DADAEF8-9CA7-47A3-A163-CA134ACE5C0A}: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: 4881f00e851 - C:\WINDOWS\System32\es32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
shelf life
2010-04-23, 00:48
lets get a download to use. See if you can run Malwarebytes. Link and directions:
Please download Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click *Remove Selected.*
*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.
terminator1315
2010-04-23, 06:07
Sorry for the delay. Program took a while to run, but never the less here it is.....
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Database version: 4024
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
4/22/2010 8:03:03 PM
mbam-log-2010-04-22 (20-03-03).txt
Scan type: Full scan (C:\|)
Objects scanned: 198884
Time elapsed: 1 hour(s), 10 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 4
Registry Values Infected: 3
Registry Data Items Infected: 5
Folders Infected: 4
Files Infected: 105
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\divx_xx0a32.dll (Trojan.Tracur) -> Delete on
reboot.
C:\WINDOWS\system32\es32.dll (Trojan.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\B
rowser Helper Objects\{03d9c0b4-dad3-411f-9dd4-ec13e0aefbfe}
(Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{03d9c0b4-dad3-411f-9dd4-ec13e0aefbfe}
(Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted
successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\4881f00e851 (Trojan.Agent) -> Delete
on reboot.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\E
xplorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted
successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) ->
Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default)
(Rogue.MultipleAV) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shel
l\open\command\(default) (Hijack.StartMenuInternet) -> Bad:
("C:\Documents and Settings\end-user\Local Settings\Application
Data\ave.exe" /START "C:\Program Files\Internet Explorer\IEXPLORE.EXE")
Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile)
Good: (exefile) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1)
Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1)
Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good:
(0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\end-user\Application Data\SystemProc
(Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla
Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
(Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla
Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome
(Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla
Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\conten
t (Worm.Prolaco.M) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\divx_xx0a32.dll (Trojan.BHO.H) -> Delete on reboot.
C:\Documents and Settings\end-user\Application
Data\SystemProc\lsass.exe (Trojan.Tracur) -> Quarantined and deleted
successfully.
C:\Documents and Settings\end-user\Local Settings\temp\10.tmp
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\end-user\Local Settings\temp\11.tmp
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\end-user\Local Settings\temp\12.tmp
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\end-user\Local Settings\temp\14.tmp
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\end-user\Local Settings\temp\15.tmp
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\end-user\Local Settings\temp\16.tmp
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\end-user\Local Settings\temp\19.tmp
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\end-user\Local Settings\temp\1B.tmp
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\end-user\Local Settings\temp\2.tmp
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\end-user\Local Settings\temp\3.tmp
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\end-user\Local Settings\temp\5.tmp
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\end-user\Local Settings\temp\7.tmp
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\end-user\Local Settings\temp\8.tmp
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\end-user\Local Settings\temp\9.tmp
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\end-user\Local Settings\temp\B.tmp
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\end-user\Local Settings\temp\D.tmp
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Documents and Settings\end-user\Local Settings\temp\E.tmp
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\Documents and Settings\end-user\Application
Data\SystemProc\lsass.exe.vir (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\43.tmp.vir (Trojan.Tracur) ->
Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\5.tmp.vir (Trojan.Tracur) ->
Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\8.tmp.vir (Worm.P2P) ->
Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\comdlg3232.dll.vir
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\dbmsvinn32.dll.vir
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\digest32.dll.vir
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\dmloader32.dll.vir
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\dpnaddr32.dll.vir
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\ds16gt32.dll.vir
(Trojan.Tracur) -> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\es3232.dll.vir (Trojan.Tracur)
-> Quarantined and deleted successfully.
C:\qoobox\Quarantine\C\WINDOWS\system32\hlink32.dll.vir (Trojan.Tracur)
-> Quarantined and deleted successfully.
C:\System Volume
Data\S-1-5-21-4881f00e-6729cc83-318814d6\Microsoft\Profiles\{3ae63d70-b
3c0-5def-641e-7e9a6a16}\track01\play_mp3_setup.exe (Trojan.Tracur) ->
Quarantined and deleted successfully.
C:\System Volume
Data\S-1-5-21-4881f00e-6729cc83-318814d6\Microsoft\Profiles\{3ae63d70-b
3c0-5def-641f-7e9a6a17}\track01\play_mp3_setup.exe (Trojan.Tracur) ->
Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00787
90.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00787
91.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00787
92.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00787
93.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00787
94.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00787
96.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00787
97.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00787
98.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00787
99.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00788
00.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00788
01.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00788
02.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00788
03.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00788
04.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00788
05.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00788
06.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00788
07.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00788
08.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00787
95.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00788
09.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00790
42.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00790
46.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00790
92.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP343\A00792
03.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP344\A00794
73.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP344\A00794
64.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP344\A00794
67.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP344\A00794
69.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP344\A00794
70.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP344\A00794
71.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP344\A00794
72.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP344\A00794
74.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume
Information\_restore{7BAA789F-4EC8-46A1-94C8-4402D885BCD6}\RP344\A00794
75.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fdeploy32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\cfgbkend32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\cmprops32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\deskmon32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\dataclen32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\davclnt32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\dbnmpntw32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\dbnmpntw3232.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\dmocx32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\dmscript32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\dmsynth32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\dmutil32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\dnsapi32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\dnssd32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\dpnlobby32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\dpnwsock32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\dpu1032.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\dpu103232.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\dpuGUI1132.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\dpvvox32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\dsprop32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\els32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\EqnClass32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\ieakeng32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\getuname32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\hnetmon32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\httpapi32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\imm3232.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\iassam32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\icardres32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\drmclien32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\drmv2clt32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\drprov32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\WINDOWS\system32\dsdmoprp32.dll (Trojan.Tracur) -> Quarantined and
deleted successfully.
C:\Program Files\Mozilla
Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manife
st (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla
Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
(Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla
Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\conten
t\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\es32.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Application
Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted
successfully.
shelf life
2010-04-23, 15:12
ok so far so good. We will get another download to use.
Two questions: Is your antivirus up to date?
When was the last time you visited Windows update or received updates?
You are two versions behind on Internet Explorer unless you chose to use it. IE 8.0 is by Windows standards 'more secure'.
If you haven't received updates within the last month then you are behind on critical updates that will plug the holes in MS products.
Please download DDS (http://download.bleepingcomputer.com/sUBs/dds.scr) and save it to your desktop.
Double click dds.scr to run the tool. When done, DDS.txt will open.
Save both reports to your desktop.
Please Copy/paste both logs in your reply.
terminator1315
2010-04-24, 23:27
Everything is up to date.
Internet wise I'm good with the one I'm currently using.
Here is the first log..............
DDS (Ver_10-03-17.01) - NTFSx86
Run by end-user at 13:18:30.56 on Sat 04/24/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.565 [GMT -7:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\end-user\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all
users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Yahoo! Pager] 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy cd creator 6\dragtodisc\DrgToDsc.exe"
mRun: [RoxioAudioCentral] "c:\program files\roxio\easy cd creator 6\audiocentral\RxMon.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [HPHUPD04] "c:\program files\hp photosmart 11\hphinstall\unipatch\hphupd04.exe"
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [PAP7501_Monitor] c:\windows\pixart\pap7501\GUCI_AVS.exe
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
StartupFolder: c:\docume~1\end-user\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\at&tse~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\microt~1.lnk - c:\program files\microtek\scanwizard 5\ScannerFinder.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124652851904
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {0DADAEF8-9CA7-47A3-A163-CA134ACE5C0A} = 208.67.220.220,208.67.222.222
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Name-Space Handler: ftp\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} -
Name-Space Handler: http\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} -
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-15 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-15 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-15 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-15 56816]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-12-3 25728]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
=============== Created Last 30 ================
2010-04-23 06:33:24 280576 ----a-w- c:\windows\system32\dnsapi3232.dll
2010-04-23 05:33:22 280576 ----a-w- c:\windows\system32\dmstyle32.dll
2010-04-23 04:33:20 280576 ----a-w- c:\windows\system32\dmime32.dll
2010-03-30 01:15:49 77312 ----a-w- c:\windows\MBR.exe
2010-03-30 01:15:49 261632 ----a-w- c:\windows\PEV.exe
==================== Find3M ====================
2010-03-30 07:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
============= FINISH: 13:19:21.90 ===============
Here is the second log....
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/21/2005 12:07:36 PM
System Uptime: 4/24/2010 1:10:53 PM (0 hours ago)
Motherboard: MICRO-STAR INC. | | MS-6788
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | FC-478 |
2422/133mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 48.261 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP325: 1/25/2010 4:37:22 PM - System Checkpoint
RP326: 1/26/2010 11:12:52 PM - System Checkpoint
RP327: 2/3/2010 9:50:24 PM - System Checkpoint
RP328: 2/7/2010 9:39:03 PM - System Checkpoint
RP329: 2/13/2010 11:14:00 AM - System Checkpoint
RP330: 2/15/2010 7:54:56 PM - System Checkpoint
RP331: 2/20/2010 7:14:13 PM - System Checkpoint
RP332: 2/21/2010 7:48:26 PM - System Checkpoint
RP333: 2/22/2010 8:32:45 PM - System Checkpoint
RP334: 2/24/2010 10:40:22 PM - System Checkpoint
RP335: 2/25/2010 11:07:05 PM - System Checkpoint
RP336: 2/27/2010 9:48:07 AM - System Checkpoint
RP337: 2/28/2010 10:41:51 AM - System Checkpoint
RP338: 3/1/2010 6:03:27 PM - System Checkpoint
RP339: 3/2/2010 6:57:02 PM - System Checkpoint
RP340: 3/8/2010 5:57:53 PM - System Checkpoint
RP341: 3/9/2010 8:12:06 PM - System Checkpoint
RP342: 3/14/2010 8:28:09 PM - System Checkpoint
RP343: 3/21/2010 11:11:05 AM - System Checkpoint
RP344: 3/28/2010 7:28:23 AM - System Checkpoint
RP345: 4/7/2010 5:31:42 PM - System Checkpoint
RP346: 4/14/2010 10:47:36 PM - System Checkpoint
RP347: 4/20/2010 6:37:39 PM - System Checkpoint
RP348: 4/21/2010 8:58:18 PM - System Checkpoint
RP349: 4/22/2010 9:36:23 PM - System Checkpoint
==== Installed Programs ======================
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
AT&T Yahoo! Applications
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATT-PRT22
AutoUpdate
Avira AntiVir Personal - Free Antivirus
Bonjour
BroadJump Client Foundation
Canon Camera Access Library
Canon Camera Support Core Library
Canon Digital Camera Solution Disk 34 Software Starter Guide
Canon Direct Print User Guide
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon PowerShot A470 Camera User Guide
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Clear History 1.9
Coupon Printer for Windows
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Easy CD & DVD Creator 6
EphPod
ERUNT 1.1j
General Module
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
hp instant support
HP Memories Disc
HP Photo and Imaging 2.0 - Photosmart Printer Series
HTC Driver
HTC Sync
iPod 2 iPod
iPod for Windows 2005-10-12
iTunes
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microtek FineReader OCR Engine
MSN Music Assistant
MSXML 6 Service Pack 2 (KB954459)
Nikon Message Center
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
PictureProject
PowerDVD
QuickTime
RAW Image Task 2.0
RealDownload
RealPlayer
RealUpgrade 1.0
RegCure
RichFX Player
Safari
ScanWizard 5
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Spybot - Search & Destroy
SpywareBlaster v3.5.1
Ulead Photo Explorer 7.0 SE
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB 2.0 NetFlex Cam
WebFldrs XP
WinAce Archiver
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB892313
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885626
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip
==== Event Viewer Messages From Past Week ========
4/20/2010 6:21:12 PM, error: Print [6161] -
4/17/2010 11:38:11 AM, error: Service Control Manager [7023] - The
Computer Browser service terminated with the following error: This
operation returned because the timeout period expired.
==== End Of File ===========================
shelf life
2010-04-25, 01:30
ok one more download to get. link and directions:
download Gmer to your desktop, its a randomly named .exe
http://gmer.net/download.php
close any running programs.
double click the gmer icon to start Gmer:
if you get a message box that says:
warning!!
Gmer has found system modification or Rootkit Activity.......
It will ask you:
Do you want to fully scan your system?
--->select NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
gmer will scan computer.
If you get a Rootkit warning window during the scan: click OK
When finished click "Save" to save log to your desktop
Copy/Paste the saved Gmer log in your reply.
terminator1315
2010-04-25, 22:36
Here's the next log......
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-25 12:33:15
Windows 5.1.2600 Service Pack 2
Running: 9h3bet2x.exe; Driver: C:\DOCUME~1\end-user\LOCALS~1\Temp\kwgiruob.sys
---- System - GMER 1.0.15 ----
SSDT F7E393B6 ZwCreateKey
SSDT F7E393AC ZwCreateThread
SSDT F7E393BB ZwDeleteKey
SSDT F7E393C5 ZwDeleteValueKey
SSDT F7E393CA ZwLoadKey
SSDT F7E39398 ZwOpenProcess
SSDT F7E3939D ZwOpenThread
SSDT F7E393D4 ZwReplaceKey
SSDT F7E393CF ZwRestoreKey
SSDT F7E393C0 ZwSetValueKey
SSDT F7E393A7 ZwTerminateProcess
---- Devices - GMER 1.0.15 ----
Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
shelf life
2010-04-26, 00:27
Not much there. How is it looking on your end now?
terminator1315
2010-04-26, 03:09
So far so good. Do you know why are my executables weren't running in the begining? Before we ran anything? just curious....
shelf life
2010-04-26, 04:45
Do you know why are my executables weren't running in the begining? Before we ran anything?
the malware prevented your .exe from launching. Make sure it all looks good on your end and we can finish up.
terminator1315
2010-04-26, 07:07
Thanks for all your help again. You've been a big help. Keep up the good job and THANKS again.....
shelf life
2010-04-27, 02:40
ok your welcome. couple of things: The free version of Malwarebytes must be updated manually and a scan started manually. Its good practice to check for updates every few days even if you dont perform a scan after. The paid version offers auto updates and a real time protection component.
You should consider installing IE 8.0.
you can navigate to root drive C: and delete the qoobox folder
(\qoobox\Quarantine)
this is combofix's quarantine folder which you must have used in the past.
You can make a new restore point, the how and the why;
One of the features of Windows XP,Vista and Windows7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.(creates a new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot
Last are some tips to help you remain malware free:
10 Tips for Reducing/Preventing Your Risk To Malware:
In special order
1) It is essential to keep your OS (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us),(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the auto-update feature. Staying updated is also necessary for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here. (http://secunia.com/vulnerability_scanning/online/)
2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and your then prompted to install software to remedy this. See also the signs (http://www.virusvault.us/signs.html)that you may have malware on your computer.
3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.
4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem.
5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.
6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website?
7) Set up and use limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.*
8) Install and understand the *limitations* of a software firewall.
9) A tool (http://nsslabs.com/general/ie8-hardening-tool.html)for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0, Read the FAQ's.
10) Warez, cracks etc are very popular for carrying all kinds of malware payloads. Using them will cause you all kinds of problems. If you download/install files via p2p (http://www.virusvault.us/p2p.html) networks, then you are also much more likely to encounter malicious code in a downloaded file. Do you really trust the source of the file? Do you really need another malware source?
A longer version in link below.
Happy Safe Surfing.
terminator1315
2010-04-30, 04:13
Do you need a log of the things I just did?
shelf life
2010-04-30, 23:51
No logs needed. Happy Safe Surfing.