PDA

View Full Version : Think i have a problem



lisa d
2010-05-11, 21:09
Please help. Kapersky has been finding a alg.exe file and asking me to neutralise, but when i do it crashes the system and returns wehn i reboot. Says there is a missing image file.

DDS log:


DDS (Ver_10-03-17.01) - NTFSX64
Run by Lisa at 19:05:41.05 on 11/05/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.6142.4612 [GMT 1:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\lxdxcoms.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Belkin\F5D7050v5\Belkinwcui.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtblfs.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9Y81E0N3\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.co.uk/
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\syswow64\dvmurl.dll
uURLSearchHooks: InstantDisplay Toolbar: {821b7a96-f0df-4803-808e-e841c9548aa6} - c:\program files (x86)\instantdisplay\tbInst.dll
mURLSearchHooks: InstantDisplay Toolbar: {821b7a96-f0df-4803-808e-e841c9548aa6} - c:\program files (x86)\instantdisplay\tbInst.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files (x86)\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: InstantDisplay Toolbar: {821b7a96-f0df-4803-808e-e841c9548aa6} - c:\program files (x86)\instantdisplay\tbInst.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: InstantDisplay Toolbar: {821b7a96-f0df-4803-808e-e841c9548aa6} - c:\program files (x86)\instantdisplay\tbInst.dll
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
mRun: [Application Layer Gateway] c:\program files (x86)\common files\alg.exe
mRun: [AVP] "c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files (x86)\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\belkin~1.lnk - c:\program files (x86)\belkin\f5d7050v5\Belkinwcui.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files (x86)\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files (x86)\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files (x86)\bitcomet\BitComet.exe/AddAllLink.htm
IE: Add to Anti-Banner - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files (x86)\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~3\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~3\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40250.3916550926
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: c:\progra~2\kasper~1\kasper~1\mzvkbd.dll,c:\progra~2\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~2\kasper~1\kasper~1\sbhook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\x64\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg64.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\x64\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {821B7A96-F0DF-4803-808E-E841C9548AA6} - No File
mRun-x64: [Skytel] Skytel.exe
AppInit_DLLs-X64: c:\progra~2\kasper~1\kasper~1\x64\sbhook64.dll,c:\progra~2\kasper~1\kasper~1\x64\kloehk.dll

============= SERVICES / DRIVERS ===============

R0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 40464]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-11-3 27152]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 59904]
R2 AVP;Kaspersky Internet Security;c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340456]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x64.sys [2009-12-22 19432]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-1-7 1153368]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 21008]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-3-2 187392]
R3 RTL8187B;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-11-5 446976]
S2 GEST Service;GEST Service for program management.;c:\program files (x86)\gigabyte\energysaver\GSvr.exe [2009-12-16 68136]
S3 AODDriver;AODDriver;c:\program files (x86)\gigabyte\et6\amd64\AODDriver.sys [2009-2-23 14904]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2009-12-22 25640]
S3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2009-12-22 30528]

=============== Created Last 30 ================

2010-05-08 07:16:50 16896 --sha-w- c:\users\lisa\Thumbs.db
2010-04-30 14:06:40 0 d-----w- c:\program files\iTunes
2010-04-30 14:06:40 0 d-----w- c:\program files\iPod
2010-04-30 14:06:40 0 d-----w- c:\program files (x86)\iTunes
2010-04-30 14:05:27 0 d-----w- c:\program files\Bonjour
2010-04-30 14:05:27 0 d-----w- c:\program files (x86)\Bonjour
2010-04-28 16:18:49 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-28 16:18:47 96768 ----a-w- c:\windows\syswow64\sspicli.dll
2010-04-28 16:18:47 22016 ----a-w- c:\windows\syswow64\secur32.dll
2010-04-28 16:18:47 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 16:18:47 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-28 16:18:47 12867072 ----a-w- c:\windows\syswow64\shell32.dll
2010-04-19 16:38:05 0 d-----w- c:\programdata\Sun
2010-04-19 16:37:47 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-04-19 16:37:47 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-04-19 16:37:47 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-04-19 16:37:47 145184 ----a-w- c:\windows\syswow64\java.exe
2010-04-14 13:36:08 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 13:36:08 427520 ----a-w- c:\windows\syswow64\vbscript.dll
2010-04-14 13:36:07 286720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 13:36:07 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 13:36:07 125952 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 13:36:05 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 13:36:05 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-04-14 13:36:05 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-04-14 13:34:21 139264 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 13:34:21 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-04-14 13:34:20 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-04-14 13:34:20 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-04-12 16:05:18 27288 ----a-w- C:\lxceUNST.csv

==================== Find3M ====================

2010-05-11 17:53:21 24072 ----a-w- c:\windows\gdrv.sys
2010-05-06 09:36:38 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-05 06:34:49 149773 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-05 06:34:49 106765 ----a-w- c:\windows\system32\drivers\klick.dat
2010-04-08 12:33:00 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:33:00 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-08 12:20:02 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-04-08 12:20:02 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 08:16:17 294912 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-23 07:56:00 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll
2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll
2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2009-10-18 21:39:33 33889 ----a-w- c:\program files (x86)\common files\alg.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-27 17:07:38 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-23 12:58:36 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-23 12:58:47 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-07-14 04:55:03 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 19:06:36.18 ===============


All assistance appreciated.
Thanks
Lisa

shelf life
2010-05-16, 04:12
hi,

Your log is a few days old. If you still need help simply reply to my post.

lisa d
2010-05-19, 21:41
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 16/12/2009 12:34:38
System Uptime: 19/05/2010 19:18:22 (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | EX58-UD3R
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | Socket 1366 | 2234/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 932 GiB total, 875.939 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP96: 19/04/2010 16:55:43 - Windows Update
RP97: 19/04/2010 17:37:21 - Installed Java(TM) 6 Update 20
RP98: 20/04/2010 16:55:19 - Windows Update
RP99: 22/04/2010 16:51:26 - Windows Update
RP100: 26/04/2010 17:06:35 - Windows Update
RP101: 28/04/2010 18:31:45 - Windows Update
RP102: 29/04/2010 20:14:39 - Windows Update
RP103: 04/05/2010 16:56:30 - Windows Update
RP104: 06/05/2010 16:49:54 - Windows Update
RP105: 10/05/2010 16:47:14 - Windows Update
RP106: 11/05/2010 19:31:02 - Windows Update
RP107: 13/05/2010 16:55:22 - Windows Update
RP108: 17/05/2010 16:53:16 - Windows Update
RP109: 18/05/2010 19:01:03 - Removed Apple Mobile Device Support
RP110: 18/05/2010 19:02:23 - Removed MobileMe Control Panel

==== Installed Programs ======================

@BIOS Ver.2.07
Acrobat.com
Activation (Nero 9)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.2
Advertising Center
Apple Application Support
Apple Software Update
ASUS nVidia Driver
µTorrent
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Belkin Wireless G USB Adapter Driver
BitComet 1.17
Browser Configuration Utility
dBpoweramp [Arrange Audio] Codec
dBpoweramp [Audio Info] Codec
dBpoweramp [Channel Split] Codec
dBpoweramp [ID Tag Update] Codec
dBpoweramp [Length Split] Codec
dBpoweramp [Multi Encoder] Codec
dBpoweramp [ReplayGain] Codec
dBpoweramp [Tag From Filename] Codec
dBpoweramp DSP Effects
dBpoweramp Music Converter
DolbyFiles
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy Tune 6 B09.1120.1
Energy Saver Advance B8.1208.1
Gigabyte Raid Configurer
Google Toolbar for Internet Explorer
ImagXpress
Java Auto Updater
Java(TM) 6 Update 20
Kaspersky Internet Security 2010
Literacy Activity Builder (Standalone)
Menu Templates - Starter Kit
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Movie Templates - Starter Kit
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero BurningROM
Nero ControlCenter
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero Express
Nero Installer
Nero Recode
Nero Recode Help
Nero StartSmart
Nero StartSmart Help
NeroBurningROM
NeroExpress
neroxml
Numeracy Activity Builder (Stand-alone)
NVIDIA PhysX
QuickTime
Science Activity Builder (Stand-alone)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
TaskMagic
The Sims™ 3
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb981726)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Upload Tool

==== Event Viewer Messages From Past Week ========

18/05/2010 19:51:46, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32.
18/05/2010 19:49:43, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Lisa-PC\Lisa SID (S-1-5-21-2076918115-262745603-1481856775-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
18/05/2010 19:49:42, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Lisa-PC\Lisa SID (S-1-5-21-2076918115-262745603-1481856775-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
18/05/2010 19:01:36, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================

shelf life
2010-05-20, 01:21
hi,

alg.exe is a legit Windows service. Kapersky is still flagging it on a scan? I wouldnt have Kapersky attempt to remove it for now anyway. Maybe you can have it ignore it or add a exception to it.

does it (alg.exe) only get flagged on a scan of your computer or is it coming up as a pop-up or other message at random times?
------------------------------
You can also download Malwarebytes to keep and use:

Please download Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
-------------------------------
Other than the alg.exe problem are you having any signs (http://www.virusvault.us/signs.html)of malware?

lisa d
2010-05-20, 19:17
no other sings of malware except for what comes up. Thanks. will try malwarebytes next.

shelf life
2010-05-21, 00:27
Can you find alg.exe in the system32 directory? (C:/Windows/system 32)
If so you can go to the link below, browse for the file on your computer then upload it using the send file button:

http://www.bleepingcomputer.com/submit-malware.php?channel=67

lisa d
2010-05-24, 22:37
is it just ALG in list? ythere is no obvious ALG.exe

Kaspersky recently picked up 11/05/2010 19:24:12 Detected: Trojan-Spy.MSIL.Agent.bex C:\Program Files (x86)\Common Files\alg.exe

Dont know if this helps.
Will try your link
THanks

shelf life
2010-05-25, 00:34
hi,

The correct alg.exe is in the C:/Windows/system 32 directory.

Note the path to the one Kapersky is finding:

C:\Program Files (x86)\Common Files\alg.exe
this isnt the correct location for alg.exe and is most likely malware.

You can navigate there and upload the file to me as explained above if you can find it. To help show all files you might follow the directions at this link first:

http://www.bleepingcomputer.com/tutorials/tutorial151.html

Once you have it uploaded you can delete it from the common files folder on your computer.

tashi
2010-06-07, 19:21
lisa d this thread has been closed due to inactivity. As it has been four days or more since your last post, it will not be re-opened.

If you still require help, please start a new topic and include a DDS log with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.