System Security infection

View previous topic View next topic Go down

System Security infection

Post by roarbot on 30th June 2009, 3:19 am

Hi, Been reading on how to get rid of this one. Any help will be appreciated. Finally got Hijack this to run, here's the log



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:43 PM, on 6/29/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\15656404\15656404.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\winlogon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: C:\WINDOWS\System32\gsf83iujid.dll - {d76ab2a1-00f3-42bd-f434-00bbc39c8953} - C:\WINDOWS\System32\gsf83iujid.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lixqtuhe] rundll32.exe "C:\Program Files\lixqtuhe\japofmdc.dll",Init
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\vpxsmiln.dll",sitypnow
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld11.exe
O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe
O4 - HKLM\..\Run: [15656404] C:\Documents and Settings\All Users\Application Data\15656404\15656404.exe
O4 - HKCU\..\Run: [Atur] "C:\PROGRA~1\YMBOLS~1\spoolsv.exe" -vt yazb
O4 - HKCU\..\Run: [Unho] "C:\Program Files\Common Files\T?sks\t?skmgr.exe"
O4 - HKCU\..\Run: [Ogqrls] "C:\Documents and Settings\Main\Application Data\?icrosoft.NET\m?iexec.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [] C:\DOCUME~1\Main\LOCALS~1\Temp\adki7zw28.exe
O4 - HKCU\..\Run: [LowRiskFileTypes] C:\WINDOWS\sysguard.exe
O4 - HKCU\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\DOCUME~1\Main\LOCALS~1\Temp\adki7zw28.exe
O4 - HKCU\..\Run: [Windows System Recover!] C:\DOCUME~1\Main\LOCALS~1\Temp\login.exe
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - [You must be registered and logged in to see this link.]
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - [You must be registered and logged in to see this link.]
O20 - Winlogon Notify: ljjgdcc - ljjgdcc.dll (file missing)
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
O20 - Winlogon Notify: winghp32 - winghp32.dll (file missing)
O22 - SharedTaskScheduler: rtasgvfu76ew8ndkfno94 - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\System32\gsf83iujid.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 6083 bytes

Can't get online on desktop, posting from laptop, will check back soon, thanks

roarbot
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-06-30
OS OS : xp pro
Points Points : 27217
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security infection

Post by Belahzur on 30th June 2009, 8:45 am

Hello.

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: C:\WINDOWS\System32\gsf83iujid.dll - {d76ab2a1-00f3-42bd-f434-00bbc39c8953} - C:\WINDOWS\System32\gsf83iujid.dll
    O4 - HKLM\..\Run: [lixqtuhe] rundll32.exe "C:\Program Files\lixqtuhe\japofmdc.dll",Init
    O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\vpxsmiln.dll",sitypnow
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [sysldtray] C:\windows\ld11.exe
    O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe
    O4 - HKLM\..\Run: [15656404] C:\Documents and Settings\All Users\Application Data\15656404\15656404.exe
    O4 - HKCU\..\Run: [Atur] "C:\PROGRA~1\YMBOLS~1\spoolsv.exe" -vt yazb
    O4 - HKCU\..\Run: [Unho] "C:\Program Files\Common Files\T?sks\t?skmgr.exe"
    O4 - HKCU\..\Run: [Ogqrls] "C:\Documents and Settings\Main\Application Data\?icrosoft.NET\m?iexec.exe"
    O4 - HKLM\..\Run: [sysldtray] C:\windows\ld11.exe
    O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe
    O4 - HKLM\..\Run: [15656404] C:\Documents and Settings\All Users\Application Data\15656404\15656404.exe
    O4 - HKCU\..\Run: [Atur] "C:\PROGRA~1\YMBOLS~1\spoolsv.exe" -vt yazb
    O4 - HKCU\..\Run: [Unho] "C:\Program Files\Common Files\T?sks\t?skmgr.exe"
    O4 - HKCU\..\Run: [Ogqrls] "C:\Documents and Settings\Main\Application Data\?icrosoft.NET\m?iexec.exe"
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O20 - Winlogon Notify: ljjgdcc - ljjgdcc.dll (file missing)
    O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing)
    O20 - Winlogon Notify: winghp32 - winghp32.dll (file missing)
    O22 - SharedTaskScheduler: rtasgvfu76ew8ndkfno94 - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\System32\gsf83iujid.dll


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security infection

Post by roarbot on 30th June 2009, 1:50 pm

I was able to get through and run system restore before your reply. I restored to a few weeks ago and was able to run mbam. All looks good now. What programs should I use regularly to prevent this in the future? I used to use AVG but I need another. Can you recommend a plan of care and some free d/l's?
Thanks for the quick reply.

p.s. Do you still want to see a log? If so, from which program?

roarbot
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-06-30
OS OS : xp pro
Points Points : 27217
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security infection

Post by Belahzur on 30th June 2009, 3:46 pm

Hello.
I want a new Hijack This log, because you still only have normal XP without any service pack, that is somewhat suicidal.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security infection

Post by roarbot on 30th June 2009, 4:02 pm

OK,, here's a new log from hijackthis. I can't get the service pack updates, it says my copy of windows is counterfeit. I bought the pc from a small store. Do you think they don't have a license? What are my options?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:09 PM, on 6/30/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Documents and Settings\Main\Application Data\?icrosoft.NET\m?iexec.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {282C8D29-C4DF-4169-8E3F-4C979778D99C} - C:\WINDOWS\System32\geeby.dll (file missing)
O2 - BHO: (no name) - {534A3E28-2B67-5797-55C6-08628A7497AD} - C:\Program Files\Brazhdgr\bxwxsxmp.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lixqtuhe] rundll32.exe "C:\Program Files\lixqtuhe\japofmdc.dll",Init
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\System32\vpxsmiln.dll",sitypnow
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [Atur] "C:\PROGRA~1\YMBOLS~1\spoolsv.exe" -vt yazb
O4 - HKCU\..\Run: [Unho] "C:\Program Files\Common Files\T?sks\t?skmgr.exe"
O4 - HKCU\..\Run: [Ogqrls] "C:\Documents and Settings\Main\Application Data\?icrosoft.NET\m?iexec.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - [You must be registered and logged in to see this link.]
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - [You must be registered and logged in to see this link.]
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 6247 bytes

roarbot
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-06-30
OS OS : xp pro
Points Points : 27217
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security infection

Post by Belahzur on 30th June 2009, 4:13 pm

The updates should at least let you get SP1 before doing anything.
Your system restore somewhat worked and somewhat didn't.

There is less malware than before, but there is still malware present. Sad tearing

Download and run MBAM please.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

Re: System Security infection

Post by roarbot on 30th June 2009, 9:10 pm

Here is the log after second mbam scan:


Malwarebytes' Anti-Malware 1.38
Database version: 2353
Windows 5.1.2600

6/30/2009 5:08:26 PM
mbam-log-2009-06-30 (17-08-26).txt

Scan type: Full Scan (C:\|)
Objects scanned: 117647
Time elapsed: 43 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)



Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Main\Desktop\Real Music Ringtones.url (Rogue.Link) -> Quarantined and deleted successfully.
c:\documents and settings\Main\Desktop\Internet Security Suite.url (Rogue.Link) -> Quarantined and deleted successfully.

roarbot
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-06-30
OS OS : xp pro
Points Points : 27217
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security infection

Post by roarbot on 30th June 2009, 9:11 pm

Could not update windows.
It faulted out twice when loading update installer.

roarbot
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-06-30
OS OS : xp pro
Points Points : 27217
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security infection

Post by Belahzur on 30th June 2009, 9:14 pm

Hello.
It might be worth it buying an actual proper OS, trouble is Microsoft are wanting everyone to use Vista now.

See if you can download and install SP1a from here:
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245121
# Likes # Likes : 1

View user profile

Back to top Go down

system security

Post by jfpoolman1234 on 30th June 2009, 10:07 pm

cant download or run anything, any help?

jfpoolman1234
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-06-30
OS OS : windows xp
Points Points : 27226
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security infection

Post by Origin on 30th June 2009, 10:11 pm

Hello jfpoolman1234, please refrain from posting in other members topics and start your own.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

origin, how do i post my own?

Post by jfpoolman1234 on 30th June 2009, 10:15 pm

how do i post my own?

jfpoolman1234
Novice
Novice

Posts Posts : 14
Joined Joined : 2009-06-30
OS OS : windows xp
Points Points : 27226
# Likes # Likes : 0

View user profile

Back to top Go down

Re: System Security infection

Post by Origin on 30th June 2009, 10:23 pm

Go to this page:

[You must be registered and logged in to see this link.]

and click on the Blue New Topic button


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31533
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum