GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Resident Shield Alert

View previous topic View next topic Go down

Resident Shield Alert

Post by captainsherlock on Wed Oct 28, 2009 10:12 am

Hello,

This keeps popping up on my screen (resident shield alert), attempting to scam me into paying for a service to remove an infection.

As suggested here is the HijackThis result, can you help?? Let me think

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07:53, on 28/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\restorer64_a.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Mark\restorer64_a.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe cpcp.cpo bef0regiiav
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [restorer64_a] C:\Documents and Settings\Mark\restorer64_a.exe
O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\Mark\Application Data\svcst.exe
O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\Mark\Application Data\svcst.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9250 bytes

captainsherlock
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-10-28
OS : xp
Points : 25945
# Likes : 0

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by Belahzur on Wed Oct 28, 2009 5:19 pm

Hello.

  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe cpcp.cpo bef0regiiav
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
    O4 - HKLM\..\Run: [restorer64_a] C:\WINDOWS\system32\restorer64_a.exe
    O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [restorer64_a] C:\Documents and Settings\Mark\restorer64_a.exe
    O4 - HKCU\..\Run: [mserv] C:\Documents and Settings\Mark\Application Data\svcst.exe
    O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\Mark\Application Data\svcst.exe


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Virus

Post by captainsherlock on Thu Oct 29, 2009 5:54 am

Hello,

Is is the log as requested, many thanks again! Smile

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

23/10/2009 16:20:14
mbam-log-2009-10-23 (16-20-14).txt

Scan type: Quick Scan
Objects scanned: 106348
Time elapsed: 44 minute(s), 2 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 9
Registry Data Items Infected: 4
Folders Infected: 4
Files Infected: 25

Memory Processes Infected:
C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\89467943 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\promoreg (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Antivirus Pro 2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe cpcp.cpo bef0regiiav) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\89467943 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\89467943\89467943.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Local Settings\Temp\TMP19.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\adwarealert.exe (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\DataBaseNew.ref (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\Log\log_2007_01_16_18_08_00.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\Log\log_2007_01_16_18_08_02.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\Log\log_2007_01_16_18_37_28.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\Log\log_2007_01_16_18_38_22.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\Settings\CustomScan.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\Settings\IgnoreList.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\Settings\ScanInfo.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\Settings\ScanResults.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\Settings\SelectedFolders.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Program Files\AdwareAlert\Settings\Settings.stg (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\bygytete.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Local Settings\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Local Settings\Temp\tmpwr2 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Local Settings\Temp\tmpwr3 (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv401255562528.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv591255137485.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Cookies\ewyterywyq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tonya\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mark\Application Data\svcst.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

captainsherlock
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-10-28
OS : xp
Points : 25945
# Likes : 0

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by Belahzur on Thu Oct 29, 2009 1:31 pm

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by captainsherlock on Fri Oct 30, 2009 6:08 am

Hello, Nothing detected, here is the note pad copy:

Many thanks..



Malwarebytes' Anti-Malware 1.41
Database version: 3059
Windows 5.1.2600 Service Pack 3

30/10/2009 10:06:48
mbam-log-2009-10-30 (10-06-48).txt

Scan type: Quick Scan
Objects scanned: 112470
Time elapsed: 50 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Thank You! Thank You! Thank You! Thank You! Bow or Thanks :smile2: :smile2: :smile2:

captainsherlock
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-10-28
OS : xp
Points : 25945
# Likes : 0

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by Belahzur on Fri Oct 30, 2009 4:45 pm

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by captainsherlock on Wed Nov 04, 2009 6:57 am

Hello,

As requested please find the relevant logs. Can i also check - would it be unwise to undertake any on-line banking etc whilst i still have this virus?

Many thanks.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 18/09/2006 19:08:23
System Uptime: 11/04/2009 11:40:35 (4968 hours ago)

Motherboard: Dell Inc. | | 0RJ272
Processor: Intel(R) Pentium(R) M processor 1.60GHz | Microprocessor | 598/133mhz

==== Disk Partitions =========================

C: is fȋxed (NTFS) - 71 GiB total, 55.704 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP207: 10/08/2009 11:25:21 - System Checkpoint
RP208: 12/08/2009 08:35:37 - Software Distribution Service 3.0
RP209: 12/08/2009 10:12:27 - Software Distribution Service 3.0
RP210: 13/08/2009 11:02:58 - Installed Java(TM) 6 Update 15
RP211: 14/08/2009 18:27:01 - System Checkpoint
RP212: 16/08/2009 09:35:31 - System Checkpoint
RP213: 16/08/2009 09:52:32 - Avg8 Update
RP214: 16/08/2009 09:54:13 - Avg8 Update
RP215: 25/08/2009 08:59:52 - System Checkpoint
RP216: 26/08/2009 15:50:29 - Software Distribution Service 3.0
RP217: 29/08/2009 13:17:04 - System Checkpoint
RP218: 31/08/2009 08:55:55 - System Checkpoint
RP219: 02/09/2009 12:57:36 - System Checkpoint
RP220: 05/09/2009 13:41:48 - System Checkpoint
RP221: 08/09/2009 20:10:11 - Software Distribution Service 3.0
RP222: 10/09/2009 19:18:38 - System Checkpoint
RP223: 11/09/2009 11:13:38 - Installed Compatibility Pack for the 2007 Office system
RP224: 16/09/2009 08:20:53 - System Checkpoint
RP225: 19/09/2009 09:24:52 - System Checkpoint
RP226: 22/09/2009 09:20:52 - System Checkpoint
RP227: 27/09/2009 16:09:24 - System Checkpoint
RP228: 29/09/2009 10:52:31 - System Checkpoint
RP229: 01/10/2009 19:08:12 - System Checkpoint
RP230: 05/10/2009 12:47:25 - System Checkpoint
RP231: 06/10/2009 10:43:29 - Avg8 Update
RP232: 06/10/2009 10:44:50 - Avg8 Update
RP233: 08/10/2009 08:09:11 - Avg8 Update
RP234: 13/10/2009 10:37:58 - System Checkpoint
RP235: 14/10/2009 17:20:57 - System Checkpoint
RP236: 14/10/2009 21:03:36 - Software Distribution Service 3.0
RP237: 16/10/2009 20:25:15 - Avg8 Update
RP238: 20/10/2009 09:38:23 - System Checkpoint
RP239: 21/10/2009 21:11:23 - System Checkpoint
RP240: 22/10/2009 08:24:43 - Avg8 Update
RP241: 23/10/2009 10:07:53 - System Checkpoint
RP242: 28/10/2009 10:48:26 - System Checkpoint
RP243: 30/10/2009 09:44:05 - System Checkpoint
RP244: 01/11/2009 16:49:32 - System Checkpoint
RP245: 03/11/2009 08:42:49 - Avg8 Update
RP246: 04/11/2009 09:11:08 - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.8
ARTEuro
AVG Free 8.5
Broadcom Management Programs
Canon iP4300
Canon iP4300 User Registration
Canon Setup Utility 2.3
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CD-LabelPrint
CinepPlayer 30 Update
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro X
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Driver Reset Tool
Dell Media Experience
Dell Network Assistant
Dell Support 3.2
Dell System Restore
Dell Wireless WLAN Card
Digital Line Detect
Easy-WebPrint
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Graphics Media Accelerator Driver for Mobile
Java(TM) 6 Update 15
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
MCU
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Modem Helper
Motorola Driver Installation
Motorola Phone Tools
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NetWaiting
OpenOffice.org Installer 1.0
QuickSet
QuickTime
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sonic Activation Module
Sonic Update Manager
Synaptics Pointing Device Driver
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
Wanadoo UK
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

30/10/2009 11:05:35, error: NetBT [4321] - The name "THOMSON :0" could not be registered on the Interface with IP address 192.168.1.64. The machine with the IP address 192.168.1.253 did not allow the name to be claimed by this machine.
03/11/2009 11:52:42, error: Print [6161] - The document Microsoft Word - All Souls Reflection.doc owned by Tonya failed to print on printer Canon iP4300. Data type: NT EMF 1.008. Size of the spool file in bytes: 132424. Number of bytes printed: 61324. Total number of pages in the document: 5. Number of pages printed: 0. Client machine: \\NIXONS. Win32 error code returned by the print processor: 13 (0xd).

==== End Of File ===========================





DDS (Ver_09-10-26.01) - NTFSx86
Run by Mark at 11:51:16.95 on 04/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.522 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Mark\My Documents\Downloads\dds.scr
C:\Documents and Settings\Mark\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\mark\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [Easy-PrintToolBox] c:\program files\canon\easy-printtoolbox\BJPSMAIN.EXE /logon
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-5 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-5 297752]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]

=============== Created Last 30 ================

2009-10-28 13:28:06 0 d-----w- c:\documents and settings\mark\.SunDownloadManager
2009-10-27 18:57:02 0 d-----w- c:\program files\Trend Micro
2009-10-27 18:22:04 18886 ----a-w- c:\docume~1\alluse~1\applic~1\ybepewep.bin
2009-10-27 18:22:04 17544 ----a-w- c:\windows\eqedakoly.bin
2009-10-27 18:22:04 17535 ----a-w- c:\windows\system32\dulenacys._sy
2009-10-27 18:22:04 16122 ----a-w- c:\windows\pyhefen.lib
2009-10-27 18:22:04 15648 ----a-w- c:\docume~1\alluse~1\applic~1\oxyrok.com
2009-10-27 18:22:04 14613 ----a-w- c:\windows\idub._sy
2009-10-27 18:22:04 14074 ----a-w- c:\windows\system32\isakel._dl
2009-10-27 18:22:04 13774 ----a-w- c:\windows\system32\jevemi.vbs
2009-10-27 18:22:04 13186 ----a-w- c:\program files\common files\alilog.reg
2009-10-27 18:22:04 12132 ----a-w- c:\windows\codapowut.lib
2009-10-23 14:33:07 0 d-----w- c:\docume~1\mark\applic~1\Malwarebytes
2009-10-23 14:33:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-23 14:33:00 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-23 14:33:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 14:33:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-23 10:12:26 94112 ----a-w- c:\windows\system32\dllcache\agp440.sys
2009-10-23 07:54:26 14947 ----a-w- c:\windows\system32\ihogi._dl
2009-10-23 07:54:26 13661 ----a-w- c:\windows\wutoxa.dl
2009-10-23 07:54:26 12785 ----a-w- c:\docume~1\alluse~1\applic~1\xyme.exe
2009-10-23 07:54:26 10885 ----a-w- c:\windows\system32\lyqisyr.reg
2009-10-23 07:54:25 18988 ----a-w- c:\docume~1\alluse~1\applic~1\lafubunur.pif
2009-10-23 07:54:25 17123 ----a-w- c:\docume~1\alluse~1\applic~1\ecykaboty.dll
2009-10-23 07:54:25 15872 ----a-w- c:\program files\common files\name.exe
2009-10-23 07:54:25 15264 ----a-w- c:\docume~1\mark\applic~1\wecevynyre.bin
2009-10-23 07:54:25 15031 ----a-w- c:\program files\common files\diwibot.dat
2009-10-23 07:54:25 14616 ----a-w- c:\windows\lyjironusa.ban
2009-10-23 07:54:25 12699 ----a-w- c:\windows\system32\cezenutuvi.lib
2009-10-23 07:54:25 12110 ----a-w- c:\windows\atalezanuv.lib
2009-10-23 07:54:25 11523 ----a-w- c:\program files\common files\widydetevy.scr
2009-10-22 22:04:49 19670 ----a-w- c:\windows\eweg.dl
2009-10-22 22:04:49 17555 ----a-w- c:\windows\ecedykyt.exe
2009-10-22 22:04:49 15791 ----a-w- c:\windows\system32\ytobu.reg
2009-10-22 22:04:49 15472 ----a-w- c:\windows\acyka.scr
2009-10-22 22:04:49 15223 ----a-w- c:\program files\common files\cere.pif
2009-10-22 22:04:49 15084 ----a-w- c:\windows\yqyve.bat
2009-10-22 22:04:49 14588 ----a-w- c:\windows\system32\ibyv.dl
2009-10-22 22:04:49 14387 ----a-w- c:\windows\system32\byxuwew.bat
2009-10-22 22:04:49 14299 ----a-w- c:\windows\system32\uwesiwegok.dl
2009-10-22 22:04:49 13425 ----a-w- c:\windows\waca.db
2009-10-22 22:04:49 13284 ----a-w- c:\docume~1\alluse~1\applic~1\xifagyruf.com
2009-10-22 22:04:49 12308 ----a-w- c:\windows\zysokevi.db
2009-10-22 22:04:49 10452 ----a-w- c:\windows\bakik.dat
2009-10-22 21:21:26 0 d-----w- c:\program files\WinPcap
2009-10-22 21:14:13 19130 ----a-w- c:\docume~1\mark\applic~1\ifesuruve.dat
2009-10-22 21:14:13 17755 ----a-w- c:\program files\common files\yfomoruzus.exe
2009-10-22 21:14:12 19047 ----a-w- c:\windows\system32\ikolav.reg
2009-10-22 21:14:12 18040 ----a-w- c:\windows\system32\rujise.sys
2009-10-22 21:14:12 16099 ----a-w- c:\windows\system32\sugulyva.dll
2009-10-22 21:14:12 14241 ----a-w- c:\windows\system32\ejyvo.bat
2009-10-22 21:14:12 13927 ----a-w- c:\docume~1\alluse~1\applic~1\huxyvu.scr
2009-10-22 21:14:12 13557 ----a-w- c:\program files\common files\oqecesalax.reg
2009-10-22 21:14:12 11153 ----a-w- c:\docume~1\mark\applic~1\kyqyt.dll
2009-10-22 17:11:24 18120 ----a-w- c:\windows\upere.db
2009-10-22 17:11:24 17958 ----a-w- c:\windows\hamag.ban
2009-10-22 17:11:24 17880 ----a-w- c:\windows\ekopoz.vbs
2009-10-22 17:11:24 17779 ----a-w- c:\windows\gizoki.ban
2009-10-22 17:11:24 17551 ----a-w- c:\windows\wifu.vbs
2009-10-22 17:11:24 17064 ----a-w- c:\windows\ysuzuc.vbs
2009-10-22 17:11:24 16196 ----a-w- c:\docume~1\alluse~1\applic~1\vemewaloxo.dat
2009-10-22 17:11:24 10976 ----a-w- c:\program files\common files\eroti.bat

==================== Find3M ====================

2009-10-29 08:15:34 94112 ----a-w- c:\windows\system32\drivers\agp440.sys
2009-10-27 18:22:04 12303 ----a-w- c:\program files\common files\uvateco.lib
2009-10-27 18:22:04 10654 ----a-w- c:\program files\common files\rujiren.db
2009-10-22 17:11:24 19728 ----a-w- c:\program files\common files\aser._dl
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:35:52 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-08-16 08:53:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2007-09-11 17:57:13 88 --sh--r- c:\windows\system32\FCA1D7A9B6.sys
2007-09-11 17:57:19 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-10-20 14:17:26 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102020081021\index.dat

============= FINISH: 11:51:37.95 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 18/09/2006 19:08:23
System Uptime: 11/04/2009 11:40:35 (4968 hours ago)

Motherboard: Dell Inc. | | 0RJ272
Processor: Intel(R) Pentium(R) M processor 1.60GHz | Microprocessor | 598/133mhz

==== Disk Partitions =========================

C: is fȋxed (NTFS) - 71 GiB total, 55.703 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP207: 10/08/2009 11:25:21 - System Checkpoint
RP208: 12/08/2009 08:35:37 - Software Distribution Service 3.0
RP209: 12/08/2009 10:12:27 - Software Distribution Service 3.0
RP210: 13/08/2009 11:02:58 - Installed Java(TM) 6 Update 15
RP211: 14/08/2009 18:27:01 - System Checkpoint
RP212: 16/08/2009 09:35:31 - System Checkpoint
RP213: 16/08/2009 09:52:32 - Avg8 Update
RP214: 16/08/2009 09:54:13 - Avg8 Update
RP215: 25/08/2009 08:59:52 - System Checkpoint
RP216: 26/08/2009 15:50:29 - Software Distribution Service 3.0
RP217: 29/08/2009 13:17:04 - System Checkpoint
RP218: 31/08/2009 08:55:55 - System Checkpoint
RP219: 02/09/2009 12:57:36 - System Checkpoint
RP220: 05/09/2009 13:41:48 - System Checkpoint
RP221: 08/09/2009 20:10:11 - Software Distribution Service 3.0
RP222: 10/09/2009 19:18:38 - System Checkpoint
RP223: 11/09/2009 11:13:38 - Installed Compatibility Pack for the 2007 Office system
RP224: 16/09/2009 08:20:53 - System Checkpoint
RP225: 19/09/2009 09:24:52 - System Checkpoint
RP226: 22/09/2009 09:20:52 - System Checkpoint
RP227: 27/09/2009 16:09:24 - System Checkpoint
RP228: 29/09/2009 10:52:31 - System Checkpoint
RP229: 01/10/2009 19:08:12 - System Checkpoint
RP230: 05/10/2009 12:47:25 - System Checkpoint
RP231: 06/10/2009 10:43:29 - Avg8 Update
RP232: 06/10/2009 10:44:50 - Avg8 Update
RP233: 08/10/2009 08:09:11 - Avg8 Update
RP234: 13/10/2009 10:37:58 - System Checkpoint
RP235: 14/10/2009 17:20:57 - System Checkpoint
RP236: 14/10/2009 21:03:36 - Software Distribution Service 3.0
RP237: 16/10/2009 20:25:15 - Avg8 Update
RP238: 20/10/2009 09:38:23 - System Checkpoint
RP239: 21/10/2009 21:11:23 - System Checkpoint
RP240: 22/10/2009 08:24:43 - Avg8 Update
RP241: 23/10/2009 10:07:53 - System Checkpoint
RP242: 28/10/2009 10:48:26 - System Checkpoint
RP243: 30/10/2009 09:44:05 - System Checkpoint
RP244: 01/11/2009 16:49:32 - System Checkpoint
RP245: 03/11/2009 08:42:49 - Avg8 Update
RP246: 04/11/2009 09:11:08 - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.8
ARTEuro
AVG Free 8.5
Broadcom Management Programs
Canon iP4300
Canon iP4300 User Registration
Canon Setup Utility 2.3
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CD-LabelPrint
CinepPlayer 30 Update
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro X
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Driver Reset Tool
Dell Media Experience
Dell Network Assistant
Dell Support 3.2
Dell System Restore
Dell Wireless WLAN Card
Digital Line Detect
Easy-WebPrint
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Graphics Media Accelerator Driver for Mobile
Java(TM) 6 Update 15
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
MCU
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Modem Helper
Motorola Driver Installation
Motorola Phone Tools
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NetWaiting
OpenOffice.org Installer 1.0
QuickSet
QuickTime
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sonic Activation Module
Sonic Update Manager
Synaptics Pointing Device Driver
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Viewpoint Media Player
Wanadoo UK
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

30/10/2009 11:05:35, error: NetBT [4321] - The name "THOMSON :0" could not be registered on the Interface with IP address 192.168.1.64. The machine with the IP address 192.168.1.253 did not allow the name to be claimed by this machine.
03/11/2009 11:52:42, error: Print [6161] - The document Microsoft Word - All Souls Reflection.doc owned by Tonya failed to print on printer Canon iP4300. Data type: NT EMF 1.008. Size of the spool file in bytes: 132424. Number of bytes printed: 61324. Total number of pages in the document: 5. Number of pages printed: 0. Client machine: \\NIXONS. Win32 error code returned by the print processor: 13 (0xd).

==== End Of File ===========================

captainsherlock
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-10-28
OS : xp
Points : 25945
# Likes : 0

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by Belahzur on Wed Nov 04, 2009 7:40 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 15
    Viewpoint Media Player

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\docume~1\alluse~1\applic~1\ybepewep.bin
    c:\windows\eqedakoly.bin
    c:\windows\system32\dulenacys._sy
    c:\windows\pyhefen.lib
    c:\docume~1\alluse~1\applic~1\oxyrok.com
    c:\windows\idub._sy
    c:\windows\system32\isakel._dl
    c:\windows\system32\jevemi.vbs
    c:\program files\common files\alilog.reg
    c:\windows\codapowut.lib
    c:\windows\system32\ihogi._dl
    c:\windows\wutoxa.dl
    c:\docume~1\alluse~1\applic~1\xyme.exe
    c:\windows\system32\lyqisyr.reg
    c:\docume~1\alluse~1\applic~1\lafubunur.pif
    c:\docume~1\alluse~1\applic~1\ecykaboty.dll
    c:\program files\common files\name.exe
    c:\docume~1\mark\applic~1\wecevynyre.bin
    c:\program files\common files\diwibot.dat
    c:\windows\lyjironusa.ban
    c:\windows\system32\cezenutuvi.lib
    c:\windows\atalezanuv.lib
    c:\program files\common files\widydetevy.scr
    c:\windows\eweg.dl
    c:\windows\ecedykyt.exe
    c:\windows\system32\ytobu.reg
    c:\windows\acyka.scr
    c:\program files\common files\cere.pif
    c:\windows\yqyve.bat
    c:\windows\system32\ibyv.dl
    c:\windows\system32\byxuwew.bat
    c:\windows\system32\uwesiwegok.dl
    c:\windows\waca.db
    c:\docume~1\alluse~1\applic~1\xifagyruf.com
    c:\windows\zysokevi.db
    c:\windows\bakik.dat
    c:\program files\WinPcap
    c:\docume~1\mark\applic~1\ifesuruve.dat
    c:\program files\common files\yfomoruzus.exe
    c:\windows\system32\ikolav.reg
    c:\windows\system32\rujise.sys
    c:\windows\system32\sugulyva.dll
    c:\windows\system32\ejyvo.bat
    c:\docume~1\alluse~1\applic~1\huxyvu.scr
    c:\program files\common files\oqecesalax.reg
    c:\docume~1\mark\applic~1\kyqyt.dll
    c:\windows\upere.db
    c:\windows\hamag.ban
    c:\windows\ekopoz.vbs
    c:\windows\gizoki.ban
    c:\windows\wifu.vbs
    c:\windows\ysuzuc.vbs
    c:\docume~1\alluse~1\applic~1\vemewaloxo.dat
    c:\program files\common files\eroti.bat
    c:\program files\common files\uvateco.lib
    c:\program files\common files\rujiren.db
    c:\program files\common files\aser._dl


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by captainsherlock on Thu Nov 05, 2009 4:08 am

Hello,

Please find the results below. Many thanks.

========== FILES ==========
c:\docume~1\alluse~1\applic~1\ybepewep.bin moved successfully.
c:\windows\eqedakoly.bin moved successfully.
c:\windows\system32\dulenacys._sy moved successfully.
c:\windows\pyhefen.lib moved successfully.
c:\docume~1\alluse~1\applic~1\oxyrok.com moved successfully.
c:\windows\idub._sy moved successfully.
c:\windows\system32\isakel._dl moved successfully.
c:\windows\system32\jevemi.vbs moved successfully.
c:\program files\common files\alilog.reg moved successfully.
c:\windows\codapowut.lib moved successfully.
c:\windows\system32\ihogi._dl moved successfully.
c:\windows\wutoxa.dl moved successfully.
c:\docume~1\alluse~1\applic~1\xyme.exe moved successfully.
c:\windows\system32\lyqisyr.reg moved successfully.
c:\docume~1\alluse~1\applic~1\lafubunur.pif moved successfully.
LoadLibrary failed for c:\docume~1\alluse~1\applic~1\ecykaboty.dll
c:\docume~1\alluse~1\applic~1\ecykaboty.dll NOT unregistered.
c:\docume~1\alluse~1\applic~1\ecykaboty.dll moved successfully.
c:\program files\common files\name.exe moved successfully.
c:\docume~1\mark\applic~1\wecevynyre.bin moved successfully.
c:\program files\common files\diwibot.dat moved successfully.
c:\windows\lyjironusa.ban moved successfully.
c:\windows\system32\cezenutuvi.lib moved successfully.
c:\windows\atalezanuv.lib moved successfully.
c:\program files\common files\widydetevy.scr moved successfully.
c:\windows\eweg.dl moved successfully.
c:\windows\ecedykyt.exe moved successfully.
c:\windows\system32\ytobu.reg moved successfully.
c:\windows\acyka.scr moved successfully.
c:\program files\common files\cere.pif moved successfully.
c:\windows\yqyve.bat moved successfully.
c:\windows\system32\ibyv.dl moved successfully.
c:\windows\system32\byxuwew.bat moved successfully.
c:\windows\system32\uwesiwegok.dl moved successfully.
c:\windows\waca.db moved successfully.
c:\docume~1\alluse~1\applic~1\xifagyruf.com moved successfully.
c:\windows\zysokevi.db moved successfully.
c:\windows\bakik.dat moved successfully.
c:\program files\WinPcap moved successfully.
c:\docume~1\mark\applic~1\ifesuruve.dat moved successfully.
c:\program files\common files\yfomoruzus.exe moved successfully.
c:\windows\system32\ikolav.reg moved successfully.
c:\windows\system32\rujise.sys moved successfully.
LoadLibrary failed for c:\windows\system32\sugulyva.dll
c:\windows\system32\sugulyva.dll NOT unregistered.
c:\windows\system32\sugulyva.dll moved successfully.
c:\windows\system32\ejyvo.bat moved successfully.
c:\docume~1\alluse~1\applic~1\huxyvu.scr moved successfully.
c:\program files\common files\oqecesalax.reg moved successfully.
LoadLibrary failed for c:\docume~1\mark\applic~1\kyqyt.dll
c:\docume~1\mark\applic~1\kyqyt.dll NOT unregistered.
c:\docume~1\mark\applic~1\kyqyt.dll moved successfully.
c:\windows\upere.db moved successfully.
c:\windows\hamag.ban moved successfully.
c:\windows\ekopoz.vbs moved successfully.
c:\windows\gizoki.ban moved successfully.
c:\windows\wifu.vbs moved successfully.
c:\windows\ysuzuc.vbs moved successfully.
c:\docume~1\alluse~1\applic~1\vemewaloxo.dat moved successfully.
c:\program files\common files\eroti.bat moved successfully.
c:\program files\common files\uvateco.lib moved successfully.
c:\program files\common files\rujiren.db moved successfully.
c:\program files\common files\aser._dl moved successfully.

OTM by OldTimer - Version 3.0.0.6 log created on 11052009_090459

captainsherlock
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-10-28
OS : xp
Points : 25945
# Likes : 0

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by Belahzur on Thu Nov 05, 2009 4:53 pm

We can remove OTMoveIt now.

  • Please double-click OTM.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by captainsherlock on Fri Nov 06, 2009 11:12 am

Hello, The computer is running fine however the virus 'Windows security alert' with red shield with white cross, is still on my tool bar and pops up on occasion. Also i had 15 rogue e-mails in the last 20 hours which has never happened before?

Can i ask would you avoid on line banking transactions etc at this stage?

Many thanks.

:smile2: :smile2:

captainsherlock
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-10-28
OS : xp
Points : 25945
# Likes : 0

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by captainsherlock on Sat Nov 07, 2009 12:48 pm

Update: i am now taking on board approx 120 rogue e-mails every day?!

captainsherlock
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-10-28
OS : xp
Points : 25945
# Likes : 0

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by Dr Jay on Sat Nov 07, 2009 4:08 pm

Please download avast! ANTIROOTKIT from [You must be registered and logged in to see this link.] and save it to your Desktop.

Note: to prevent false positives, please quit all running programs before starting the scan!
  • Double-click on aswar.exe to start the program.
  • Click Show Scan Options.
  • Make sure the following checkboxes have checkmarks in them: hȋdden Files and Directories, hȋdden Services and Drivers, hȋdden Registry Keys and Values, hȋdden Processes, Log all scanned items.
  • Click the big Scan Now! button.
  • Click View scan log. Please post the contents of that log in your next reply. If the scan log will not launch, please tell me.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Administrator
Administrator

Status :
Online
Offline

Posts : 13705
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro
Points : 144815
# Likes : 10

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by captainsherlock on Sun Nov 08, 2009 2:15 pm

Hello, The scan log is too long and thus will not copy and paste, any ideas? Many thanks. Smile

captainsherlock
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-10-28
OS : xp
Points : 25945
# Likes : 0

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by Belahzur on Sun Nov 08, 2009 3:45 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by captainsherlock on Tue Nov 10, 2009 1:33 pm

Hello, the thread is broken, any ideas?
Thank you

captainsherlock
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-10-28
OS : xp
Points : 25945
# Likes : 0

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by Belahzur on Tue Nov 10, 2009 2:50 pm

Hello.
Is it saying message too long? it's just a forum limit, break the log up into more than one post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by captainsherlock on Wed Nov 11, 2009 2:47 pm

Hello, all working now, here is the report:

ComboFix 09-11-11.02 - Mark 11/11/2009 19:31.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.584 [GMT 0:00]
Running from: c:\documents and settings\Mark\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\nabexaq.ban
c:\documents and settings\All Users\Application Data\tozed._sy
c:\documents and settings\All Users\Application Data\udehuc.dl
c:\documents and settings\All Users\Application Data\vyxede.ban
c:\documents and settings\All Users\Application Data\ysewadutot.lib
c:\documents and settings\All Users\Application Data\zyminim.lib
c:\documents and settings\All Users\Documents\afivivul.bin
c:\documents and settings\All Users\Documents\avuho.exe
c:\documents and settings\All Users\Documents\eryj.reg
c:\documents and settings\All Users\Documents\syju.vbs
c:\documents and settings\All Users\Documents\udyl.ban
c:\documents and settings\All Users\Documents\udyrinavad.sys
c:\documents and settings\All Users\Documents\uwolagyk.inf
c:\documents and settings\All Users\Documents\vawa.dl
c:\documents and settings\All Users\Documents\yjavehato._dl
c:\documents and settings\Mark\Application Data\azuvypygi._dl
c:\documents and settings\Mark\Application Data\epav._dl
c:\documents and settings\Mark\Application Data\irajowi._dl
c:\documents and settings\Mark\Application Data\noga.lib
c:\documents and settings\Mark\Application Data\utuzazewyz.inf
c:\documents and settings\Mark\Application Data\wukel._sy
c:\documents and settings\Mark\Cookies\abexirasaz._sy
c:\documents and settings\Mark\Cookies\akoxojabaj.dat
c:\documents and settings\Mark\Cookies\ejawotubek.db
c:\documents and settings\Mark\Cookies\emybyqu.bin
c:\documents and settings\Mark\Cookies\gego.sys
c:\documents and settings\Mark\Cookies\ikohywi.vbs
c:\documents and settings\Mark\Cookies\irat.db
c:\documents and settings\Mark\Cookies\isowazetev.lib
c:\documents and settings\Mark\Cookies\sovi.sys
c:\documents and settings\Mark\Cookies\unula.scr
c:\documents and settings\Mark\Local Settings\Application Data\ecipavyq.pif
c:\documents and settings\Mark\Local Settings\Application Data\exuvifusa.pif
c:\documents and settings\Mark\Local Settings\Application Data\fapod.exe
c:\documents and settings\Mark\Local Settings\Application Data\itufesuxot.scr
c:\documents and settings\Mark\Local Settings\Application Data\niquhevy.dl
c:\documents and settings\Mark\Local Settings\Application Data\ofyfenegow.pif
c:\documents and settings\Mark\Local Settings\Application Data\ohorim._dl
c:\documents and settings\Mark\Local Settings\Application Data\osenyc.pif
c:\documents and settings\Mark\Local Settings\Application Data\pudipyrin.bin
c:\documents and settings\Mark\Local Settings\Application Data\roryf.sys
c:\documents and settings\Mark\Local Settings\Application Data\sepapapu._dl
c:\documents and settings\Mark\Local Settings\Application Data\ucaraf.bin
c:\documents and settings\Mark\Local Settings\Application Data\watij.bat
c:\documents and settings\Mark\Local Settings\Application Data\ysuqyhyli.vbs
c:\documents and settings\Mark\Local Settings\Application Data\yzozu.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

Infected copy of c:\windows\system32\drivers\AGP440.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\agp440.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf


((((((((((((((((((((((((( Files Created from 2009-10-11 to 2009-11-11 )))))))))))))))))))))))))))))))
.

2009-11-10 17:35 . 2009-11-10 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-11-10 17:33 . 2009-11-10 17:59 -------- d-----w- c:\program files\STOPzilla!
2009-11-10 17:33 . 2009-11-10 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-11-10 17:33 . 2009-11-10 17:33 -------- d-----w- c:\program files\Common Files\iS3
2009-10-28 13:28 . 2009-10-28 14:04 -------- d-----w- c:\documents and settings\Mark\.SunDownloadManager
2009-10-27 18:57 . 2009-10-27 18:57 -------- d-----w- c:\program files\Trend Micro
2009-10-23 15:22 . 2009-10-23 15:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-23 14:33 . 2009-10-23 14:33 -------- d-----w- c:\documents and settings\Mark\Application Data\Malwarebytes
2009-10-23 14:33 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-23 14:33 . 2009-10-29 08:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 14:33 . 2009-10-23 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-23 14:33 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-22 07:24 . 2009-10-22 07:24 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-10-16 19:25 . 2009-10-16 19:24 2025752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-11 19:38 . 2007-02-10 18:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-10 17:40 . 2009-11-10 17:40 744 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-10-27 18:39 . 2009-01-05 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-22 22:06 . 2006-09-12 08:49 -------- d-----w- c:\program files\Modem Helper
2009-10-22 22:06 . 2006-09-12 08:49 -------- d-----w- c:\program files\Dell
2009-10-22 22:06 . 2006-09-12 08:53 -------- d-----w- c:\program files\Common Files\AOL
2009-10-22 21:06 . 2008-05-23 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-09-11 14:18 . 2004-08-10 11:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-10 11:51 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-10 11:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-10 11:51 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-16 08:53 . 2009-01-05 18:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 08:53 . 2007-01-01 14:09 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-16 08:53 . 2009-01-05 18:00 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2007-09-11 17:57 . 2006-12-04 16:01 88 --sh--r- c:\windows\system32\FCA1D7A9B6.sys
2007-09-11 17:57 . 2006-12-04 16:01 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 10:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 68856]
"Google Update"="c:\documents and settings\Mark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-27 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-9-12 7168]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-9-12 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 08:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [05/01/2009 18:00 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [05/01/2009 18:00 297752]
S3 aswArKrn;aswArKrn;\??\c:\docume~1\Mark\LOCALS~1\Temp\aswArKrn.sys --> c:\docume~1\Mark\LOCALS~1\Temp\aswArKrn.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2368593347-2547427176-3764877857-1006Core.job
- c:\documents and settings\Mark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-27 16:33]

2009-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2368593347-2547427176-3764877857-1006UA.job
- c:\documents and settings\Mark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-27 16:33]

2006-09-18 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]

2009-11-11 c:\windows\Tasks\User_Feed_Synchronization-{4A77193C-A4F6-42E8-8DA1-E797A3912BD1}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-11-11 19:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2648)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\bcmwltry.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\documents and settings\Mark\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Dell Network Assistant\ezi_hnm2.exe
.
**************************************************************************
.
Completion time: 2009-11-11 19:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-11 19:41

Pre-Run: 60,790,607,872 bytes free
Post-Run: 61,055,754,240 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 869F78A5A486311C5C6D20E9B99DE3ED

captainsherlock
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-10-28
OS : xp
Points : 25945
# Likes : 0

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by Belahzur on Wed Nov 11, 2009 5:07 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by captainsherlock on Thu Nov 12, 2009 3:43 pm

Hello, the machine is running well however the resident shield warning virus is still showing on the tool bar and occasionally pops up.

Any ideas

Thank you

captainsherlock
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-10-28
OS : xp
Points : 25945
# Likes : 0

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by Belahzur on Thu Nov 12, 2009 4:17 pm

Could be legit, have you got AVG updated and turn on?

Go to Start > Run. Copy and paste in the following:

sc delete aswArKrn

Hit enter.
How is the machine now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by captainsherlock on Fri Nov 13, 2009 12:26 pm

Hello, AVG is working fine and updated. I have taken the plunge and click on balloon on task bar and activated windows firewall - the balloon has now gone. Do you feel that this is now sorted?


Smile

captainsherlock
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-10-28
OS : xp
Points : 25945
# Likes : 0

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by Belahzur on Fri Nov 13, 2009 12:33 pm

Yeah, this should be fine now.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by captainsherlock on Sun Nov 15, 2009 6:47 am

That is great, thanks for all your help, i shall be making a donation.
Can i jsut check, should i still run my AVG free with the other progarmmes that you have suggested?

Many thanks.

Thank You!

captainsherlock
Novice
Novice

Status :
Online
Offline

Posts : 13
Joined : 2009-10-28
OS : xp
Points : 25945
# Likes : 0

View user profile

Back to top Go down

Re: Resident Shield Alert

Post by Belahzur on Sun Nov 15, 2009 3:39 pm

I would only run one or two of them.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum