fake alert trojan and popups

View previous topic View next topic Go down

fake alert trojan and popups

Post by imsps on 11th January 2010, 4:01 am

I just had a fake alert message and pop ups on this pc and it also would not let me log on the internet. in safemode, mbam pulled two fake alert trojans off and I can log on internet again (with firefox) but it does not let me update or download anything, which makes me think there is still something sitting somewhere.

Here is the hijack this file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:35 PM, on 1/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\John Scarth_2\Desktop\Curse\CurseClient.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Linksys\WUSB100\WUSB100.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\winlogon.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)
O2 - BHO: eGames Toolbar - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\PROGRA~1\EGAMES~1\EGAMES~1.DLL
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: eGames Toolbar - {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\PROGRA~1\EGAMES~1\EGAMES~1.DLL
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
O4 - HKLM\..\Run: [FBSearch] C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [CurseClient] C:\Documents and Settings\John Scarth_2\Desktop\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - S-1-5-18 Startup: IMVU.lnk = C:\Documents and Settings\John Scarth_2\Application Data\IMVUClient\IMVUClient.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: IMVU.lnk = C:\Documents and Settings\John Scarth_2\Application Data\IMVUClient\IMVUClient.exe (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Documents and Settings\John Scarth_2\Application Data\IMVUClient\IMVUClient.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB100\WUSB100.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\John Scarth_2\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - [You must be registered and logged in to see this link.]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - [You must be registered and logged in to see this link.]
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9526 bytes

Thanks

imsps
Intermediate
Intermediate

Posts Posts : 62
Joined Joined : 2009-07-24
OS OS : vista
Points Points : 27138
# Likes # Likes : 0

View user profile

Back to top Go down

Re: fake alert trojan and popups

Post by Origin on 11th January 2010, 5:59 am

Hello imsps,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

  • If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  • If you have any cracked/pirated software in your computer delete them or we will not help you.
  • Only follow advise from Geek Police Staff and not a regular member.
  • Do NOT run any tool without Geek Police supervision as it could hinder your system useless.

  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
    O2 - BHO: (no name) - {465E08E7-F005-4389-980F-1D8764B3486C} - (no file)


  • Press "Fix Checked"
  • Close Hijack This.
Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31503
# Likes # Likes : 0

View user profile

Back to top Go down

Re: fake alert trojan and popups

Post by imsps on 23rd January 2010, 5:41 am

It finally let me update mbam after I ran hijack this

Here's the log

Malwarebytes' Anti-Malware 1.44
Database version: 3618
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

1/23/2010 12:34:38 AM
mbam-log-2010-01-23 (00-34-38).txt

Scan type: Quick Scan
Objects scanned: 139604
Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.Ecobar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Adware.Ecobar) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Fast Browser Search\IE\tbhelper.dll (Adware.Ecobar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Brandon\Local Settings\temp\eYiN.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

imsps
Intermediate
Intermediate

Posts Posts : 62
Joined Joined : 2009-07-24
OS OS : vista
Points Points : 27138
# Likes # Likes : 0

View user profile

Back to top Go down

Re: fake alert trojan and popups

Post by Belahzur on 23rd January 2010, 11:15 pm

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

dds1

Post by imsps on 27th January 2010, 3:36 am

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/4/2005 4:55:00 AM
System Uptime: 1/25/2010 3:31:27 PM (31 hours ago)

Motherboard: ASUSTeK Computer Inc. | | A8V
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket 939 | 2002/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 1.545 GiB free.
D: is CDROM (UDF)
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1308: 10/29/2009 1:14:18 AM - System Checkpoint
RP1309: 10/31/2009 7:13:35 PM - System Checkpoint
RP1310: 11/2/2009 12:32:46 AM - System Checkpoint
RP1311: 11/3/2009 1:11:11 AM - System Checkpoint
RP1312: 11/3/2009 10:52:20 PM - Software Distribution Service 3.0
RP1313: 11/5/2009 6:52:46 AM - System Checkpoint
RP1314: 11/6/2009 8:51:51 AM - System Checkpoint
RP1315: 11/7/2009 10:39:35 PM - System Checkpoint
RP1316: 11/9/2009 7:53:01 AM - System Checkpoint
RP1317: 11/9/2009 12:52:46 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP1318: 11/9/2009 12:53:44 PM - Installed SimCity™ Societies
RP1319: 11/9/2009 1:38:17 PM - Installed SimCity™ Societies Destinations
RP1320: 11/9/2009 2:31:49 PM - Installed SPORE™ Creature Creator Trial Edition
RP1321: 11/10/2009 6:24:30 AM - Software Distribution Service 3.0
RP1322: 11/11/2009 6:32:47 AM - System Checkpoint
RP1323: 11/11/2009 8:00:43 AM - Software Distribution Service 3.0
RP1324: 11/12/2009 9:53:29 PM - System Checkpoint
RP1325: 11/14/2009 6:16:25 PM - System Checkpoint
RP1326: 11/15/2009 8:17:30 PM - System Checkpoint
RP1327: 11/16/2009 9:32:15 PM - System Checkpoint
RP1328: 11/19/2009 10:12:04 AM - System Checkpoint
RP1329: 11/20/2009 10:27:20 AM - System Checkpoint
RP1330: 11/21/2009 11:12:57 AM - System Checkpoint
RP1331: 11/22/2009 9:59:50 PM - System Checkpoint
RP1332: 11/24/2009 10:16:49 PM - Software Distribution Service 3.0
RP1333: 11/26/2009 1:56:29 PM - System Checkpoint
RP1334: 11/27/2009 7:14:47 PM - System Checkpoint
RP1335: 11/30/2009 11:36:08 PM - System Checkpoint
RP1336: 12/4/2009 10:17:28 AM - System Checkpoint
RP1337: 12/5/2009 10:18:53 AM - System Checkpoint
RP1338: 12/6/2009 8:41:19 PM - System Checkpoint
RP1339: 12/7/2009 8:47:03 PM - System Checkpoint
RP1340: 12/9/2009 8:43:21 AM - System Checkpoint
RP1341: 12/10/2009 7:22:12 AM - Software Distribution Service 3.0
RP1342: 12/11/2009 5:58:52 PM - System Checkpoint
RP1343: 12/14/2009 9:15:04 AM - System Checkpoint
RP1344: 12/15/2009 9:31:59 AM - System Checkpoint
RP1345: 12/16/2009 9:05:17 PM - System Checkpoint
RP1346: 12/18/2009 2:05:02 PM - Installed Wizard101
RP1347: 12/20/2009 12:39:04 AM - System Checkpoint
RP1348: 12/24/2009 6:28:52 AM - System Checkpoint
RP1349: 12/28/2009 4:03:42 AM - System Checkpoint
RP1350: 12/28/2009 1:34:13 PM - Removed Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
RP1351: 12/28/2009 1:37:44 PM - Removed Star Wars(R) Knights of the Old Republic(R) II: The Sith
RP1352: 12/28/2009 1:39:32 PM - Installed Star Wars(R) Knights of the Old Republic(R) II: The Si
RP1353: 12/28/2009 1:56:49 PM - Installed DirectX 9.0
RP1354: 12/29/2009 1:44:35 AM - Software Distribution Service 3.0
RP1355: 12/30/2009 9:39:46 PM - System Checkpoint
RP1356: 1/1/2010 9:18:53 PM - System Checkpoint
RP1357: 1/2/2010 4:06:33 PM - Installed DirectX
RP1358: 1/2/2010 4:08:28 PM - Installed Steam
RP1359: 1/2/2010 4:15:28 PM - Removed GameSpy Comrade.
RP1360: 1/2/2010 4:19:44 PM - Removed ProjectPowder
RP1361: 1/3/2010 10:35:24 AM - Installed DirectX
RP1362: 1/4/2010 11:17:44 AM - System Checkpoint
RP1363: 1/5/2010 12:34:14 PM - System Checkpoint
RP1364: 1/6/2010 1:09:31 PM - System Checkpoint
RP1365: 1/7/2010 1:10:14 PM - System Checkpoint
RP1366: 1/8/2010 3:27:24 PM - System Checkpoint
RP1367: 1/8/2010 4:03:52 PM - Installed DirectX
RP1368: 1/8/2010 4:47:55 PM - Installed DirectX
RP1369: 1/8/2010 5:34:18 PM - Installed DirectX
RP1370: 1/8/2010 10:49:05 PM - Installed The Sims 3
RP1371: 1/9/2010 10:49:37 PM - System Checkpoint
RP1372: 1/12/2010 5:18:46 PM - Software Distribution Service 3.0
RP1373: 1/14/2010 8:59:04 AM - System Checkpoint
RP1374: 1/15/2010 3:43:08 PM - System Checkpoint
RP1375: 1/16/2010 4:26:01 PM - System Checkpoint
RP1376: 1/19/2010 7:39:38 AM - System Checkpoint
RP1377: 1/19/2010 9:16:18 PM - Software Distribution Service 3.0
RP1378: 1/21/2010 9:22:06 PM - Software Distribution Service 3.0
RP1379: 1/22/2010 9:46:58 PM - System Checkpoint
RP1380: 1/25/2010 7:43:59 PM - System Checkpoint
RP1381: 1/26/2010 8:19:47 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AnswerWorks 4.0 Runtime - English
Apple Application Support
Apple Software Update
ASUS Gamer OSD
ASUS nVidia Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
ATI HydraVision
Avira AntiVir Personal - Free Antivirus
Bonjour
Call of Duty(R) 2
Citrix Presentation Server Client
Civilization III Complete Edition
Creative Software AutoUpdate
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
Curse Client
DivX Content Uploader
DivX Web Player
eGames Toolbar
Empire: Total War
Fable - The Lost Chapters
Fast Browser Search (My Tattoons)
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Product Detection
hp psc 1200 series
Hybrid Downloader 1,0,2,6
InterActual Player
InterVideo MSIPVS
Java(TM) 6 Update 14
Jojo's Fashion Show™
Lexmark 1300 Series
Lexmark Toolbar
Linksys WUSB100 RangePlus Wireless USB Adapter
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft WSE 3.0 Runtime
Monopoly
Mozilla Firefox (3.5.7)
MSI Radio
MSN
MSN Music Assistant
Netflix Movie Viewer
NVIDIA Drivers
NVIDIA PhysX
Outspark Sharp Launcher
Overlord II
Pando Media Booster
QuickTime
Safari
Search Guard Plus (My Tattoons)
Search Guard Plus Updater (My Tattoons)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
SimCity 4 Deluxe
SimCity™ Societies
SimCity™ Societies Destinations
Sound Blaster X-Fi
Sounds Best On Sound Blaster
SPORE™ Creature Creator Trial Edition
Star Wars(R) Knights of the Old Republic(R) II: The Sith Lords(TM)
Steam
The Sims 2
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 Celebration! Stuff
The Sims™ 2 FreeTime
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 Kitchen & Bath Interior Design Stuff
The Sims™ 2 Mansion and Garden Stuff
The Sims™ 2 Seasons
The Sims™ 2 Teen Style Stuff
The Sims™ 3
TurboTax Deluxe 2007
TV Tuner Driver
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977839)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
VIA Integrated Setup Wizard
WebFldrs XP
WildTangent Games
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
World of Warcraft
XML Paper Specification Shared Components Pack 1.0
XviD MPEG-4 Video Codec

==== Event Viewer Messages From Past Week ========

1/20/2010 5:27:45 AM, error: Service Control Manager [7000] - The MSI 8606 Video Capture service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/20/2010 5:27:45 AM, error: Service Control Manager [7000] - The MSI 8606 Tuner service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/20/2010 5:27:45 AM, error: Service Control Manager [7000] - The MSI 8606 Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/20/2010 5:27:45 AM, error: Service Control Manager [7000] - The MSI 8606 Audio Capture service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==== End Of File ===========================

imsps
Intermediate
Intermediate

Posts Posts : 62
Joined Joined : 2009-07-24
OS OS : vista
Points Points : 27138
# Likes # Likes : 0

View user profile

Back to top Go down

dds2

Post by imsps on 27th January 2010, 3:37 am

DDS (Ver_09-12-01.01) - NTFSx86
Run by Brandon at 22:33:40.35 on Tue 01/26/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1402 [GMT -5:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Search Guard Plus\SearchGuardPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Linksys\WUSB100\WUSB100.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Brandon\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - c:\progra~1\egames~1\EGAMES~1.DLL
BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Search Assistant: {f0626a63-410b-45e2-99a1-3f2475b2d695} - c:\program files\sgpsa\BHO.dll
BHO: Fast Browser Search Toolbar Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - c:\progra~1\egames~1\EGAMES~1.DLL
TB: Fast Browser Search Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\program files\fast browser search\ie\FBStoolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [bkltpiic] c:\documents and settings\brandon\local settings\application data\uftprl\yxdfsysguard.exe
mRun: [LXDCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXDCtime.dll,_RunDLLEntry@16
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SGPUpdater] c:\program files\search guard plusu\sgpUpdaters.exe
mRun: [FBSearch] c:\program files\search guard plus\SearchGuardPlus.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wusb100\WUSB100.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\john scarth_2\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {01111F00-3E00-11D2-8470-0060089874ED} - [You must be registered and logged in to see this link.]
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - [You must be registered and logged in to see this link.]
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - [You must be registered and logged in to see this link.]
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - [You must be registered and logged in to see this link.]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\brandon\applic~1\mozilla\firefox\profiles\9ilvg4lr.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2003-12-12 77312]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-1-16 11608]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-1-16 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-1-16 151297]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-1-16 52056]
S2 CX88XBAR;MSI 8606 Crossbar;c:\windows\system32\drivers\CX88XBar.SYS [2005-9-10 9159]
S3 MPCSYS;MPCSYS;c:\windows\system32\drivers\mpcsys.SYS [2005-9-10 15360]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-7-28 517632]
S3 XDva281;XDva281;\??\c:\windows\system32\xdva281.sys --> c:\windows\system32\XDva281.sys [?]
S4 WinDefend;Windows Defender Service;c:\program files\windows defender\MsMpEng.exe [2006-4-3 14032]

=============== Created Last 30 ================

2010-01-12 22:03:01 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-11 03:48:34 7680 --sha-w- c:\windows\Thumbs.db
2010-01-11 03:48:34 3072 --sha-w- C:\Thumbs.db
2010-01-09 23:12:29 12800 ----a-w- c:\windows\system\WING32.DLL
2010-01-09 04:06:49 0 d-----w- c:\program files\Microsoft WSE
2010-01-08 22:24:51 0 d-----w- c:\program files\Codemasters
2010-01-08 21:52:41 414382 ----a-w- C:\AnalysisLog.sr0
2010-01-08 21:49:11 0 d-----w- c:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
2010-01-08 21:05:27 0 d-----w- c:\windows\system32\AGEIA
2010-01-08 21:04:57 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2010-01-08 21:04:57 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2010-01-08 21:04:57 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2010-01-08 21:04:56 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-01-08 21:04:56 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2010-01-08 21:04:56 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2010-01-08 21:04:56 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2010-01-06 01:32:42 69 ----a-w- c:\documents and settings\brandon\jagex_runescape_preferences2.dat
2010-01-02 21:08:28 0 d-----w- c:\program files\Steam
2010-01-02 21:06:30 0 d-----w- c:\windows\Logs
2009-12-30 22:39:37 0 d-----w- c:\program files\Spyware Doctor

==================== Find3M ====================

2010-01-25 22:09:37 8192 ----a-w- C:\mtwb.dat
2010-01-10 17:16:36 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-09 23:50:50 56292 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 15:02:37 39 ----a-w- c:\documents and settings\brandon\jagex_runescape_preferences.dat
2010-01-06 13:01:41 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-02 00:39:45 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2007-03-18 18:49:27 21822168 ----a-w- c:\program files\AdbeRdr80_en_US.exe
2008-09-27 04:02:47 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092720080928\index.dat

============= FINISH: 22:34:23.42 ===============

imsps
Intermediate
Intermediate

Posts Posts : 62
Joined Joined : 2009-07-24
OS OS : vista
Points Points : 27138
# Likes # Likes : 0

View user profile

Back to top Go down

Re: fake alert trojan and popups

Post by Belahzur on 27th January 2010, 8:53 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum