GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

Getting Numerous Fake Security Alerts & Unable to launch any application

View previous topic View next topic Go down

Getting Numerous Fake Security Alerts & Unable to launch any application

Post by priya1984 on Tue Feb 02, 2010 4:40 pm

Hi sir,

I had a similar problem few weeks back ( [You must be registered and logged in to see this link.] and this time im very upset since i don't really know from where these virus dropped.
Im unable to launch any application including the anit virus,task manager etc.
Please help me. I tried to launch ice sword from the thread i have mentioned above but looks like it is not allowing free download due to server load.
Please help me sir..

Priya

priya1984
Intermediate
Intermediate

Status :
Online
Offline

Posts : 153
Joined : 2009-02-10
Gender : Male
OS : Windows XP Professional
Points : 29753
# Likes : 0

View user profile

Back to top Go down

Re: Getting Numerous Fake Security Alerts & Unable to launch any application

Post by priya1984 on Tue Feb 02, 2010 5:02 pm

Please help me Sir..it is getting worse.

priya1984
Intermediate
Intermediate

Status :
Online
Offline

Posts : 153
Joined : 2009-02-10
Gender : Male
OS : Windows XP Professional
Points : 29753
# Likes : 0

View user profile

Back to top Go down

Re: Getting Numerous Fake Security Alerts & Unable to launch any application

Post by Belahzur on Tue Feb 02, 2010 7:17 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: Getting Numerous Fake Security Alerts & Unable to launch any application

Post by priya1984 on Tue Feb 02, 2010 8:58 pm

Hi Sir,

My husband tried running combo Fix immediately after the laptop initialised...just before the spyware got time to start up. And he opened the Task manager too..before the spyware got time to interfere with it.
ill post the combo fix log for ur reference.

priya1984
Intermediate
Intermediate

Status :
Online
Offline

Posts : 153
Joined : 2009-02-10
Gender : Male
OS : Windows XP Professional
Points : 29753
# Likes : 0

View user profile

Back to top Go down

Re: Getting Numerous Fake Security Alerts & Unable to launch any application

Post by priya1984 on Tue Feb 02, 2010 8:58 pm

ComboFix 10-02-01.02 - Saravanan 02/02/2010 13:12:42.10.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.576 [GMT -7:00]
Running from: c:\documents and settings\Saravanan\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-02 to 2010-02-02 )))))))))))))))))))))))))))))))
.

2010-02-02 15:35 . 2010-02-02 06:09 3842878 ----a-r- C:\ComboFix.exe
2010-01-27 18:38 . 2010-01-27 18:44 -------- d-----w- c:\documents and settings\Saravanan\Application Data\Elluminate
2010-01-27 18:30 . 2010-01-27 18:30 -------- d-----w- c:\program files\Java
2010-01-27 18:26 . 2010-01-27 18:28 16278936 ----a-w- c:\program files\jre-6u12-windows-i586-p.exe
2010-01-21 20:56 . 2010-01-21 20:56 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-21 20:56 . 2010-01-21 20:56 -------- d-----w- c:\documents and settings\Saravanan\Application Data\skypePM
2010-01-21 20:51 . 2010-01-21 20:51 -------- d-----w- c:\program files\Common Files\Skype
2010-01-21 20:51 . 2010-01-21 20:53 -------- d-----r- c:\program files\Skype
2010-01-12 20:16 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-08 20:06 . 2010-01-08 20:15 -------- d-----w- C:\Combo-Fix7782C
2010-01-08 18:48 . 2010-01-08 19:27 -------- d-----w- C:\Combo-Fix1684C
2010-01-08 18:43 . 2010-01-08 18:44 -------- d-----w- C:\Combo-Fix
2010-01-07 21:53 . 2009-12-30 21:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:53 . 2010-01-07 22:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 21:53 . 2009-12-30 21:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 14:46 . 2010-01-07 14:47 -------- d-----w- c:\documents and settings\Saravanan\Local Settings\Application Data\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 20:28 . 2005-09-23 18:27 -------- d-----w- c:\documents and settings\Saravanan\Application Data\Skype
2010-02-02 20:26 . 2007-04-16 18:06 -------- d-----w- c:\program files\C4ebreg
2010-02-01 19:48 . 2009-12-01 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-01-27 18:37 . 2010-01-27 18:37 5570 ----a-w- c:\program files\meeting.jnlp
2010-01-27 18:30 . 2009-03-27 17:39 410984 ----a-w- c:\windows\system32\deploytk.dll
2010-01-23 16:38 . 2009-11-22 14:09 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-21 20:51 . 2005-11-12 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-11 21:02 . 2009-12-01 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJ
2010-01-07 23:11 . 2009-12-28 05:36 -------- d-----w- c:\program files\McAfee
2010-01-05 10:00 . 1980-01-01 07:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2009-07-13 20:22 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-28 06:37 . 2006-08-20 09:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-12-28 06:28 . 2009-12-28 06:26 -------- d-----w- c:\program files\Common Files\McAfee
2009-12-28 06:27 . 2009-12-28 06:26 -------- d-----w- c:\program files\McAfee.com
2009-12-28 06:04 . 2009-12-28 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-12-28 05:57 . 2009-12-28 05:57 -------- d-----w- c:\program files\Citrix
2009-12-11 16:22 . 2005-09-10 08:01 35184 ----a-w- c:\documents and settings\Saravanan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 15:51 . 1980-01-01 07:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-16 02:52 . 2009-11-16 02:15 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2009-11-04 23:54 . 2009-03-26 19:35 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-11-04 23:54 . 2009-03-26 19:35 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-04 23:54 . 2009-03-26 19:35 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-04 23:54 . 2009-01-17 03:04 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-03-26 20:38 . 2009-03-26 20:38 812344 ----a-w- c:\program files\HJTInstall.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Saravanan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-28 133104]
"cdloader"="c:\documents and settings\Saravanan\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TpShocks"="TpShocks.exe" [2005-01-24 106496]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-03-04 94208]
"TP4EX"="tp4ex.exe" [2004-11-12 40960]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2004-11-24 212992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-12 344064]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2005-03-18 86016]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-01-21 135168]
"C4EBReg"="c:\program files\C4ebreg\c4ebreg.exe" [2007-09-07 364544]
"Isamtray"="c:\program files\C4ebreg\isamtray.exe" [2007-09-07 237568]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-10 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Saravanan\Start Menu\Programs\Startup\
ComboFix.exe [2010-2-1 3842878]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 10:07 262144 ----a-w- c:\windows\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-13 03:11 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 08:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
2009-10-08 19:13 818288 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-15 01:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-15 01:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-19 01:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2008-10-07 15:23 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-09-10 10:39 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 08:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 18:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\ABC\\abc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\JustVoip.com\\JustVoip\\JustVoip.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Documents and Settings\\Saravanan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Saravanan\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\ThinkPad\\PkgMgr\\HOTKEY\\TPONSCR.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Documents and Settings\\Saravanan\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\ThinkPad\\ConnectUtilities\\QCWLICON.EXE"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Documents and Settings\\Saravanan\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/10/2009 11:59 AM 64160]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [8/25/2005 8:49 PM 14208]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/27/2009 11:35 PM 93320]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [8/25/2005 8:49 PM 6016]
S3 artour;IBM Mobility Interface for Windows;c:\windows\system32\drivers\artndint.sys [7/3/2007 8:44 AM 7760]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [8/25/2005 9:13 PM 12288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2010-01-05 10:00 124928 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2889736847-2434749414-4043246188-1005Core.job
- c:\documents and settings\Saravanan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-28 17:20]

2010-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2889736847-2434749414-4043246188-1005UA.job
- c:\documents and settings\Saravanan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-28 17:20]

2009-12-28 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-28 19:22]

2009-12-28 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-12-28 19:22]
.
.

priya1984
Intermediate
Intermediate

Status :
Online
Offline

Posts : 153
Joined : 2009-02-10
Gender : Male
OS : Windows XP Professional
Points : 29753
# Likes : 0

View user profile

Back to top Go down

Re: Getting Numerous Fake Security Alerts & Unable to launch any application

Post by priya1984 on Tue Feb 02, 2010 8:58 pm

------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {01010200-5E80-11D8-9E86-0007E96C65AE} - [You must be registered and logged in to see this link.]
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - [You must be registered and logged in to see this link.]
DPF: {84B93AC6-A7F2-4420-9FED-EE6735EA9C8D} - [You must be registered and logged in to see this link.]
DPF: {9519B2A2-6592-4E41-8290-D0298459270C} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\nvhb8pi6.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\nvhb8pi6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Saravanan\Application Data\Mozilla\Firefox\Profiles\nvhb8pi6.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Saravanan\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Saravanan\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-dcclppxw - c:\documents and settings\Saravanan\Local Settings\Application Data\wooqmr\sjvwsftav.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-02 13:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll

- - - - - - - > 'explorer.exe'(4608)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\IBM\Bluetooth Software\bin\btwdins.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\System32\QCONSVC.EXE
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\TpShocks.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\documents and settings\Saravanan\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2010-02-02 13:40:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-02 20:40
ComboFix2.txt 2010-01-08 19:26

Pre-Run: 16,911,618,048 bytes free
Post-Run: 16,868,917,248 bytes free

- - End Of File - - 628F2365E0DC0F873F539D2E6950E163

priya1984
Intermediate
Intermediate

Status :
Online
Offline

Posts : 153
Joined : 2009-02-10
Gender : Male
OS : Windows XP Professional
Points : 29753
# Likes : 0

View user profile

Back to top Go down

Re: Getting Numerous Fake Security Alerts & Unable to launch any application

Post by priya1984 on Tue Feb 02, 2010 9:01 pm

And the virus that i was affected with was Antivirus Soft...
Guess it is new stuff..

priya1984
Intermediate
Intermediate

Status :
Online
Offline

Posts : 153
Joined : 2009-02-10
Gender : Male
OS : Windows XP Professional
Points : 29753
# Likes : 0

View user profile

Back to top Go down

Re: Getting Numerous Fake Security Alerts & Unable to launch any application

Post by priya1984 on Tue Feb 02, 2010 9:06 pm

MBAM log details :

Malwarebytes' Anti-Malware 1.44
Database version: 3681
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/2/2010 2:05:21 PM
mbam-log-2010-02-02 (14-05-20).txt

Scan type: Quick Scan
Objects scanned: 131248
Time elapsed: 17 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.FakeAV) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

priya1984
Intermediate
Intermediate

Status :
Online
Offline

Posts : 153
Joined : 2009-02-10
Gender : Male
OS : Windows XP Professional
Points : 29753
# Likes : 0

View user profile

Back to top Go down

Re: Getting Numerous Fake Security Alerts & Unable to launch any application

Post by Belahzur on Wed Feb 03, 2010 12:41 am


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    DDS::
    uStart Page = about:blank
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride =
    uSearchAssistant =

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum