My Security Wall

View previous topic View next topic Go down

My Security Wall

Post by OUSooners75 on Tue Mar 16, 2010 10:04 am

Before I get into what is wrong with my computer,

I have already tried the advise on how to remove My Security Wall.

Anyway, I have done everything, 4 times, and I still have My Security Wall on my system.

There is no hosts file, even in hidden files. So I am not exactly sure how I am going to removed this damn virus completely off my system.

If anyone has any suggestions, I am willing to try it.

TIA

OUSooners75
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-03-16
OS OS : Windows Vista
Points Points : 24638
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My Security Wall

Post by Dr Jay on Tue Mar 16, 2010 10:32 am

Please download [You must be registered and logged in to see this link.], and save to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.cmd to start.
  • It will finish quickly and launch a log.
  • Post the contents of it in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14281
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302908
# Likes # Likes : 10

View user profile

Back to top Go down

Re: My Security Wall

Post by OUSooners75 on Tue Mar 16, 2010 1:44 pm

Cheetah-Anti-Rogue v1.3.27
by DragonMaster Jay

Microsoft Windows [Version 6.0.6002]
Date: 03/16/2010 - Time: 12:44:09 - Arch.: x86


-- Malware removal tools check --
Malwarebytes' Anti-Malware


-- Known infection --

C:\Users\hp\AppData\Local\Temp\a.dat (Trj.FakeAlert)
C:\Program Files\MyWebSearch (Adw.MyWebSearch)
C:\Users\hp\Desktop\My Security Wall.lnk (MySecurityWall.RGE)
C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\My Security Wall.lnk (MySecurityWall.RGE)


Extra message: Detection only.


EOF

OUSooners75
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-03-16
OS OS : Windows Vista
Points Points : 24638
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My Security Wall

Post by Dr Jay on Tue Mar 16, 2010 1:58 pm

Looks like a broken infection there. At least part of it is gone.

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14281
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302908
# Likes # Likes : 10

View user profile

Back to top Go down

Re: My Security Wall

Post by OUSooners75 on Tue Mar 16, 2010 5:47 pm

Sorry for such a long reply. I ran combofix and this is the log report:


ComboFix 10-03-15.06 - hp 03/16/2010 16:16:08.2.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1870 [GMT -5:00]
Running from: c:\users\hp\Desktop\ComboFix.exe
AV: *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\HotbarSA\HotbarSA.dat
c:\programdata\HotbarSA\HotbarSA_kyf.dat
c:\programdata\HotbarSA\HotbarSAAbout.mht
c:\programdata\HotbarSA\HotbarSAau.dat
c:\programdata\HotbarSA\HotbarSAEULA.mht
c:\users\hp\AppData\Roaming\My Security Wall\Instructions.ini
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
D:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2010-02-16 to 2010-03-16 )))))))))))))))))))))))))))))))
.

2010-03-16 21:27 . 2010-03-16 21:27 -------- d-----w- c:\users\hp\AppData\Local\temp
2010-03-16 21:27 . 2010-03-16 21:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-16 12:12 . 2010-03-16 12:12 -------- d-----w- c:\users\hp\AppData\Local\Threat Expert
2010-03-16 12:00 . 2010-03-16 12:00 -------- d-----w- c:\users\hp\AppData\Roaming\PC Tools
2010-03-16 12:00 . 2010-03-16 12:00 -------- d-----w- c:\programdata\PC Tools
2010-03-16 08:00 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-16 08:00 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-16 08:00 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-16 01:41 . 2010-03-16 01:41 26 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\grid.dll
2010-03-16 01:41 . 2010-03-16 01:41 -------- d-----w- c:\users\hp\AppData\Roaming\Malwarebytes
2010-03-16 01:41 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-16 01:41 . 2010-03-16 01:41 -------- d-----w- c:\programdata\Malwarebytes
2010-03-16 01:41 . 2010-03-16 01:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-16 01:41 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-16 00:51 . 2010-03-16 00:51 -------- d-----w- c:\users\hp\AppData\Roaming\BD_TEMP
2010-03-16 00:01 . 2010-03-16 00:01 -------- d-----w- c:\program files\IZArc
2010-03-15 23:42 . 2010-03-15 23:42 -------- d-----w- c:\users\hp\AppData\Roaming\BitDefender
2010-03-15 23:42 . 2010-03-16 01:12 -------- d-----w- c:\programdata\BitDefender
2010-03-15 23:42 . 2010-03-16 00:54 -------- d-----w- c:\program files\BitDefender
2010-03-15 23:38 . 2010-03-16 01:12 -------- d-----w- c:\program files\Common Files\BitDefender
2010-03-15 23:11 . 2010-03-15 23:11 -------- d-----w- c:\users\hp\AppData\Roaming\AVG8
2010-02-26 05:22 . 2010-02-26 05:22 63 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.drv
2010-02-25 01:53 . 2010-02-25 01:53 37 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\grid.sys
2010-02-25 01:43 . 2010-02-25 01:43 51 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\pal.drv
2010-02-24 06:49 . 2010-02-24 09:33 1 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
2010-02-24 06:39 . 2010-02-24 06:39 17 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\ppal.drv
2010-02-24 04:42 . 2010-02-24 04:42 45 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\gid.sys
2010-02-24 02:14 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 02:13 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 02:13 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 02:13 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 02:13 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 02:13 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 02:13 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 02:13 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 02:13 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 02:13 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 02:11 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 02:11 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 02:11 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-24 00:00 . 2010-02-24 00:00 56 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
2010-02-23 23:50 . 2010-02-24 00:11 4 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\FW.exe
2010-02-22 08:11 . 2010-02-22 08:11 76 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\cb.drv
2010-02-20 22:04 . 2010-02-23 07:51 72 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll
2010-02-20 20:57 . 2010-02-24 22:13 72 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys
2010-02-20 02:18 . 2010-02-20 02:18 15 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.exe
2010-02-20 01:57 . 2010-02-20 01:57 34 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
2010-02-19 03:46 . 2010-02-24 22:38 8 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
2010-02-19 03:15 . 2010-02-19 03:15 34 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
2010-02-18 06:13 . 2010-02-24 10:42 5 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\eb.dll
2010-02-18 05:52 . 2010-03-16 02:15 46 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe
2010-02-18 05:30 . 2010-02-24 07:10 33 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
2010-02-18 05:19 . 2010-02-18 05:19 52 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\delfile.drv
2010-02-18 04:37 . 2010-02-23 08:11 55 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
2010-02-18 04:26 . 2010-02-24 22:23 20 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\sld.exe
2010-02-18 01:11 . 2010-02-18 01:11 -------- d-----w- c:\users\hp\AppData\Local\7Wonders2
2010-02-17 21:12 . 2010-02-17 21:12 -------- d-----w- c:\programdata\HipSoft
2010-02-17 07:57 . 2010-02-23 08:22 74 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\delfile.sys
2010-02-17 06:56 . 2010-02-19 03:25 59 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
2010-02-17 04:15 . 2010-02-24 07:51 42 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
2010-02-17 03:44 . 2010-02-20 05:23 6 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\exec.dll
2010-02-17 03:02 . 2010-02-17 03:02 59 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.drv
2010-02-17 02:52 . 2010-02-25 01:32 27 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\gid.drv
2010-02-16 11:13 . 2010-02-16 11:13 -------- d-----w- c:\program files\Windows Portable Devices
2010-02-16 10:47 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-02-16 10:47 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-02-16 10:47 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-02-16 10:45 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-02-16 10:43 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-02-16 10:43 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-02-16 10:43 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-16 21:19 . 2009-09-05 03:05 -------- d-----w- c:\users\hp\AppData\Roaming\uTorrent
2010-03-16 12:25 . 2010-03-16 12:00 -------- d-----w- c:\program files\Spyware Doctor
2010-03-16 12:01 . 2010-03-16 12:00 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-16 08:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-16 08:05 . 2008-08-04 18:13 -------- d-----w- c:\programdata\Microsoft Help
2010-03-16 03:18 . 2010-02-13 00:31 2 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\runddl.dll
2010-03-16 01:51 . 2010-02-12 04:46 61 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\dudl.dll
2010-03-16 01:35 . 2009-09-27 22:44 7592 ----a-w- c:\users\hp\AppData\Local\d3d9caps.dat
2010-03-16 01:26 . 2008-08-04 17:19 -------- d-----w- c:\programdata\WildTangent
2010-03-16 01:26 . 2010-02-12 04:46 -------- d-sh--w- c:\programdata\MSIZLIEKWW
2010-03-16 01:26 . 2008-08-04 16:43 -------- d-----w- c:\programdata\Symantec
2010-03-16 01:26 . 2008-08-04 16:45 -------- d-----w- c:\program files\Norton Internet Security
2010-03-16 01:26 . 2008-08-04 16:44 -------- d-----w- c:\program files\Symantec
2010-03-16 01:26 . 2008-08-04 16:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-27 23:33 . 2009-06-15 22:24 27554 ----a-w- c:\programdata\nvModes.dat
2010-02-26 05:32 . 2010-02-12 04:46 6 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
2010-02-25 00:11 . 2010-02-12 04:46 48 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\exec.drv
2010-02-24 22:03 . 2010-02-13 00:11 21 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\dudl.drv
2010-02-24 15:16 . 2009-10-03 23:59 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 11:02 . 2010-02-13 00:11 44 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
2010-02-24 10:31 . 2010-02-12 04:46 79 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\std.sys
2010-02-24 09:58 . 2008-11-09 19:36 90888 ----a-w- c:\users\hp\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 09:22 . 2009-09-04 00:29 -------- d-----w- c:\users\hp\AppData\Roaming\LimeWire
2010-02-24 08:01 . 2010-02-12 04:46 35 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
2010-02-24 07:41 . 2010-02-12 04:46 22 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
2010-02-22 20:27 . 2010-02-12 04:46 36 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
2010-02-22 06:42 . 2010-02-12 04:46 8 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\grid.drv
2010-02-22 06:32 . 2010-02-14 08:34 26 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\hymt.exe
2010-02-22 06:22 . 2010-02-13 00:21 55 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\fan.sys
2010-02-20 02:08 . 2010-02-13 22:08 12 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
2010-02-17 21:49 . 2010-02-14 10:18 -------- d-----w- c:\users\hp\AppData\Roaming\iWin
2010-02-16 11:13 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-16 11:13 . 2010-02-16 11:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-02-16 11:13 . 2010-02-16 11:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-15 04:56 . 2009-07-06 22:18 -------- d-----w- c:\users\hp\AppData\Roaming\Template
2010-02-14 10:57 . 2010-02-14 08:33 -------- d-----w- c:\users\hp\AppData\Roaming\PlayFirst
2010-02-14 10:57 . 2010-02-14 08:33 -------- d-----w- c:\programdata\PlayFirst
2010-02-14 01:50 . 2010-02-14 01:50 -------- d-----w- c:\programdata\SpinTop Games
2010-02-14 01:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-02-14 01:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-02-14 01:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-02-14 01:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-02-14 01:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-02-14 01:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-02-14 01:19 . 2008-10-18 04:47 -------- d-----w- c:\programdata\NVIDIA
2010-02-14 01:02 . 2010-02-14 01:02 -------- d-----w- c:\users\hp\AppData\Roaming\GTek
2010-02-13 21:12 . 2010-02-13 21:12 70 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\fix.sys
2010-02-13 05:19 . 2010-02-13 05:19 55 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
2010-02-13 00:41 . 2010-02-13 00:41 37 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
2010-02-13 00:11 . 2010-02-13 00:11 60 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\eb.drv
2010-02-13 00:11 . 2010-02-12 04:46 41 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
2010-02-12 04:52 . 2010-02-12 04:45 -------- d-sh--w- c:\programdata\4073154
2010-02-12 04:46 . 2010-02-12 04:46 20 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
2010-02-12 04:46 . 2010-02-12 04:46 69 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
2010-02-12 04:46 . 2010-02-12 04:46 13 ----a-w- c:\users\hp\AppData\Roaming\Microsoft\Windows\Recent\gid.dll
2010-02-12 04:45 . 2010-02-12 04:45 2594304 ----a-w- c:\programdata\4073154\MS4073.exe
2010-02-10 06:58 . 2009-12-21 05:56 -------- d-----w- c:\program files\Graboid
2010-02-05 14:25 . 2010-03-16 12:00 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-05 14:18 . 2010-03-16 12:00 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-05 14:17 . 2010-03-16 12:00 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-05 04:29 . 2010-02-05 01:40 -------- d-----w- c:\users\hp\AppData\Roaming\BitTorrent
2010-02-05 02:22 . 2010-02-05 02:22 -------- d-----w- c:\program files\Blinkx
2010-02-02 07:47 . 2008-08-04 17:50 -------- d-----w- c:\program files\Microsoft Works
2010-01-31 18:43 . 2009-06-21 04:12 -------- d-----w- c:\program files\Google
2010-01-31 15:47 . 2010-01-31 15:47 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb8E7B.tmp.exe
2010-01-19 00:06 . 2009-12-21 06:07 -------- d-----w- c:\users\hp\AppData\Roaming\vlc
2010-01-06 15:38 . 2010-02-24 02:11 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 02:11 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 02:11 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 02:11 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-02 06:38 . 2010-01-22 22:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 22:55 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 22:55 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 22:55 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-25 00:40 . 2009-12-25 00:40 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2008-08-04 15:03 . 2008-08-04 15:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 19:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-21 39408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-09-15 288560]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-11 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-11 92704]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-11-9 1508624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 7500 Series Fax Server]
2007-06-12 01:56 308144 ----a-w- c:\program files\Lexmark 7500 Series\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdlamon]
2007-06-01 20:06 20480 ----a-w- c:\program files\Lexmark 7500 Series\lxdlamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdlmon.exe]
2007-06-12 01:53 455600 ----a-w- c:\program files\Lexmark 7500 Series\lxdlmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Security Wall]
2010-02-12 04:45 2594304 ----a-w- c:\programdata\4073154\MS4073.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6b,58,9c,6e,15,ad,ca,01

R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20071204.002\IDSvix86.sys [2007-11-06 180272]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 lxdl_device;lxdl_device;c:\windows\system32\lxdlcoms.exe [2007-05-29 598960]
S2 lxdlCATSCustConnectService;lxdlCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdlserv.exe [2007-05-29 99248]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 18:43]

2010-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 18:43]

2009-06-15 c:\windows\Tasks\HPCeeScheduleForhp.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-04 03:03]

2010-01-19 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - hp.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 12:05]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-DivX Plus DirectShow Filters - c:\users\hp\Desktop\DivX\DivXDSFiltersUninstall.exe
AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\users\hp\Desktop\DivX\DivXConverterUninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\users\hp\Desktop\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\users\hp\Desktop\DivX\DivXPlayerUninstall.exe
AddRemove-{B13A7C41581B411290FBC0395694E2A9} - c:\users\hp\Desktop\DivX\DivXConverterUninstall.exe
AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - c:\users\hp\Desktop\DivX\DivXWebPlayerUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-16 16:27
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-16 16:32:42
ComboFix-quarantined-files.txt 2010-03-16 21:32

Pre-Run: 68,703,838,208 bytes free
Post-Run: 68,649,574,400 bytes free

- - End Of File - - 14BDC7B4508AEB0AB8D6D06BEC9EF0D8

OUSooners75
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-03-16
OS OS : Windows Vista
Points Points : 24638
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My Security Wall

Post by OUSooners75 on Tue Mar 16, 2010 7:53 pm

Thank you Jay for the help.

My Security Wall is now gone from my computer.

OUSooners75
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-03-16
OS OS : Windows Vista
Points Points : 24638
# Likes # Likes : 0

View user profile

Back to top Go down

Re: My Security Wall

Post by Dr Jay on Tue Mar 16, 2010 11:19 pm

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14281
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302908
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum