Windows Security Alert

View previous topic View next topic Go down

Windows Security Alert

Post by jseiler on Fri Apr 30, 2010 2:08 pm

I am continually getting a windows security alert telling me my computer is infected. Pop up windows with application errors keep coming up with errors including "file rundll32.exe is infected" and "jqsnotify.exe is infected", "wmiprvse.exe is infected", and etc. Another affect appears to be a "Antispyware Soft Demo" icon and bottom of the screen window button that will not go away. Please advise.

jseiler
Intermediate
Intermediate

Posts Posts : 87
Joined Joined : 2009-06-10
OS OS : Windows 7 (HP)
Points Points : 28354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Security Alert

Post by Belahzur on Fri Apr 30, 2010 7:06 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Security Alert

Post by jseiler on Fri Apr 30, 2010 7:23 pm

When I double click otl.exe on my desktop, I get a security warning "Application cannot be executed. The file otl.exe is infected. Do you want to activate your antivirus software now?"

jseiler
Intermediate
Intermediate

Posts Posts : 87
Joined Joined : 2009-06-10
OS OS : Windows 7 (HP)
Points Points : 28354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Security Alert

Post by Belahzur on Fri Apr 30, 2010 7:30 pm

Hello.

We need to use the RKill Tool by Grinler

[You must be registered and logged in to see this link.]

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this [You must be registered and logged in to see this link.] if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]
which are renamed copies of rkill.com, and try them instead.

Please download exeHelper from one of the two links.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Try OTL now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Security Alert

Post by jseiler on Fri Apr 30, 2010 7:50 pm

I was able to hit the task manager about 150 times and get the stupid "Antispyware Soft Demo" to go away and OTL ran. I am attaching the results but I do not know if the fact I was able to eventually disable the "Antispyware Soft Demo" skewed the results. Here is OTL.txt.
OTL logfile created on: 4/30/2010 2:31:11 PM - Run 1
OTL by OldTimer - Version 3.2.3.1 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 570.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.47 Gb Total Space | 46.78 Gb Free Space | 64.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JTS-DDA861623C
Current User Name: Jeff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/30 14:27:04 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/09/23 17:14:41 | 000,194,560 | ---- | M] () -- C:\ProgramData\Mattel\Watcher\jpjWatcher.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/10/10 17:16:00 | 000,792,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2008/07/18 08:02:52 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2008/07/11 18:48:54 | 000,641,208 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2007/07/28 09:33:02 | 000,910,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MWL\MwlSvc.exe
PRC - [2007/07/28 09:32:58 | 001,279,336 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MWL\MwlGui.exe
PRC - [2007/06/23 22:50:38 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\UAService7.exe
PRC - [2007/06/14 13:59:24 | 000,118,784 | ---- | M] (Bytemobile, Inc.) -- C:\WINDOWS\system32\bmwebcfg.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/19 15:48:06 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2006/08/22 16:32:18 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2006/06/13 06:20:00 | 000,127,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2006/03/24 18:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/01/02 18:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/07/22 16:45:16 | 000,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
PRC - [2005/06/21 17:19:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcdcoms.exe


========== Modules (SafeList) ==========

MOD - [2010/04/30 14:27:04 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/10/10 17:16:00 | 000,792,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2008/07/18 08:02:52 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\program files\common files\mcafee\mna\mcnasvc.exe -- (McNASvc)
SRV - [2007/11/29 22:38:24 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2007/07/28 09:33:02 | 000,910,696 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\MWL\MwlSvc.exe -- (MWLSvc)
SRV - [2007/06/23 22:50:38 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)
SRV - [2007/06/14 13:59:24 | 000,118,784 | ---- | M] (Bytemobile, Inc.) [Auto | Running] -- C:\WINDOWS\System32\bmwebcfg.exe -- (bmwebcfg)
SRV - [2005/06/21 17:19:38 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\System32\dlcdcoms.exe -- (dlcd_device)


========== Driver Services (SafeList) ==========

DRV - [2009/12/07 22:06:57 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/10/09 19:17:42 | 001,123,328 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/06/15 15:35:30 | 000,082,432 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swnc8u12.sys -- (SWNC8U12) Sierra Wireless MUX NDIS Driver (UMTS12)
DRV - [2007/06/15 15:35:30 | 000,066,304 | R--- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\swumx12.sys -- (swumx12) Sierra Wireless USB MUX Driver (UMTS12)
DRV - [2007/06/14 13:59:26 | 000,032,160 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2007/06/14 13:59:26 | 000,018,432 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/10/26 14:01:04 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/08/17 09:55:16 | 000,044,544 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/06/13 06:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/06/13 06:20:00 | 000,088,476 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/06/13 06:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/06/13 06:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/06/13 06:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/06/13 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/06/13 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/06/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/05/23 23:06:36 | 001,578,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/05/15 16:24:50 | 000,086,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WscNetDr.sys -- (WscNetDr)
DRV - [2006/03/24 18:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/17 09:35:24 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/03/17 09:34:46 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2006/03/17 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2006/03/08 13:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/01/26 14:21:04 | 000,034,686 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2005/07/22 12:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 12:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 12:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/12 18:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/06/10 20:42:38 | 000,015,429 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sacm2K.sys -- (USBCM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/21 15:11:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/28 22:40:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 17:42:47 | 000,000,000 | ---D | M]

[2008/09/10 18:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Extensions
[2010/04/29 15:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\898wggt5.default\extensions
[2009/09/01 23:07:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\898wggt5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/23 20:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\898wggt5.default\extensions\createandprint@ag.com
[2009/06/09 08:29:15 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\898wggt5.default\searchplugins\mywebsearch.xml
[2007/07/01 12:00:37 | 000,002,386 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\898wggt5.default\searchplugins\siteadvisor.xml
[2010/04/29 15:38:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/08/17 09:18:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCDCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.DLL ()
O4 - HKLM..\Run: [dlcdmon.exe] C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe (Dell)
O4 - HKLM..\Run: [iilhyodj] C:\Documents and Settings\Jeff\Local Settings\Application Data\qsrcnirod\nwjwhkhtssd.exe ()
O4 - HKLM..\Run: [JPJWatcher] C:\ProgramData\Mattel\Watcher\jpjWatcher.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 944\memcard.exe ()
O4 - HKLM..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [iilhyodj] C:\Documents and Settings\Jeff\Local Settings\Application Data\qsrcnirod\nwjwhkhtssd.exe ()
O4 - Startup: C:\Documents and Settings\Jeff\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_16)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/23 00:54:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/30 14:20:22 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
[2010/04/29 15:29:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Local Settings\Application Data\qsrcnirod
[2010/04/24 10:26:49 | 002,682,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vcredist_x86.exe
[2010/04/24 10:26:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Application Data\InstallShield
[2010/04/24 10:25:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/04/24 10:15:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Local Settings\Application Data\Deployment
[2010/04/24 10:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\My Documents\Downloads
[2010/04/24 10:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2006/12/20 16:58:02 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdiesc.dll
[2006/12/20 16:47:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcdinpa.dll
[2004/06/10 20:42:38 | 000,015,429 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2K.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/30 14:27:04 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
[2010/04/30 14:16:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/30 14:15:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/30 14:15:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/30 14:15:37 | 1072,103,424 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/30 11:31:18 | 004,456,448 | -H-- | M] () -- C:\Documents and Settings\Jeff\NTUSER.DAT
[2010/04/30 11:31:18 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jeff\ntuser.ini
[2010/04/26 00:50:00 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2010/04/25 11:25:44 | 000,022,729 | ---- | M] () -- C:\newkey
[2010/04/25 11:25:44 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2010/04/24 17:39:11 | 000,494,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/24 17:39:11 | 000,093,258 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/24 17:39:11 | 000,005,118 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/24 10:24:51 | 094,233,336 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Dell_multi-device_A17_R174291.exe
[2010/04/23 07:14:36 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/04/20 21:26:56 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Jeff\My Documents\Alone Again.doc
[2010/04/20 21:00:39 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Microsoft Office Word 2003.lnk
[2010/04/15 15:58:43 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Jeff\My Documents\Pennies For Peace Letter to Parents.doc
[2010/04/15 01:13:30 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2010/04/14 01:39:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 11:13:28 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Jeff\My Documents\Exec Board Meeting March 9.doc
[2010/04/01 01:00:23 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/24 10:26:49 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\vcredist_x86.bat
[2010/04/24 10:26:32 | 000,022,729 | ---- | C] () -- C:\newkey
[2010/04/24 10:26:32 | 000,022,729 | ---- | C] () -- C:\newfile.enc
[2010/04/24 10:23:09 | 094,233,336 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\Dell_multi-device_A17_R174291.exe
[2010/04/20 21:26:55 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Jeff\My Documents\Alone Again.doc
[2010/04/15 15:58:43 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Jeff\My Documents\Pennies For Peace Letter to Parents.doc
[2010/04/12 11:16:47 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Jeff\My Documents\Exec Board Meeting March 9.doc
[2009/08/12 19:41:43 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/13 20:11:05 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/11/13 19:54:01 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlcdpmui.dll
[2008/11/13 19:54:01 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdins.dll
[2008/11/13 19:54:01 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsr.dll
[2008/11/13 19:54:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlcdpplc.dll
[2008/11/13 19:54:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcdvs.dll
[2008/11/13 19:53:59 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlcdusb1.dll
[2008/11/13 19:53:59 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcdhbn3.dll
[2008/11/13 19:53:59 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcdlmpm.dll
[2008/11/13 19:53:59 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcdcomm.dll
[2008/11/13 19:53:59 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlcdprox.dll
[2008/11/13 19:53:58 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlcdserv.dll
[2008/11/13 19:53:58 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcdcomc.dll
[2008/11/13 19:53:57 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlcdutil.dll
[2008/11/13 19:53:57 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcdcu.dll
[2008/11/13 19:53:57 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcdcur.dll
[2008/11/13 19:53:56 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlcdinsb.dll
[2008/11/13 19:53:55 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcdjswr.dll
[2008/11/13 19:53:55 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcdcub.dll
[2008/11/13 19:53:52 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcdcfg.dll
[2007/12/24 23:54:04 | 000,000,171 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/12/24 23:53:18 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/06/23 22:50:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt.dll
[2007/06/13 14:59:46 | 000,000,546 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2007/04/13 15:39:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/03/24 14:31:50 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/03/23 01:46:11 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/03/23 01:46:11 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/01/03 17:58:58 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcdcoin.dll
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/05/17 18:17:52 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlcdcnv4.dll
[2004/06/04 16:34:46 | 000,053,693 | ---- | C] () -- C:\WINDOWS\UNDPX2K.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Jeff\Desktop\OTL.exe:SummaryInformation
< End of report >

jseiler
Intermediate
Intermediate

Posts Posts : 87
Joined Joined : 2009-06-10
OS OS : Windows 7 (HP)
Points Points : 28354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Security Alert

Post by jseiler on Fri Apr 30, 2010 7:52 pm

Here is Extras.txt: (by the way, I disconnected from the internet while running this. Is that ok?)

OTL Extras logfile created on: 4/30/2010 2:31:11 PM - Run 1
OTL by OldTimer - Version 3.2.3.1 Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 570.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.47 Gb Total Space | 46.78 Gb Free Space | 64.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JTS-DDA861623C
Current User Name: Jeff
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde (Microsoft Corporation)
htmlfile [print] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic UDF Reader
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{183135A3-2CE8-43B5-BA5A-757EBAECB413}" = Disney Pix Micro Downloader
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 16
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5E25514E-8FD5-4023-B9E3-8ECD5B0270B5}" = AT&T Communication Manager
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{766E4715-B801-46B3-9D91-12288AB88428}" = DB CIF Cam
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}" = ATI Catalyst Control Center
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DC8235CC-3D5A-4D32-94BE-E2F0A1749920}" = Disney Pix 2.0
"{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Dell Photo AIO Printer 944" = Dell Photo AIO Printer 944
"ESPNMotion" = ESPNMotion
"Facebook" = Facebook Desktop
"GoToAssist" = GoToAssist 8.0.0.480
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{E914A24F-2412-4374-B420-86D21D6D444A}" = LEGO Star Wars
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PokerStars" = PokerStars
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebSTAR DPX2100 Uninstall" = Scientific Atlanta WebSTAR 2000 series Cable Modem
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/22/2010 4:22:25 PM | Computer Name = JTS-DDA861623C | Source = ESENT | ID = 490
Description = svchost (1828) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 4/6/2010 10:08:30 AM | Computer Name = JTS-DDA861623C | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 9.0.2.25, faulting module
quicktime.qts, version 7.65.17.80, fault address 0x00104494.

Error - 4/6/2010 5:59:10 PM | Computer Name = JTS-DDA861623C | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 9.0.2.25, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x0001ab0a.

Error - 4/24/2010 11:20:06 AM | Computer Name = JTS-DDA861623C | Source = Dell - System Update | ID = 777
Description = Update failed Package: Setup.exe Description: Previous version: 4.100.15.8,
New version: Log file: C:\Dell\UpdatePackage\log\bcmwl.log Exit code: 111

Error - 4/24/2010 6:36:06 PM | Computer Name = JTS-DDA861623C | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 4/24/2010 6:38:43 PM | Computer Name = JTS-DDA861623C | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 4/24/2010 6:38:43 PM | Computer Name = JTS-DDA861623C | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 4/28/2010 11:40:59 PM | Computer Name = JTS-DDA861623C | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.5510.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/28/2010 11:41:01 PM | Computer Name = JTS-DDA861623C | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.5510.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/28/2010 11:41:01 PM | Computer Name = JTS-DDA861623C | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.5510.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/24/2010 9:03:05 AM | Computer Name = JTS-DDA861623C | Source = DCOM | ID = 10010
Description = The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register
with DCOM within the required timeout.

Error - 4/24/2010 6:36:06 PM | Computer Name = JTS-DDA861623C | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the WMI Performance Adapter
service to connect.

Error - 4/24/2010 6:36:06 PM | Computer Name = JTS-DDA861623C | Source = Service Control Manager | ID = 7000
Description = The WMI Performance Adapter service failed to start due to the following
error: %%1053

Error - 4/24/2010 6:36:20 PM | Computer Name = JTS-DDA861623C | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the mcmscsvc service.

Error - 4/24/2010 6:37:04 PM | Computer Name = JTS-DDA861623C | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the mcmscsvc service.

Error - 4/28/2010 9:45:59 AM | Computer Name = JTS-DDA861623C | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 00197D5D2ADC has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 4/28/2010 12:59:10 PM | Computer Name = JTS-DDA861623C | Source = Print | ID = 6161
Description = The document Microsoft Word - SFS Letter to CREDITORS - Master 2007.doc
owned by Jeff failed to print on printer Dell Photo AIO Printer 944. Data type:
LEMF. Size of the spool file in bytes: 707908. Number of bytes printed: 707908.
Total number of pages in the document: 1. Number of pages printed: 0. Client machine:
\\JTS-DDA861623C. Win32 error code returned by the print processor: 0 (0x0).

Error - 4/28/2010 11:39:58 PM | Computer Name = JTS-DDA861623C | Source = Print | ID = 6161
Description = The document [You must be registered and logged in to see this link.]
owned by Jeff failed to print on printer Dell Photo AIO Printer 944. Data type:
LEMF. Size of the spool file in bytes: 4273998. Number of bytes printed: 4273998.
Total number of pages in the document: 1. Number of pages printed: 0. Client machine:
\\JTS-DDA861623C. Win32 error code returned by the print processor: 0 (0x0).

Error - 4/30/2010 3:16:55 PM | Computer Name = JTS-DDA861623C | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 4/30/2010 3:27:48 PM | Computer Name = JTS-DDA861623C | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.


< End of report >

jseiler
Intermediate
Intermediate

Posts Posts : 87
Joined Joined : 2009-06-10
OS OS : Windows 7 (HP)
Points Points : 28354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Security Alert

Post by Belahzur on Fri Apr 30, 2010 8:10 pm

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O4 - HKLM..\Run: [iilhyodj] C:\Documents and Settings\Jeff\Local Settings\Application Data\qsrcnirod\nwjwhkhtssd.exe ()
    O4 - HKCU..\Run: [iilhyodj] C:\Documents and Settings\Jeff\Local Settings\Application Data\qsrcnirod\nwjwhkhtssd.exe ()
    [2010/04/29 15:29:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Local Settings\Application Data\qsrcnirod

    :commands
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Security Alert

Post by jseiler on Fri Apr 30, 2010 8:25 pm

The log file:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iilhyodj deleted successfully.
C:\Documents and Settings\Jeff\Local Settings\Application Data\qsrcnirod\nwjwhkhtssd.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\iilhyodj deleted successfully.
File C:\Documents and Settings\Jeff\Local Settings\Application Data\qsrcnirod\nwjwhkhtssd.exe not found.
C:\Documents and Settings\Jeff\Local Settings\Application Data\qsrcnirod folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Jeff
->Temp folder emptied: 3455378 bytes
->Temporary Internet Files folder emptied: 38129054 bytes
->Java cache emptied: 1916720 bytes
->FireFox cache emptied: 106466092 bytes
->Flash cache emptied: 3205093 bytes

User: Joni

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 273143 bytes
->FireFox cache emptied: 22841498 bytes

User: Merrie

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1238856 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 55396922 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23942760 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 112094 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 245.00 mb


OTL by OldTimer - Version 3.2.3.1 log created on 04302010_151958

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\mcmsc_2ht6Hn2FxJLTkio not found!

Registry entries deleted on Reboot...

jseiler
Intermediate
Intermediate

Posts Posts : 87
Joined Joined : 2009-06-10
OS OS : Windows 7 (HP)
Points Points : 28354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Security Alert

Post by Belahzur on Fri Apr 30, 2010 11:50 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Security Alert

Post by jseiler on Sat May 01, 2010 2:42 am

MBAM log file:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4056

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

4/30/2010 9:36:37 PM
mbam-log-2010-04-30 (21-36-37).txt

Scan type: Quick scan
Objects scanned: 119139
Time elapsed: 8 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\config\systemprofile\Desktop\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Start Menu\Advanced Virus Remover.lnk (Rogue.AdvancedVirusRemover) -> Quarantined and deleted successfully.


Last edited by jseiler on Sat May 01, 2010 2:43 am; edited 1 time in total (Reason for editing : misspelling)

jseiler
Intermediate
Intermediate

Posts Posts : 87
Joined Joined : 2009-06-10
OS OS : Windows 7 (HP)
Points Points : 28354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Security Alert

Post by Belahzur on Sat May 01, 2010 2:55 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 8.1.3
    Java(TM) 6 Update 3
    Java(TM) 6 Update 16

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe that you downloaded to install the newest version.

Then download and install [You must be registered and logged in to see this link.]
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Security Alert

Post by jseiler on Sat May 01, 2010 7:35 pm

Ok, I think. A little slow. Should I run Hijack or something and post here or somewhere else? Thank you for all your help.

Addition: I was wrong. Internet explorer will not work and my kids game Wizard101 will not work either. Thoughts? Firefox works.


Last edited by jseiler on Sat May 01, 2010 10:59 pm; edited 1 time in total (Reason for editing : added comments)

jseiler
Intermediate
Intermediate

Posts Posts : 87
Joined Joined : 2009-06-10
OS OS : Windows 7 (HP)
Points Points : 28354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Security Alert

Post by Belahzur on Sun May 02, 2010 9:07 pm

Did you install Java runtime version 20?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Security Alert

Post by jseiler on Sun May 02, 2010 9:12 pm

Yes as instructed.

jseiler
Intermediate
Intermediate

Posts Posts : 87
Joined Joined : 2009-06-10
OS OS : Windows 7 (HP)
Points Points : 28354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Security Alert

Post by Belahzur on Mon May 03, 2010 9:48 pm

Hello.

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Please navigate to [You must be registered and logged in to see this link.] and see the section "Fix it for me"

Click the Microsoft Fix-It button. Download the file to your Desktop. Then, double-click it to run. Follow the prompts.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Security Alert

Post by jseiler on Tue May 04, 2010 2:42 am

Did both tasks. What is next please?

jseiler
Intermediate
Intermediate

Posts Posts : 87
Joined Joined : 2009-06-10
OS OS : Windows 7 (HP)
Points Points : 28354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Security Alert

Post by Belahzur on Tue May 04, 2010 10:43 pm

Does IE work now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Security Alert

Post by jseiler on Tue May 04, 2010 11:39 pm

No sir.

jseiler
Intermediate
Intermediate

Posts Posts : 87
Joined Joined : 2009-06-10
OS OS : Windows 7 (HP)
Points Points : 28354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Security Alert

Post by jseiler on Fri May 07, 2010 1:23 am

Bump

jseiler
Intermediate
Intermediate

Posts Posts : 87
Joined Joined : 2009-06-10
OS OS : Windows 7 (HP)
Points Points : 28354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Security Alert

Post by Belahzur on Fri May 07, 2010 10:53 pm

Hello.
What version of IE is it?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Security Alert

Post by jseiler on Fri May 07, 2010 11:42 pm

7.0.5730.11

jseiler
Intermediate
Intermediate

Posts Posts : 87
Joined Joined : 2009-06-10
OS OS : Windows 7 (HP)
Points Points : 28354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Security Alert

Post by jseiler on Fri May 07, 2010 11:56 pm

Just downloaded 8. Doesn't work.

jseiler
Intermediate
Intermediate

Posts Posts : 87
Joined Joined : 2009-06-10
OS OS : Windows 7 (HP)
Points Points : 28354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Security Alert

Post by Belahzur on Sat May 08, 2010 11:28 pm

I would recommend using Firefox, or Google Chrome.

Please download [You must be registered and logged in to see this link.] and install it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Security Alert

Post by jseiler on Sun May 09, 2010 2:42 am

Done. I was using 5.9 but now 6.3 is loaded. IE and a few other apps still do not work (like my kids Wixard101).

jseiler
Intermediate
Intermediate

Posts Posts : 87
Joined Joined : 2009-06-10
OS OS : Windows 7 (HP)
Points Points : 28354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Security Alert

Post by Belahzur on Sun May 09, 2010 2:40 pm

Can you try uninstalling and re-installing that program?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Security Alert

Post by jseiler on Mon May 10, 2010 1:18 am

Did. Still doesn't work. Internet Explorer does not work either so there must be some connection.

jseiler
Intermediate
Intermediate

Posts Posts : 87
Joined Joined : 2009-06-10
OS OS : Windows 7 (HP)
Points Points : 28354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Security Alert

Post by Belahzur on Tue May 11, 2010 7:52 pm

Hmmm.
If you can use Firefox, please use that for now.

How is the machine running in general?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Security Alert

Post by jseiler on Wed May 12, 2010 4:48 am

Machine is a bit slow, i-tunes not working, wizards101 not working and getting messages that antivir desktop reports virus protection is out of date even though I updated on 4/28/2010.

jseiler
Intermediate
Intermediate

Posts Posts : 87
Joined Joined : 2009-06-10
OS OS : Windows 7 (HP)
Points Points : 28354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Security Alert

Post by Belahzur on Wed May 12, 2010 10:34 pm

What version of Avira have you got? they recently released version 10, if you have 9, you need to update that to fix that error.

Try uninstalling and re-installing iTunes as well.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Security Alert

Post by jseiler on Thu May 13, 2010 6:09 am

Running Avira 10 but still getting "out of date" message, iTunes appears to be working, IE not working (I would like to get this working even though using Firefox), things running a bit slow even after clean-up and defrag.
Thanks for your help so far. What else can we try to get IE working as this seems to coincide with some other glitches?

jseiler
Intermediate
Intermediate

Posts Posts : 87
Joined Joined : 2009-06-10
OS OS : Windows 7 (HP)
Points Points : 28354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Security Alert

Post by Belahzur on Thu May 13, 2010 9:59 pm

Hello.
Right click the Avira icon in the corner, disable the Avira guard, then turn it back on, maybe a little confusion somewhere.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Security Alert

Post by jseiler on Thu May 13, 2010 10:39 pm

Deactivated then reactivated and tried to update and got the following error log:
Avira AntiVir Personal - Free Antivirus Updater
Complete product update

Creation time: Thu May 13 17:38:12 2010


Operating system:
Windows XP (Service Pack 2) [5.1.2600] 32 bit

Product information:
Product version: 10.0.0.567
Updater: C:\Program Files\Avira\AntiVir Desktop\update.exe 10.0.0.29
Update resource: C:\Program Files\Avira\AntiVir Desktop\updaterc.dll 10.0.9.0
Library: C:\Program Files\Avira\AntiVir Desktop\update.dll 0.1.0.44
Plugin: C:\Program Files\Avira\AntiVir Desktop\updext.dll 10.0.0.8
GUI: C:\Program Files\Avira\AntiVir Desktop\updgui.dll 10.0.2.0

Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\
Backup folder: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\BACKUP\
Installation Directory: C:\Program Files\Avira\AntiVir Desktop\
Updater folder: C:\Program Files\Avira\AntiVir Desktop\
AppData folder: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\

Proxy settings:
System settings used

17:38:13 [UPD] [INFO] Checking whether newer files are available.
17:38:13 [UPD] [INFO] Select update server 'http://62.146.66.187/update'.
17:38:13 [UPD] [INFO] Downloading of 'http://62.146.66.187/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
17:38:14 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.187/update/idx/master.idx' failed. Error: A connection with the server could not be established
17:38:14 [UPD] [INFO] Select update server 'http://62.146.66.188/update'.
17:38:14 [UPD] [INFO] Downloading of 'http://62.146.66.188/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
17:38:15 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.188/update/idx/master.idx' failed. Error: A connection with the server could not be established
17:38:15 [UPD] [INFO] Select update server 'http://62.146.66.189/update'.
17:38:15 [UPD] [INFO] Downloading of 'http://62.146.66.189/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
17:38:16 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://62.146.66.189/update/idx/master.idx' failed. Error: A connection with the server could not be established
17:38:16 [UPD] [INFO] Select update server 'http://80.190.143.226/update'.
17:38:16 [UPD] [INFO] Downloading of 'http://80.190.143.226/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
17:38:18 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://80.190.143.226/update/idx/master.idx' failed. Error: A connection with the server could not be established
17:38:18 [UPD] [INFO] Select update server 'http://80.190.143.227/update'.
17:38:18 [UPD] [INFO] Downloading of 'http://80.190.143.227/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
17:38:19 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://80.190.143.227/update/idx/master.idx' failed. Error: A connection with the server could not be established
17:38:19 [UPD] [INFO] Select update server 'http://80.190.143.228/update'.
17:38:19 [UPD] [INFO] Downloading of 'http://80.190.143.228/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
17:38:20 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://80.190.143.228/update/idx/master.idx' failed. Error: A connection with the server could not be established
17:38:20 [UPD] [INFO] Select update server 'http://80.190.143.229/update'.
17:38:20 [UPD] [INFO] Downloading of 'http://80.190.143.229/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
17:38:21 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://80.190.143.229/update/idx/master.idx' failed. Error: A connection with the server could not be established
17:38:21 [UPD] [INFO] Select update server 'http://80.190.143.230/update'.
17:38:21 [UPD] [INFO] Downloading of 'http://80.190.143.230/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
17:38:22 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://80.190.143.230/update/idx/master.idx' failed. Error: A connection with the server could not be established
17:38:22 [UPD] [INFO] Select update server 'http://80.190.143.231/update'.
17:38:22 [UPD] [INFO] Downloading of 'http://80.190.143.231/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
17:38:23 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://80.190.143.231/update/idx/master.idx' failed. Error: A connection with the server could not be established
17:38:23 [UPD] [INFO] Select update server 'http://80.190.143.232/update'.
17:38:23 [UPD] [INFO] Downloading of 'http://80.190.143.232/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
17:38:24 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://80.190.143.232/update/idx/master.idx' failed. Error: A connection with the server could not be established
17:38:24 [UPD] [INFO] Select update server 'http://perspeak.avira-update.com/update'.
17:38:24 [UPD] [INFO] Downloading of 'http://perspeak.avira-update.com/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
17:38:25 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://perspeak.avira-update.com/update/idx/master.idx' failed. Error: A connection with the server could not be established
17:38:25 [UPDLIB] [ERROR] No additional servers found, the update will be canceled.
17:38:25 [UPD] [ERROR] Generation of update structure failed. UpdateLib delivers error 537.


Summary:
********
0 Files downloaded
0 Files installed

Thu May 13 17:38:25 2010
The update failed!

jseiler
Intermediate
Intermediate

Posts Posts : 87
Joined Joined : 2009-06-10
OS OS : Windows 7 (HP)
Points Points : 28354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Security Alert

Post by Belahzur on Fri May 14, 2010 9:25 am

You may need to uninstall Avira, then re-install that too to fix this if any damage has been done.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Security Alert

Post by jseiler on Fri May 14, 2010 11:18 pm

Uninstalled then downloaded new copy off the website and installed. Same errors. IE still not working.

jseiler
Intermediate
Intermediate

Posts Posts : 87
Joined Joined : 2009-06-10
OS OS : Windows 7 (HP)
Points Points : 28354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Security Alert

Post by jseiler on Tue May 18, 2010 2:20 am

bump

jseiler
Intermediate
Intermediate

Posts Posts : 87
Joined Joined : 2009-06-10
OS OS : Windows 7 (HP)
Points Points : 28354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Security Alert

Post by jseiler on Wed May 19, 2010 6:11 pm

bump

jseiler
Intermediate
Intermediate

Posts Posts : 87
Joined Joined : 2009-06-10
OS OS : Windows 7 (HP)
Points Points : 28354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Security Alert

Post by Belahzur on Wed May 19, 2010 10:39 pm

Hello.
The malware may have done too much damage, not sure if this can be fixed.

You may need to reformat if it comes to that.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Windows Security Alert

Post by jseiler on Thu May 20, 2010 1:50 am

Sounds ugly. Do you suggest calling in someone or can you direct me to instructions? Thanks.

jseiler
Intermediate
Intermediate

Posts Posts : 87
Joined Joined : 2009-06-10
OS OS : Windows 7 (HP)
Points Points : 28354
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Windows Security Alert

Post by Belahzur on Thu May 20, 2010 10:52 pm

Worth a try, but once damage is done, it is done and nothing can be done other than formatting.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum