Microsoft Security Essentials Alert

View previous topic View next topic Go down

Microsoft Security Essentials Alert

Post by Astronix on Wed 10 Nov 2010, 1:23 pm

Hello there again! It's been a long time since i've posted on here. I have a new problem though, and it always seems to spawn from my Win32 files. Ugh.

I was searching on Facebook; of course i should know better, and my computer completely cut off the internet explorer process and a Microsoft Security Essentials Alert popped up saying i had an 'Unknown Trojan" in my Win32 files, and then it randomly selected my iTunes folders and application. I'm currently running Malewarebytes, and my AVG virus scanner.
I cannot open my Task Manager, even through the prompt commands.
I also cannot close out of this Microsoft Security Essentials Alert.

Please help?

Astronix

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2009-05-05
Operating System : Windows XP

View user profile

Back to top Go down

Re: Microsoft Security Essentials Alert

Post by Astronix on Wed 10 Nov 2010, 1:46 pm

Also i cannot open the internet to post on here via my laptop. I am using a desktop. Not sure how i am going to be able to post my MBAM log on here. I've also figured out that when i close the virus message it will display a new place where the virus may be.

Astronix

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2009-05-05
Operating System : Windows XP

View user profile

Back to top Go down

Re: Microsoft Security Essentials Alert

Post by Astronix on Wed 10 Nov 2010, 2:13 pm

Hello again. I have shut off my laptop and am running windows in Safe Mode and Networking.
I still cannot open the Task Manager
But i am running MBAM in safe mode to hopefully help. :/ Anyone out there? I will post an MBAM log as soon as i can.

Astronix

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2009-05-05
Operating System : Windows XP

View user profile

Back to top Go down

Re: Microsoft Security Essentials Alert

Post by Astronix on Wed 10 Nov 2010, 3:59 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 5087

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

11/9/2010 11:42:06 PM
mbam-log-2010-11-09 (23-42-06).txt

Scan type: Quick scan
Objects scanned: 172223
Time elapsed: 19 minute(s), 34 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
C:\Documents and Settings\Owner.Banaopolis\Application Data\hotfix.exe (Trojan.FakeAlert) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner.Banaopolis\Application Data\hotfix.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Owner.Banaopolis\Local Settings\Temp\a.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Owner.Banaopolis\Local Settings\Temp\ATT-SST_Installer\Setup\MotiveClient\AXB.exe (Adware.BHO) -> No action taken.
C:\Documents and Settings\Owner.Banaopolis\Local Settings\Temporary Internet Files\Content.IE5\BPYE2UDY\users_bmw_file_file[1].exe (Trojan.FakeAlert) -> No action taken.

Astronix

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2009-05-05
Operating System : Windows XP

View user profile

Back to top Go down

Re: Microsoft Security Essentials Alert

Post by Astronix on Wed 10 Nov 2010, 4:22 pm

OTL logfile created on: 11/10/2010 12:02:37 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner.Banaopolis\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 333.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.94 Gb Total Space | 50.77 Gb Free Space | 48.38% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 3.73 Gb Free Space | 54.69% Space Free | Partition Type: FAT32

Computer Name: BANAOPOLIS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/10 00:02:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Banaopolis\Desktop\OTL.com
PRC - [2010/11/05 17:39:18 | 002,717,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\Install\windows-kb890830-v3.13-delta.exe
PRC - [2010/11/02 16:47:12 | 000,082,376 | ---- | M] (Microsoft Corporation) -- c:\488a2173855e9769aa\mrtstub.exe
PRC - [2010/10/06 20:50:08 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/23 11:11:54 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/16 16:37:03 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 16:36:55 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/16 16:36:52 | 000,755,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgscanx.exe
PRC - [2010/07/16 16:35:52 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/16 16:35:47 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/16 16:34:10 | 001,054,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgupd.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/18 02:16:39 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2010/05/18 02:00:16 | 000,555,008 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2010/05/18 02:00:16 | 000,415,744 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
PRC - [2010/05/18 02:00:16 | 000,169,984 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/04/29 14:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/03/12 01:15:38 | 000,525,616 | ---- | M] (AT&T Inc.) -- C:\Program Files\Yahoo!\Companion\att\ToolbarSvr.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/11/05 09:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (SafeList) ==========

MOD - [2010/11/10 00:02:15 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Banaopolis\Desktop\OTL.com
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/11/05 09:47:00 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/16 16:36:55 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/18 02:16:39 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


Astronix

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2009-05-05
Operating System : Windows XP

View user profile

Back to top Go down

Re: Microsoft Security Essentials Alert

Post by Astronix on Wed 10 Nov 2010, 4:23 pm

OTL Extras logfile created on: 11/10/2010 12:02:38 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner.Banaopolis\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 333.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.94 Gb Total Space | 50.77 Gb Free Space | 48.38% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 3.73 Gb Free Space | 54.69% Space Free | Partition Type: FAT32

Computer Name: BANAOPOLIS | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard Downloader
"6113:TCP" = 6113:TCP:*:Enabled:Blizzard Downloader
"6114:TCP" = 6114:TCP:*:Enabled:Blizzard Downloader
"4000:TCP" = 4000:TCP:*:Enabled:Blizzard Downloader
"1119:TCP" = 1119:TCP:*:Enabled:Blizzard Downloader
"1120:TCP" = 1120:TCP:*:Enabled:Blizzard Downloader
"80:TCP" = 80:TCP:*:Enabled:Blizzard Downloader
"6881:TCP" = 6881:TCP:*:Enabled:Blizzard Downloader
"6882:TCP" = 6882:TCP:*:Enabled:Blizzard Downloader
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found
"C:\Program Files\Common Files\AOL\1274166712\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1274166712\EE\AOLServiceHost.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\World of Warcraft\Blizzard Downloader.exe" = C:\Program Files\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Documents and Settings\Owner.Banaopolis\Local Settings\Apps\2.0\NXERBNCA.8LB\ZE4NGMP7.EZ8\curs..tion_eee711038731a406_0004.0000_1829574f2226d088\CurseClient.exe" = C:\Documents and Settings\Owner.Banaopolis\Local Settings\Apps\2.0\NXERBNCA.8LB\ZE4NGMP7.EZ8\curs..tion_eee711038731a406_0004.0000_1829574f2226d088\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"AT&T Yahoo! Browser Configuration" = AT&T Yahoo! Browser Configuration
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"BigFix" = BigFix
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_0300107B" = Soft Data Fax Modem with SmartCP
"Google Desktop" = Google Desktop
"gtw_logo" = gtw_logo
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"RealPlayer 6.0" = RealPlayer Basic
"ResumeMaker Professional" = ResumeMaker Professional
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"World of Warcraft" = World of Warcraft
"Yahoo! Companion" = att.net Toolbar
"Yahoo! Mail" = att.net Internet Mail
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/1/2010 9:29:26 PM | Computer Name = BANAOPOLIS | Source = Application Error | ID = 1000
Description = Faulting application BCMWLTRY.EXE, version 3.100.64.1, faulting module
BCMWLTRY.EXE, version 3.100.64.1, fault address 0x00011cd0.

Error - 11/1/2010 10:15:40 PM | Computer Name = BANAOPOLIS | Source = Application Error | ID = 1004
Description = Faulting application BCMWLTRY.EXE, version 3.100.64.1, faulting module
BCMWLTRY.EXE, version 3.100.64.1, fault address 0x00011cd0.

Error - 11/1/2010 10:21:51 PM | Computer Name = BANAOPOLIS | Source = Bonjour Service | ID = 100
Description = 248: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/1/2010 10:21:51 PM | Computer Name = BANAOPOLIS | Source = Bonjour Service | ID = 100
Description = 256: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/1/2010 10:21:51 PM | Computer Name = BANAOPOLIS | Source = Bonjour Service | ID = 100
Description = 464: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/4/2010 11:32:54 PM | Computer Name = BANAOPOLIS | Source = Bonjour Service | ID = 100
Description = 464: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/4/2010 11:32:54 PM | Computer Name = BANAOPOLIS | Source = Bonjour Service | ID = 100
Description = 256: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 11/10/2010 1:00:20 AM | Computer Name = BANAOPOLIS | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 9038, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 11/10/2010 1:00:20 AM | Computer Name = BANAOPOLIS | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 11/10/2010 1:00:24 AM | Computer Name = BANAOPOLIS | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 9038, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

[ System Events ]
Error - 11/10/2010 12:52:16 AM | Computer Name = BANAOPOLIS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/10/2010 12:52:17 AM | Computer Name = BANAOPOLIS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/10/2010 12:52:18 AM | Computer Name = BANAOPOLIS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/10/2010 12:52:19 AM | Computer Name = BANAOPOLIS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/10/2010 12:52:20 AM | Computer Name = BANAOPOLIS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/10/2010 12:52:21 AM | Computer Name = BANAOPOLIS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/10/2010 12:52:22 AM | Computer Name = BANAOPOLIS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/10/2010 12:52:23 AM | Computer Name = BANAOPOLIS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {C49E32C6-BC8B-11D2-85D4-00105A1F8304}

Error - 11/10/2010 12:52:23 AM | Computer Name = BANAOPOLIS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 11/10/2010 12:52:24 AM | Computer Name = BANAOPOLIS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}


< End of report >

Astronix

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2009-05-05
Operating System : Windows XP

View user profile

Back to top Go down

Re: Microsoft Security Essentials Alert

Post by Belahzur on Thu 11 Nov 2010, 11:27 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Microsoft Security Essentials Alert

Post by Astronix on Sat 13 Nov 2010, 4:21 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 5087

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

11/9/2010 11:42:17 PM
mbam-log-2010-11-09 (23-42-17).txt

Scan type: Quick scan
Objects scanned: 172223
Time elapsed: 19 minute(s), 34 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
C:\Documents and Settings\Owner.Banaopolis\Application Data\hotfix.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner.Banaopolis\Application Data\hotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.Banaopolis\Local Settings\Temp\a.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.Banaopolis\Local Settings\Temp\ATT-SST_Installer\Setup\MotiveClient\AXB.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.Banaopolis\Local Settings\Temporary Internet Files\Content.IE5\BPYE2UDY\users_bmw_file_file[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Astronix

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2009-05-05
Operating System : Windows XP

View user profile

Back to top Go down

Re: Microsoft Security Essentials Alert

Post by Belahzur on Sun 14 Nov 2010, 11:06 am

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Microsoft Security Essentials Alert

Post by Astronix on Sun 14 Nov 2010, 4:04 pm

ComboFix 10-11-12.06 - Owner 11/13/2010 23:45:01.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.438 [GMT -5:00]
Running from: c:\documents and settings\Owner.Banaopolis\Desktop\Combo-Fix.exe
AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-11-13 04:01 . 2009-10-07 21:28 17544 ------w- c:\windows\system32\drivers\RkPavproc1.sys
2010-11-13 04:00 . 2005-04-04 04:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2010-11-13 04:00 . 2005-04-04 04:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2010-11-13 04:00 . 2005-04-04 04:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2010-11-13 04:00 . 2005-04-04 04:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2010-11-13 04:00 . 2005-04-04 03:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2010-11-13 04:00 . 2010-11-13 04:00 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2010-11-13 04:00 . 2010-11-13 04:00 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2010-11-13 03:49 . 2010-11-13 03:49 -------- d-----w- c:\program files\softendo.com
2010-11-10 05:39 . 2010-11-10 05:39 -------- d-----w- c:\documents and settings\Owner.Banaopolis\Application Data\Panda Security
2010-11-10 05:37 . 2010-11-13 03:27 -------- d-----w- c:\documents and settings\Owner.Banaopolis\Application Data\SurfSecret Privacy Suite
2010-11-10 05:37 . 2010-11-13 03:21 -------- d-----w- c:\documents and settings\Owner.Banaopolis\Local Settings\Application Data\panda2_0dn
2010-11-10 05:37 . 2010-11-10 05:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security Toolbar Antiphishing
2010-11-10 05:37 . 2010-11-13 03:27 -------- d-----w- c:\documents and settings\Owner.Banaopolis\Application Data\pandasecuritytb
2010-11-10 05:33 . 2010-11-10 05:37 -------- d-----w- c:\program files\Panda Security
2010-11-10 05:33 . 2010-11-10 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-11-10 04:53 . 2010-11-10 04:53 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-26 17:06 . 2010-10-26 17:06 -------- d-----w- c:\program files\MSECache
2010-10-21 01:58 . 2010-10-21 01:59 -------- d-----w- c:\documents and settings\Owner.Banaopolis\Application Data\Ventrilo
2010-10-21 01:57 . 2010-10-21 01:57 -------- d-----w- c:\program files\Ventrilo
2010-10-21 01:56 . 2010-10-21 01:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 16:23 . 2009-03-17 12:20 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2009-03-17 12:20 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2009-03-17 12:20 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2009-03-17 12:20 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-10 05:58 . 2009-03-17 12:23 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2009-03-17 12:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2009-03-17 12:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2009-03-17 12:16 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2009-03-17 12:23 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2009-03-17 12:23 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2009-03-17 12:22 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2009-03-17 12:22 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-05-19 09:06 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2009-03-17 12:16 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2009-03-17 12:22 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2009-03-17 12:22 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-10-25 13:34 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-10-25 86696]

[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-05-14 20:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-05-14 20:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-05-18 169984]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 344064]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848]
"Panda Security Toolbar Antiphishing"="c:\documents and settings\All Users\Application Data\Panda Security Toolbar Antiphishing\panda2_0dn.exe" [2010-10-24 449192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

c:\documents and settings\Owner.Banaopolis\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-8-24 0]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2010-5-18 2168360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\Blizzard Downloader.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\Owner.Banaopolis\\Local Settings\\Apps\\2.0\\NXERBNCA.8LB\\ZE4NGMP7.EZ8\\curs..tion_eee711038731a406_0004.0000_1829574f2226d088\\CurseClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"6113:TCP"= 6113:TCP:Blizzard Downloader
"6114:TCP"= 6114:TCP:Blizzard Downloader
"4000:TCP"= 4000:TCP:Blizzard Downloader
"1119:TCP"= 1119:TCP:Blizzard Downloader
"1120:TCP"= 1120:TCP:Blizzard Downloader
"6881:TCP"= 6881:TCP:Blizzard Downloader
"6882:TCP"= 6882:TCP:Blizzard Downloader
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [6/17/2010 1:41 PM 129992]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [8/9/2010 2:53 PM 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [5/27/2010 6:39 PM 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [7/21/2010 10:02 PM 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [4/30/2010 1:46 PM 111624]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [7/21/2010 10:02 PM 112456]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [5/18/2010 12:29 AM 200576]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys --> c:\windows\system32\DRIVERS\ShlDrv51.sys [?]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys --> c:\windows\system32\DRIVERS\PavProc.sys [?]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [5/18/2010 12:26 AM 69692]
.
Contents of the 'Scheduled Tasks' folder

2010-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-05-18 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2009-03-17 00:12]

2010-05-18 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2009-03-17 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: $talisma_url$
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Money2006b - c:\program files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-11-13 23:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1472)
c:\windows\system32\WININET.dll
c:\documents and settings\All Users\Application Data\Panda Security Toolbar Antiphishing\panda2_0dn.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
c:\windows\system32\WLTRAY.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2010-11-14 00:03:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-14 05:02

Pre-Run: 54,649,085,952 bytes free
Post-Run: 55,777,480,704 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - FB7447D647CFD6243BAE07203F4A7F13

Astronix

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2009-05-05
Operating System : Windows XP

View user profile

Back to top Go down

Re: Microsoft Security Essentials Alert

Post by Astronix on Sun 14 Nov 2010, 4:07 pm

I had AVG but then a friend told me this new Panda Cloud Antivirus was good. I'm not exactly liking it..
Any suggestions? Thanks!

Astronix

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2009-05-05
Operating System : Windows XP

View user profile

Back to top Go down

Re: Microsoft Security Essentials Alert

Post by Belahzur on Mon 15 Nov 2010, 12:35 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Microsoft Security Essentials Alert

Post by Astronix on Mon 15 Nov 2010, 1:32 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4111

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/14/2010 9:20:41 PM
mbam-log-2010-11-14 (21-20-41).txt

Scan type: Quick scan
Objects scanned: 130053
Time elapsed: 9 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Astronix

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2009-05-05
Operating System : Windows XP

View user profile

Back to top Go down

Re: Microsoft Security Essentials Alert

Post by Belahzur on Tue 16 Nov 2010, 5:05 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Microsoft Security Essentials Alert

Post by Astronix on Tue 16 Nov 2010, 8:13 am

I cannot find the program file in that folder, or the scan information in that folder. It doesnt even look like there is a scan log?? O_o

I do know that are 2 and a half hours the program did not find anything wrong and have 0 search results.

Astronix

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2009-05-05
Operating System : Windows XP

View user profile

Back to top Go down

Re: Microsoft Security Essentials Alert

Post by Astronix on Tue 16 Nov 2010, 11:44 am

I can re-run the scan i suppose. Just is going to take another 2 hours or so.

Astronix

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2009-05-05
Operating System : Windows XP

View user profile

Back to top Go down

Re: Microsoft Security Essentials Alert

Post by Belahzur on Wed 17 Nov 2010, 11:18 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 7.0
    J2SE Runtime Environment 5.0 Update 2
    Viewpoint Media Player

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 22.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u22-windows-i586.exe that you downloaded to install the newest version.

Then download and install Adobe Reader 9.4

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Microsoft Security Essentials Alert

Post by Astronix on Wed 17 Nov 2010, 12:22 pm

Machine is running much better thanks!

I downloaded Firefox to be my current browser.
I also got rid of Panda Cloud Antivirus due to its slowing down my comp.
I installed AviraAntivir.

What other programs can i use to help maintain my comp?

Astronix

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2009-05-05
Operating System : Windows XP

View user profile

Back to top Go down

Re: Microsoft Security Essentials Alert

Post by Belahzur on Thu 18 Nov 2010, 10:36 am

Computer maintenance is down to how well you keep your hardware and software running, eg, hardrive maintenance, how often you do clean outs of unused programs/temp files, etc



@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Microsoft Security Essentials Alert

Post by Astronix on Thu 18 Nov 2010, 12:57 pm

I try to atleast check every month or so. I always use MBAM and my scanner once a day to check over everything.

Astronix

Rookie Surfer
Rookie Surfer

Posts : 95
Joined : 2009-05-05
Operating System : Windows XP

View user profile

Back to top Go down

Re: Microsoft Security Essentials Alert

Post by Belahzur on Fri 19 Nov 2010, 12:03 pm

You should also consider a hardware upgrade, your log showed me you have just under 1GB of RAM, if you can get your hands on bigger RAM sticks, you could go as high as 2GB.

Maybe buy a better processor as well, but they tend to be costly for a high-end one.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Microsoft Security Essentials Alert

Post by Sponsored content Today at 11:23 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum