Spyware Protect 2009 pop up???

View previous topic View next topic Go down

Spyware Protect 2009 pop up???

Post by silentdeath477 on 29th April 2009, 4:13 am

I am recently having problems with my desktop. Can some one help me?

Here is my HJT report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:06 AM, on 4/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\sysguard.exe
C:\DOCUME~1\Mitchel\LOCALS~1\Temp\1031007192.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\lxcjcoms.exe
\?\globalroot\C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\System32\ssstars.scr
\?\globalroot\C:\WINDOWS\system32\lmppcsetup.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - ~00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: C:\WINDOWS\system32\yhs783ijfo3fe.dll - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\yhs783ijfo3fe.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Windows USB Control] C:\Documents and Settings\Mitchel\Application Data\wintos.exe
O4 - HKCU\..\Run: [3df1fe07fd90a5352c8c9c3349f8ce90] C:\DOCUME~1\Mitchel\APPLIC~1\Opera\Opera\profile\cache4\TEMPOR~1\BURGER~1.EXE /r
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Mitchel\LOCALS~1\Temp\1031007192.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Object\isamntr.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\hoy5leu.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\hoy5leu.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [A00F15946.exe] C:\WINDOWS\TEMP\_A00F15946.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.dll (User 'SYSTEM')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - ?p=ZJman000
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mitchel\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\docume~1\mitchel\locals~1\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\mitchel\locals~1\temp\ntdll64.dll
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [You must be registered and logged in to see this link.]
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - [You must be registered and logged in to see this link.]
O20 - Winlogon Notify: __c005DF9A - C:\WINDOWS\system32\__c005DF9A.dat
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\yhs783ijfo3fe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: Network DDE DSMA (NetDDEdsma) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14409 bytes

silentdeath477
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-04-29
OS OS : xp
Points Points : 28184
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Spyware Protect 2009 pop up???

Post by Belahzur on 29th April 2009, 11:59 am

Hello.

You aren't running Anti Virus Software

Your system is severly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts.

Actually, this doesn't suprise me at all...
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: [You must be registered and logged in to see this link.]
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Spyware Protect 2009 pop up???

Post by silentdeath477 on 30th April 2009, 5:06 pm

Here is the report. Since I have ran the avira the internet does not work. Im guessing something was corrupted and rempoved.

Avira AntiVir Personal
Report file date: Wednesday, April 29, 2009 18:33

Scanning for 1284893 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : PC1

Version information:
BUILD.DAT : 9.0.0.394 17962 Bytes 4/17/2009 11:20:00
AVSCAN.EXE : 9.0.3.5 466689 Bytes 4/17/2009 13:57:30
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 01:33:26
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 12:41:14
ANTIVIR3.VDF : 7.1.2.127 110592 Bytes 3/5/2009 19:58:20
Engineversion : 8.2.0.100
AEVDF.DLL : 8.1.1.0 106868 Bytes 1/27/2009 22:36:42
AESCRIPT.DLL : 8.1.1.56 352634 Bytes 2/27/2009 01:01:56
AESCN.DLL : 8.1.1.7 127347 Bytes 2/12/2009 16:44:25
AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/2008 23:24:41
AEPACK.DLL : 8.1.3.10 397686 Bytes 3/4/2009 18:06:10
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 01:01:56
AEHEUR.DLL : 8.1.0.100 1618295 Bytes 2/25/2009 20:49:16
AEHELP.DLL : 8.1.2.2 119158 Bytes 2/27/2009 01:01:56
AEGEN.DLL : 8.1.1.24 336244 Bytes 3/4/2009 18:06:10
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40
AECORE.DLL : 8.1.6.6 176501 Bytes 2/17/2009 19:22:44
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 2/9/2009 16:45:45
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: Wednesday, April 29, 2009 18:33

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxriuirftj\main
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxriuirftj\modules
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxriuirftj\start
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxriuirftj\type
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxriuirftj\group
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxriuirftj\imagepath
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovfsthxriuirftj\inst
[INFO] The registry entry is invisible.
'9066' objects were checked, '7' hidden objects were found.

The scan of running processes will be started
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'lxcjcoms.exe' - '1' Module(s) have been scanned
Scan process 'winss.exe' - '1' Module(s) have been scanned
Scan process 'msfwsvc.exe' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'snmp.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'OcHealthMon.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'CTsvcCDA.EXE' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'diagent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ARLaunch.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'TaskPanl.exe' - '1' Module(s) have been scanned
Scan process 'sysguard.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'ezprint.exe' - '1' Module(s) have been scanned
Scan process 'lxcjmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
54 processes with 54 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '81' files ).

silentdeath477
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-04-29
OS OS : xp
Points Points : 28184
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Spyware Protect 2009 pop up???

Post by silentdeath477 on 30th April 2009, 5:07 pm

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\lddr.exe
[DETECTION] Is the TR/Zbot.bnt.61440 Trojan
C:\ldr.exe
[DETECTION] Is the TR/Zbot.bnt.61440 Trojan
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\ta12l.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\ta2aa3l.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\taa332.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\{00003A38-0000-0000-F5C4-80B79F0C5215}\DATA.CAB
[0] Archive type: CAB (Microsoft)
--> RESOURCE1
[1] Archive type: HIDDEN
--> MEM\AV00000a84.AV$
[DETECTION] Contains recognition pattern of the ADSPY/180solutions.Y.5 adware or spyware
--> RESOURCE2
[1] Archive type: HIDDEN
--> MEM\AV00000a85.AV$
[DETECTION] Contains recognition pattern of the ADSPY/180solutions.Y.5 adware or spyware
--> RESOURCE3
[1] Archive type: HIDDEN
--> MEM\AV00000a86.AV$
[DETECTION] Contains recognition pattern of the ADSPY/180solutions.Y.5 adware or spyware
--> RESOURCE4
[1] Archive type: HIDDEN
--> MEM\AV00000a87.AV$
[DETECTION] Contains recognition pattern of the ADSPY/180solutions.Y.5 adware or spyware
--> RESOURCE5
[1] Archive type: HIDDEN
--> MEM\AV00000a88.AV$
[DETECTION] Contains recognition pattern of the ADSPY/180solutions.Y.5 adware or spyware
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\{00004407-0000-0000-4C6B-7EE1A0FFD265}\DATA.CAB
[0] Archive type: CAB (Microsoft)
--> RESOURCE15
[1] Archive type: HIDDEN
--> MEM\AV00000a93.AV$
[DETECTION] Contains recognition pattern of the DR/MediaPipe.A.1 dropper
--> RESOURCE16
[1] Archive type: HIDDEN
--> MEM\AV00000a94.AV$
[DETECTION] Contains recognition pattern of the SPR/MediaPipe.A program
--> RESOURCE19
[1] Archive type: HIDDEN
--> MEM\AV00000a97.AV$
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.SO back-door program
--> RESOURCE22
[1] Archive type: HIDDEN
--> MEM\AV00000a9a.AV$
[DETECTION] Contains recognition pattern of the DR/Agent.SO.1 dropper
--> RESOURCE23
[1] Archive type: HIDDEN
--> MEM\AV00000a9b.AV$
[DETECTION] Contains recognition pattern of the ADSPY/Fuel.A adware or spyware
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\{00004407-0000-0000-E271-9C071361F6FC}\DATA.CAB
[0] Archive type: CAB (Microsoft)
--> RESOURCE5
[1] Archive type: HIDDEN
--> MEM\AV00000aa1.AV$
[DETECTION] Is the TR/MediaPipe.A.2 Trojan
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\{0000441E-0000-0000-AFFF-64F3A45D2789}\DATA.CAB
[0] Archive type: CAB (Microsoft)
--> RESOURCE1
[1] Archive type: HIDDEN
--> MEM\AV00000aa8.AV$
[DETECTION] Contains recognition pattern of the ADSPY/180Solution.Q adware or spyware
--> RESOURCE2
[1] Archive type: HIDDEN
--> MEM\AV00000aa9.AV$
[DETECTION] Contains recognition pattern of the ADSPY/180Solution.K adware or spyware
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\{000044E0-0000-0000-064D-38B1BB2EFE5C}\DATA.CAB
[0] Archive type: CAB (Microsoft)
--> RESOURCE1
[1] Archive type: HIDDEN
--> FIL\C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVSCAN-20090429-183313-1AEC7293\000000C3-F9A99FE2.av$
[DETECTION] Contains recognition pattern of the SPR/FakeScan.AB program
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\{80015B00-0000-0000-AA87-0F83B032A763}\DATA.CAB
[0] Archive type: CAB (Microsoft)
--> RESOURCE1
[1] Archive type: HIDDEN
--> MEM\AV00000aaf.AV$
[DETECTION] Is the TR/Dldr.Zlob.adj.5 Trojan
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\{80018349-0000-0000-87FE-693B8C659484}\DATA.CAB
[0] Archive type: CAB (Microsoft)
--> RESOURCE1
[1] Archive type: HIDDEN
--> MEM\AV00000ab1.AV$
[DETECTION] Contains recognition pattern of the DR/Obfuscated.EN.6 dropper
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
C:\Documents and Settings\All Users\Application Data\Move Networks\qsp2ie06101001.dll
[DETECTION] Contains recognition pattern of the ADSPY/Quant.1 adware or spyware
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch74.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\Mitchel\Application Data\wint.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\Documents and Settings\Mitchel\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-753e5614
[0] Archive type: ZIP
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/Java.Gimsh.B.1 exploit
C:\Documents and Settings\Mitchel\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-740bedaf
[0] Archive type: ZIP
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/Java.Gimsh.B.2 exploit
C:\Documents and Settings\Mitchel\Application Data\Sun\Java\Deployment\cache\6.0\48\61bc2830-103429b6
[0] Archive type: ZIP
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/Java.Gimsh.B.2 exploit
C:\Documents and Settings\Mitchel\Application Data\Sun\Java\Deployment\cache\6.0\49\49820371-3ef9df0c
[0] Archive type: ZIP
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/Java.Gimsh.B.1 exploit
C:\Documents and Settings\Mitchel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-17ed5866.zip
[0] Archive type: ZIP
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/Java.Gimsh.B.1 exploit
C:\Documents and Settings\Mitchel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-12bb96d8.zip
[0] Archive type: ZIP
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/Java.Gimsh.B.1 exploit
C:\Documents and Settings\Mitchel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-5c7ac2fd.zip
[0] Archive type: ZIP
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/Java.Gimsh.B.2 exploit
C:\Documents and Settings\Mitchel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-9ec854f-3d048887.zip
[0] Archive type: ZIP
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/Java.Gimsh.B.2 exploit
C:\Documents and Settings\Mitchel\Local Settings\Temp\1031007192.exe
[DETECTION] Contains HEUR/Malware suspicious code
C:\Documents and Settings\Mitchel\Local Settings\Temp\1315507936.exe
[DETECTION] Contains HEUR/Malware suspicious code
C:\Documents and Settings\Mitchel\Local Settings\Temp\2362580674.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Documents and Settings\Mitchel\Local Settings\Temp\2521995428.exe
[DETECTION] Contains HEUR/Malware suspicious code
C:\Documents and Settings\Mitchel\Local Settings\Temp\3813423620.exe
[DETECTION] Contains HEUR/Malware suspicious code
C:\Documents and Settings\Mitchel\Local Settings\Temp\3832220842.exe
[DETECTION] Contains HEUR/Malware suspicious code
C:\Documents and Settings\Mitchel\Local Settings\Temp\mousehook.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Documents and Settings\Mitchel\Local Settings\Temp\ntdll64.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Documents and Settings\Mitchel\Local Settings\Temporary Internet Files\Content.IE5\62SDDK8Y\lsp[1].exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Documents and Settings\Mitchel\Local Settings\Temporary Internet Files\Content.IE5\GAH0OBPR\cd[2].htm
[DETECTION] Contains HEUR/Malware suspicious code
C:\Documents and Settings\Mitchel\Local Settings\Temporary Internet Files\Content.IE5\KI3W369W\cd[1].htm
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:\Documents and Settings\Mitchel\My Documents\AmericasArmy270_FilePlanet.exe
[0] Archive type: RAR SFX (self extracting)
--> Americ~1.cab
[1] Archive type: CAB (Microsoft)
--> Official_U.S._Army_Web_Site.
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Mitchel\My Documents\My Music\iTunes Music\one last call.wma
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
C:\Downloads\Alice_Greenfingers-v106-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
C:\Downloads\CakeManiaSetup-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
C:\Downloads\DinerDash-HometownHero-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
C:\Downloads\Mall2DeluxeSetup-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
C:\Downloads\MallofAmericaTycoon-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
C:\Downloads\MallTycoon2-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
C:\Downloads\MallTycoon3Setup-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
C:\Downloads\MallTycoonSetup-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
C:\Downloads\Miss_Management-v1_0-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
C:\Downloads\MonopolyTycoon-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
C:\Downloads\NannyManiaSetup-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
C:\Downloads\PlantasiaSetup-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
C:\Downloads\RCT2TripleThrillSetup-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
C:\Downloads\RCT2TripleThrillSetup.exe
[0] Archive type: ZIP SFX (self extracting)
--> RCT2.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Downloads\ResidentEvil3-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
C:\Downloads\RollerRush-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
C:\Downloads\SallysSalon-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
C:\Downloads\XpandRallySetup-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
C:\My Games\Farm Craft\FarmCraft.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\FlamingPear_keygen_allplugins\keygen.exe
[DETECTION] Is the TR/Packed.1753 Trojan
C:\Program Files\Internet Explorer\msimg32.dll
[DETECTION] Contains recognition pattern of the ADSPY/Mywebsearch.28672.2 adware or spyware
C:\Program Files\Morpheus\morpheustoolbar.exe
[DETECTION] Contains recognition pattern of the ADSPY/Mywebsearch.A.99 adware or spyware
C:\WINDOWS\system32\f3PSSavr.scr
[DETECTION] Contains recognition pattern of the ADSPY/MyWebSearc.BQ adware or spyware
C:\WINDOWS\system32\iehelper.dll
[DETECTION] Is the TR/BHO.9216 Trojan
C:\WINDOWS\Temp\h91746.exe
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Contains recognition pattern of the ADSPY/Mitware.E adware or spyware
C:\WINDOWS\Temp\sa2.exe
[DETECTION] Contains recognition pattern of the ADSPY/SpyStrike.B adware or spyware
--> Settings/SpywareStrike.exe
[DETECTION] Contains recognition pattern of the SPR/Fake.Spyaxe.3 program
--> Settings/English.ini
[DETECTION] Contains recognition pattern of the ADSPY/SpyStrike.B adware or spyware

silentdeath477
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-04-29
OS OS : xp
Points Points : 28184
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Spyware Protect 2009 pop up???

Post by silentdeath477 on 30th April 2009, 5:08 pm

Beginning disinfection:
C:\lddr.exe
[DETECTION] Is the TR/Zbot.bnt.61440 Trojan
[NOTE] The file was moved to '4a5d0306.qua'!
C:\ldr.exe
[DETECTION] Is the TR/Zbot.bnt.61440 Trojan
[NOTE] The file was moved to '4a6b0306.qua'!
C:\ta12l.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4a2a0304.qua'!
C:\ta2aa3l.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4a2b0304.qua'!
C:\taa332.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4a5a0305.qua'!
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\{00003A38-0000-0000-F5C4-80B79F0C5215}\DATA.CAB
[NOTE] The file was moved to '4a4d02e5.qua'!
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\{00004407-0000-0000-4C6B-7EE1A0FFD265}\DATA.CAB
[NOTE] The file was moved to '498943ce.qua'!
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\{00004407-0000-0000-E271-9C071361F6FC}\DATA.CAB
[NOTE] The file was moved to '498b525e.qua'!
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\{0000441E-0000-0000-AFFF-64F3A45D2789}\DATA.CAB
[NOTE] The file was moved to '498562ae.qua'!
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\{000044E0-0000-0000-064D-38B1BB2EFE5C}\DATA.CAB
[NOTE] The file was moved to '49846af6.qua'!
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\{80015B00-0000-0000-AA87-0F83B032A763}\DATA.CAB
[NOTE] The file was moved to '498a5a66.qua'!
C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\{80018349-0000-0000-87FE-693B8C659484}\DATA.CAB
[NOTE] The file was moved to '49876d3e.qua'!
C:\Documents and Settings\All Users\Application Data\Move Networks\qsp2ie06101001.dll
[DETECTION] Contains recognition pattern of the ADSPY/Quant.1 adware or spyware
[NOTE] The file was moved to '4a690317.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch74.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a50031d.qua'!
C:\Documents and Settings\Mitchel\Application Data\wint.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was moved to '4a67030e.qua'!
C:\Documents and Settings\Mitchel\Application Data\Sun\Java\Deployment\cache\6.0\22\10453ed6-753e5614
[NOTE] The file was moved to '4a2d02d5.qua'!
C:\Documents and Settings\Mitchel\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-740bedaf
[NOTE] The file was moved to '4a300309.qua'!
C:\Documents and Settings\Mitchel\Application Data\Sun\Java\Deployment\cache\6.0\48\61bc2830-103429b6
[NOTE] The file was moved to '4a5b02d6.qua'!
C:\Documents and Settings\Mitchel\Application Data\Sun\Java\Deployment\cache\6.0\49\49820371-3ef9df0c
[NOTE] The file was moved to '4a3102de.qua'!
C:\Documents and Settings\Mitchel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-17ed5866.zip
[NOTE] The file was moved to '4a66031b.qua'!
C:\Documents and Settings\Mitchel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-12bb96d8.zip
[NOTE] The file was moved to '49b695cc.qua'!
C:\Documents and Settings\Mitchel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-5c7ac2fd.zip
[NOTE] The file was moved to '49bfdfc4.qua'!
C:\Documents and Settings\Mitchel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-9ec854f-3d048887.zip
[NOTE] The file was moved to '49bce7bc.qua'!
C:\Documents and Settings\Mitchel\Local Settings\Temp\1031007192.exe
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a2c02d5.qua'!
C:\Documents and Settings\Mitchel\Local Settings\Temp\1315507936.exe
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a2a02d9.qua'!
C:\Documents and Settings\Mitchel\Local Settings\Temp\2362580674.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4a2f02d9.qua'!
C:\Documents and Settings\Mitchel\Local Settings\Temp\2521995428.exe
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a2b02db.qua'!
C:\Documents and Settings\Mitchel\Local Settings\Temp\3813423620.exe
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a2a02de.qua'!
C:\Documents and Settings\Mitchel\Local Settings\Temp\3832220842.exe
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a2c02de.qua'!
C:\Documents and Settings\Mitchel\Local Settings\Temp\mousehook.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a6e0315.qua'!
C:\Documents and Settings\Mitchel\Local Settings\Temp\ntdll64.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4a5d031b.qua'!
C:\Documents and Settings\Mitchel\Local Settings\Temporary Internet Files\Content.IE5\62SDDK8Y\lsp[1].exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a69031d.qua'!
C:\Documents and Settings\Mitchel\Local Settings\Temporary Internet Files\Content.IE5\GAH0OBPR\cd[2].htm
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4a54030e.qua'!
C:\Documents and Settings\Mitchel\Local Settings\Temporary Internet Files\Content.IE5\KI3W369W\cd[1].htm
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
[NOTE] The file was moved to '49b400df.qua'!
C:\Documents and Settings\Mitchel\My Documents\My Music\iTunes Music\one last call.wma
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '4a5e0319.qua'!
C:\Downloads\Alice_Greenfingers-v106-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
[NOTE] The file was moved to '4a620317.qua'!
C:\Downloads\CakeManiaSetup-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
[NOTE] The file was moved to '4a64030c.qua'!
C:\Downloads\DinerDash-HometownHero-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
[NOTE] The file was moved to '4a670314.qua'!
C:\Downloads\Mall2DeluxeSetup-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
[NOTE] The file was moved to '4a65030c.qua'!
C:\Downloads\MallofAmericaTycoon-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
[NOTE] The file was moved to '49840895.qua'!
C:\Downloads\MallTycoon2-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
[NOTE] The file was moved to '4987106d.qua'!
C:\Downloads\MallTycoon3Setup-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
[NOTE] The file was moved to '498620c5.qua'!
C:\Downloads\MallTycoonSetup-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
[NOTE] The file was moved to '4981289d.qua'!
C:\Downloads\Miss_Management-v1_0-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
[NOTE] The file was moved to '4a6c0314.qua'!
C:\Downloads\MonopolyTycoon-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
[NOTE] The file was moved to '4a67031a.qua'!
C:\Downloads\NannyManiaSetup-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
[NOTE] The file was moved to '4a67030c.qua'!
C:\Downloads\PlantasiaSetup-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
[NOTE] The file was moved to '4a5a0317.qua'!
C:\Downloads\RCT2TripleThrillSetup-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
[NOTE] The file was moved to '4a4d02ee.qua'!
C:\Downloads\RCT2TripleThrillSetup.exe
[NOTE] The file was moved to '49a758af.qua'!
C:\Downloads\ResidentEvil3-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
[NOTE] The file was moved to '4a6c038a.qua'!
C:\Downloads\RollerRush-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
[NOTE] The file was moved to '4a650394.qua'!
C:\Downloads\SallysSalon-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
[NOTE] The file was moved to '4a650386.qua'!
C:\Downloads\XpandRallySetup-dm[1].exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
[NOTE] The file was moved to '4a5a0395.qua'!
C:\My Games\Farm Craft\FarmCraft.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4a6b0387.qua'!
C:\Program Files\Adobe\Photoshop 7.0\Plug-Ins\FlamingPear_keygen_allplugins\keygen.exe
[DETECTION] Is the TR/Packed.1753 Trojan
[NOTE] The file was moved to '4a72038b.qua'!
C:\Program Files\Internet Explorer\msimg32.dll
[DETECTION] Contains recognition pattern of the ADSPY/Mywebsearch.28672.2 adware or spyware
[NOTE] The file was moved to '4a620399.qua'!
C:\Program Files\Morpheus\morpheustoolbar.exe
[DETECTION] Contains recognition pattern of the ADSPY/Mywebsearch.A.99 adware or spyware
[NOTE] The file was moved to '4a6b0396.qua'!
C:\WINDOWS\system32\f3PSSavr.scr
[DETECTION] Contains recognition pattern of the ADSPY/MyWebSearc.BQ adware or spyware
[NOTE] The file was moved to '4a49035a.qua'!
C:\WINDOWS\system32\iehelper.dll
[DETECTION] Is the TR/BHO.9216 Trojan
[NOTE] The file was moved to '4a61038c.qua'!
C:\WINDOWS\Temp\h91746.exe
[NOTE] The file was moved to '4a2a0360.qua'!
C:\WINDOWS\Temp\sa2.exe
[DETECTION] Contains recognition pattern of the ADSPY/SpyStrike.B adware or spyware
[NOTE] The file was moved to '4a2b0388.qua'!


End of the scan: Wednesday, April 29, 2009 21:47
Used time: 2:52:02 Hour(s)

The scan has been done completely.

16520 Scanned directories
555765 Files were scanned
66 Viruses and/or unwanted programs were found
7 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
61 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
555690 Files not concerned
3964 Archives were scanned
4 Warnings
63 Notes
9066 Objects were scanned with rootkit scan
7 Hidden objects were found

silentdeath477
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-04-29
OS OS : xp
Points Points : 28184
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Spyware Protect 2009 pop up???

Post by Belahzur on 30th April 2009, 5:12 pm

Hello.

Avira has found some files top be backdoor.Zbot.

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Spyware Protect 2009 pop up???

Post by silentdeath477 on 30th April 2009, 5:31 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "ovfsthxriuirftj" found!
ImagePath: \systemroot\system32\drivers\ovfsthxkcpbitle.sys
Driver disabled successfully.

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.

silentdeath477
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-04-29
OS OS : xp
Points Points : 28184
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Spyware Protect 2009 pop up???

Post by Belahzur on 30th April 2009, 5:35 pm

1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to delete:
ovfsthxriuirftj

Files to delete:
C:\WINDOWS\system32\drivers\ovfsthxkcpbitle.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Spyware Protect 2009 pop up???

Post by silentdeath477 on 30th April 2009, 5:44 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "ovfsthxriuirftj" deleted successfully.
File "C:\WINDOWS\system32\drivers\ovfsthxkcpbitle.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

silentdeath477
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-04-29
OS OS : xp
Points Points : 28184
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Spyware Protect 2009 pop up???

Post by Belahzur on 30th April 2009, 6:16 pm


  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV. (Avira)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Spyware Protect 2009 pop up???

Post by silentdeath477 on 30th April 2009, 10:04 pm

Here you go!

ComboFix 09-04-30.02 - Mitchel 04/30/2009 17:42.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.1148 [GMT -4:00]
Running from: E:\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Guest\Application Data\ShoppingReport
c:\documents and settings\Guest\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Guest\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Guest\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Guest\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Guest\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Guest\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Guest\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\LocalService\protect.dll
c:\documents and settings\Mitchel\protect.dll
c:\documents and settings\Mitchel\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\Mitchel\Start Menu\Programs\Startup\ChkDisk.lnk
c:\program files\A360
c:\program files\INSTALL.LOG
c:\program files\Need2Find
c:\program files\Need2Find\bar\History\search
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\windows\Fonts\acrsecB.fon
c:\windows\Fonts\acrsecI.fon
c:\windows\sysguard.exe
c:\windows\system32\__c005DF9A.dat
c:\windows\system32\ak1.exe
c:\windows\system32\autochk.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\frmwrk32.exe
c:\windows\system32\ftp_non_crp.exe
c:\windows\system32\lmppcsetup.exe
c:\windows\system32\loader49.exe
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\ovfsthxdotehtkb.dll
c:\windows\system32\ovfsthxgvpawoll.dat
c:\windows\system32\ovfsthxltobxgww.dat
c:\windows\system32\ovfsthxqbwsmfss.dll
c:\windows\system32\ovfsthxsrqpardl.dll
c:\windows\system32\p2hhr.bat
c:\windows\system32\sdra64.exe
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf
c:\windows\system32\winglsetup.exe
c:\windows\system32\yhs783ijfo3fe.dll
c:\windows\Temp\tmp3.tmp
C:\xcrashdump.dat

Infected copy of c:\windows\system32\sfcfiles.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\sfcfiles.dll


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_NETDDEDSMA
-------\Legacy_OREANS32
-------\Legacy_SFC
-------\Service_MyWebSearchService
-------\Service_NetDDEdsma
-------\Service_oreans32
-------\Service_sfc


((((((((((((((((((((((((( Files Created from 2009-03-28 to 2009-04-30 )))))))))))))))))))))))))))))))
.

2009-04-30 17:39 . 2009-04-30 17:39 266 ----a-w C:\avexport.bat
2009-04-29 22:21 . 2009-03-24 20:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-29 22:21 . 2009-04-29 22:21 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-29 22:21 . 2009-04-29 22:21 -------- d-----w c:\program files\Avira
2009-04-29 03:57 . 2009-04-29 03:57 -------- d-----w c:\program files\Trend Micro
2009-04-29 00:34 . 2007-03-29 12:56 7168 -c----w c:\windows\system32\dllcache\bitsprx4.dll
2009-04-29 00:34 . 2007-03-29 12:56 7168 ------w c:\windows\system32\bitsprx4.dll
2009-04-29 00:34 . 2007-03-29 12:56 18944 -c----w c:\windows\system32\dllcache\qmgrprxy.dll
2009-04-29 00:34 . 2007-03-29 12:56 409600 -c----w c:\windows\system32\dllcache\qmgr.dll
2009-04-24 02:16 . 2009-04-24 02:16 -------- d-----w c:\documents and settings\Mitchel\Local Settings\Application Data\PunkBuster
2009-04-21 18:09 . 2009-04-21 18:09 -------- d-----w c:\program files\KingsIsle Entertainment
2009-04-14 22:42 . 2009-03-06 14:44 283648 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-14 22:42 . 2005-07-26 04:39 60416 -c----w c:\windows\system32\dllcache\colbact.dll
2009-04-14 22:42 . 2009-02-09 10:20 399360 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-14 22:42 . 2009-02-06 17:14 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-14 22:42 . 2009-02-09 10:20 473088 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-14 22:42 . 2009-02-06 16:39 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 22:42 . 2009-02-09 10:20 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 22:42 . 2009-02-09 10:20 616960 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-14 22:42 . 2009-02-09 10:20 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-14 22:41 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-10 02:57 . 2009-04-10 02:57 -------- d-----w c:\program files\InterActual
2009-04-01 16:05 . 2009-04-30 20:52 -------- d-----w c:\program files\Windows Live Safety Center

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 15:23 . 2006-10-29 16:22 -------- d-----w c:\program files\Lx_cats
2009-04-24 02:30 . 2007-11-15 11:00 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-24 02:17 . 2007-11-15 11:00 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-24 02:17 . 2007-11-15 10:59 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-21 18:09 . 2005-06-07 15:42 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 00:45 . 2008-04-03 21:28 -------- d-----w c:\program files\LimeWire
2009-03-06 14:44 . 2003-07-16 20:41 283648 ------w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2005-02-18 20:19 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 07:56 78336 ------w c:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2005-01-14 05:33 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2003-07-16 20:32 723456 ------w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2003-07-16 20:39 714752 ------w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2003-07-16 20:23 616960 ------w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2003-07-16 20:51 1846272 ------w c:\windows\system32\win32k.sys
2009-02-06 17:22 . 2003-07-16 20:39 2136064 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2003-07-16 20:44 110592 ------w c:\windows\system32\services.exe
2009-02-06 16:54 . 2003-07-16 20:43 35328 ------w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2002-08-29 01:04 2015744 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2003-07-16 20:44 55808 ----a-w c:\windows\system32\secur32.dll
2006-05-13 00:32 . 2006-05-13 00:32 774144 ----a-w c:\program files\RngInterstitial.dll
2005-07-22 20:45 . 2005-07-22 20:45 39 -c--a-w c:\program files\guest.txt
2005-07-22 20:44 . 2005-07-18 17:48 452 -c--a-w c:\program files\deb.log
2005-07-22 20:44 . 2005-07-18 17:53 297 -c--a-w c:\program files\interface_cfg.txt
2005-07-22 20:44 . 2005-07-18 17:53 109 -c--a-w c:\program files\card_cfg.txt
2005-07-22 20:44 . 2005-07-18 17:47 4060 -c--a-w c:\program files\cfg.txt
2005-04-30 15:49 . 2005-07-18 17:46 16228 -c--a-w c:\program files\README.txt
2005-04-30 15:24 . 2005-07-18 17:48 1454080 -c--a-w c:\program files\LFS.exe
2007-09-16 06:35 . 2008-06-28 19:36 66408 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-09-16 06:35 . 2008-06-28 19:36 54112 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-09-16 06:35 . 2008-06-28 19:36 34688 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2007-09-16 06:35 . 2008-06-28 19:36 46456 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-09-16 06:35 . 2008-06-28 19:36 171880 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"E6TaskPanel"="c:\program files\EarthLink TotalAccess\TaskPanl.exe" [2005-03-05 942080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-17 4800512]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LXCJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2005-09-08 73728]
"lxcjmon.exe"="c:\program files\Lexmark 8300 Series\lxcjmon.exe" [2005-09-30 200704]
"EzPrint"="c:\program files\Lexmark 8300 Series\ezprint.exe" [2005-08-01 94208]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]

c:\documents and settings\Computer1\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-3-10 139776]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
MiniEYE-MiniREAD Launch.lnk - c:\program files\Infinite Mind LC\eyeQ\ARLaunch.exe [2006-4-8 323584]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
"wave2"= serwvdrv.dll
"wave3"= serwvdrv.dll
"wave4"= serwvdrv.dll
"wave5"= serwvdrv.dll
"wave6"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Mitchel\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
S2 litsgt;litsgt;c:\windows\system32\DRIVERS\litsgt.sys [2006-04-09 137344]
S2 tansgt;tansgt;c:\windows\system32\DRIVERS\tansgt.sys [2006-04-09 12032]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

.
Contents of the 'Scheduled Tasks' folder

2009-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

silentdeath477
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-04-29
OS OS : xp
Points Points : 28184
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Spyware Protect 2009 pop up???

Post by silentdeath477 on 30th April 2009, 10:05 pm

.
- - - - ORPHANS REMOVED - - - -

BHO-{B2BA40A2-74F0-42BD-F434-12345A2C8953} - c:\windows\system32\yhs783ijfo3fe.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Windows USB Control - c:\documents and settings\Mitchel\Application Data\wintos.exe
HKCU-Run-3df1fe07fd90a5352c8c9c3349f8ce90 - c:\docume~1\Mitchel\APPLIC~1\Opera\Opera\profile\cache4\TEMPOR~1\BURGER~1.EXE
HKU-Default-Run-Windows Resurections - c:\windows\TEMP\hoy5leu.exe
HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll
HKU-Default-Run-A00F15946.exe - c:\windows\TEMP\_A00F15946.exe
SharedTaskScheduler-{B2BA40A2-74F0-42BD-F434-12345A2C8953} - c:\windows\system32\yhs783ijfo3fe.dll
SSODL-eitheror-{2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
Notify-__c005DF9A - c:\windows\system32\__c005DF9A.dat
Notify-LBTWlgn - (no file)
SafeBoot-OneCareMP


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &AOL Toolbar Search
IE: &Search - ?p=ZJman000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Mitchel\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: imageshack.us\toolbar
DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - [You must be registered and logged in to see this link.]
DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} - [You must be registered and logged in to see this link.]
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-04-30 17:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4012)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\mshtml.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\snmp.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\lxcjcoms.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-04-30 18:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-30 21:59

Pre-Run: 15,910,174,720 bytes free
Post-Run: 17,596,493,824 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

304 --- E O F --- 2009-04-30 20:34

silentdeath477
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-04-29
OS OS : xp
Points Points : 28184
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Spyware Protect 2009 pop up???

Post by Belahzur on 30th April 2009, 10:07 pm

Hello.
Still a few things to do.

First though, please update Avira. Right click the icon down in the corner > Start update. Allow it to update.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Spyware Protect 2009 pop up???

Post by silentdeath477 on 30th April 2009, 10:13 pm

3D Groove Playback Engine
Ad-Aware SE Personal
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 7.0.8
Adobe Shockwave Player
AIM 6
AIM Toolbar 5.0
Alice Greenfingers 2 (remove only)
America's Army
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI HYDRAVISION
Avira AntiVir Personal - Free Antivirus
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield Vietnam(TM)
Beach Party Craze
Bejeweled Twist(TM)
Bonjour
Cake Mania(TM) 3
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Camera Driver
Camp Funshine - Carrie the Caregiver 3 (remove only)
Cooking Academy
Cooking Dash(TM)
County Fair
Critical Update for Windows Media Player 11 (KB959772)
DAO
Delicious - Emily's Tea Garden
Delicious Deluxe
Destinator PC Portal Maps Installer
Digimax Master
Diner Dash(R) - Flo Through Time(TM)
EarthLink Software
ebgcInfra
ebgcRes
ebgcSDK
eyeQ
Farm Craft
Fitness Dash(TM)
GameSpot Download Manager
HijackThis 2.0.2
Hospital Hustle
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Ice Cream Dee Lites (remove only)
Intel(R) PRO Network Adapters and Drivers
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Lexmark 8300 Series
LGE PC Portal
LimeWire 5.1.2
Math Success Middle School
Media Library Management Wizard
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Money Tree
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (2.0.0.7)
MSN Toolbar
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MySpaceIM
Nascar SimRacing 2005 CTS addon V5.0
NVIDIA Photoshop Plug-ins
NVIDIA Windows 2000/XP Display Drivers
OpenOffice.org Installer 1.0
Opera 9.27
Personal License Update Wizard for Windows Media Player
Power Tab Editor 1.7
PunkBuster for Battlefield 1942
PunkBuster for Battlefield Vietnam
QuickTime
RealArcade
Rhapsody Player Engine
Roller Rush
Samsung USB Driver
Sandlot Games Client Services
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SKIP-BO Castaway Caper(TM)
Sound Blaster Live!
SpeedFan (remove only)
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
Sudoku - Latin Squares Gold
TeamSpeak 2 RC2
The Sims 2 University
The Simsô 2 Deluxe
The Weather Channel Desktop 6
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB923845)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
Weather Services
Web Macros Free
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Bonus Pack for Windows XP
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
Wizard101
Xbox 360 Controller for Windows
Xfire (remove only)
Yahoo! Messenger

silentdeath477
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-04-29
OS OS : xp
Points Points : 28184
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Spyware Protect 2009 pop up???

Post by Belahzur on 30th April 2009, 10:51 pm

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 7.0.8
    J2SE Runtime Environment 5.0 Update 1
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 7
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    LimeWire 5.1.2
    Viewpoint Media Player


I see you have Firefox. You are running a VERY old versions and need updating.

Please download [You must be registered and logged in to see this link.] and install it. It will install over version 2.0 you currently have installed, so you won't lose any bookmarked websites.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Spyware Protect 2009 pop up???

Post by silentdeath477 on 30th April 2009, 11:17 pm

Its running a lot better. Thanks for the help! Would you know of some ways that I could enhance my preformance further?

silentdeath477
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-04-29
OS OS : xp
Points Points : 28184
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Spyware Protect 2009 pop up???

Post by Belahzur on 30th April 2009, 11:18 pm

Yeah, we can kill some startup items.

For that, I need you to post a NEW Hijack This log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Spyware Protect 2009 pop up???

Post by silentdeath477 on 30th April 2009, 11:21 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:54 PM, on 4/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - ~00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-18 Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=ZJman000
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Mitchel\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - [You must be registered and logged in to see this link.]
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 10028 bytes

silentdeath477
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-04-29
OS OS : xp
Points Points : 28184
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Spyware Protect 2009 pop up???

Post by Belahzur on 30th April 2009, 11:31 pm

Please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

Please make sure Teatimer is disable before we do this, otherwise this fix will fail.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R3 - URLSearchHook: (no name) - - (no file)
    R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: (no name) - ~00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - ~EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - S-1-5-18 Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe (User 'Default user')
    O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: MiniEYE-MiniREAD Launch.lnk = C:\Program Files\Infinite Mind LC\eyeQ\ARLaunch.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Search - ?p=ZJman000
    O15 - Trusted Zone: [You must be registered and logged in to see this link.]
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe


  • Press "Fix Checked"
  • Close Hijack This.

You will need to reboot for these changes to take effect.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Spyware Protect 2009 pop up???

Post by silentdeath477 on 1st May 2009, 12:24 am

I have completed the task above. Is there anthing else?

silentdeath477
Intermediate
Intermediate

Posts Posts : 53
Joined Joined : 2009-04-29
OS OS : xp
Points Points : 28184
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Spyware Protect 2009 pop up???

Post by Belahzur on 1st May 2009, 12:34 am

Nope.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum