Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Continuous "security alert" messages, leads to website virprotect.com. Remove please.
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 12-02-2007, 11:18 PM   #1 (permalink)
Registered User
 
CompNovice726's Avatar
 
Join Date: Dec 2007
Location: Houston, TX
Posts: 10
OS: widows xp service pack2


EEK! Continuous "security alert" messages, leads to website virprotect.com. Remove please.
I have followed the five steps to do before starting a new thread, except the panda active scan, I cant seem to get it to finish scanning. Does it always take long?
I am fairly new at this computer stuff and when I began to get a flashing security alert that wouldn't go away I got worried . I googled the website that it kept referring me to and I realized that I had a malware but now I don't know how to get rid of it. I have since lots of advice about various products but I do not want to download just anything since this is a fairly new computer. Please let me know what I can do to get rid of this pesky problem.
my DSS log is as follows:
Deckard's System Scanner v20071014.68
Run by Itzel Alejandre on 2007-12-02 23:44:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
67: 2007-12-03 05:45:07 UTC - RP170 - Deckard's System Scanner Restore Point
66: 2007-12-02 23:40:50 UTC - RP169 - Installed Ad-Aware 2007
65: 2007-12-02 07:12:40 UTC - RP168 - Windows Defender Checkpoint
64: 2007-12-02 07:04:07 UTC - RP167 - Software Distribution Service 3.0
63: 2007-12-02 06:43:10 UTC - RP166 - Installed Windows Defender


-- First Restore Point --
1: 2007-09-03 17:09:49 UTC - RP104 - Installed File, Print FedEx Kinko's


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-02 23:48:43
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\SealedMedia\sealmon.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Documents and Settings\Itzel Alejandre\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.*.aimexpress.aol.com (HKCU)
O15 - Trusted Zone: *..aimexpress.aol.com (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Reso...s.10.6.0.6.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphotoclub.com/upload/...loadClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: crypt32chain - C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet - C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll - C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: ScCertProp - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: SensLogn - C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv - C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon - C:\WINDOWS\system32\wlnotify.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll
O21 - SSODL: E404Helper - {5ccdd7cd-15cf-41d3-84e2-43ca0b8cfdbe} - C:\WINDOWS\system32\e404d.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: edgers - {d66c22b6-2217-4d1a-9a90-1a54de1fc706} - C:\WINDOWS\system32\zcwlnic.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcj_device - Unknown owner - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: lxdd_device - Unknown owner - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 15294 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 eabfiltr - c:\windows\system32\drivers\eabfiltr.sys <Not Verified; Hewlett-Packard Development Company, L.P.; HPQuick Launch Buttons>
R2 mdmxsdk - c:\windows\system32\drivers\mdmxsdk.sys <Not Verified; Conexant; Diagnostic Interface x86 Driver>
R3 HBtnKey - c:\windows\system32\drivers\cpqbttn.sys <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
R3 HSF_DPV - c:\windows\system32\drivers\hsf_dpv.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 HSFHWAZL - c:\windows\system32\drivers\hsfhwazl.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>
R3 MQAC (Message Queuing access control) - c:\windows\system32\drivers\mqac.sys <Not Verified; Microsoft Corporation; Microsoft Message Queue>
R3 rimmptsk - c:\windows\system32\drivers\rimmptsk.sys <Not Verified; REDC; RICOH MMC Driver>
R3 rimsptsk - c:\windows\system32\drivers\rimsptsk.sys <Not Verified; REDC; Ricoh Memorystick Controller>
R3 RMCAST (Reliable Multicast Protocol driver) - c:\windows\system32\drivers\rmcast.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 sdbus - c:\windows\system32\drivers\sdbus.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
R3 winachsf - c:\windows\system32\drivers\hsf_cnxt.sys <Not Verified; Conexant Systems, Inc.; SoftK56 Modem Driver>

S1 bdftdif - c:\program files\common files\softwin\bitdefender firewall\bdftdif.sys (file missing)
S1 bdpredir - c:\program files\softwin\bitdefender10\bdpredir.sys (file missing)
S3 Bdfndisf (BitDefender Firewall NDIS Filter Service) - c:\windows\system32\drivers\bdfndisf.sys <Not Verified; Softwin SRL; BitDefender 10>
S3 eabusb - c:\windows\system32\drivers\eabusb.sys <Not Verified; Hewlett-Packard Development Company, L.P.; HP Quick Launch Buttons>
S3 PavSRK.sys - c:\windows\system32\pavsrk.sys (file missing)
S3 PavTPK.sys - c:\windows\system32\pavtpk.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys <Not Verified; America Online, Inc.; Wan Miniport (ATW)>
S4 cbidf - c:\windows\system32\drivers\cbidf2k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S4 dac2w2k - c:\windows\system32\drivers\dac2w2k.sys <Not Verified; Mylex Corporation; Mylex Disk Array Controller Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 MSMQ (Message Queuing) - c:\windows\system32\mqsvc.exe <Not Verified; Microsoft Corporation; Microsoft Message Queue>
R2 MSMQTriggers (Message Queuing Triggers) - c:\windows\system32\mqtgsvc.exe <Not Verified; Microsoft Corporation; Microsoft Message Queue>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 lxcj_device - c:\windows\system32\lxcjcoms.exe -service <Not Verified; ; Printer Communication System>
S3 MHN - c:\windows\system32\svchost.exe -k netsvcs <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2007-12-02 12:27:48 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2007-12-02 03:10:50 508 --a------ C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
2007-12-02 03:10:50 508 --a------ C:\WINDOWS\Tasks\MacroVirus Scheduled Scan.job


-- Files created between 2007-11-02 and 2007-12-02 -----------------------------

2007-12-02 23:19:53 0 d-------- C:\ie-spyad_zo
2007-12-02 23:13:07 0 d-------- C:\Program Files\SpywareBlaster
2007-12-02 19:22:42 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-02 19:22:41 0 d-------- C:\WINDOWS\LastGood
2007-12-02 17:40:52 0 d-------- C:\Program Files\Lavasoft
2007-12-02 17:40:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-02 17:39:52 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-02 17:08:02 0 d-------- C:\Program Files\XoftSpySE
2007-12-02 01:04:47 0 d-------- C:\ca999b5b7c9a80bff7b611
2007-12-02 00:43:11 0 d-------- C:\Program Files\Windows Defender
2007-12-01 23:52:30 0 d-------- C:\Program Files\Enigma Software Group
2007-12-01 22:43:25 0 d-------- C:\Documents and Settings\Itzel Alejandre\Application Data\SpywareBot
2007-12-01 21:53:22 0 d-------- C:\Program Files\RogueRemover FREE
2007-12-01 19:08:50 51712 --a------ C:\WINDOWS\system32\e404d.dll <Not Verified; Melkosoft Corporation; avp>
2007-12-01 19:08:42 0 d-------- C:\Program Files\Video Add-on
2007-11-29 10:43:15 0 d-------- C:\Program Files\Common Files\Deterministic Networks
2007-11-21 19:31:00 0 d-------- C:\WINDOWS\SxsCaPendDel
2007-11-21 14:46:25 0 d-------- C:\Program Files\HOTLLAMA Media
2007-11-21 09:29:58 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-20 13:03:58 0 d-------- C:\Documents and Settings\Itzel Alejandre\Contacts
2007-11-18 11:13:40 0 d-------- C:\Program Files\Three Rings Design
2007-11-17 21:24:25 0 d-------- C:\Documents and Settings\Itzel Alejandre\Application Data\yoclient
2007-11-17 19:12:57 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-17 19:12:41 0 d-------- C:\Program Files\Windows Live
2007-11-17 19:12:16 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-17 18:42:10 0 d-------- C:\Program Files\MyWebSearchWB
2007-11-17 18:41:04 0 d-------- C:\Program Files\AWS
2007-11-06 20:07:13 61440 --a------ C:\WINDOWS\UnDeploy.exe <Not Verified; JGsoft - Just Great Software; DeployMaster>
2007-11-06 20:07:13 0 d-------- C:\Program Files\WISCO Computing
2007-11-06 20:00:32 0 d-------- C:\WINDOWS\Speeditup Free
2007-11-06 20:00:32 0 d-------- C:\Program Files\Speeditup Free
2007-11-03 22:33:29 0 d-------- C:\Documents and Settings\Itzel Alejandre\Application Data\iWin


-- Find3M Report ---------------------------------------------------------------

2007-12-02 23:28:36 0 d-------- C:\Program Files\SealedMedia
2007-12-02 23:26:27 0 d-------- C:\Program Files\Lexmark Toolbar
2007-12-02 23:26:20 0 d-------- C:\Program Files\Lexmark Fax Solutions
2007-12-02 23:25:44 0 d-------- C:\Program Files\Lexmark 2500 Series
2007-12-02 23:25:00 0 d-------- C:\Program Files\iTunes
2007-12-02 23:13:03 0 d-------- C:\Program Files\Google
2007-12-02 23:11:49 0 d-------- C:\Program Files\Common Files\LightScribe
2007-12-02 23:11:23 0 d-------- C:\Program Files\AIM6
2007-12-02 17:39:52 0 d-------- C:\Program Files\Common Files
2007-12-02 09:12:42 0 d-------- C:\Program Files\Lx_cats
2007-11-29 11:15:03 0 d-------- C:\Program Files\HP Games
2007-11-29 10:51:33 12800 --a-s---- C:\WINDOWS\system32\zcwlnic.dll
2007-11-29 10:43:40 8 --a------ C:\WINDOWS\system32\success
2007-11-29 10:43:16 0 d-------- C:\Program Files\Cisco Systems
2007-11-29 10:43:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-24 20:19:29 0 d-------- C:\Documents and Settings\Itzel Alejandre\Application Data\PlayFirst
2007-11-24 20:19:29 0 d-------- C:\Documents and Settings\Itzel Alejandre\Application Data\Macromedia
2007-11-21 19:49:13 0 d-------- C:\Program Files\MyWebSearch
2007-11-21 19:47:05 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-21 19:36:34 0 d-------- C:\Program Files\GemMaster
2007-10-23 08:31:19 0 d-------- C:\Program Files\Viewpoint
2007-10-18 17:54:38 0 d-------- C:\Program Files\iPod
2007-10-18 11:26:47 5708 --a------ C:\WINDOWS\mozver.dat
2007-10-16 11:26:18 0 d-------- C:\Program Files\Common Files\AOL
2007-10-16 10:50:51 0 d-------- C:\Program Files\Alwil Software
2007-10-16 10:44:32 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-16 10:39:34 0 d-------- C:\Documents and Settings\Itzel Alejandre\Application Data\AOL
2007-10-16 10:19:27 0 d-------- C:\Program Files\AOL Pictures
2007-10-16 10:08:58 0 d-------- C:\Documents and Settings\Itzel Alejandre\Application Data\muvee Technologies
2007-10-02 06:25:12 0 d-------- C:\Documents and Settings\Itzel Alejandre\Application Data\FaxCtr


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 10:56 PM]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [05/03/2006 11:58 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 03:00 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/24/2006 12:40 PM]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [04/18/2006 05:29 AM C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/16/2006 11:22 PM]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [07/11/2006 11:55 PM]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 06:30 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 06:30 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [06/19/2006 01:33 PM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 12:23 PM]
"sealmon"="C:\Program Files\SealedMedia\sealmon.exe" [12/19/2006 02:27 PM]
"ProfileWatcher"="C:\Program Files\ProfileWatcher\profilewatcher.exe" []
"LXCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [09/08/2005 12:45 PM]
"LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [01/22/2007 04:05 PM]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [02/12/2007 05:58 PM]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [02/05/2007 05:32 PM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [02/12/2007 06:00 PM]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [01/26/2006 06:18 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 06:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 05:24 AM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [11/17/2007 07:48 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/05/2007 05:51 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [10/25/2007 10:20 AM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [05/08/2007 03:24 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 01:42 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [08/13/2007 06:04 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/15/2006 10:00 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [09/29/2007 02:22 PM]
"SpeedItUpEX"="C:\Program Files\Speeditup Free\SpeedItUp.exe" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [11/29/2007 10:43:18 AM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [9/5/2007 5:41:19 AM]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [9/24/2005 10:39:30 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"start"=C:\Program Files\Video Add-on\isfmntr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d66c22b6-2217-4d1a-9a90-1a54de1fc706}"= C:\WINDOWS\system32\zcwlnic.dll [11/29/2007 10:51 AM 12800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"= {5ccdd7cd-15cf-41d3-84e2-43ca0b8cfdbe} - e404d.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

*Newly Created Service* - AAWSERVICE



-- End of Deckard's System Scanner: finished at 2007-12-02 23:50:02 ------------

and the extra is attached. Like I said I am not computer savvy when it comes to these types of things so I need as much help as I can get.
Attached Files
File Type: txt extra.txt (27.1 KB, 1 views)
CompNovice726 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 12-05-2007, 08:16 PM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,175
OS: 2000 Pro; XP Pro; XP Home


Re: Continuous "security alert" messages, leads to website virprotect.com. Remove ple
Hello, and Welcome to TSF.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------
  1. Download ComboFix from one of these locations. ---------------------------------------------------------------------------------------------


    * IMPORTANT !!! Place combofix.exe on your Desktop


  2. Disconnect from the internet.
  3. Disable your AntiVirus application, usually via a right click on the System Tray icon.


  4. Go to -> Run -> paste in the following single line command & click OK

    "%userprofile%\desktop\combofix.exe" /killall



  5. Follow the prompts. Type "1" and press Enter to begin the scan.
  6. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  7. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  8. Ensure your AntiVirus is re-enabled. A reboot should have done this.
  9. Re-establish an internet connection.
  10. Please download HijackThis to your desktop

    Alternate link

    Double-click on the file you just downloaded.
    Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

    Upon install, HijackThis should open for you.

    Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

    1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
    2. If you don't get the intro screen, just hit Scan and then click on Save log.
    3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

    ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-06-2007, 08:36 AM   #3 (permalink)
Registered User
 
CompNovice726's Avatar
 
Join Date: Dec 2007
Location: Houston, TX
Posts: 10
OS: widows xp service pack2


Re: Continuous "security alert" messages, leads to website virprotect.com. Remove ple
Here is the combofix log:
ComboFix 07-12-02.6 - Itzel Alejandre 2007-12-06 906.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.558 [GMT -6:00]
Running from: C:\Documents and Settings\Itzel Alejandre\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Itzel Alejandre\Application Data\FunWebProducts
C:\Documents and Settings\Itzel Alejandre\Application Data\FunWebProducts\Data\Itzel Alejandre\avatar.dat
C:\Documents and Settings\Itzel Alejandre\Application Data\FunWebProducts\Data\Itzel Alejandre\register.dat
C:\Documents and Settings\Itzel Alejandre\Application Data\FunWebProducts\Data\Itzel Alejandre\zbucks.dat
C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.

2007-12-05 10:43 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-12-04 20:01 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-12-04 20:01 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-12-04 20:01 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-12-04 20:01 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-12-04 20:01 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-12-04 20:01 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-12-04 20:01 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2007-12-04 20:01 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-12-04 20:01 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-12-04 19:10 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-12-04 19:10 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-12-04 19:08 . 2007-05-11 18:31 22,560 -ra------ C:\WINDOWS\system32\drivers\lvuvcflt.sys
2007-12-04 19:07 . 2007-12-04 19:07 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-12-04 19:04 . 2007-12-04 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-04 19:03 . 2007-12-04 19:07 <DIR> d-------- C:\Program Files\Logitech
2007-12-04 19:03 . 2007-12-04 19:09 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2007-12-04 19:02 . 2007-12-04 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2007-12-04 15:26 . 2007-12-04 15:26 244 --ah----- C:\sqmnoopt00.sqm
2007-12-04 15:26 . 2007-12-04 15:26 232 --ah----- C:\sqmdata00.sqm
2007-12-02 23:41 . 2007-12-02 23:41 <DIR> d-------- C:\Deckard
2007-12-02 23:19 . 2007-12-02 23:19 <DIR> d-------- C:\ie-spyad_zo
2007-12-02 23:13 . 2007-12-02 23:15 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-02 17:40 . 2007-12-02 17:40 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-02 17:40 . 2007-12-02 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-02 17:39 . 2007-12-02 17:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-02 17:08 . 2007-12-02 17:26 <DIR> d-------- C:\Program Files\XoftSpySE
2007-12-02 01:04 . 2007-12-02 01:04 <DIR> d-------- C:\ca999b5b7c9a80bff7b611
2007-12-02 00:43 . 2007-12-03 00:38 <DIR> d-------- C:\Program Files\Windows Defender
2007-12-01 23:52 . 2007-12-01 23:52 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-12-01 22:43 . 2007-12-01 22:43 <DIR> d-------- C:\Documents and Settings\Itzel Alejandre\Application Data\SpywareBot
2007-12-01 21:53 . 2007-12-01 21:55 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-12-01 19:08 . 2007-12-02 01:12 <DIR> d-------- C:\Program Files\Video Add-on
2007-12-01 19:08 . 2007-12-01 19:08 51,712 --a------ C:\WINDOWS\system32\e404d.dll
2007-11-29 10:43 . 2007-11-29 10:43 <DIR> d-------- C:\Program Files\Common Files\Deterministic Networks
2007-11-29 10:43 . 2005-08-12 17:35 305,739 --a------ C:\WINDOWS\system32\drivers\CVPNDRVA.sys
2007-11-29 10:43 . 2005-08-12 17:38 181,176 --a------ C:\WINDOWS\system32\vpnapi.dll
2007-11-29 10:43 . 2005-05-17 04:51 5,315 --a------ C:\WINDOWS\system32\drivers\CVirtA.sys
2007-11-21 19:50 . 2007-11-21 19:50 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2007-11-21 19:50 . 2007-11-21 19:50 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2007-11-21 19:31 . 2007-11-21 19:49 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-11-21 14:46 . 2007-11-21 14:46 <DIR> d-------- C:\Program Files\HOTLLAMA Media
2007-11-21 09:29 . 2007-11-21 09:29 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-20 13:03 . 2007-12-04 19:50 <DIR> d-------- C:\Documents and Settings\Itzel Alejandre\Contacts
2007-11-19 16:51 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-19 16:51 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-19 16:51 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-18 11:13 . 2007-11-21 19:42 <DIR> d-------- C:\Program Files\Three Rings Design
2007-11-17 21:24 . 2007-11-17 21:37 <DIR> d-------- C:\Documents and Settings\Itzel Alejandre\Application Data\yoclient
2007-11-17 19:12 . 2007-12-04 15:28 <DIR> d-------- C:\Program Files\Windows Live
2007-11-17 19:12 . 2007-11-20 13:00 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-17 19:12 . 2007-12-04 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-17 18:42 . 2007-11-17 18:42 <DIR> d-------- C:\Program Files\MyWebSearchWB
2007-11-17 18:41 . 2007-12-02 18:55 <DIR> d-------- C:\Program Files\AWS
2007-11-06 20:07 . 2007-11-06 20:07 <DIR> d-------- C:\Program Files\WISCO Computing
2007-11-06 20:07 . 2004-02-03 02:06 61,440 --a------ C:\WINDOWS\UnDeploy.exe
2007-11-06 20:00 . 2007-11-06 20:00 <DIR> d-------- C:\WINDOWS\Speeditup Free
2007-11-06 20:00 . 2007-11-21 19:42 <DIR> d-------- C:\Program Files\Speeditup Free

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-06 14:59 --------- d-----w C:\Program Files\Lx_cats
2007-12-05 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-05 04:16 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2007-12-05 01:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-03 14:51 --------- d-----w C:\Program Files\Google
2007-12-03 14:50 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-03 14:50 --------- d-----w C:\Program Files\AIM6
2007-12-03 06:38 --------- d-----w C:\Program Files\SealedMedia
2007-12-03 06:36 --------- d-----w C:\Program Files\Lexmark Toolbar
2007-12-03 06:36 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2007-12-03 06:35 --------- d-----w C:\Program Files\Lexmark 2500 Series
2007-12-03 06:34 --------- d-----w C:\Program Files\iTunes
2007-11-29 17:15 --------- d-----w C:\Program Files\HP Games
2007-11-29 16:43 --------- d-----w C:\Program Files\Cisco Systems
2007-11-25 02:19 --------- d-----w C:\Documents and Settings\Itzel Alejandre\Application Data\PlayFirst
2007-11-22 01:47 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-22 01:36 --------- d-----w C:\Program Files\GemMaster
2007-11-18 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2007-11-04 04:33 --------- d-----w C:\Documents and Settings\Itzel Alejandre\Application Data\iWin
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-23 14:31 --------- d-----w C:\Program Files\Viewpoint
2007-10-23 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-18 23:54 --------- d-----w C:\Program Files\iPod
2007-10-16 17:26 --------- d-----w C:\Program Files\Common Files\AOL
2007-10-16 16:50 --------- d-----w C:\Program Files\Alwil Software
2007-10-16 16:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-16 16:39 --------- d-----w C:\Documents and Settings\Itzel Alejandre\Application Data\AOL
2007-10-16 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-16 16:19 --------- d-----w C:\Program Files\AOL Pictures
2007-10-16 16:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-16 16:16 --------- d-----w C:\Documents and Settings\Fidias Alejandre\Application Data\AOL
2007-10-16 16:08 --------- d-----w C:\Documents and Settings\Itzel Alejandre\Application Data\muvee Technologies
2007-10-16 15:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2006-12-06 18:42 251 ----a-w C:\Program Files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 18:04]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 22:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-09-29 14:22]
"SpeedItUpEX"="C:\Program Files\Speeditup Free\SpeedItUp.exe" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 23:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-15 22:00 C:\WINDOWS\system32\rundll32.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 05:29 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 23:22]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 23:55]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 18:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 18:30]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 13:33]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 12:23]
"sealmon"="C:\Program Files\SealedMedia\sealmon.exe" [2006-12-19 14:27]
"ProfileWatcher"="C:\Program Files\ProfileWatcher\profilewatcher.exe" []
"LXCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2005-09-08 12:45]
"LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 16:05]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-02-12 17:58]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-02-05 17:32]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-12 18:00]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 18:18]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-17 19:48]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-05 05:51]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 10:20]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-11 17:25]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-11 17:26]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 18:04]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-11-29 10:43:18]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-05 05:41:19]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 10:39:30]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-04 19:07:59]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{d66c22b6-2217-4d1a-9a90-1a54de1fc706}"= C:\WINDOWS\system32\zcwlnic.dll [2007-11-29 10:51 12800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"= {5ccdd7cd-15cf-41d3-84e2-43ca0b8cfdbe} - e404d.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe -service
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys
S1 bdftdif;bdftdif;\??\C:\Program Files\Common Files\Softwin\BitDefender Firewall\bdftdif.sys
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
S3 GameConsoleService;GameConsoleService;"C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe"
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"
S3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys
S3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\system32\PavTPK.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-02 09:10:50 C:\WINDOWS\Tasks\MacroVirus Scheduled Scan.job"
- C:\Program Files\MacroVirus\MacroVirus.ex
- C:\Program Files\MacroVirus
"2007-12-06 15:15:30 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-02 09:10:50 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 09:13:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????_????????@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-06 9:20:23 - machine was rebooted
.
--- E O F ---

Here is the HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:34 AM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\SealedMedia\sealmon.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Reso...s.10.6.0.6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphotoclub.com/upload/...loadClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O21 - SSODL: E404Helper - {5ccdd7cd-15cf-41d3-84e2-43ca0b8cfdbe} - e404d.dll (file missing)
O22 - SharedTaskScheduler: edgers - {d66c22b6-2217-4d1a-9a90-1a54de1fc706} - C:\WINDOWS\system32\zcwlnic.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14421 bytes

Let me know if there is anything else I can do.
Thank you for your help!
CompNovice726 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-06-2007, 08:57 AM   #4 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,175
OS: 2000 Pro; XP Pro; XP Home


Re: Continuous "security alert" messages, leads to website virprotect.com. Remove ple
Round 2....stick with me till I give the all clear.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:
http://www.techsupportforum.com/security-center/hijackthis-log-help/199340-continuous-security-alert-messages-leads-website-virprotect-com-remove-please.html

File::
C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job

Folder::
C:\Program Files\Video Add-on


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"start"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d66c22b6-2217-4d1a-9a90-1a54de1fc706}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"=-

Collect::
C:\WINDOWS\system32\zcwlnic.dll
C:\WINDOWS\system32\e404d.dll
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-06-2007, 09:32 AM   #5 (permalink)
Registered User
 
CompNovice726's Avatar
 
Join Date: Dec 2007
Location: Houston, TX
Posts: 10
OS: widows xp service pack2


Re: Continuous "security alert" messages, leads to website virprotect.com. Remove ple
The file was succesfully submitted.
Here is the ComboFix log:
ComboFix 07-12-02.6 - Itzel Alejandre 2007-12-06 10:09:47.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.393 [GMT -6:00]
Running from: C:\Documents and Settings\Itzel Alejandre\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Itzel Alejandre\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Video Add-on
C:\Program Files\Video Add-on\isfmm.exe
C:\Program Files\Video Add-on\ot.ico
C:\Program Files\Video Add-on\ts.ico
C:\Program Files\Video Add-on\uninst.exe
C:\WINDOWS\system32\e404d.dll
C:\WINDOWS\system32\zcwlnic.dll
C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job

.
((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.

2007-12-06 10:14 . 2007-12-06 10:14 268 --ah----- C:\sqmdata01.sqm
2007-12-06 10:14 . 2007-12-06 10:14 244 --ah----- C:\sqmnoopt01.sqm
2007-12-06 09:31 . 2007-12-06 09:31 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-05 10:43 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-12-04 20:01 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-12-04 20:01 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-12-04 20:01 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-12-04 20:01 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-12-04 20:01 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-12-04 20:01 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-12-04 20:01 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2007-12-04 20:01 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-12-04 20:01 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-12-04 19:10 . 2004-08-03 23:10 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-12-04 19:10 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-12-04 19:08 . 2007-05-11 18:31 22,560 -ra------ C:\WINDOWS\system32\drivers\lvuvcflt.sys
2007-12-04 19:07 . 2007-12-04 19:07 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-12-04 19:04 . 2007-12-04 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-04 19:03 . 2007-12-04 19:07 <DIR> d-------- C:\Program Files\Logitech
2007-12-04 19:03 . 2007-12-04 19:09 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2007-12-04 19:02 . 2007-12-04 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2007-12-04 15:26 . 2007-12-04 15:26 244 --ah----- C:\sqmnoopt00.sqm
2007-12-04 15:26 . 2007-12-04 15:26 232 --ah----- C:\sqmdata00.sqm
2007-12-02 23:41 . 2007-12-02 23:41 <DIR> d-------- C:\Deckard
2007-12-02 23:19 . 2007-12-02 23:19 <DIR> d-------- C:\ie-spyad_zo
2007-12-02 23:13 . 2007-12-02 23:15 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-02 17:40 . 2007-12-02 17:40 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-02 17:40 . 2007-12-02 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-02 17:39 . 2007-12-02 17:39 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-02 17:08 . 2007-12-02 17:26 <DIR> d-------- C:\Program Files\XoftSpySE
2007-12-02 01:04 . 2007-12-02 01:04 <DIR> d-------- C:\ca999b5b7c9a80bff7b611
2007-12-02 00:43 . 2007-12-03 00:38 <DIR> d-------- C:\Program Files\Windows Defender
2007-12-01 23:52 . 2007-12-01 23:52 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-12-01 22:43 . 2007-12-01 22:43 <DIR> d-------- C:\Documents and Settings\Itzel Alejandre\Application Data\SpywareBot
2007-12-01 21:53 . 2007-12-01 21:55 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-11-29 10:43 . 2007-11-29 10:43 <DIR> d-------- C:\Program Files\Common Files\Deterministic Networks
2007-11-29 10:43 . 2005-08-12 17:35 305,739 --a------ C:\WINDOWS\system32\drivers\CVPNDRVA.sys
2007-11-29 10:43 . 2005-08-12 17:38 181,176 --a------ C:\WINDOWS\system32\vpnapi.dll
2007-11-29 10:43 . 2005-05-17 04:51 5,315 --a------ C:\WINDOWS\system32\drivers\CVirtA.sys
2007-11-21 19:50 . 2007-11-21 19:50 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2007-11-21 19:50 . 2007-11-21 19:50 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2007-11-21 19:31 . 2007-11-21 19:49 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-11-21 14:46 . 2007-11-21 14:46 <DIR> d-------- C:\Program Files\HOTLLAMA Media
2007-11-21 09:29 . 2007-11-21 09:29 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-20 13:03 . 2007-12-04 19:50 <DIR> d-------- C:\Documents and Settings\Itzel Alejandre\Contacts
2007-11-19 16:51 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-19 16:51 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-19 16:51 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-18 11:13 . 2007-11-21 19:42 <DIR> d-------- C:\Program Files\Three Rings Design
2007-11-17 21:24 . 2007-11-17 21:37 <DIR> d-------- C:\Documents and Settings\Itzel Alejandre\Application Data\yoclient
2007-11-17 19:12 . 2007-12-04 15:28 <DIR> d-------- C:\Program Files\Windows Live
2007-11-17 19:12 . 2007-11-20 13:00 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-17 19:12 . 2007-12-04 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-17 18:42 . 2007-11-17 18:42 <DIR> d-------- C:\Program Files\MyWebSearchWB
2007-11-17 18:41 . 2007-12-02 18:55 <DIR> d-------- C:\Program Files\AWS
2007-11-06 20:07 . 2007-11-06 20:07 <DIR> d-------- C:\Program Files\WISCO Computing
2007-11-06 20:07 . 2004-02-03 02:06 61,440 --a------ C:\WINDOWS\UnDeploy.exe
2007-11-06 20:00 . 2007-11-06 20:00 <DIR> d-------- C:\WINDOWS\Speeditup Free
2007-11-06 20:00 . 2007-11-21 19:42 <DIR> d-------- C:\Program Files\Speeditup Free

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-06 16:07 --------- d-----w C:\Program Files\Lx_cats
2007-12-05 17:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-05 04:16 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2007-12-05 01:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-03 14:51 --------- d-----w C:\Program Files\Google
2007-12-03 14:50 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-12-03 14:50 --------- d-----w C:\Program Files\AIM6
2007-12-03 06:38 --------- d-----w C:\Program Files\SealedMedia
2007-12-03 06:36 --------- d-----w C:\Program Files\Lexmark Toolbar
2007-12-03 06:36 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2007-12-03 06:35 --------- d-----w C:\Program Files\Lexmark 2500 Series
2007-12-03 06:34 --------- d-----w C:\Program Files\iTunes
2007-11-29 17:15 --------- d-----w C:\Program Files\HP Games
2007-11-29 16:43 --------- d-----w C:\Program Files\Cisco Systems
2007-11-25 02:19 --------- d-----w C:\Documents and Settings\Itzel Alejandre\Application Data\PlayFirst
2007-11-22 01:47 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-22 01:36 --------- d-----w C:\Program Files\GemMaster
2007-11-18 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\WildTangent
2007-11-04 04:33 --------- d-----w C:\Documents and Settings\Itzel Alejandre\Application Data\iWin
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-23 14:31 --------- d-----w C:\Program Files\Viewpoint
2007-10-23 14:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-18 23:54 --------- d-----w C:\Program Files\iPod
2007-10-16 17:26 --------- d-----w C:\Program Files\Common Files\AOL
2007-10-16 16:50 --------- d-----w C:\Program Files\Alwil Software
2007-10-16 16:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-16 16:39 --------- d-----w C:\Documents and Settings\Itzel Alejandre\Application Data\AOL
2007-10-16 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-16 16:19 --------- d-----w C:\Program Files\AOL Pictures
2007-10-16 16:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2007-10-16 16:16 --------- d-----w C:\Documents and Settings\Fidias Alejandre\Application Data\AOL
2007-10-16 16:08 --------- d-----w C:\Documents and Settings\Itzel Alejandre\Application Data\muvee Technologies
2007-10-16 15:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2006-12-06 18:42 251 ----a-w C:\Program Files\wt3d.ini
.

((((((((((((((((((((((((((((( snapshot@2007-12-06_ 9.18.20.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-06 16:16:04 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_1a0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 18:04]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 22:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-09-29 14:22]
"SpeedItUpEX"="C:\Program Files\Speeditup Free\SpeedItUp.exe" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 23:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"NvCplDaemon"="RUNDLL32.exe" [2006-03-15 22:00 C:\WINDOWS\system32\rundll32.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 05:29 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 23:22]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-11 23:55]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 18:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 18:30]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 13:33]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 12:23]
"sealmon"="C:\Program Files\SealedMedia\sealmon.exe" [2006-12-19 14:27]
"ProfileWatcher"="C:\Program Files\ProfileWatcher\profilewatcher.exe" []
"LXCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2005-09-08 12:45]
"LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 16:05]
"lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-02-12 17:58]
"lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-02-05 17:32]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-12 18:00]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 18:18]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-17 19:48]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-05 05:51]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 10:20]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-11 17:25]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-11 17:26]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 18:04]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-11-29 10:43:18]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-09-05 05:41:19]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 10:39:30]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-04 19:07:59]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe -service
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys
S1 bdftdif;bdftdif;\??\C:\Program Files\Common Files\Softwin\BitDefender Firewall\bdftdif.sys
S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys
S3 GameConsoleService;GameConsoleService;"C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe"
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"
S3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys
S3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\system32\PavTPK.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-02 09:10:50 C:\WINDOWS\Tasks\MacroVirus Scheduled Scan.job"
- C:\Program Files\MacroVirus\MacroVirus.ex
- C:\Program Files\MacroVirus
"2007-12-06 16:19:08 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 10:16:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???x_????????@???????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-06 10:23:57 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-06 09:20
.
--- E O F ---
Here is the second HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:28 AM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\SealedMedia\sealmon.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe
O4 - HKLM\..\Run: [ProfileWatcher] C:\Program Files\ProfileWatcher\profilewatcher.exe
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Reso...s.10.6.0.6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphotoclub.com/upload/...loadClient.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14239 bytes

What's Next?
CompNovice726 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-06-2007, 09:50 AM   #6 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,175
OS: 2000 Pro; XP Pro; XP Home


Re: Continuous "security alert" messages, leads to website virprotect.com. Remove ple
Thanks for submitting the file. You may delete [4]-Submit_2007-12-06@10.09.zip from your desktop. Also delete the CF-Submit.htm file.

That's looking much better.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs):

Viewpoint Manager<<<this is considered foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". Read this article: http://www.clickz.com/news/article.php/3561546

Additional info: http://vil.nai.com/vil/content/v_137262.htm

---------------------------------------------------------------------------------------------

Please run this online scan to help look for remnants.

First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one.

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------


Also let me know how your system is behaving.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2007, 08:02 PM   #7 (permalink)
Registered User
 
CompNovice726's Avatar
 
Join Date: Dec 2007
Location: Houston, TX
Posts: 10
OS: widows xp service pack2


Re: Continuous "security alert" messages, leads to website virprotect.com. Remove ple
Kaspersky online scanner log:

Friday, December 07, 2007 1:45:01 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/12/2007
Kaspersky Anti-Virus database records: 475278
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 116396
Number of viruses found 27
Number of infected objects 63
Number of suspicious objects 0
Duration of the scan process 02:01:28

Infected Object Name Virus Name Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\ITZELA~1\LOCALS~1\Temp\3342960_1308_1308_116.19169.tmp Infected: Trojan.Win32.Agent.dai skipped
C:\Deckard\System Scanner\backup\DOCUME~1\ITZELA~1\LOCALS~1\Temp\em5028\newb Infected: not-a-virus:AdWare.Win32.180Solutions.bl skipped
C:\Deckard\System Scanner\backup\DOCUME~1\ITZELA~1\LOCALS~1\Temp\sai112.tmp/stream/data0001 Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped
C:\Deckard\System Scanner\backup\DOCUME~1\ITZELA~1\LOCALS~1\Temp\sai112.tmp/stream Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped
C:\Deckard\System Scanner\backup\DOCUME~1\ITZELA~1\LOCALS~1\Temp\sai112.tmp NSIS: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12022007-004322.log Object is locked skipped
C:\Documents and Settings\All Users\Documents\SealedMedia\Data\sealmon.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\SealedMedia\Data\sealnl.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\SealedMedia\Data\sealnl.db.0 Object is locked skipped
C:\Documents and Settings\All Users\Documents\SealedMedia\Data\sealnl.db.1 Object is locked skipped
C:\Documents and Settings\All Users\Documents\SealedMedia\Data\sealnl.db.2 Object is locked skipped
C:\Documents and Settings\All Users\Documents\SealedMedia\Data\sealnl.db.3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\SealedMedia\Data\sealnl.idx Object is locked skipped
C:\Documents and Settings\All Users\Documents\SealedMedia\Data\sealnl.key Object is locked skipped
C:\Documents and Settings\All Users\Documents\SealedMedia\Data\sealnl.log Object is locked skipped
C:\Documents and Settings\All Users\Documents\SealedMedia\offline.txt Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Application Data\MySpace\IM\Logs\MySpaceIM-20071207-092859.log Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\dbdam Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\dbdao Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\dbeam Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\dbeao Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\dbm Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\fii.cf1 Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\hp Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Google\Google Desktop\4ba44638809a\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{E20B6250-E3CA-411F-832B-6861B176AF29} Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Temp\~DF5463.tmp Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Temp\~DF8DD.tmp Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Temp\~DFC565.tmp Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Local Settings\Temp\~DFE646.tmp Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Itzel Alejandre\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\ff49f94181e10cabc09ce2dbada56455\update\update.exe Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Itzel Alejandre\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Itzel Alejandre\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Itzel Alejandre\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Itzel Alejandre\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Itzel Alejandre\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Itzel Alejandre\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Itzel Alejandre\Data\L0000001.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Itzel Alejandre\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Itzel Alejandre\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Itzel Alejandre\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Itzel Alejandre\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Itzel Alejandre\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Itzel Alejandre\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Itzel Alejandre\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Itzel Alejandre\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Itzel Alejandre\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Itzel Alejandre\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Itzel Alejandre\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Itzel Alejandre\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Itzel Alejandre\Data\storydb.idx Object is locked skipped
C:\qoobox\Quarantine\C\Program Files\Video Add-on\isfmm.exe.vir Infected: Trojan-Downloader.Win32.Zlob.ewc skipped
C:\RECYCLER\S-1-5-21-1516890165-612926899-601624176-1005\Dc1.zip/e404d.dll Infected: Trojan.Win32.Agent.dai skipped
C:\RECYCLER\S-1-5-21-1516890165-612926899-601624176-1005\Dc1.zip/zcwlnic.dll Infected: Trojan-Downloader.Win32.Bojo.x skipped
C:\RECYCLER\S-1-5-21-1516890165-612926899-601624176-1005\Dc1.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058578.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058579.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058580.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058581.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058583.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058584.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058585.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058586.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058587.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058588.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058589.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058590.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058591.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058592.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058593.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058594.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058595.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058597.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058598.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058600.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058602.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058603.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058604.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058606.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058607.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058608.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP155\A0058609.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP157\A0058707.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP157\A0058708.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP157\A0058709.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP161\A0058850.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP164\A0060102.exe Infected: not-a-virus:AdTool.Win32.Zango.d skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP164\A0060107.dll Infected: not-a-virus:AdWare.Win32.HotBar.ch skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP164\A0060112.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP164\A0060112.exe/stream Infected: not-a-virus:AdWare.Win32.180Solutions.bj skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP164\A0060112.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP164\A0060118.dll Infected: not-a-virus:AdWare.Win32.180Solutions.bl skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP164\A0060134.dll Infected: Trojan-Downloader.Win32.Zlob.ewb skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP164\A0060135.exe Infected: Trojan-Downloader.Win32.Zlob.ewc skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP165\A0060195.dll Infected: Trojan-Downloader.Win32.Zlob.ewb skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP165\A0060201.exe Infected: Trojan-Downloader.Win32.Zlob.ewc skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP168\A0060372.dll Infected: Trojan-Downloader.Win32.Zlob.ewb skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP168\A0060373.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP168\A0060373.exe/WISE0017.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP168\A0060373.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP168\A0060373.exe WiseSFX: infected - 3 skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP168\A0060373.exe WiseSFXDropper: infected - 3 skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP170\A0061352.exe Infected: not-a-virus:AdTool.Win32.Zango.d skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP170\A0061353.exe Infected: not-a-virus:AdTool.Win32.Zango.d skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP170\A0061355.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP170\A0061355.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP170\A0061355.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP178\A0063367.exe Infected: Trojan-Downloader.Win32.Zlob.ewc skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP179\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{5D93D627-DDB3-45D3-A477-692F42B9D12B}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_238.dat Object is locked skipped
C:\WINDOWS\temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
It said the computer had viruses and other threats, what can I do?
CompNovice726 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2007, 08:14 PM   #8 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,175
OS: 2000 Pro; XP Pro; XP Home


Re: Continuous "security alert" messages, leads to website virprotect.com. Remove ple
That's not as bad as it might seem. Many of those finds are in System Restore points, safe for now, and we'll remove them later.

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.


Go to Start>Run then copy and paste, or type the following, then press Enter:

regsvr32 /u occache.dll

Click OK on the message which pops up.

Delete these files//folders if present:


C:\WINDOWS\Downloaded Program Files\popcaploader.dll

Go to Start>Run then copy and paste, or type the following, then press Enter:

regsvr32 occache.dll

Click OK on the message which pops up.

---------------------------------------------------------------------------------------------

Let me know how your system is behaving, and I'll know better how to proceed.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2007, 08:30 PM   #9 (permalink)
Registered User
 
CompNovice726's Avatar
 
Join Date: Dec 2007
Location: Houston, TX
Posts: 10
OS: widows xp service pack2


Re: Continuous "security alert" messages, leads to website virprotect.com. Remove ple
From about a step before I noticed that the annoying messages i began the thread about were gone as well as the flasing icon on the taskbar, as far as the way that my laptop has been acting is actually pretty good, but like I mentioned before it is fairly new and have not had any other problem before this. About the viruses, should I be worried? Right now I am using avast! antivirus, is this good enough or should I try something else. About the pop ups and malware, what can i do or what programs can I use to prevent this from happening again?
Thank you so much for all of your help and if there is anything else I need to do just let me know!
CompNovice726 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2007, 08:46 PM   #10 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,175
OS: 2000 Pro; XP Pro; XP Home


Re: Continuous "security alert" messages, leads to website virprotect.com. Remove ple
If you mean the viruses Kaspersky found, we'll address them shortly.

Avast is pretty good, I've been liking Avira better recently.


If you're interested:

Avira PersonalEdition Classic

Here is a tutorial on it's setup and use:

http://www.techsupportforum.com/cont...ticles/64.html

Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Part of prevention begins at the keyboard...our colleague, Miekiemoes, has put together this information:

http://users.telenet.be/bluepatchy/m...revention.html

Your logs appear clean.You should be good to go. We still have a few items to address. The following steps will address the remaining Kaspersky finds.

Go to -> Run -> copy/paste in the following single line command & click OK

combofix /u



This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and use the following free programs:
  • Microsoft Windows Update - http://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • SpywareGuard to catch and block spyware before it can execute.
  • SPYBOT - SEARCH & DESTROY
    Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here

    IE-SpyAd - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. An installation tutorial is available here.

  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
    • Download Host.zip to your desktop.
    • From your Desktop right-click (hosts.zip) and select:
      Extract All from the menu.
    • Click Next, click Next, select the option:
      "Show Extracted files", click Finish
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
    • Once updated you should see another prompt that the task was completed.
  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

    Do not install more than one AntiVirus program because they will conflict with each other.

  • FIREWALL
    If you do not have a firewall, here are a couple of great free ones available for personal use. Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. A tutorial on Firewalls and a listing of some available ones can be found here

    Do not install more than one firewall program because they will conflict with each other.

Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer

Here are some additional utilities that will further enhance your safety.
  • http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

  • http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. While Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

  • http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.

  • http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.

    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2007, 08:59 PM   #11 (permalink)
Registered User
 
CompNovice726's Avatar
 
Join Date: Dec 2007
Location: Houston, TX
Posts: 10
OS: widows xp service pack2


Re: Continuous "security alert" messages, leads to website virprotect.com. Remove ple
Thanks I will go through your final instructions with more time tomorrow morning and will install what I believe to be useful. Thank you so much for your time and hopefully I won't have to come back for help but if I do hopefully it won't be too bad. Thanks again, so much.
CompNovice726 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2007, 09:04 PM   #12 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,175
OS: 2000 Pro; XP Pro; XP Home


Re: Continuous "security alert" messages, leads to website virprotect.com. Remove ple
You're quite welcome. Surf Safely!
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 07:08 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85