Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page [SOLVED] "windows secuirty alret" popup
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 2 of 2 1 2
 
LinkBack Thread Tools
Old 10-09-2008, 04:15 PM   #21 (permalink)
Registered User
 
Join Date: Apr 2008
Posts: 30
OS: windows xp


Re: "windows secuirty alret" popup
File jilapmhc.exe received on 10.10.2008 00:12:08 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2008.10.10.0 2008.10.09 -
AntiVir 7.8.1.34 2008.10.09 TR/Obfuscated.GX.2150
Authentium 5.1.0.4 2008.10.09 -
Avast 4.8.1248.0 2008.10.09 Win32:PureMorph
AVG 8.0.0.161 2008.10.09 Generic11.ARNH
BitDefender 7.2 2008.10.09 -
CAT-QuickHeal 9.50 2008.10.08 Win32.Trojan.Obfuscated.gx.3
ClamAV 0.93.1 2008.10.09 -
DrWeb 4.44.0.09170 2008.10.09 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6139 2008.10.09 -
Ewido 4.0 2008.10.09 -
F-Prot 4.4.4.56 2008.10.09 -
F-Secure 8.0.14332.0 2008.10.09 Trojan.Win32.Obfuscated.gx
Fortinet 3.113.0.0 2008.10.09 W32/PolySmall.BP!tr
GData 19 2008.10.10 Win32:PureMorph
Ikarus T3.1.1.34.0 2008.10.09 Trojan.Win32.Obfuscated.gx
K7AntiVirus 7.10.489 2008.10.09 -
Kaspersky 7.0.0.125 2008.10.09 Trojan.Win32.Obfuscated.gx
McAfee 5402 2008.10.09 FakeAlert-BD
Microsoft 1.4005 2008.10.09 Trojan:Win32/Busky.EI
NOD32 3509 2008.10.10 a variant of Win32/TrojanDownloader.FakeAlert.IQ
Norman 5.80.02 2008.10.09 W32/Busky.DJJE
Panda 9.0.0.4 2008.10.09 Adware/Lop
PCTools 4.4.2.0 2008.10.09 -
Prevx1 V2 2008.10.10 Cloaked Malware
Rising 20.65.32.00 2008.10.09 -
SecureWeb-Gateway 6.7.6 2008.10.09 Trojan.Obfuscated.GX.2150
Sophos 4.34.0 2008.10.09 Mal/Generic-A
Sunbelt 3.1.1708.1 2008.10.09 Trojan.Win32.Obfuscated.gx
Symantec 10 2008.10.09 -
TheHacker 6.3.1.0.104 2008.10.09 -
TrendMicro 8.700.0.1004 2008.10.09 -
VBA32 3.12.8.6 2008.10.09 Trojan.Win32.Obfuscated.gx
ViRobot 2008.10.9.1414 2008.10.09 -
VirusBuster 4.5.11.0 2008.10.09 -
Additional information
File size: 94208 bytes
MD5...: 6dc9e125540c1f9a0c94e95d22da3966
SHA1..: c2b479306e8afb346edfe11562d0a0c19cb07e42
SHA256: a1971b8d541c4c91d9d1800ecedce0f015731b5b0f7757dd950766cb1b56e47c
SHA512: 227e11ad1de3ce50b5460b66b6c3ccb645347c12cc2fb5d3c6c6ce182e31864b<br>507bcd24d844e2c55666d3d5195f6b04f1613397f1d71c701942f37e063d3b53
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x403c4e<br>timedatestamp.....: 0x48e8909a (Sun Oct 05 10:02:02 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.iopyu 0x1000 0x139d2 0x14000 6.86 ce301c1159b1d8e7c94ff35640f528cb<br>.dvvxn 0x15000 0x25e 0x1000 1.14 15a7823aa42effba74a031402fb4eccd<br>.cpjk 0x16000 0x5a00 0x1000 0.56 8670dbc9c3a9b3d71303dd7edb4b4ecc<br><br>( 1 imports ) <br>&gt; KERNEL32.dll: GetLastError, GetLogicalDrives, ResumeThread, ReadProcessMemory, SetLastError, ResetEvent, GetCurrentProcessId, SetFilePointer, DeleteFileW, GetFileAttributesW, VirtualFree, LoadLibraryA, GetFileAttributesExW, MultiByteToWideChar, GlobalFree, GlobalAlloc, GetProcAddress, GlobalLock, InterlockedDecrement, GetCurrentThreadId, GetLocalTime<br><br>( 0 exports ) <br>
Prevx info: http://info.prevx.com/aboutprogramte...4E3F005180250F

Antivirus;Version;Last Update;Result
AhnLab-V3;2008.10.10.0;2008.10.09;-
AntiVir;7.8.1.34;2008.10.09;TR/Obfuscated.GX.2150
Authentium;5.1.0.4;2008.10.09;-
Avast;4.8.1248.0;2008.10.09;Win32:PureMorph
AVG;8.0.0.161;2008.10.09;Generic11.ARNH
BitDefender;7.2;2008.10.09;-
CAT-QuickHeal;9.50;2008.10.08;Win32.Trojan.Obfuscated.gx.3
ClamAV;0.93.1;2008.10.09;-
DrWeb;4.44.0.09170;2008.10.09;-
eSafe;7.0.17.0;2008.10.08;-
eTrust-Vet;31.6.6139;2008.10.09;-
Ewido;4.0;2008.10.09;-
F-Prot;4.4.4.56;2008.10.09;-
F-Secure;8.0.14332.0;2008.10.09;Trojan.Win32.Obfuscated.gx
Fortinet;3.113.0.0;2008.10.09;W32/PolySmall.BP!tr
GData;19;2008.10.10;Win32:PureMorph
Ikarus;T3.1.1.34.0;2008.10.09;Trojan.Win32.Obfuscated.gx
K7AntiVirus;7.10.489;2008.10.09;-
Kaspersky;7.0.0.125;2008.10.09;Trojan.Win32.Obfuscated.gx
McAfee;5402;2008.10.09;FakeAlert-BD
Microsoft;1.4005;2008.10.09;Trojan:Win32/Busky.EI
NOD32;3509;2008.10.10;a variant of Win32/TrojanDownloader.FakeAlert.IQ
Norman;5.80.02;2008.10.09;W32/Busky.DJJE
Panda;9.0.0.4;2008.10.09;Adware/Lop
PCTools;4.4.2.0;2008.10.09;-
Prevx1;V2;2008.10.10;Cloaked Malware
Rising;20.65.32.00;2008.10.09;-
SecureWeb-Gateway;6.7.6;2008.10.09;Trojan.Obfuscated.GX.2150
Sophos;4.34.0;2008.10.09;Mal/Generic-A
Sunbelt;3.1.1708.1;2008.10.09;Trojan.Win32.Obfuscated.gx
Symantec;10;2008.10.09;-
TheHacker;6.3.1.0.104;2008.10.09;-
TrendMicro;8.700.0.1004;2008.10.09;-
VBA32;3.12.8.6;2008.10.09;Trojan.Win32.Obfuscated.gx
ViRobot;2008.10.9.1414;2008.10.09;-
VirusBuster;4.5.11.0;2008.10.09;-

Additional information
File size: 94208 bytes
MD5...: 6dc9e125540c1f9a0c94e95d22da3966
SHA1..: c2b479306e8afb346edfe11562d0a0c19cb07e42
SHA256: a1971b8d541c4c91d9d1800ecedce0f015731b5b0f7757dd950766cb1b56e47c
SHA512: 227e11ad1de3ce50b5460b66b6c3ccb645347c12cc2fb5d3c6c6ce182e31864b<br>507bcd24d844e2c55666d3d5195f6b04f1613397f1d71c701942f37e063d3b53
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x403c4e<br>timedatestamp.....: 0x48e8909a (Sun Oct 05 10:02:02 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.iopyu 0x1000 0x139d2 0x14000 6.86 ce301c1159b1d8e7c94ff35640f528cb<br>.dvvxn 0x15000 0x25e 0x1000 1.14 15a7823aa42effba74a031402fb4eccd<br>.cpjk 0x16000 0x5a00 0x1000 0.56 8670dbc9c3a9b3d71303dd7edb4b4ecc<br><br>( 1 imports ) <br>&gt; KERNEL32.dll: GetLastError, GetLogicalDrives, ResumeThread, ReadProcessMemory, SetLastError, ResetEvent, GetCurrentProcessId, SetFilePointer, DeleteFileW, GetFileAttributesW, VirtualFree, LoadLibraryA, GetFileAttributesExW, MultiByteToWideChar, GlobalFree, GlobalAlloc, GetProcAddress, GlobalLock, InterlockedDecrement, GetCurrentThreadId, GetLocalTime<br><br>( 0 exports ) <br>
Prevx info: http://info.prevx.com/aboutprogramte...4E3F005180250F
simzlol is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 10-09-2008, 04:30 PM   #22 (permalink)
Registered User
 
Join Date: Apr 2008
Posts: 30
OS: windows xp


Re: "windows secuirty alret" popup
File FL20081005.box received on 10.10.2008 00:16:25 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2008.10.10.0 2008.10.09 -
AntiVir 7.8.1.34 2008.10.09 -
Authentium 5.1.0.4 2008.10.09 -
Avast 4.8.1248.0 2008.10.09 -
AVG 8.0.0.161 2008.10.09 -
BitDefender 7.2 2008.10.09 -
CAT-QuickHeal 9.50 2008.10.08 -
ClamAV 0.93.1 2008.10.09 -
DrWeb 4.44.0.09170 2008.10.09 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6137 2008.10.09 -
Ewido 4.0 2008.10.09 -
F-Prot 4.4.4.56 2008.10.09 -
Fortinet 3.113.0.0 2008.10.09 -
GData 19 2008.10.10 -
Ikarus T3.1.1.34.0 2008.10.09 -
K7AntiVirus 7.10.489 2008.10.09 -
Kaspersky 7.0.0.125 2008.10.09 -
McAfee 5402 2008.10.09 -
Microsoft 1.4005 2008.10.10 -
NOD32 3509 2008.10.10 -
Panda 9.0.0.4 2008.10.09 -
PCTools 4.4.2.0 2008.10.09 -
Prevx1 V2 2008.10.10 -
Rising 20.65.32.00 2008.10.09 -
SecureWeb-Gateway 6.7.6 2008.10.09 -
Sophos 4.34.0 2008.10.09 -
Sunbelt 3.1.1708.1 2008.10.09 -
Symantec 10 2008.10.09 -
TheHacker 6.3.1.0.104 2008.10.09 -
TrendMicro 8.700.0.1004 2008.10.09 -
VBA32 3.12.8.6 2008.10.09 -
ViRobot 2008.10.9.1414 2008.10.09 -
VirusBuster 4.5.11.0 2008.10.09 -
Additional information
File size: 160 bytes
MD5...: cc0c4f64d6de52d281255f3a59183ab6
SHA1..: c695e82cca94380a5fe5bac35b20b381b37c82dc
SHA256: b6cf81eb2f35c4389f1f71089237f2edf4266a17ab50355c8eb4f4c23c3259c0
SHA512: 570148d8accd01dfd353e054fd2de7af40455f6642e9d64fd4d7dd6be4e5826f<br>0449860b4f8799eeb124ceaa8d16d36d63d04e0de6810bc35467ffa07d65556f
PEiD..: -
TrID..: File type identification<br>Unknown!
PEInfo: -

Antivirus;Version;Last Update;Result
AhnLab-V3;2008.10.10.0;2008.10.09;-
AntiVir;7.8.1.34;2008.10.09;-
Authentium;5.1.0.4;2008.10.09;-
Avast;4.8.1248.0;2008.10.09;-
AVG;8.0.0.161;2008.10.09;-
BitDefender;7.2;2008.10.09;-
CAT-QuickHeal;9.50;2008.10.08;-
ClamAV;0.93.1;2008.10.09;-
DrWeb;4.44.0.09170;2008.10.09;-
eSafe;7.0.17.0;2008.10.08;-
eTrust-Vet;31.6.6137;2008.10.09;-
Ewido;4.0;2008.10.09;-
F-Prot;4.4.4.56;2008.10.09;-
Fortinet;3.113.0.0;2008.10.09;-
GData;19;2008.10.10;-
Ikarus;T3.1.1.34.0;2008.10.09;-
K7AntiVirus;7.10.489;2008.10.09;-
Kaspersky;7.0.0.125;2008.10.09;-
McAfee;5402;2008.10.09;-
Microsoft;1.4005;2008.10.10;-
NOD32;3509;2008.10.10;-
Panda;9.0.0.4;2008.10.09;-
PCTools;4.4.2.0;2008.10.09;-
Prevx1;V2;2008.10.10;-
Rising;20.65.32.00;2008.10.09;-
SecureWeb-Gateway;6.7.6;2008.10.09;-
Sophos;4.34.0;2008.10.09;-
Sunbelt;3.1.1708.1;2008.10.09;-
Symantec;10;2008.10.09;-
TheHacker;6.3.1.0.104;2008.10.09;-
TrendMicro;8.700.0.1004;2008.10.09;-
VBA32;3.12.8.6;2008.10.09;-
ViRobot;2008.10.9.1414;2008.10.09;-
VirusBuster;4.5.11.0;2008.10.09;-

Additional information
File size: 160 bytes
MD5...: cc0c4f64d6de52d281255f3a59183ab6
SHA1..: c695e82cca94380a5fe5bac35b20b381b37c82dc
SHA256: b6cf81eb2f35c4389f1f71089237f2edf4266a17ab50355c8eb4f4c23c3259c0
SHA512: 570148d8accd01dfd353e054fd2de7af40455f6642e9d64fd4d7dd6be4e5826f<br>0449860b4f8799eeb124ceaa8d16d36d63d04e0de6810bc35467ffa07d65556f
PEiD..: -
TrID..: File type identification<br>Unknown!
PEInfo: -
simzlol is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-09-2008, 04:31 PM   #23 (permalink)
Registered User
 
Join Date: Apr 2008
Posts: 30
OS: windows xp


Re: "windows secuirty alret" popup
File twlijozq.exe received on 10.10.2008 00:30:56 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2008.10.10.0 2008.10.09 -
AntiVir 7.8.1.34 2008.10.09 TR/Obfuscated.GX.2150
Authentium 5.1.0.4 2008.10.09 -
Avast 4.8.1248.0 2008.10.09 Win32:PureMorph
AVG 8.0.0.161 2008.10.09 Generic11.ARNH
BitDefender 7.2 2008.10.09 -
CAT-QuickHeal 9.50 2008.10.08 Win32.Trojan.Obfuscated.gx.3
ClamAV 0.93.1 2008.10.09 -
DrWeb 4.44.0.09170 2008.10.10 -
eSafe 7.0.17.0 2008.10.08 -
eTrust-Vet 31.6.6139 2008.10.09 -
Ewido 4.0 2008.10.09 -
F-Prot 4.4.4.56 2008.10.09 -
F-Secure 8.0.14332.0 2008.10.09 Trojan.Win32.Obfuscated.gx
Fortinet 3.113.0.0 2008.10.09 W32/PolySmall.BP!tr
GData 19 2008.10.10 Win32:PureMorph
Ikarus T3.1.1.34.0 2008.10.09 Trojan.Win32.Obfuscated.gx
K7AntiVirus 7.10.489 2008.10.09 -
Kaspersky 7.0.0.125 2008.10.09 Trojan.Win32.Obfuscated.gx
McAfee 5402 2008.10.09 FakeAlert-BD
Microsoft 1.4005 2008.10.10 Trojan:Win32/Busky.EI
NOD32 3509 2008.10.10 a variant of Win32/TrojanDownloader.FakeAlert.IQ
Norman 5.80.02 2008.10.09 W32/Busky.DJJE
Panda 9.0.0.4 2008.10.09 Adware/Lop
PCTools 4.4.2.0 2008.10.09 -
Prevx1 V2 2008.10.10 Cloaked Malware
Rising 20.65.32.00 2008.10.09 -
SecureWeb-Gateway 6.7.6 2008.10.09 Trojan.Obfuscated.GX.2150
Sophos 4.34.0 2008.10.09 Mal/Generic-A
Sunbelt 3.1.1708.1 2008.10.09 Trojan.Win32.Obfuscated.gx
Symantec 10 2008.10.09 -
TheHacker 6.3.1.0.104 2008.10.09 -
TrendMicro 8.700.0.1004 2008.10.09 -
VBA32 3.12.8.6 2008.10.09 Trojan.Win32.Obfuscated.gx
ViRobot 2008.10.9.1414 2008.10.09 -
VirusBuster 4.5.11.0 2008.10.09 -
Additional information
File size: 94208 bytes
MD5...: 6dc9e125540c1f9a0c94e95d22da3966
SHA1..: c2b479306e8afb346edfe11562d0a0c19cb07e42
SHA256: a1971b8d541c4c91d9d1800ecedce0f015731b5b0f7757dd950766cb1b56e47c
SHA512: 227e11ad1de3ce50b5460b66b6c3ccb645347c12cc2fb5d3c6c6ce182e31864b<br>507bcd24d844e2c55666d3d5195f6b04f1613397f1d71c701942f37e063d3b53
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x403c4e<br>timedatestamp.....: 0x48e8909a (Sun Oct 05 10:02:02 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.iopyu 0x1000 0x139d2 0x14000 6.86 ce301c1159b1d8e7c94ff35640f528cb<br>.dvvxn 0x15000 0x25e 0x1000 1.14 15a7823aa42effba74a031402fb4eccd<br>.cpjk 0x16000 0x5a00 0x1000 0.56 8670dbc9c3a9b3d71303dd7edb4b4ecc<br><br>( 1 imports ) <br>&gt; KERNEL32.dll: GetLastError, GetLogicalDrives, ResumeThread, ReadProcessMemory, SetLastError, ResetEvent, GetCurrentProcessId, SetFilePointer, DeleteFileW, GetFileAttributesW, VirtualFree, LoadLibraryA, GetFileAttributesExW, MultiByteToWideChar, GlobalFree, GlobalAlloc, GetProcAddress, GlobalLock, InterlockedDecrement, GetCurrentThreadId, GetLocalTime<br><br>( 0 exports ) <br>
Prevx info: http://info.prevx.com/aboutprogramte...4E3F005180250F

Antivirus;Version;Last Update;Result
AhnLab-V3;2008.10.10.0;2008.10.09;-
AntiVir;7.8.1.34;2008.10.09;TR/Obfuscated.GX.2150
Authentium;5.1.0.4;2008.10.09;-
Avast;4.8.1248.0;2008.10.09;Win32:PureMorph
AVG;8.0.0.161;2008.10.09;Generic11.ARNH
BitDefender;7.2;2008.10.09;-
CAT-QuickHeal;9.50;2008.10.08;Win32.Trojan.Obfuscated.gx.3
ClamAV;0.93.1;2008.10.09;-
DrWeb;4.44.0.09170;2008.10.10;-
eSafe;7.0.17.0;2008.10.08;-
eTrust-Vet;31.6.6139;2008.10.09;-
Ewido;4.0;2008.10.09;-
F-Prot;4.4.4.56;2008.10.09;-
F-Secure;8.0.14332.0;2008.10.09;Trojan.Win32.Obfuscated.gx
Fortinet;3.113.0.0;2008.10.09;W32/PolySmall.BP!tr
GData;19;2008.10.10;Win32:PureMorph
Ikarus;T3.1.1.34.0;2008.10.09;Trojan.Win32.Obfuscated.gx
K7AntiVirus;7.10.489;2008.10.09;-
Kaspersky;7.0.0.125;2008.10.09;Trojan.Win32.Obfuscated.gx
McAfee;5402;2008.10.09;FakeAlert-BD
Microsoft;1.4005;2008.10.10;Trojan:Win32/Busky.EI
NOD32;3509;2008.10.10;a variant of Win32/TrojanDownloader.FakeAlert.IQ
Norman;5.80.02;2008.10.09;W32/Busky.DJJE
Panda;9.0.0.4;2008.10.09;Adware/Lop
PCTools;4.4.2.0;2008.10.09;-
Prevx1;V2;2008.10.10;Cloaked Malware
Rising;20.65.32.00;2008.10.09;-
SecureWeb-Gateway;6.7.6;2008.10.09;Trojan.Obfuscated.GX.2150
Sophos;4.34.0;2008.10.09;Mal/Generic-A
Sunbelt;3.1.1708.1;2008.10.09;Trojan.Win32.Obfuscated.gx
Symantec;10;2008.10.09;-
TheHacker;6.3.1.0.104;2008.10.09;-
TrendMicro;8.700.0.1004;2008.10.09;-
VBA32;3.12.8.6;2008.10.09;Trojan.Win32.Obfuscated.gx
ViRobot;2008.10.9.1414;2008.10.09;-
VirusBuster;4.5.11.0;2008.10.09;-

Additional information
File size: 94208 bytes
MD5...: 6dc9e125540c1f9a0c94e95d22da3966
SHA1..: c2b479306e8afb346edfe11562d0a0c19cb07e42
SHA256: a1971b8d541c4c91d9d1800ecedce0f015731b5b0f7757dd950766cb1b56e47c
SHA512: 227e11ad1de3ce50b5460b66b6c3ccb645347c12cc2fb5d3c6c6ce182e31864b<br>507bcd24d844e2c55666d3d5195f6b04f1613397f1d71c701942f37e063d3b53
PEiD..: -
TrID..: File type identification<br>Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x403c4e<br>timedatestamp.....: 0x48e8909a (Sun Oct 05 10:02:02 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.iopyu 0x1000 0x139d2 0x14000 6.86 ce301c1159b1d8e7c94ff35640f528cb<br>.dvvxn 0x15000 0x25e 0x1000 1.14 15a7823aa42effba74a031402fb4eccd<br>.cpjk 0x16000 0x5a00 0x1000 0.56 8670dbc9c3a9b3d71303dd7edb4b4ecc<br><br>( 1 imports ) <br>&gt; KERNEL32.dll: GetLastError, GetLogicalDrives, ResumeThread, ReadProcessMemory, SetLastError, ResetEvent, GetCurrentProcessId, SetFilePointer, DeleteFileW, GetFileAttributesW, VirtualFree, LoadLibraryA, GetFileAttributesExW, MultiByteToWideChar, GlobalFree, GlobalAlloc, GetProcAddress, GlobalLock, InterlockedDecrement, GetCurrentThreadId, GetLocalTime<br><br>( 0 exports ) <br>
Prevx info: http://info.prevx.com/aboutprogramte...4E3F005180250F
simzlol is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-09-2008, 05:29 PM   #24 (permalink)
Registered User
 
Join Date: Apr 2008
Posts: 30
OS: windows xp


Re: "windows secuirty alret" popup
ComboFix 08-10-08.05 - Sims 2008-10-09 15:38:57.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.203 [GMT -7:00]Running from: C:\Documents and Settings\Sims\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sims\Desktop\CFScript.txt

FILE ::
C:\Documents and Settings\Sims\Microsoft_Office_2003_Generic_Crack.zip
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\dmpizwla
C:\Documents and Settings\Sims\Microsoft_Office_2003_Generic_Crack.zip
C:\Program Files\uqbjlwd
C:\WINDOWS\SYSTEM32\jilapmhc.exe
C:\WINDOWS\SYSTEM32\twlijozq.exe
C:\WINDOWS\SYSTEM32\wini104552502.exe

.
((((((((((((((((((((((((( Files Created from 2008-09-09 to 2008-10-09 )))))))))))))))))))))))))))))))
.

2008-10-08 14:46 . 2008-10-08 14:46 <DIR> d-------- C:\rsit
2008-10-07 14:28 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\SYSTEM32\drivers\mbamswissarmy.sys
2008-10-07 14:28 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\SYSTEM32\drivers\mbam.sys
2008-10-05 18:10 . 2008-10-05 18:10 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-10-05 17:42 . 2008-10-05 17:45 160 --a------ C:\WINDOWS\FL20081005.box
2008-10-05 13:43 . 2008-04-13 11:45 26,112 --a------ C:\WINDOWS\SYSTEM32\drivers\usbser.sys
2008-10-05 13:43 . 2008-04-13 11:45 26,112 --a--c--- C:\WINDOWS\SYSTEM32\dllcache\usbser.sys
2008-10-04 08:23 . 2008-10-04 09:28 320 --a------ C:\WINDOWS\FL20081004.box
2008-09-16 16:30 . 2008-09-16 16:30 0 --ah----- C:\WINDOWS\SYSTEM32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2008-09-16 16:30 . 2008-09-16 16:30 0 --ah----- C:\WINDOWS\SYSTEM32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2008-09-16 16:26 . 2008-09-16 16:26 0 --ah----- C:\WINDOWS\SYSTEM32\drivers\MsftWdf_user_01_07_00.Wdf
2008-09-16 16:11 . 2008-05-02 06:25 465,920 --------- C:\WINDOWS\SYSTEM32\imapi2fs.dll
2008-09-16 16:11 . 2008-05-02 06:25 465,920 -----c--- C:\WINDOWS\SYSTEM32\dllcache\imapi2fs.dll
2008-09-16 16:11 . 2008-05-02 06:25 317,952 --------- C:\WINDOWS\SYSTEM32\imapi2.dll
2008-09-16 16:11 . 2008-05-02 06:25 317,952 -----c--- C:\WINDOWS\SYSTEM32\dllcache\imapi2.dll
2008-09-16 16:11 . 2008-05-02 03:49 62,976 -----c--- C:\WINDOWS\SYSTEM32\dllcache\cdrom.sys
2008-09-14 17:24 . 2008-09-14 20:52 160 --a------ C:\WINDOWS\FL20080914.box
2008-09-13 20:23 . 2008-09-13 20:25 320 --a------ C:\WINDOWS\FL20080913.box
2008-09-12 18:48 . 2008-09-12 18:48 245,664 --a------ C:\WINDOWS\SYSTEM32\ZuneWlanCfgSvc.exe
2008-09-12 18:46 . 2008-09-12 18:46 61,856 --a------ C:\WINDOWS\SYSTEM32\ZuneBusEnum.exe
2008-09-12 18:32 . 2008-09-12 18:32 310,272 --a------ C:\WINDOWS\SYSTEM32\ZuneNetProxy.dll
2008-09-12 18:32 . 2008-09-12 18:32 57,344 --a------ C:\WINDOWS\SYSTEM32\ZuneRegUtil.dll
2008-09-12 18:32 . 2008-09-12 18:32 18,944 --a------ C:\WINDOWS\SYSTEM32\ZuneTcp2Udp.dll
2008-09-12 18:32 . 2008-09-12 18:32 12,800 --a------ C:\WINDOWS\SYSTEM32\ZunePTDNS.dll
2008-09-10 08:03 . 2008-09-10 12:09 800 --a------ C:\WINDOWS\FL20080910.box

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 21:55 --------- d-----w C:\Program Files\Steam
2008-10-07 21:28 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-06 09:34 --------- d-----w C:\Documents and Settings\Sims\Application Data\AVG7
2008-10-05 20:47 --------- d-----w C:\Program Files\Opera
2008-10-05 20:46 --------- d--h--w C:\Documents and Settings\Sims\Application Data\Move Networks
2008-10-05 20:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-05 20:41 --------- d-----w C:\Program Files\Java
2008-10-05 20:40 --------- d-----w C:\Program Files\Free WMA to MP3 Converter
2008-10-05 20:40 --------- d-----w C:\Program Files\Any Video Converter
2008-10-05 20:39 --------- d-----w C:\Documents and Settings\Sims\Application Data\Any Video Converter
2008-09-16 23:19 --------- d-----w C:\Program Files\Zune
2008-09-13 01:32 73,216 ----a-w C:\WINDOWS\SYSTEM32\ZuneUsbTransport.dll
2008-09-13 01:32 40,832 ----a-w C:\WINDOWS\system32\drivers\zumbus.sys
2008-09-13 01:32 145,920 ----a-w C:\WINDOWS\SYSTEM32\ZuneMTPZ.dll
2008-09-06 10:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-09-06 08:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-27 23:19 581,192 ----a-w C:\WINDOWS\SYSTEM32\WinUSBCoInstaller.dll
2008-08-27 23:19 1,302,600 ----a-w C:\WINDOWS\SYSTEM32\WUDFUpdate_01007.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-16 19:16 43 -c--a-w C:\Documents and Settings\Sims\RUNME.bat
2006-12-23 22:30 25,600 -c--a-w C:\Documents and Settings\Sims\usbsermptxp.sys
2006-12-23 22:30 22,768 -c--a-w C:\Documents and Settings\Sims\usbsermpt.sys
2004-10-15 04:56 35 -c--a-w C:\Documents and Settings\Joseph\Application Data\tvmcwrd.dll
2003-08-12 22:02 19,456 -csha-w C:\Program Files\Thumbs.db
2004-11-16 02:59 56 --sh--r C:\WINDOWS\SYSTEM32\2288F381F7.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Sims\RUNME.bat -- Not a PE file.
MD5: 50e50b21c2ca8b57ac81ee35b8175050


((((((((((((((((((((((((((((( snapshot_2008-10-08_21.08.51.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-06-11 20:34:34 2,115,816 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll
- 2007-06-11 20:34:40 190,696 -c--a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
- 2007-09-05 04:50:14 45,218 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
+ 2008-10-09 05:47:07 70,264 ----a-w C:\WINDOWS\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="C:\Documents and Settings\Sims\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-11 133104]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-09-12 160160]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 C:\WINDOWS\SYSTEM32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-08 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\Bluetooth\Bluetooth Software\BTTray.exe [2004-10-01 565309]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hanvon Shell.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hanvon Shell.lnk
backup=C:\WINDOWS\pss\Hanvon Shell.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=C:\WINDOWS\pss\Personal Coach.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sims^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Sims\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
--a------ 2001-12-17 11:18 483394 C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\checktime]
-ra--c--- 2001-08-13 20:23 45056 c:\Program Files\HPSelect\frontend\ct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 17:12 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2001-08-08 00:36 90112 C:\WINDOWS\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hp Silent Service]
--a------ 2001-11-29 20:49 32768 C:\WINDOWS\SYSTEM32\HpSrvUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--------- 1998-05-07 17:04 52736 c:\WINDOWS\SYSTEM\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2001-08-08 01:25 143360 C:\WINDOWS\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
--a------ 2002-08-19 09:12 98304 C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\ipmon32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--------- 2001-07-06 21:56 61440 C:\hp\KBD\KBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
--------- 2001-10-12 00:20 143360 C:\Program Files\mcafee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
--------- 2001-10-12 00:20 122880 C:\Program Files\mcafee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 13:22 7700480 C:\WINDOWS\SYSTEM32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 13:22 86016 C:\WINDOWS\SYSTEM32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2001-07-03 21:13 81920 C:\WINDOWS\SYSTEM32\ps2.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--------- 2001-06-15 23:34 212992 C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-08 14:55 1410296 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker]
--a------ 2004-01-12 20:40 69632 C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\CalCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
--------- 2001-10-12 18:41 135168 C:\Program Files\mcafee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 13:22 1622016 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PackethSvc"=2 (0x2)
"MCVSRte"=2 (0x2)
"McShield"=3 (0x3)
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Freeview Pro\\FreeviewPro.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Steam\\steamapps\\rinil\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\rinil\\condition zero\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\rinil\\counter-strike source\\hl2.exe"=
"C:\\WINDOWS\\SYSTEM32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Documents and Settings\\Sims\\Desktop\\utorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4171:UDP"= 4171:UDP:Windows Media Format SDK (firefox.exe)
"4170:UDP"= 4170:UDP:Windows Media Format SDK (firefox.exe)
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 hypen;Hy Pen;C:\WINDOWS\system32\Drivers\hypen.sys [2002-04-26 10548]
R2 HWSuperPowerTablet;HWSuperPowerTablet;C:\WINDOWS\system32\JWPEN.exe [2006-07-27 221184]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-09-12 40832]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-09-12 61856]
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 46944]
S3 trid3d;trid3d;C:\WINDOWS\system32\DRIVERS\trid3dm.sys [2001-12-27 149244]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-09-12 245664]
S4 PackethSvc;Virtual NIC Service;C:\WINDOWS\System32\PackethSvc.exe [2001-08-09 64512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71cdf1b5-fea3-11dc-8528-001060b01ada}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-10-09 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\Sims\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-11 19:39]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
MSConfigStartUp-googletalk - C:\Program Files\Google\Google Talk\googletalk.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 15:45:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-09 15:49:21
ComboFix-quarantined-files.txt 2008-10-09 22:48:42
ComboFix2.txt 2008-10-09 04:10:09
ComboFix3.txt 2008-05-02 22:22:14
ComboFix4.txt 2008-04-25 09:25:49

Pre-Run: 13,595,574,272 bytes free
Post-Run: 13,577,457,664 bytes free

244 --- E O F --- 2008-09-10 06:30:16
simzlol is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-09-2008, 10:27 PM   #25 (permalink)
Registered User
 
Join Date: Apr 2008
Posts: 30
OS: windows xp


Re: "windows secuirty alret" popup
so far its working good :) i havent received one of those fake security pop ups :)

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, October 9, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, October 09, 2008 20:21:30
Records in database: 1301985
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 111118
Threat name: 13
Infected objects: 25
Suspicious objects: 0
Duration of the scan: 03:47:52


File name / Threat name / Threats count
C:\Documents and Settings\Sims\Local Settings\Application Data\Identities\{0B932259-932E-497B-913F-19DC3809A95D}\Microsoft\Outlook Express\Outbox.dbx Infected: Backdoor.Win32.Delf.ki 1
C:\Program Files\Lycos\IEagent\CSIEINST.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.o 1
C:\Program Files\Lycos\IEagent\CSTMINST.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.p 1
C:\Program Files\Lycos\IEagent\CSTVINST.DLL Infected: not-a-virus:AdWare.Win32.ClearSearch.o 1
C:\QooBox\Quarantine\[4]-Submit_2008-10-09@15.38.zip Infected: Trojan.Win32.Obfuscated.gx 2
C:\QooBox\Quarantine\[4]-Submit_2008-10-09@15.38.zip Infected: not-a-virus:Downloader.Win32.Agent.bs 1
C:\QooBox.rar Infected: Trojan-Downloader.Win32.VB.dht 1
C:\QooBox.rar Infected: Trojan.Win32.Monder.gen 2
C:\QooBox.rar Infected: not-a-virus:AdWare.Win32.Virtumonde.mxj 1
C:\VundoFix Backups\bderg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ek 1
C:\VundoFix Backups\bgsaxurr.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at 1
C:\VundoFix Backups\dadobc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ek 1
C:\VundoFix Backups\entpa.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ek 1
C:\VundoFix Backups\ewbnifo.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ek 1
C:\VundoFix Backups\fygdfloi.exe.bad Infected: not-a-virus:AdWare.Win32.Agent.at 1
C:\VundoFix Backups\ilbolg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ek 1
C:\VundoFix Backups\mxlewb.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ek 1
C:\VundoFix Backups\ofntbk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ek 1
C:\VundoFix Backups\yriesjrl.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ar 1
C:\WINDOWS\ounist.exe Infected: not-a-virus:AdWare.Win32.Webdir.a 1
C:\WINDOWS\ounist.exe Infected: Trojan-Downloader.Win32.IstBar.er 1
C:\WINDOWS\SYSTEM32\rhxjeaka.exe Infected: not-a-virus:AdWare.Win32.Agent.at 1
C:\WINDOWS\SYSTEM32\vdskwmfa.exe Infected: not-a-virus:AdWare.Win32.Agent.at 1

The selected area was scanned.
simzlol is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-10-2008, 02:42 AM   #26 (permalink)
Analyst, Security Team
 
Katana's Avatar
 
Join Date: Nov 2007
Location: Manchester, UK
Posts: 1,358
OS: W2K SP4 + XP SP2 + Vista


Re: "windows secuirty alret" popup
The Kaspersky log shows an infected E-Mail in your Outlook outbox, I recommend that you delete all sent mail and empty the deleted folder.


Do you know anything about C:\Documents and Settings\Sims\RUNME.bat ?


OTMoveIt
Please download OTMoveIt3 by OldTimer and save it to your desktop
  • Double-click OTMoveIt3.exe to run it.
  • Copy the lines in the codebox below.
Code:
:Files
C:\Program Files\Lycos\IEagent\CSIEINST.DLL
C:\Program Files\Lycos\IEagent\CSTMINST.DLL
C:\Program Files\Lycos\IEagent\CSTVINST.DLL
C:\VundoFix Backups
C:\WINDOWS\ounist.exe
C:\WINDOWS\SYSTEM32\rhxjeaka.exe
C:\WINDOWS\SYSTEM32\vdskwmfa.exe
  • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Please post a final HJT log in your reply along wit the OTMI Log
__________________
Katana is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-10-2008, 07:42 PM   #27 (permalink)
Registered User
 
Join Date: Apr 2008
Posts: 30
OS: windows xp


Re: "windows secuirty alret" popup
mmm i dont use outlook email, so could you tell me how to delete the inbox?
and i dont know anything about C:\Documents and Settings\Sims\RUNME.bat.

========== FILES ==========
DllUnregisterServer procedure not found in C:\Program Files\Lycos\IEagent\CSIEINST.DLL
C:\Program Files\Lycos\IEagent\CSIEINST.DLL NOT unregistered.
C:\Program Files\Lycos\IEagent\CSIEINST.DLL moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\Lycos\IEagent\CSTMINST.DLL
C:\Program Files\Lycos\IEagent\CSTMINST.DLL NOT unregistered.
C:\Program Files\Lycos\IEagent\CSTMINST.DLL moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\Lycos\IEagent\CSTVINST.DLL
C:\Program Files\Lycos\IEagent\CSTVINST.DLL NOT unregistered.
C:\Program Files\Lycos\IEagent\CSTVINST.DLL moved successfully.
C:\VundoFix Backups moved successfully.
C:\WINDOWS\ounist.exe moved successfully.
C:\WINDOWS\SYSTEM32\rhxjeaka.exe moved successfully.
C:\WINDOWS\SYSTEM32\vdskwmfa.exe moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.4.2 log created on 10102008_183855
simzlol is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-10-2008, 07:44 PM   #28 (permalink)
Registered User
 
Join Date: Apr 2008
Posts: 30
OS: windows xp


Re: "windows secuirty alret" popup
:)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:44:15 PM, on 10/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\JWPEN.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wanmpsvc.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Sims\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Bluetooth\Bluetooth Software\BTTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Steam\Steam.exe
c:\program files\steam\steamapps\rinil\counter-strike\hl.exe
C:\Program Files\Steam\GameOverlayUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sims\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - https://www.mercurypay.com/MPS_CustP...pType=PrintCab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
O23 - Service: HWSuperPowerTablet - HanWang - C:\WINDOWS\system32\JWPEN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7194 bytes
simzlol is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-11-2008, 05:22 AM   #29 (permalink)
Analyst, Security Team
 
Katana's Avatar
 
Join Date: Nov 2007
Location: Manchester, UK
Posts: 1,358
OS: W2K SP4 + XP SP2 + Vista


Re: "windows secuirty alret" popup
Quote:
Originally Posted by simzlol View Post
mmm i dont use outlook email,
Does anyone with access to the machine use Outlook ?
If not, we can delete the entire file

Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it look.bat Please save it on your desktop.

Quote:
@echo off
start notepad C:\Documents and Settings\Sims\RUNME.bat
del /q %0
exit
Double click on look.bat


Notepad will open, please copy/paste the results here.
__________________
Katana is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-11-2008, 12:07 PM   #30 (permalink)
Registered User
 
Join Date: Apr 2008
Posts: 30
OS: windows xp


Re: "windows secuirty alret" popup
Quote:
Originally Posted by Katana View Post
Does anyone with access to the machine use Outlook ?
If not, we can delete the entire file
okay, no one uses outlook here so we can delete the entire file. :)

and the look.bat says
install.exe
patch.exe
keygen.exe
crack.exe
simzlol is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-11-2008, 01:04 PM   #31 (permalink)
Analyst, Security Team
 
Katana's Avatar
 
Join Date: Nov 2007
Location: Manchester, UK
Posts: 1,358
OS: W2K SP4 + XP SP2 + Vista


Re: "windows secuirty alret" popup
This should be the last run
Please can you post a fresh HJT log as well

OTMoveIt
  • Double-click OTMoveIt3.exe to run it.
  • Copy the lines in the codebox below.
Code:
:Files
C:\Documents and Settings\Sims\RUNME.bat
C:\Documents and Settings\Sims\Local Settings\Application Data\Identities\{0B932259-932E-497B-913F-19DC3809A95D}\Microsoft\Outlook Express\Outbox.dbx
  • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
__________________
Katana is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-11-2008, 07:28 PM   #32 (permalink)
Registered User
 
Join Date: Apr 2008
Posts: 30
OS: windows xp


Re: "windows secuirty alret" popup
========== FILES ==========
C:\Documents and Settings\Sims\RUNME.bat moved successfully.
C:\Documents and Settings\Sims\Local Settings\Application Data\Identities\{0B932259-932E-497B-913F-19DC3809A95D}\Microsoft\Outlook Express\Outbox.dbx moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.4.2 log created on 10112008_182650


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:28:46 PM, on 10/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\JWPEN.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\wanmpsvc.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Sims\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Bluetooth\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcyds...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sims\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - https://www.mercurypay.com/MPS_CustP...pType=PrintCab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Bluetooth\Bluetooth Software\bin\btwdins.exe
O23 - Service: HWSuperPowerTablet - HanWang - C:\WINDOWS\system32\JWPEN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7156 bytes


everything looks good?
simzlol is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-12-2008, 04:31 AM   #33 (permalink)
Analyst, Security Team
 
Katana's Avatar
 
Join Date: Nov 2007
Location: Manchester, UK
Posts: 1,358
OS: W2K SP4 + XP SP2 + Vista


Re: "windows secuirty alret" popup
Congratulations your logs look clean

Let's see if I can help you keep it that way

First lets tidy up ....

  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
You can also delete any logs we have produced, and empty your Recycle bin.


Open OTMoveIt Click Cleanup,
it will now connect to the internet and get a list of files to delete.
When a box pops up click YES.




The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/par...avwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware
  • AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner

Prevention
  • These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 4.0
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers
  • Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
  • Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
__________________
Last edited by Katana; 10-12-2008 at 04:32 AM.
Katana is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-12-2008, 03:49 PM   #34 (permalink)
Registered User
 
Join Date: Apr 2008
Posts: 30
OS: windows xp


Re: "windows secuirty alret" popup
thanks so much, just one more question, when i use ATF cleaner, it gives me a list of files to delete. should i select all or what?
simzlol is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-12-2008, 04:05 PM   #35 (permalink)
Analyst, Security Team
 
Katana's Avatar
 
Join Date: Nov 2007
Location: Manchester, UK
Posts: 1,358
OS: W2K SP4 + XP SP2 + Vista


Re: "windows secuirty alret" popup
Quote:
Originally Posted by simzlol View Post
when i use ATF cleaner, it gives me a list of files to delete. should i select all or what?
It depends on what options you selected, if you want to delete everything then yes.
The only things that you may want to keep are cookies for sites that need a password for Login.
If you know any passwords for sites that you visit then you are perfectly safe.
__________________
Katana is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-13-2008, 12:02 AM   #36 (permalink)
Registered User
 
Join Date: Apr 2008
Posts: 30
OS: windows xp


Re: "windows secuirty alret" popup
ok thanks sooo much! go ahead and archive this!
simzlol is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 2 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 04:56 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85