Inactive Update.exe virus?

Status
Not open for further replies.
J

jandelmaro

Posts: 41   +0
Hi! I am experiencing update.exe all over the place in my task manager and my Avira update does not stop. Thanks in advance! :)


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

5/31/2011 11:44:55 PM
mbam-log-2011-05-31 (23-44-55).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|)
Objects scanned: 176617
Time elapsed: 59 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.



GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-01 12:04:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: r9w570x5.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\fgedyaob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Threads - GMER 1.0.15 ----

Thread System [4:112] BA15F710
Thread System [4:116] BA15F710

---- Processes - GMER 1.0.15 ----

Process C:\Program Files\Avira\AntiVir Desktop\update.exe (*** hidden *** ) 62056

---- EOF - GMER 1.0.15 ----




.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_19
Run by user at 12:10:24 on 2011-06-01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3047.1891 [GMT -7:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Xrykea.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\DOCUME~1\user\LOCALS~1\Temp\Xpd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\user\My Documents\Downloads\r9w570x5.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\user\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyServer = proxy.up.edu.ph:8080
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [YDZ1QVAGOJ] c:\docume~1\user\locals~1\temp\Xpd.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Nokia FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exe
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://c:\program files\plants vs. zombies\images\stg_drm.ocx
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\plants vs. zombies\images\armhelper.ocx
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\z8lace4r.default\
FF - prefs.js: browser.startup.homepage - hxxp://vshare.toolbarhome.com/?hp=df
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
FF - plugin: c:\documents and settings\user\local settings\application data\google\chrome\user data\default\extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.143_0\npsoe.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\user\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-16 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-16 136360]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-16 61960]
R2 DCService.exe;DCService.exe;c:\documents and settings\all users\application data\datacardservice\DCService.exe [2010-5-8 229376]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\sh4ser~1.exe --> c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [?]
R3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-5-24 70656]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-16 269480]
S3 Aspvcn;Aspvcn; [x]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-5-24 117504]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena messenger\room\safedrv.sys --> c:\program files\garena messenger\room\safedrv.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
=============== Created Last 30 ================
.
2011-06-01 18:06:14 -------- d-----w- C:\sh4ldr
2011-06-01 18:06:14 -------- d-----w- c:\program files\Enigma Software Group
2011-06-01 18:05:24 -------- d-----w- c:\windows\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP
2011-06-01 07:20:10 54016 ----a-w- c:\windows\system32\drivers\wwxipy.sys
2011-06-01 05:24:28 151552 ----a-w- c:\windows\Xrykea.exe
2011-05-30 05:59:22 -------- d-----w- c:\program files\MSECache
2011-05-24 16:55:46 -------- d-----w- c:\program files\Sun Broadband Wireless
2011-05-24 16:55:33 -------- d-----w- c:\documents and settings\all users\application data\DatacardService
2011-05-13 03:23:17 -------- d-----w- c:\program files\AMPED
2011-05-12 06:05:23 -------- d-----w- c:\documents and settings\all users\application data\Skype Extras
.
==================== Find3M ====================
.
2011-03-16 20:54:07 73 ----a-w- c:\windows\system32\ssprs.dll
2011-03-16 20:54:07 205 ----a-w- c:\windows\system32\lsprst7.dll
2011-03-16 20:54:07 1025 ----a-w- c:\windows\system32\sysprs7.dll
2011-03-16 20:54:07 1025 ----a-w- c:\windows\system32\clauth2.dll
2011-03-16 20:54:07 1025 ----a-w- c:\windows\system32\clauth1.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600BEVT-22ZCT0 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8ACE3AB8]
3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8AA05030]
\Driver\Disk[0x8ABE9CC8] -> IRP_MJ_CREATE -> 0xBA15E8B0
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user & kernel MBR OK
.
============= FINISH: 12:11:07.03 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/27/2009 9:33:10 PM
System Uptime: 6/1/2011 10:51:48 AM (2 hours ago)
.
Motherboard: Micro-Star International | | MS-1421X
Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz | CPU 1 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 6.998 GiB free.
E: is FIXED (NTFS) - 75 GiB total, 59.419 GiB free.
F: is FIXED (NTFS) - 466 GiB total, 345.291 GiB free.
G: is FIXED (NTFS) - 466 GiB total, 371.939 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMHL-DT-ST_DVDRAM_GSA-T40N________________JH01____\5A4B383134393146303920392020202020202020
Manufacturer: (Standard CD-ROM drives)
Name: HL-DT-ST DVDRAM GSA-T40N
PNP Device ID: IDE\CDROMHL-DT-ST_DVDRAM_GSA-T40N________________JH01____\5A4B383134393146303920392020202020202020
Service: cdrom
.
==== System Restore Points ===================
.
RP607: 4/23/2011 10:11:27 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP608: 3/24/2011 7:25:16 AM - System Checkpoint
RP609: 3/25/2011 3:00:17 AM - Software Distribution Service 3.0
RP610: 3/27/2011 6:15:02 AM - System Checkpoint
RP611: 3/28/2011 9:15:30 AM - System Checkpoint
RP612: 3/29/2011 9:37:15 AM - System Checkpoint
RP613: 3/30/2011 12:52:51 PM - System Checkpoint
RP614: 4/1/2011 12:00:09 AM - System Checkpoint
RP615: 4/2/2011 1:04:14 PM - System Checkpoint
RP616: 4/5/2011 8:51:16 AM - System Checkpoint
RP617: 4/6/2011 11:06:47 PM - System Checkpoint
RP618: 4/8/2011 12:50:52 AM - System Checkpoint
RP619: 4/9/2011 3:03:53 PM - System Checkpoint
RP620: 4/10/2011 4:04:25 PM - System Checkpoint
RP621: 4/11/2011 9:01:32 PM - System Checkpoint
RP622: 4/13/2011 12:23:33 AM - System Checkpoint
RP623: 4/14/2011 1:08:26 AM - System Checkpoint
RP624: 4/15/2011 9:44:47 AM - Software Distribution Service 3.0
RP625: 4/16/2011 10:14:13 PM - System Checkpoint
RP626: 4/18/2011 12:31:34 AM - System Checkpoint
RP627: 4/20/2011 12:33:13 AM - System Checkpoint
RP628: 4/21/2011 12:24:16 PM - System Checkpoint
RP629: 4/23/2011 12:41:41 PM - System Checkpoint
RP630: 4/24/2011 6:25:45 PM - Installed Picture Package
RP631: 4/24/2011 6:27:23 PM - Installed First Step Guide
RP632: 4/24/2011 6:28:25 PM - Installed ImageMixer VCD2
RP633: 4/24/2011 6:32:26 PM - Unsigned driver install
RP634: 4/25/2011 6:46:28 AM - Installed Pro Evolution Soccer 2011.
RP635: 4/25/2011 6:26:05 PM - Removed Pro Evolution Soccer 2011.
RP636: 4/25/2011 6:41:07 PM - Installed Pro Evolution Soccer 2011.
RP637: 4/25/2011 6:42:56 PM - Installed Pro Evolution Soccer 2011.
RP638: 4/25/2011 7:10:29 PM - Installed Pro Evolution Soccer 2011.
RP639: 4/26/2011 2:55:03 PM - Installed DirectX
RP640: 4/27/2011 12:24:42 PM - Software Distribution Service 3.0
RP641: 4/30/2011 12:52:45 AM - System Checkpoint
RP642: 5/1/2011 12:41:34 PM - System Checkpoint
RP643: 5/2/2011 4:35:11 PM - Unsigned driver install
RP644: 5/3/2011 4:41:01 PM - System Checkpoint
RP645: 5/4/2011 5:24:29 PM - System Checkpoint
RP646: 5/5/2011 6:39:32 PM - System Checkpoint
RP647: 5/6/2011 6:49:48 PM - System Checkpoint
RP648: 5/8/2011 12:25:51 AM - System Checkpoint
RP649: 5/9/2011 3:45:07 PM - System Checkpoint
RP650: 5/10/2011 8:48:16 PM - Removed Google SketchUp 8
RP651: 5/10/2011 8:50:55 PM - Removed Picture Package
RP652: 5/11/2011 9:01:30 PM - System Checkpoint
RP653: 5/12/2011 3:00:14 AM - Software Distribution Service 3.0
RP654: 5/12/2011 8:23:17 PM - Installed Shaiya(Philippines)
RP655: 5/14/2011 12:54:35 AM - System Checkpoint
RP656: 5/15/2011 7:23:06 AM - System Checkpoint
RP657: 5/15/2011 8:57:05 AM - Installed Picture Package
RP658: 5/15/2011 8:58:27 AM - Installed First Step Guide
RP659: 5/15/2011 9:01:28 AM - Installed ImageMixer VCD2
RP660: 5/15/2011 9:15:33 AM - Unsigned driver install
RP661: 5/16/2011 12:00:25 PM - System Checkpoint
RP662: 5/18/2011 12:19:43 AM - System Checkpoint
RP663: 5/20/2011 9:37:04 AM - System Checkpoint
RP664: 5/21/2011 12:35:09 PM - System Checkpoint
RP665: 5/21/2011 2:10:00 PM - Removed Shaiya(Philippines)
RP666: 5/22/2011 3:26:12 PM - System Checkpoint
RP667: 5/24/2011 9:56:20 AM - Installed Windows XP Wdf01009.
RP668: 5/25/2011 12:18:47 PM - System Checkpoint
RP669: 5/26/2011 12:22:29 PM - System Checkpoint
RP670: 5/27/2011 10:33:30 PM - System Checkpoint
RP671: 5/29/2011 7:31:28 AM - System Checkpoint
RP672: 5/29/2011 10:59:35 PM - Installed Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
RP673: 5/31/2011 7:55:56 AM - System Checkpoint
RP674: 6/1/2011 11:06:13 AM - Installed SpyHunter
RP675: 6/1/2011 11:38:20 AM - Removed SpyHunter
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Premiere Pro 1.5
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
Agere Systems HDA Modem
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
CCleaner
Celtx (2.7)
Counter-Strike 1.6
ESET Online Scanner v3
First Step Guide
Google Chrome
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImageMixer VCD2
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Intel(R) PRO Network Connections 12.1.12.0
iTunes
Java Auto Updater
Java(TM) 6 Update 19
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.5.10)
MSVC80_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Picture Package
Pro Evolution Soccer 2011
Protector Suite QL 5.6
QuickTime
Realtek High Definition Audio Driver
REALTEK RTL8187SE Wireless LAN Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype™ 5.3
Sony USB Driver
Sun Broadband Wireless
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
The KMPlayer (remove only)
Total Video Converter 3.12 080307
TweetDeck
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Video Edit Magic 4.4
WebFldrs XP
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin
WinRAR archiver
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
6/1/2011 9:37:38 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
5/31/2011 10:47:52 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'loader.tlb' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.
5/31/2011 10:45:34 PM, error: Service Control Manager [7023] - The SSHNAS service terminated with the following error: Invalid access to memory location.
5/31/2011 10:45:34 PM, error: Service Control Manager [7009] - Timeout (120000 milliseconds) waiting for the Seagate Dashboard Service service to connect.
5/31/2011 10:45:34 PM, error: Service Control Manager [7000] - The Seagate Dashboard Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/31/2011 10:33:20 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'L' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.
5/30/2011 8:10:20 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -54524 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.11.3:123->65.55.56.40:123) is working properly.
5/29/2011 9:16:39 PM, error: System Error [1003] - Error code 00000096, parameter1 89ec2d18, parameter2 89ee9238, parameter3 80564820, parameter4 00000000.
5/29/2011 8:37:14 PM, error: Dhcp [1002] - The IP address lease 192.168.11.2 for the Network Card with network address 00218579890C has been denied by the DHCP server 192.168.11.1 (The DHCP Server sent a DHCPNACK message).
5/27/2011 8:10:45 AM, error: Dhcp [1002] - The IP address lease 192.168.11.3 for the Network Card with network address 00218579890C has been denied by the DHCP server 192.168.11.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 
Welcome to TechSpot! I'll help with the malware. First, I'd like you to uninstall the Malwarebytes program you ran. It is way out of date and the database is very old. Once you have done that, download and run the scan again:
malwarebytesgc8.png

Malwarebytes' Anti-Malware
  • Please download Malwarebytes' Anti-Malware from from HERE
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    [o] Update Malwarebytes' Anti-Malware
    [o] and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please attach this log with your reply
    [o] If you accidentally close it, the log file is saved here and will be named like this:
    [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
========================
You can also uninstall HijackThis. That version is also outdated. I will have you run it later with link for current version. Please note: If you have any of the scanning programs I ask you to run already on the system, it should be removed and downloaded from the link I give.
===========================
We need to remove the Worms and Trojans:
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=================================
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

We will go from there after I see these 2 logs.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
399
trparky
T

Latest posts

Back