TechSpot

Update.exe virus?

By jandelmaro
Jun 1, 2011
  1. Hi! I am experiencing update.exe all over the place in my task manager and my Avira update does not stop. Thanks in advance! :)


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    5/31/2011 11:44:55 PM
    mbam-log-2011-05-31 (23-44-55).txt

    Scan type: Full scan (C:\|E:\|F:\|G:\|)
    Objects scanned: 176617
    Time elapsed: 59 minute(s), 5 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.Downloader) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.



    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-01 12:04:43
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD1600BEVT-22ZCT0 rev.11.01A11
    Running: r9w570x5.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\fgedyaob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:112] BA15F710
    Thread System [4:116] BA15F710

    ---- Processes - GMER 1.0.15 ----

    Process C:\Program Files\Avira\AntiVir Desktop\update.exe (*** hidden *** ) 62056

    ---- EOF - GMER 1.0.15 ----




    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_19
    Run by user at 12:10:24 on 2011-06-01
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3047.1891 [GMT -7:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Documents and Settings\All Users\Application Data\DatacardService\DCService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\Xrykea.exe
    C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Avira\AntiVir Desktop\update.exe
    C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    C:\DOCUME~1\user\LOCALS~1\Temp\Xpd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\user\My Documents\Downloads\r9w570x5.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\user\My Documents\Downloads\dds.scr
    C:\WINDOWS\system32\WSCRIPT.exe
    C:\Program Files\Avira\AntiVir Desktop\update.exe
    C:\Program Files\Avira\AntiVir Desktop\update.exe
    C:\Program Files\Avira\AntiVir Desktop\update.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyServer = proxy.up.edu.ph:8080
    mURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [YDZ1QVAGOJ] c:\docume~1\user\locals~1\temp\Xpd.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [Nokia FastStart] "c:\program files\nokia\nokia music\NokiaMusic.exe" /command:faststart
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
    StartupFolder: c:\docume~1\user\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - c:\program files\sony corporation\picture package\picture package menu\SonyTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony corporation\picture package\picture package applications\Residence.exe
    IE: &Search
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://c:\program files\plants vs. zombies\images\stg_drm.ocx
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\plants vs. zombies\images\armhelper.ocx
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: igfxcui - igfxdev.dll
    Notify: psfus - c:\windows\system32\psqlpwd.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Notification Packages = scecli psqlpwd
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\z8lace4r.default\
    FF - prefs.js: browser.startup.homepage - hxxp://vshare.toolbarhome.com/?hp=df
    FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
    FF - plugin: c:\documents and settings\user\local settings\application data\google\chrome\user data\default\extensions\dkfjadjghjpjodfhffafagnkbgbpiphf\1.0.3.143_0\npsoe.dll
    FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\documents and settings\user\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-16 11608]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-16 136360]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-16 61960]
    R2 DCService.exe;DCService.exe;c:\documents and settings\all users\application data\datacardservice\DCService.exe [2010-5-8 229376]
    R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\sh4ser~1.exe --> c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [?]
    R3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-5-24 70656]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
    S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-16 269480]
    S3 Aspvcn;Aspvcn; [x]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-5-24 117504]
    S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena messenger\room\safedrv.sys --> c:\program files\garena messenger\room\safedrv.sys [?]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    .
    =============== Created Last 30 ================
    .
    2011-06-01 18:06:14 -------- d-----w- C:\sh4ldr
    2011-06-01 18:06:14 -------- d-----w- c:\program files\Enigma Software Group
    2011-06-01 18:05:24 -------- d-----w- c:\windows\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP
    2011-06-01 07:20:10 54016 ----a-w- c:\windows\system32\drivers\wwxipy.sys
    2011-06-01 05:24:28 151552 ----a-w- c:\windows\Xrykea.exe
    2011-05-30 05:59:22 -------- d-----w- c:\program files\MSECache
    2011-05-24 16:55:46 -------- d-----w- c:\program files\Sun Broadband Wireless
    2011-05-24 16:55:33 -------- d-----w- c:\documents and settings\all users\application data\DatacardService
    2011-05-13 03:23:17 -------- d-----w- c:\program files\AMPED
    2011-05-12 06:05:23 -------- d-----w- c:\documents and settings\all users\application data\Skype Extras
    .
    ==================== Find3M ====================
    .
    2011-03-16 20:54:07 73 ----a-w- c:\windows\system32\ssprs.dll
    2011-03-16 20:54:07 205 ----a-w- c:\windows\system32\lsprst7.dll
    2011-03-16 20:54:07 1025 ----a-w- c:\windows\system32\sysprs7.dll
    2011-03-16 20:54:07 1025 ----a-w- c:\windows\system32\clauth2.dll
    2011-03-16 20:54:07 1025 ----a-w- c:\windows\system32\clauth1.dll
    2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: WDC_WD1600BEVT-22ZCT0 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8ACE3AB8]
    3 CLASSPNP[0xBA108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8AA05030]
    \Driver\Disk[0x8ABE9CC8] -> IRP_MJ_CREATE -> 0xBA15E8B0
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    user & kernel MBR OK
    .
    ============= FINISH: 12:11:07.03 ===============




    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/27/2009 9:33:10 PM
    System Uptime: 6/1/2011 10:51:48 AM (2 hours ago)
    .
    Motherboard: Micro-Star International | | MS-1421X
    Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz | CPU 1 | 2000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 74 GiB total, 6.998 GiB free.
    E: is FIXED (NTFS) - 75 GiB total, 59.419 GiB free.
    F: is FIXED (NTFS) - 466 GiB total, 345.291 GiB free.
    G: is FIXED (NTFS) - 466 GiB total, 371.939 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
    Description: CD-ROM Drive
    Device ID: IDE\CDROMHL-DT-ST_DVDRAM_GSA-T40N________________JH01____\5A4B383134393146303920392020202020202020
    Manufacturer: (Standard CD-ROM drives)
    Name: HL-DT-ST DVDRAM GSA-T40N
    PNP Device ID: IDE\CDROMHL-DT-ST_DVDRAM_GSA-T40N________________JH01____\5A4B383134393146303920392020202020202020
    Service: cdrom
    .
    ==== System Restore Points ===================
    .
    RP607: 4/23/2011 10:11:27 PM - Installed Microsoft Visual C++ 2005 Redistributable
    RP608: 3/24/2011 7:25:16 AM - System Checkpoint
    RP609: 3/25/2011 3:00:17 AM - Software Distribution Service 3.0
    RP610: 3/27/2011 6:15:02 AM - System Checkpoint
    RP611: 3/28/2011 9:15:30 AM - System Checkpoint
    RP612: 3/29/2011 9:37:15 AM - System Checkpoint
    RP613: 3/30/2011 12:52:51 PM - System Checkpoint
    RP614: 4/1/2011 12:00:09 AM - System Checkpoint
    RP615: 4/2/2011 1:04:14 PM - System Checkpoint
    RP616: 4/5/2011 8:51:16 AM - System Checkpoint
    RP617: 4/6/2011 11:06:47 PM - System Checkpoint
    RP618: 4/8/2011 12:50:52 AM - System Checkpoint
    RP619: 4/9/2011 3:03:53 PM - System Checkpoint
    RP620: 4/10/2011 4:04:25 PM - System Checkpoint
    RP621: 4/11/2011 9:01:32 PM - System Checkpoint
    RP622: 4/13/2011 12:23:33 AM - System Checkpoint
    RP623: 4/14/2011 1:08:26 AM - System Checkpoint
    RP624: 4/15/2011 9:44:47 AM - Software Distribution Service 3.0
    RP625: 4/16/2011 10:14:13 PM - System Checkpoint
    RP626: 4/18/2011 12:31:34 AM - System Checkpoint
    RP627: 4/20/2011 12:33:13 AM - System Checkpoint
    RP628: 4/21/2011 12:24:16 PM - System Checkpoint
    RP629: 4/23/2011 12:41:41 PM - System Checkpoint
    RP630: 4/24/2011 6:25:45 PM - Installed Picture Package
    RP631: 4/24/2011 6:27:23 PM - Installed First Step Guide
    RP632: 4/24/2011 6:28:25 PM - Installed ImageMixer VCD2
    RP633: 4/24/2011 6:32:26 PM - Unsigned driver install
    RP634: 4/25/2011 6:46:28 AM - Installed Pro Evolution Soccer 2011.
    RP635: 4/25/2011 6:26:05 PM - Removed Pro Evolution Soccer 2011.
    RP636: 4/25/2011 6:41:07 PM - Installed Pro Evolution Soccer 2011.
    RP637: 4/25/2011 6:42:56 PM - Installed Pro Evolution Soccer 2011.
    RP638: 4/25/2011 7:10:29 PM - Installed Pro Evolution Soccer 2011.
    RP639: 4/26/2011 2:55:03 PM - Installed DirectX
    RP640: 4/27/2011 12:24:42 PM - Software Distribution Service 3.0
    RP641: 4/30/2011 12:52:45 AM - System Checkpoint
    RP642: 5/1/2011 12:41:34 PM - System Checkpoint
    RP643: 5/2/2011 4:35:11 PM - Unsigned driver install
    RP644: 5/3/2011 4:41:01 PM - System Checkpoint
    RP645: 5/4/2011 5:24:29 PM - System Checkpoint
    RP646: 5/5/2011 6:39:32 PM - System Checkpoint
    RP647: 5/6/2011 6:49:48 PM - System Checkpoint
    RP648: 5/8/2011 12:25:51 AM - System Checkpoint
    RP649: 5/9/2011 3:45:07 PM - System Checkpoint
    RP650: 5/10/2011 8:48:16 PM - Removed Google SketchUp 8
    RP651: 5/10/2011 8:50:55 PM - Removed Picture Package
    RP652: 5/11/2011 9:01:30 PM - System Checkpoint
    RP653: 5/12/2011 3:00:14 AM - Software Distribution Service 3.0
    RP654: 5/12/2011 8:23:17 PM - Installed Shaiya(Philippines)
    RP655: 5/14/2011 12:54:35 AM - System Checkpoint
    RP656: 5/15/2011 7:23:06 AM - System Checkpoint
    RP657: 5/15/2011 8:57:05 AM - Installed Picture Package
    RP658: 5/15/2011 8:58:27 AM - Installed First Step Guide
    RP659: 5/15/2011 9:01:28 AM - Installed ImageMixer VCD2
    RP660: 5/15/2011 9:15:33 AM - Unsigned driver install
    RP661: 5/16/2011 12:00:25 PM - System Checkpoint
    RP662: 5/18/2011 12:19:43 AM - System Checkpoint
    RP663: 5/20/2011 9:37:04 AM - System Checkpoint
    RP664: 5/21/2011 12:35:09 PM - System Checkpoint
    RP665: 5/21/2011 2:10:00 PM - Removed Shaiya(Philippines)
    RP666: 5/22/2011 3:26:12 PM - System Checkpoint
    RP667: 5/24/2011 9:56:20 AM - Installed Windows XP Wdf01009.
    RP668: 5/25/2011 12:18:47 PM - System Checkpoint
    RP669: 5/26/2011 12:22:29 PM - System Checkpoint
    RP670: 5/27/2011 10:33:30 PM - System Checkpoint
    RP671: 5/29/2011 7:31:28 AM - System Checkpoint
    RP672: 5/29/2011 10:59:35 PM - Installed Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    RP673: 5/31/2011 7:55:56 AM - System Checkpoint
    RP674: 6/1/2011 11:06:13 AM - Installed SpyHunter
    RP675: 6/1/2011 11:38:20 AM - Removed SpyHunter
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop CS
    Adobe Premiere Pro 1.5
    Adobe Reader 9.3.2
    Adobe Shockwave Player 11.5
    Agere Systems HDA Modem
    Apple Mobile Device Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    CCleaner
    Celtx (2.7)
    Counter-Strike 1.6
    ESET Online Scanner v3
    First Step Guide
    Google Chrome
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    ImageMixer VCD2
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Interface
    Intel(R) PRO Network Connections 12.1.12.0
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 19
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox (3.5.10)
    MSVC80_x86
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB933579)
    Picture Package
    Pro Evolution Soccer 2011
    Protector Suite QL 5.6
    QuickTime
    Realtek High Definition Audio Driver
    REALTEK RTL8187SE Wireless LAN Driver
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2416400)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2482017)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2497640)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Skype™ 5.3
    Sony USB Driver
    Sun Broadband Wireless
    SUPERAntiSpyware Free Edition
    Synaptics Pointing Device Driver
    The KMPlayer (remove only)
    Total Video Converter 3.12 080307
    TweetDeck
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    Video Edit Magic 4.4
    WebFldrs XP
    Windows Media Format 11 runtime
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/1/2011 9:37:38 AM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    5/31/2011 10:47:52 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'loader.tlb' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.
    5/31/2011 10:45:34 PM, error: Service Control Manager [7023] - The SSHNAS service terminated with the following error: Invalid access to memory location.
    5/31/2011 10:45:34 PM, error: Service Control Manager [7009] - Timeout (120000 milliseconds) waiting for the Seagate Dashboard Service service to connect.
    5/31/2011 10:45:34 PM, error: Service Control Manager [7000] - The Seagate Dashboard Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/31/2011 10:33:20 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'L' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.
    5/30/2011 8:10:20 PM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -54524 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.11.3:123->65.55.56.40:123) is working properly.
    5/29/2011 9:16:39 PM, error: System Error [1003] - Error code 00000096, parameter1 89ec2d18, parameter2 89ee9238, parameter3 80564820, parameter4 00000000.
    5/29/2011 8:37:14 PM, error: Dhcp [1002] - The IP address lease 192.168.11.2 for the Network Card with network address 00218579890C has been denied by the DHCP server 192.168.11.1 (The DHCP Server sent a DHCPNACK message).
    5/27/2011 8:10:45 AM, error: Dhcp [1002] - The IP address lease 192.168.11.3 for the Network Card with network address 00218579890C has been denied by the DHCP server 192.168.11.1 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll help with the malware. First, I'd like you to uninstall the Malwarebytes program you ran. It is way out of date and the database is very old. Once you have done that, download and run the scan again:
    [​IMG]
    Malwarebytes' Anti-Malware
    • Please download Malwarebytes' Anti-Malware from from HERE
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      [o] Update Malwarebytes' Anti-Malware
      [o] and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick scan, then click Scan.
      * When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach this log with your reply
      [o] If you accidentally close it, the log file is saved here and will be named like this:
      [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    ========================
    You can also uninstall HijackThis. That version is also outdated. I will have you run it later with link for current version. Please note: If you have any of the scanning programs I ask you to run already on the system, it should be removed and downloaded from the link I give.
    ===========================
    We need to remove the Worms and Trojans:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =================================
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    We will go from there after I see these 2 logs.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...