Submit Your Article Forum Rules FAQ About Us
Search the forums:

Tech Support Team

Join Now!Nav Seperator FAQNav Seperator GalleryNav Seperator TutorialsNav Seperator BlogNav Seperator SearchNav Seperator Today's PostsNav Seperator Mark Forums ReadNav Seperator Navigation Right

Hello and Welcome to Tech Support Team! Before you can start posting and answering questions, you'll have to register. Registration is fast, simple and absolutely free! Feel free to browse through existing questions by choosing the forum you want to visit below.


Tech Support Team » Malware Removal & Security » Malware Removal » There's something on my machine !!

Notices
Before creating a new thread, we ask that you please read our Removal guide first: Malware Removal Guide - Read Before Posting. We also advise you reading this thread before continuing: P2P programs - please remove before posting for help

NOTE: NEVER follow someone elses fix. Just because the symptoms may appear to be the same, it does NOT mean your system has the same malware infection. ALWAYS start a new thread so that a member of our Security Team can take you through the steps of cleaning your computer.

Reply
Thread Tools
 
  #1 (permalink)   Top
Old 23rd September 2009, 06:35 PM
FogLight's Avatar
TST Member
  
Join Date: May 2009, 54 posts.
Reputation: FogLight is on a distinguished road
There's something on my machine !!
There are three 'notable' ( and troubling ) things going on with my machine at the moment -

1) I run McAffee, and twice now over the last 10-days or so, 'something' has disabled the virus checker, so that I get the banner 'Your computer is not protected !' ...

2) When I boot up it takes 'forever' ... when I look at what's going on using Task Manager it shows that McAffee is using 50%-100% of CPU for between 5- and 10- minutes ... my system never used to do this before ...

3) I use Internet Explorer ( I know, I know ... there are 'other alternatives' ), and during my internet sessions there are lots of 'lock ups' and timeouts, where I have to close out Explorer, restart it, and *usually* ( but not always ) then whatever I was trying to do works -- like reading my e-mail ...

One thing I should probably mention is that recently I got a 'spoof' e-mail that looked really 'authentic' and clicked on the embedded button ... I know this is bad, and I really fear this may have installed something on my machine ...

You guys, especially EvilFantasy, really helped me out one other time earlier this year when there was something funky on my machine, and so I return again to the forum with another appeal for an opinion from the experts ...

Here follow the logs ( which seem to me to be entirely benign ) --

************************************************** ************
************************************************** ************

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 09/23/2009 at 04:41 AM

Application Version : 4.29.1002

Core Rules Database Version : 4117
Trace Rules Database Version: 2057

Scan type : Complete Scan
Total Scan Time : 02:29:29

Memory items scanned : 453
Memory threats detected : 0
Registry items scanned : 7003
Registry threats detected : 0
File items scanned : 146909
File threats detected : 28

Adware.Tracking Cookie
D:\Documents and Settings\gLee\Cookies\glee@a1.interclick[1].txt
D:\Documents and Settings\gLee\Cookies\glee@ad.yieldmanager[2].txt
D:\Documents and Settings\gLee\Cookies\glee@ads.bridgetrack[2].txt
D:\Documents and Settings\gLee\Cookies\glee@ads.cnn[1].txt
D:\Documents and Settings\gLee\Cookies\glee@adserver.adreactor[1].txt
D:\Documents and Settings\gLee\Cookies\glee@advertising[1].txt
D:\Documents and Settings\gLee\Cookies\glee@apmebf[1].txt
D:\Documents and Settings\gLee\Cookies\glee@at.atwola[2].txt
D:\Documents and Settings\gLee\Cookies\glee@atdmt[1].txt
D:\Documents and Settings\gLee\Cookies\glee@atwola[1].txt
D:\Documents and Settings\gLee\Cookies\glee@bs.serving-sys[1].txt
D:\Documents and Settings\gLee\Cookies\glee@content.yieldmanager[3].txt
D:\Documents and Settings\gLee\Cookies\glee@doubleclick[1].txt
D:\Documents and Settings\gLee\Cookies\glee@imrworldwide[2].txt
D:\Documents and Settings\gLee\Cookies\glee@interclick[2].txt
D:\Documents and Settings\gLee\Cookies\glee@media6degrees[1].txt
D:\Documents and Settings\gLee\Cookies\glee@mediaplex[1].txt
D:\Documents and Settings\gLee\Cookies\glee@microsoftsto.112.2o7[1].txt
D:\Documents and Settings\gLee\Cookies\glee@msnbc.112.2o7[2].txt
D:\Documents and Settings\gLee\Cookies\glee@questionmarket[1].txt
D:\Documents and Settings\gLee\Cookies\glee@revsci[2].txt
D:\Documents and Settings\gLee\Cookies\glee@serving-sys[2].txt
D:\Documents and Settings\gLee\Cookies\glee@specificclick[2].txt
D:\Documents and Settings\gLee\Cookies\glee@specificmedia[2].txt
D:\Documents and Settings\gLee\Cookies\glee@tacoda[2].txt
D:\Documents and Settings\gLee\Cookies\glee@trafficmp[2].txt
D:\Documents and Settings\gLee\Cookies\glee@yieldmanager[1].txt
D:\Documents and Settings\gLee\Cookies\glee@zedo[2].txt

***********
Malwarebytes' Anti-Malware 1.41
Database version: 2851
Windows 5.1.2600 Service Pack 3

9/23/2009 1:37:32 PM
mbam-log-2009-09-23 (13-37-32).txt

Scan type: Quick Scan
Objects scanned: 111555
Time elapsed: 9 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

***************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:13:48 PM, on 9/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
D:\Program Files\Creative\Shared Files\CTAudSvc.exe
D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
d:\program files\common files\mcafee\mna\mcnasvc.exe
d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
D:\Program Files\Google\Update\GoogleUpdate.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\svchost.exe
d:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
D:\WINDOWS\system32\taskmgr.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Trend Micro\HijackThis\sniper.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?.intl=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Dell OpenManage Overview
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - d:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [OpenDNS Update] "D:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "D:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Download Video on This Page - D:\Program Files\Free Convert MOV AVI to FLV Flash WMV Converter\IEPage.html
O8 - Extra context menu item: Download Video This Links To - D:\Program Files\Free Convert MOV AVI to FLV Flash WMV Converter\IELink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Download Video - {B53C7980-9F20-48BB-8FC3-5A1CC9660C48} - D:\Program Files\Free Convert MOV AVI to FLV Flash WMV Converter\IEPage.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.centershift.com
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolba...lerControl.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F2BFD7F-E51E-4E0E-8687-FF7A80A4DDB9}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - D:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - d:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - D:\Program Files\McAfee\MPF\MPFSrv.exe

--
End of file - 7269 bytes

************************************************** **************
************************************************** **************

Thanks in advance for your help.

Best, Foglight
Reply With Quote
Reply

Only registered members can participate in forum threads. You must register or log in to contribute.


« Previous Thread | Next Thread »
Thread Tools

Forum Jump


All times are GMT. The time now is 11:24 PM.

Contact Us - Tech Support Team - Terms of Service - Top


Member Login
Forgot Password?



Post A Question!
Useful Links
Main Menu
Home
Forum Rules
FAQ
About Us
Welcome Pack
Search the forums
TST Mobile
Contact Us
Send Message

These are the 8 most used thread tags
Tag Cloud
geforce modem monitor no ring response no signal nvidia soft modem win7
Copyright © Tech Support Team, Inc. All rights reserved.
TechSupportTeam.org is an Privacy Policy and Legal Powered by vBulletin® Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 ©2008, Crawlability, Inc.