Submit Your Article Forum Rules FAQ About Us
Search the forums:

Tech Support Team

Join Now!Nav Seperator FAQNav Seperator GalleryNav Seperator TutorialsNav Seperator BlogNav Seperator SearchNav Seperator Today's PostsNav Seperator Mark Forums ReadNav Seperator Navigation Right

Hello and Welcome to Tech Support Team! Before you can start posting and answering questions, you'll have to register. Registration is fast, simple and absolutely free! Feel free to browse through existing questions by choosing the forum you want to visit below.


Tech Support Team » Malware Removal & Security » Malware Removal » Infected "Windows Security Alert"

Notices
Before creating a new thread, we ask that you please read our Removal guide first: Malware Removal Guide - Read Before Posting. We also advise you reading this thread before continuing: P2P programs - please remove before posting for help

NOTE: NEVER follow someone elses fix. Just because the symptoms may appear to be the same, it does NOT mean your system has the same malware infection. ALWAYS start a new thread so that a member of our Security Team can take you through the steps of cleaning your computer.

Reply
Thread Tools
 
  #1 (permalink)   Top
Old 29th August 2010, 01:34 AM
laz's Avatar
laz laz is offline
Newcomer
  
Join Date: Feb 2008, 47 posts.
Location: Bethpage, NY
Reputation: laz is on a distinguished road
Unhappy Infected "Windows Security Alert"
It seems my laptop has been infected by a virus. A icon shows in the system tray in the lower right correct and a bubble window pops up saying "windows Security Alert". Also a Window in the middle of the screen continues to pop up "Antivirus software alert" with a 4 colored shield symbol and a button asking to activate software.

Please help. I feel so helpless right now.

These are the logs

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/29/2010 at 02:53 AM

Application Version : 4.42.1000

Core Rules Database Version : 5410
Trace Rules Database Version: 3222

Scan type : Complete Scan
Total Scan Time : 02:09:13

Memory items scanned : 547
Memory threats detected : 0
Registry items scanned : 8796
Registry threats detected : 1
File items scanned : 85366
File threats detected : 225

Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY

Adware.Tracking Cookie
C:\Documents and Settings\Laz\Application Data\Earthlink\6.0\debruinandsons@earthlink.net\Co okies\laz@insightexpress[2].txt
interclick.com [ C:\Documents and Settings\lfrancino\Application Data\Macromedia\Flash Player\#SharedObjects\K6JZLF2F ]
macromedia.com [ C:\Documents and Settings\lfrancino\Application Data\Macromedia\Flash Player\#SharedObjects\K6JZLF2F ]
C:\Documents and Settings\lfrancino\Cookies\lfrancino@ad.yieldmanag er[1].txt
C:\Documents and Settings\lfrancino\Cookies\lfrancino@ad.yieldmanag er[3].txt
C:\Documents and Settings\obustos\Cookies\obustos@adopt.specificcli ck[1].txt
C:\Documents and Settings\obustos\Cookies\obustos@ads.as4x.tmcs[1].txt
C:\Documents and Settings\obustos\Cookies\obustos@ads.monster[1].txt
C:\Documents and Settings\obustos\Cookies\obustos@ads.us.e-planning[1].txt
C:\Documents and Settings\obustos\Cookies\obustos@atwola[2].txt
C:\Documents and Settings\obustos\Cookies\obustos@belnk[1].txt
C:\Documents and Settings\obustos\Cookies\obustos@burstnet[1].txt
C:\Documents and Settings\obustos\Cookies\obustos@data2.perf.overtu re[1].txt
C:\Documents and Settings\obustos\Cookies\obustos@data3.perf.overtu re[2].txt
C:\Documents and Settings\obustos\Cookies\obustos@dist.belnk[2].txt
C:\Documents and Settings\obustos\Cookies\obustos@icc.intellisrv[2].txt
C:\Documents and Settings\obustos\Cookies\obustos@kanoodle[1].txt
C:\Documents and Settings\obustos\Cookies\obustos@nextag[1].txt
C:\Documents and Settings\obustos\Cookies\obustos@nextag[2].txt
C:\Documents and Settings\obustos\Cookies\obustos@partner2profit[1].txt
C:\Documents and Settings\obustos\Cookies\obustos@sales.liveperson[1].txt
C:\Documents and Settings\obustos\Cookies\obustos@tracking.citibank[1].txt
C:\Documents and Settings\obustos\Cookies\obustos@www.burstbeacon[1].txt
C:\Documents and Settings\obustos\Cookies\obustos@www.nextag[1].txt
ads1.msn.com [ C:\Documents and Settings\pflobeck\Application Data\Macromedia\Flash Player\#SharedObjects\EG3LZ9KP ]
b.ads1.msn.com [ C:\Documents and Settings\pflobeck\Application Data\Macromedia\Flash Player\#SharedObjects\EG3LZ9KP ]
msnbcmedia.msn.com [ C:\Documents and Settings\pflobeck\Application Data\Macromedia\Flash Player\#SharedObjects\EG3LZ9KP ]
oddcast.com [ C:\Documents and Settings\pflobeck\Application Data\Macromedia\Flash Player\#SharedObjects\EG3LZ9KP ]
C:\Documents and Settings\pflobeck\Cookies\pflobeck@2o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@2o7[3].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@a.abilitiesexpo[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@a.findarticles[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@ad.yieldmanager[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@ad.yieldmanager[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@ad.yieldmanager[3].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@adbrite[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@adinterax[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@adknowledge[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@adlegend[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@adopt.euroclick[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@adopt.euroclick[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@adopt.euroclick[3].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@adopt.euroclick[4].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@adopt.euroclick[5].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@adopt.specificc lick[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@adopt.specificc lick[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@adopt.specificc lick[3].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@adrevolver[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@ads.adbrite[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@ads.addynamix[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@ads.as4x.tmcs.t icketmaster[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@ads.as4x.tmcs[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@ads.pointroll[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@ads.pointroll[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@ads.revsci[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@ads.sfomedia[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@adv.webmd[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@advertising[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@advertising[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@aia.122.2o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@amznshopbop.122 .2o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@anad.tacoda[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@anat.tacoda[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@apmebf[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@apmebf[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@apnonline.112.2 o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@app.insightgrit[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@atdmt[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@atwola[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@bannerads.zwire[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@bannerads.zwire[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@belnk[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@bizrate[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@bluestreak[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@bostoncommonpre ss.112.2o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@bp.specificclic k[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@bs.serving-sys[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@burstnet[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@casalemedia[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@clickshift[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@collective-media[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@collective-media[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@collective-media[3].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@coxhsi.112.2o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@cratebarrel.112 .2o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@creview.adburea u[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@data3.perf.over ture[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@data4.perf.over ture[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@dboomdev.112.2o 7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@deltaairlines.1 12.2o7[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@directtrack[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@dist.belnk[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@doubleclick[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@drnatura.112.2o 7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@drnatura.direct track[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@dtag.112.2o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@edge.ru4[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@edge.ru4[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@eproc.nassaucou ntyny[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@eyewonder[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@fastclick[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@findarticles[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@go.drivecleaner[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@go.drivecleaner[3].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@harpo.122.2o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@hearstmagazines .112.2o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@icadsales[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@imageads5.googl eadservices[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@imageads5.googl eadservices[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@images.crossmed iaservices[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@imrworldwide[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@indexstats[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@indextools[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@indianalimeston ecompany.122.2o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@insightexpressa i[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@insightexpressa i[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@insightexpressa i[3].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@insightexpressa i[5].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@insightexpressa i[6].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@insightexpress[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@kontera[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@livenation.122. 2o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@mcclatchy.112.2 o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@media.adrevolve r[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@media.adrevolve r[3].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@mediaplex[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@mediaplex[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@metacafe.122.2o 7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@microsoftconsum ermarketing.112.2o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@microsoftwga.11 2.2o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@msnportal.112.2 o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@netgear.122.2o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@nextag[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@nextag[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@nextag[3].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@nextag[5].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@nextag[6].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@nyc.abilitiesex po[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@overture[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@parentingteens. about[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@partner2profit[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@partner2profit[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@partner2profit[3].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@partner2profit[4].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@partner2profit[5].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@partner2profit[6].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@partner2profit[7].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@precisionclick[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@precisionclick[3].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@prnewswire.122. 2o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@pt.crossmediase rvices[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@qnsr[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@questionmarket[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@questionmarket[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@raymoursfurnitu recompanyinc.122.2o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@realmedia[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@revsci[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@roiservice[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@sales.liveperso n[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@sales.liveperso n[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@sales.liveperso n[3].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@sales.liveperso n[4].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@sales.liveperso n[6].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@sales.liveperso n[7].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@sales.liveperso n[8].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@scrippshgtv.112 .2o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@search4clicks[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@serving-sys[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@serving-sys[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@sitebrand.disco untdance[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@snapfish.112.2o 7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@sonycorporate.1 22.2o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@specificclick[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@specificclick[3].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@specificclick[4].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@specificclick[5].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@statcounter[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@stats.driveclea ner[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@stats.rubbermai d[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@superstats[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@t3.trackalyzer[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@tacoda[10].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@tacoda[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@tacoda[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@tacoda[3].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@tacoda[4].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@tacoda[5].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@tacoda[6].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@tacoda[7].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@tacoda[8].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@tacoda[9].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@teenvogue[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@toseeka[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@track.bestbuy[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@tracker.mediatr acker.co[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@trafficmp[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@tribalfusion[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@vhost.oddcast[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@webanalytics.11 2.2o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@webtrack.bestso ftware[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@webtrack.bestso ftware[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@wpni.112.2o7[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@www.drivecleane r[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@www.findarticle s[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@www.googleadser vices[6].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@www.icadsales[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@www.search4clic ks[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@www.teenvoguelo okbooks[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@www.teenvoguepr omo[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@yogafinder[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@zedo[1].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@zedo[2].txt
C:\Documents and Settings\pflobeck\Cookies\pflobeck@zedo[3].txt
C:\Documents and Settings\pyoda\Cookies\pyoda@2o7[1].txt
C:\Documents and Settings\pyoda\Cookies\pyoda@atdmt[2].txt
C:\Documents and Settings\srimkunas\Cookies\srimkunas@adopt.specifi cclick[1].txt

Application.PowerReg Scheduler
C:\DOCUMENTS AND SETTINGS\LFRANCINO\START MENU\PROGRAMS\STARTUP\POWERREG SCHEDULER V3.EXE

Rogue.Agent/Gen-Nullo[BIN]
C:\WINDOWS\ERUK.BIN
C:\WINDOWS\ETOD.BIN

Rogue.Agent/Gen-Nullo[DLL]
C:\WINDOWS\SYSTEM32\TDSSCIOU.DLL

Rootkit.TDSServ-Trace
C:\WINDOWS\SYSTEM32\TDSSCUBN.LOG
C:\WINDOWS\SYSTEM32\TDSSMTYL.DAT
C:\WINDOWS\SYSTEM32\TDSSNMXH.LOG
C:\WINDOWS\SYSTEM32\TDSSPQXT.DAT
C:\WINDOWS\SYSTEM32\TDSSTKDV.LOG
************************************************** ***

************************************************** ***

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4500

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

8/29/2010 4:38:03 AM
mbam-log-2010-08-29 (04-38-03).txt

Scan type: Quick scan
Objects scanned: 207260
Time elapsed: 14 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{df058c45-cd18-453e-8745-5a77f60722ab} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b5a33c35-7298-4d15-8753-a2e851e2eab3} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f0d2b812-752d-4af1-a2fb-968c4d8446db} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e856b973-45fd-4559-8f82-eab539144667} (Adware.Gdown) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpsecuritycenter (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\ixupiyxi (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\ixupiyxi (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\GTDownDE_87.ocx (Adware.Gdown) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\iqaxehi.reg (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ucucehew.reg (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laz\Local Settings\Application Data\lweblwxgl\vapyyujshdw.exe (Trojan.FakeAlert.Gen) -> Delete on reboot.
*************************************

*************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:55 AM, on 8/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07. exe
C:\WINDOWS\System32\WLTRAY.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe
C:\WINDOWS\SYSTEM32\notepad.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:6522
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07. exe
O4 - HKLM\..\Run: [\\Midnight\EPSON Stylus Photo RX600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M 1.EXE /P35 "\\Midnight\EPSON Stylus Photo RX600" /O6 "USB001" /M "Stylus Photo RX600"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M 1.EXE /P24 "EPSON Stylus Photo RX600" /O5 "LPT1:" /M "Stylus Photo RX600"
O4 - HKLM\..\Run: [GoToMyPC - EPSON Stylus Photo RX600] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2M 1.EXE /P35 "GoToMyPC - EPSON Stylus Photo RX600" /O9 "GoToPort:" /M "Stylus Photo RX600"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2380765032-1349533711-724638934-1008\..\Run: [Sonic RecordNow!] (User '?')
O4 - HKUS\S-1-5-21-2380765032-1349533711-724638934-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\MSO7FTP.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (file missing)
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (file missing)
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (file missing)
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: http://www.time.gov
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINDOWS\msxml4.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DEBRUIN.LOCAL.COM
O17 - HKLM\Software\..\Telephony: DomainName = DEBRUIN.LOCAL.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DEBRUIN.LOCAL.COM
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SQLAgent$MICROSOFTBCM - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10155 bytes

*******************************************
Last edited by laz; 29th August 2010 at 09:02 AM.
Reply With Quote
Reply

Only registered members can participate in forum threads. You must register or log in to contribute.


Tags
antivirus software alert, spyware alert, virus, windows security alert

« Previous Thread | Next Thread »
Thread Tools

Forum Jump


All times are GMT. The time now is 11:33 PM.

Contact Us - Tech Support Team - Terms of Service - Top


Member Login
Forgot Password?



Post A Question!
Useful Links
Main Menu
Home
Forum Rules
FAQ
About Us
Welcome Pack
Search the forums
TST Mobile
Contact Us
Send Message

These are the 8 most used thread tags
Tag Cloud
geforce modem monitor no ring response no signal nvidia soft modem win7
Copyright © Tech Support Team, Inc. All rights reserved.
TechSupportTeam.org is an Privacy Policy and Legal Powered by vBulletin® Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 ©2008, Crawlability, Inc.