Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Virus, Spyware, and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
MalwareByte's Anti-Malware Download

> Forum Guidelines

Read this topic before posting a log.


DO NOT post a ComboFix log unless requested to.


Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

 
Closed TopicStart new topic
> infected with personal antivirus, i have tired and don't know how to remove it
zaylai209
post Jun 4 2009, 02:54 PM
Post #1


New Member
*

Group: Members
Posts: 1
Joined: 4-June 09
Member No.: 338,964
hallo,

thanks all of you this took all of my time till 48 hours and i did nothing, i hope you help me soon. my problem is (with my poor english language i am sorry) program named personal antivirus setup it self in my laptop and it goes to block the internet pages when i open any site from the browser, and after the sites opens imidiately appers red message saying (title: warning! visiting this site may harm your computer. this web site probabaly coontains malicious software program, which can couse damage to your computer or perform actions with out your permission. your computer may be infected after visiting such web site. we recomended you to install(or active antivirus security software. -then gives 2 options-: continue unprotected or get security software.)if i go what they are saying to get it opens an other page to download personal antivirus . some times it do not block all the page but gives at the top this message (this page is infected by malicious advertising code. such code can seriously effect your computer.click here to protect your computer with personal antivirus).
notice: i can't make attach becouse the malware not let me do it blocking the site if i click browse so the ATTACH.txt is copied after the DDS.txt. plz help soon.
DDS (Ver_09-05-14.01) - FAT32x86
Run by USER at 21:33:59.06 on Thu 06/04/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.112 [GMT 4:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
SVCHOST.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\crypserv.exe
D:\MATLAB7\webserver\bin\win32\matlabserver.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\LG Electronics\LG Electronics USB Modem\UMAService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\blcorp\WinCleaner AntiSpyware\WCAntiSpy.exe
C:\Program Files\mDSL\bin\App.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\VN3UJYBJ\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL =
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog0.dll
BHO: {0b014b81-4e12-46f9-806f-55867af8fd3c} - &Research
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: &Helper: {2e59498d-7e44-4452-9044-0973b080b9e8} - c:\windows\system32\winexplorer.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: XML module: {500bca15-57a7-4eaf-8143-8c619470b13d} - XML Class
BHO: {59385f95-c52f-4a84-b674-4a4206b17218} - LiveTV_ Toolbar
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
{a08c50ce-4c9a-4e81-84f3-bea728906d89}
BHO: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyBa.dll
BHO: {d032570a-5f63-4812-a094-87d007c23012} -
BHO: {d4fa7277-a69d-40af-9280-58690ce75087} - Beyluxe Toolbar
BHO: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - c:\program files\phpnukeen\tbPHP1.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTog0.dll
TB: Beyluxe Toolbar: {d4fa7277-a69d-40af-9280-58690ce75087} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: LiveTV_ Toolbar: {59385f95-c52f-4a84-b674-4a4206b17218} -
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyBa.dll
TB: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - c:\program files\phpnukeen\tbPHP1.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {A057A204-BACC-4D26-8087-36EE87E26986} - No File
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
uRun: [UMService] c:\program files\lg electronics\lg electronics usb modem\UMAService.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ZTE-EVDO] "c:\program files\mdsl\bin\EV-DO.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\2.bin\M3PLUGIN.DLL,UPF
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [PAV] c:\program files\pav\pav.exe
dRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
dRunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\user\startm~1\programs\startup\wcanti~1.lnk - c:\program files\blcorp\wincleaner antispyware\WCAntiSpy.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\callwave.lnk - c:\program files\callwave\IAM.exe
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZKxdm012YYSD
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: who.int\www
Trusted Zone: yahoo.com\www
Trusted Zone: youtube.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
TCP: {71DBC365-89B9-45AB-8DCA-83AEBD4F4014} = 212.0.138.12 212.0.138.11
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: mlJCTJYs - mlJCTJYs.dll
SEH: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - No File
LSA: Authentication Packages = msv1_0 c:\windows\system32\ljJCsqPf nwprovau

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-1-25 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-25 325896]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-25 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-25 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-22 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-22 298776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-12 55152]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\zteusbser.sys [2009-1-6 99328]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\2.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\2.bin\mwssvc.exe [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 UsbEvdoAtc;LGE EVDO USB Serial Port;c:\windows\system32\drivers\lgevdoatc.sys [2008-12-11 19840]
S3 usbevdobus;LGE EVDO Composite USB Device;c:\windows\system32\drivers\lgevdobus.sys [2008-12-11 12800]
S3 UsbEvdoDiag;LGE EVDO USB Serial DM Port;c:\windows\system32\drivers\lgevdodiag.sys [2008-12-11 19840]
S3 USBEVDOModem;LGE EVDO USB Modem;c:\windows\system32\drivers\lgevdomodem.sys [2008-12-11 21632]

=============== Created Last 30 ================

2009-06-04 21:12 <DIR> --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-06-04 21:12 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 21:12 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-04 21:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-04 21:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 18:22 <DIR> --d----- c:\program files\mDSL
2009-06-04 17:51 11 a------- c:\windows\system32\uninstall.mybho
2009-06-04 17:47 <DIR> --d----- c:\program files\blcorp
2009-06-04 15:25 724,992 a------- c:\windows\iun6002.exe
2009-06-04 15:25 <DIR> --d----- C:\spywarebegone
2009-06-04 15:25 170 a------- c:\windows\spywarebegone-fullversion-installed.html
2009-06-04 15:15 <DIR> --d----- c:\program files\SpyZooka
2009-06-04 15:14 <DIR> --d----- c:\program files\common files\Download Manager
2009-06-04 02:42 <DIR> --d----- c:\program files\PAL SPYREM
2009-06-03 15:54 375,808 a------- c:\windows\system32\winexplorer.dll
2009-06-03 15:54 <DIR> --d----- c:\program files\common files\Uninstall
2009-05-31 03:59 <DIR> --d----- c:\program files\Beyluxe Messenger
2009-05-30 19:16 <DIR> --dsh--- C:\FOUND.047
2009-05-30 05:35 <DIR> --d----- c:\program files\PHPNukeEN
2009-05-30 02:46 <DIR> --d----- c:\documents and settings\user\c
2009-05-30 01:27 <DIR> --d----- c:\program files\No-IP
2009-05-29 23:24 <DIR> --d----- c:\program files\myBabylon_English
2009-05-29 23:24 <DIR> --d----- c:\program files\Babylon
2009-05-28 10:52 <DIR> --dsh--- C:\FOUND.046
2009-05-24 21:16 <DIR> --d-h--- c:\windows\system32\B8E513
2009-05-24 21:16 <DIR> --d-h--- c:\windows\system32\B26E0E
2009-05-14 17:08 <DIR> --dsh--- C:\FOUND.045
2009-05-06 15:24 157 a------- c:\windows\matlab.ini
2009-05-06 15:24 <DIR> --d----- c:\docume~1\user\applic~1\MathWorks
2009-05-06 15:17 645,120 a------- c:\windows\system32\config.gms

==================== Find3M ====================

2009-04-29 22:30 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-04-29 22:30 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-29 22:30 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-04-29 22:30 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-10 00:42 466,944 a------- c:\windows\system32\WADHLP.DLL
2009-03-21 18:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 22:18 934,792 -------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 -------- c:\windows\system32\dllcache\wgaLogon.dll
2002-07-31 19:55 108 ---sh--- c:\windows\WSYS049.SYS
2008-12-15 20:13 379,495 a--sh--- c:\windows\system32\fPqsCJjl.ini2
2009-01-25 16:19 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-01-25 16:19 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009012520090126\index.dat
2009-01-25 16:19 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
2009-01-25 16:19 16,384 a--sh--- c:\windows\system32\config\systemprofile\cookies\index.dat

============= FINISH: 21:34:36.75 ===============







ATTACH.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/10/2008 10:07:19 PM
System Uptime: 6/4/2009 9:24:04 PM (0 hours ago)

Motherboard: Hewlett-Packard | | 30A2
Processor: Intel® Core™ Duo CPU T2350 @ 1.86GHz | U10 | 782/133mhz

==== Disk Partitions =========================

C: is FIXED (FAT32) - 14 GiB total, 3.208 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 7.794 GiB free.
E: is FIXED (NTFS) - 14 GiB total, 11.829 GiB free.
F: is FIXED (NTFS) - 14 GiB total, 14.148 GiB free.
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_1040&SUBSYS_103C1378&REV_1002\4&599DA60&0&0101
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_1040&SUBSYS_103C1378&REV_1002\4&599DA60&0&0101
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\HPQ0006\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\HPQ0006\2&DABA3FF&0
Service:

==== System Restore Points ===================

RP108: 6/4/2009 3:15:08 PM - Installed SpyZooka
RP109: 6/4/2009 3:38:43 PM - Spyware Begone! Spy Removal
RP110: 6/4/2009 5:50:43 PM - Removed SpyZooka
RP111: 6/4/2009 6:25:20 PM - Spyware Begone! Spy Removal

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 11.5
Advanced SystemCare 3
Autodesk DWF Viewer 7
AVG 8.5
Beyluxe Messenger
Broadcom 440x 10/100 Integrated Controller
Broadcom 802.11 Wireless LAN Adapter
CallWave
Choice Guard
CoffeeCup Visual Site Designer Software
CoffeeCup Website Font
Compatibility Pack for the 2007 Office system
Data Access Objects (DAO) 3.5
Golden Al-Wafi Translator
GOM Player
Health Mapper 4.3 (release 5)
High Definition Audio Driver Package - KB888111
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
HP Wireless Assistant
Intel® Graphics Media Accelerator Driver
Junk Mail filter update
LingoPad 2.6 (Build 360)
Malwarebytes' Anti-Malware
MATLAB Family of Products Release 14
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
MSN
MSVCRT
MSXML 6 Service Pack 2 (KB954459)
myBabylon_English Toolbar
PHPNukeEN Toolbar
RealPlayer
Rhapsody Player Engine
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Segoe UI
Serebra Course IP3000
SoundMAX
Sudani mDSL
Synaptics Pointing Device Driver
ToggleEN Toolbar
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VBA (2627.01)
WebFldrs XP
WinCleaner AntiSpyware 5.4
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Writer
Windows Password Cracker 3.05 Demo
Windows XP Service Pack 3
WinRAR archiver
Wireless Sensor Network
Yahoo! Messenger
Yahoo! Toolbar
Zain USB-Connect

==== Event Viewer Messages From Past Week ========

6/4/2009 6:02:47 PM, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the path specified.
6/4/2009 3:42:33 PM, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the file specified.
6/1/2009 12:22:04 PM, error: Service Control Manager [7034] - The MATLAB Server service terminated unexpectedly. It has done this 1 time(s).
5/30/2009 8:00:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
5/30/2009 8:00:00 AM, error: Schedule [7901] - The At57.job command failed to start due to the following error: %%2147942402
5/30/2009 8:00:00 AM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402
5/30/2009 1:27:03 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
5/29/2009 7:00:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
5/29/2009 7:00:00 AM, error: Schedule [7901] - The At56.job command failed to start due to the following error: %%2147942402
5/29/2009 7:00:00 AM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402
5/29/2009 6:00:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
5/29/2009 6:00:00 AM, error: Schedule [7901] - The At55.job command failed to start due to the following error: %%2147942402
5/29/2009 6:00:00 AM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402
5/28/2009 9:00:00 PM, error: Schedule [7901] - The At70.job command failed to start due to the following error: %%2147942402
5/28/2009 9:00:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402
5/28/2009 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
5/28/2009 9:00:00 AM, error: Schedule [7901] - The At58.job command failed to start due to the following error: %%2147942402
5/28/2009 9:00:00 AM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402
5/28/2009 9:00:00 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
5/28/2009 8:00:00 PM, error: Schedule [7901] - The At69.job command failed to start due to the following error: %%2147942402
5/28/2009 8:00:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
5/28/2009 8:00:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
5/28/2009 7:00:00 PM, error: Schedule [7901] - The At68.job command failed to start due to the following error: %%2147942402
5/28/2009 7:00:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402
5/28/2009 7:00:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
5/28/2009 6:00:00 PM, error: Schedule [7901] - The At67.job command failed to start due to the following error: %%2147942402
5/28/2009 6:00:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
5/28/2009 6:00:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
5/28/2009 5:00:00 PM, error: Schedule [7901] - The At66.job command failed to start due to the following error: %%2147942402
5/28/2009 5:00:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402
5/28/2009 5:00:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
5/28/2009 5:00:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
5/28/2009 5:00:00 AM, error: Schedule [7901] - The At54.job command failed to start due to the following error: %%2147942402
5/28/2009 5:00:00 AM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402
5/28/2009 4:00:00 PM, error: Schedule [7901] - The At65.job command failed to start due to the following error: %%2147942402
5/28/2009 4:00:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402
5/28/2009 4:00:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
5/28/2009 4:00:00 AM, error: Schedule [7901] - The At53.job command failed to start due to the following error: %%2147942402
5/28/2009 4:00:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
5/28/2009 4:00:00 AM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402
5/28/2009 3:00:00 PM, error: Schedule [7901] - The At64.job command failed to start due to the following error: %%2147942402
5/28/2009 3:00:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402
5/28/2009 3:00:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
5/28/2009 3:00:00 AM, error: Schedule [7901] - The At52.job command failed to start due to the following error: %%2147942402
5/28/2009 3:00:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
5/28/2009 3:00:00 AM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402
5/28/2009 2:00:00 PM, error: Schedule [7901] - The At63.job command failed to start due to the following error: %%2147942402
5/28/2009 2:00:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402
5/28/2009 2:00:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
5/28/2009 2:00:00 AM, error: Schedule [7901] - The At51.job command failed to start due to the following error: %%2147942402
5/28/2009 2:00:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
5/28/2009 2:00:00 AM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402
5/28/2009 12:44:00 AM, error: Schedule [7901] - The At49.job command failed to start due to the following error: %%2147942402
5/28/2009 12:17:00 AM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
5/28/2009 12:11:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
5/28/2009 12:00:00 PM, error: Schedule [7901] - The At61.job command failed to start due to the following error: %%2147942402
5/28/2009 12:00:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402
5/28/2009 12:00:00 PM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
5/28/2009 11:00:00 PM, error: Schedule [7901] - The At72.job command failed to start due to the following error: %%2147942402
5/28/2009 11:00:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402
5/28/2009 11:00:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
5/28/2009 11:00:00 AM, error: Schedule [7901] - The At60.job command failed to start due to the following error: %%2147942402
5/28/2009 11:00:00 AM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402
5/28/2009 11:00:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
5/28/2009 10:00:00 PM, error: Schedule [7901] - The At71.job command failed to start due to the following error: %%2147942402
5/28/2009 10:00:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
5/28/2009 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
5/28/2009 10:00:00 AM, error: Schedule [7901] - The At59.job command failed to start due to the following error: %%2147942402
5/28/2009 10:00:00 AM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402
5/28/2009 10:00:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
5/28/2009 1:00:07 PM, error: Schedule [7901] - The At62.job command failed to start due to the following error: %%2147942402
5/28/2009 1:00:07 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402
5/28/2009 1:00:06 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
5/28/2009 1:00:00 AM, error: Schedule [7901] - The At50.job command failed to start due to the following error: %%2147942402
5/28/2009 1:00:00 AM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402
5/28/2009 1:00:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402

==== End Of File ===========================
Go to the top of the page
 
+Quote Post
SifuMike
post Jun 6 2009, 10:58 AM
Post #2


malware expert
******

Group: HJT Team
Posts: 14,728
Joined: 8-January 05
From: Vancouver (not BC) WA (Not DC) USA
Member No.: 9,026
Hello zaylai209,


Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


--------------------
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!




Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
Go to the top of the page
 
+Quote Post
SifuMike
post Jun 16 2009, 10:08 PM
Post #3


malware expert
******

Group: HJT Team
Posts: 14,728
Joined: 8-January 05
From: Vancouver (not BC) WA (Not DC) USA
Member No.: 9,026
Due to inactivity, this thread will now be closed.


--------------------
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!




Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
Go to the top of the page
 
+Quote Post
« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »
 

Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 21st November 2009 - 12:23 AM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides

© 2003-2009 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2009  IPS, Inc.