Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"windows Antivirus"/xp Antivirus Protection Pop-ups


  • This topic is locked This topic is locked
2 replies to this topic

#1 mikeeya

mikeeya

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 03 June 2008 - 02:46 PM

Hi,
This has happened to me before. Last time, I formatted my c-drive (loosing all of my files). So, I hope that you can help me.
On the infected computer (not this one), I have a small decal in the bottom bar (just to the left of the clock). It is a yellow triangle, with an exclaimation mark.
Above this, a yellow bubble pops up around every 60 seconds. It reads:

"Windows Antivirus

Windows has detected spyware infection!

It is recommended to use special antispyware tools to prevent
data loss. Windows will now download and install the most
up-to-date software for you.

Click here to protect your computer from spyware!"

If I click on the bubble, I get a "Windows-looking" window (with baige window, with dark-blue bar at the top) which reads:

"Microsoft Internet Explorer

NOTICE: You have not completed the errors scan. If your computer has errors in file system or Windows registry,
it could cause unpredictable or erratic PC behavior, freezes, crashes and loss of data.

You need to install SystemErrorFixer to scan for and, if found, fix system errors now (Recommended)?"

If i click on the "Cancel" button, I get a similar window that reads:

"Microsoft Internet Explorer

SystemErrorFixer will scan your system for errors now.

Please select "RUN" or "OPEN" when prompted to start the installation.

This file has been digitally signed and independantly certified as 100% free of viruses, adware and spyware."

If I click the "OK" button, I get an Internet Explorer window that indicates that XP Antivirus Protection is being loaded.


Here are the results of my DSS scans:


main.txt:

Deckard's System Scanner v20071014.68
Run by mine on 2008-06-03 11:30:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
102: 2008-06-03 18:30:37 UTC - RP153 - Deckard's System Scanner Restore Point
101: 2008-06-03 15:20:20 UTC - RP152 - System Checkpoint
100: 2008-06-02 15:16:30 UTC - RP151 - System Checkpoint
99: 2008-06-01 07:11:54 UTC - RP150 - System Checkpoint
98: 2008-05-31 06:11:54 UTC - RP149 - System Checkpoint


-- First Restore Point --
1: 2008-05-26 01:29:43 UTC - RP52 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as mine.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:57 AM, on 6/3/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1200215656\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
A:\dss.exe
C:\PROGRA~1\TRENDM~1\mine.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goodsearch.com/
O2 - BHO: (no name) - {508926A3-9989-4B72-846D-781F2AA8EA4F} - C:\WINDOWS\System32\ddcYqooO.dll
O2 - BHO: (no name) - {7CE67716-5803-4FB7-B344-0C7A17F93B5D} - C:\WINDOWS\System32\efcCvWqQ.dll
O2 - BHO: {18336a28-2812-6ab9-9e64-efc4f0e0e22a} - {a22e0e0f-4cfe-46e9-9ba6-218282a63381} - C:\WINDOWS\System32\daylspiq.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1200215656\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\System32\drvkar.dll,startup
O4 - HKLM\..\Run: [BM37a54a21] Rundll32.exe "C:\WINDOWS\System32\xmbxeqji.dll",s
O4 - HKLM\..\Run: [349679bd] rundll32.exe "C:\WINDOWS\System32\gvufadvn.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1204947044546
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1204947030593
O20 - Winlogon Notify: efcCvWqQ - C:\WINDOWS\SYSTEM32\efcCvWqQ.dll
O20 - Winlogon Notify: wintwt32 - C:\WINDOWS\SYSTEM32\wintwt32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

--
End of file - 3667 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1039&DEV_7012&SUBSYS_18151019&REV_A0\3&61AAA01&0&17
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1039&DEV_7012&SUBSYS_18151019&REV_A0\3&61AAA01&0&17
Service:


-- Files created between 2008-05-03 and 2008-06-03 -----------------------------

2008-06-03 07:21:26 94784 --a------ C:\WINDOWS\System32\gvufadvn.dll
2008-06-03 07:18:37 103488 --a------ C:\WINDOWS\System32\daylspiq.dll
2008-06-03 07:18:35 2624 --a------ C:\WINDOWS\System32\sffubkhl.exe
2008-06-03 07:18:26 104512 --a------ C:\WINDOWS\System32\xmbxeqji.dll
2008-06-03 07:01:39 0 d-------- C:\Program Files\Trend Micro
2008-06-01 07:08:55 105024 --a------ C:\WINDOWS\System32\eshkywyt.dll
2008-06-01 07:05:56 94272 -----n--- C:\WINDOWS\System32\yonmxouu.dll
2008-06-01 07:03:07 2624 --a------ C:\WINDOWS\System32\imavjaer.exe
2008-06-01 07:02:56 101952 --a------ C:\WINDOWS\System32\uwmcpjpa.dll
2008-05-31 07:08:15 105024 --a------ C:\WINDOWS\System32\aygbumlh.dll
2008-05-31 07:05:15 2624 --a------ C:\WINDOWS\System32\emeraclr.exe
2008-05-31 07:02:15 101952 --a------ C:\WINDOWS\System32\etggytmq.dll
2008-05-30 07:08:15 2624 --a------ C:\WINDOWS\System32\sflmeage.exe
2008-05-30 07:05:15 103488 --a------ C:\WINDOWS\System32\ntbfcuih.dll
2008-05-30 07:02:15 101952 --a------ C:\WINDOWS\System32\tbobriem.dll
2008-05-29 07:11:15 2624 --a------ C:\WINDOWS\System32\scoopudg.exe
2008-05-29 07:08:15 106048 --a------ C:\WINDOWS\System32\qbafdikf.dll
2008-05-29 07:02:15 105024 --a------ C:\WINDOWS\System32\xgdkiewo.dll
2008-05-28 07:08:15 2624 --a------ C:\WINDOWS\System32\lnfxxodl.exe
2008-05-28 07:02:15 105024 --a------ C:\WINDOWS\System32\bexwknax.dll
2008-05-27 07:05:15 2624 --a------ C:\WINDOWS\System32\fithhbux.exe
2008-05-27 07:02:15 102976 --a------ C:\WINDOWS\System32\kqacwlfl.dll
2008-05-26 07:11:15 104000 --a------ C:\WINDOWS\System32\xnyfaklm.dll
2008-05-26 07:05:15 2624 --a------ C:\WINDOWS\System32\anlnqeit.exe
2008-05-26 07:02:15 102464 --a------ C:\WINDOWS\System32\phelxxvh.dll
2008-05-25 18:29:33 753003 --ahs---- C:\WINDOWS\System32\OooqYcdd.ini2
2008-05-25 18:29:29 279552 --a------ C:\WINDOWS\System32\ddcYqooO.dll
2008-05-25 18:24:31 145 --a------ C:\WINDOWS\System32\winver.bat
2008-05-25 18:24:31 19456 --a------ C:\WINDOWS\System32\drvkar.dll
2008-05-25 18:24:27 35840 --a------ C:\WINDOWS\System32\efcCvWqQ.dll
2008-05-25 18:24:25 38 --a------ C:\WINDOWS\System32\a.bat
2008-05-13 12:01:50 0 d-------- C:\Program Files\Java
2008-05-13 12:01:49 0 d-------- C:\Program Files\Common Files\Java
2008-05-13 12:01:14 0 d-------- C:\Program Files\Compendium
2008-05-03 22:38:10 0 d-------- C:\Documents and Settings\mine\Application Data\Netscape
2008-05-03 22:38:06 0 d-------- C:\Program Files\Netscape
2008-05-03 22:29:09 1160 --a------ C:\WINDOWS\mozver.dat


-- Find3M Report ---------------------------------------------------------------

2008-05-13 12:01:49 0 d-------- C:\Program Files\Common Files
2008-04-26 08:45:15 26624 --a------ C:\WINDOWS\System32\wintwt32.dll
2008-04-26 08:45:11 26624 --a------ C:\WINDOWS\System32\winisf32.dll
2008-04-26 08:45:08 26624 --a------ C:\WINDOWS\System32\winnuj32.dll
2008-04-07 10:46:47 0 d-------- C:\Program Files\MSECache


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{508926A3-9989-4B72-846D-781F2AA8EA4F}]
05/25/2008 06:29 PM 279552 --a------ C:\WINDOWS\System32\ddcYqooO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CE67716-5803-4FB7-B344-0C7A17F93B5D}]
05/25/2008 06:24 PM 35840 --a------ C:\WINDOWS\System32\efcCvWqQ.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a22e0e0f-4cfe-46e9-9ba6-218282a63381}]
06/03/2008 07:18 AM 103488 --a------ C:\WINDOWS\System32\daylspiq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="C:\Program Files\Common Files\AOL\1200215656\ee\AOLSoftware.exe" [10/08/2007 02:50 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [12/06/2004 09:31 PM]
"MSDisp32"="C:\WINDOWS\System32\drvkar.dll" [05/25/2008 06:24 PM]
"BM37a54a21"="C:\WINDOWS\System32\xmbxeqji.dll" [06/03/2008 07:18 AM]
"349679bd"="C:\WINDOWS\System32\gvufadvn.dll" [06/03/2008 07:21 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/20/2002 04:08 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 1:05:56 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{7CE67716-5803-4FB7-B344-0C7A17F93B5D}"= C:\WINDOWS\System32\efcCvWqQ.dll [05/25/2008 06:24 PM 35840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcCvWqQ]
efcCvWqQ.dll 05/25/2008 06:24 PM 35840 C:\WINDOWS\system32\efcCvWqQ.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wintwt32]
wintwt32.dll 04/26/2008 08:45 AM 26624 C:\WINDOWS\system32\wintwt32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\ddcYqooO




-- End of Deckard's System Scanner: finished at 2008-06-03 11:32:25 ------------


extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.53GHz
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 1023.48 MiB / 699.54 MiB
Pagefile Memory (total/avail): 2462.45 MiB / 2224.85 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.98 MiB

A: is Removable (FAT)
C: is Fixed (NTFS) - 186.3 GiB total, 176.89 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2000JB-00KFA0 - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 186.3 GiB - C:

\\.\PHYSICALDRIVE1 - IC USB Storage-CFC USB Device

\\.\PHYSICALDRIVE3 - IC USB Storage-MMC USB Device

\\.\PHYSICALDRIVE4 - IC USB Storage-MSC USB Device

\\.\PHYSICALDRIVE2 - IC USB Storage-SMC USB Device



-- Security Center -------------------------------------------------------------

AUOptions is not configured.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\mine\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ME
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\mine
LOGONSERVER=\\ME
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\mine\LOCALS~1\Temp
TMP=C:\DOCUME~1\mine\LOCALS~1\Temp
USERDOMAIN=ME
USERNAME=mine
USERPROFILE=C:\Documents and Settings\mine
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

mine (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
AOL Registration --> "C:\Program Files\AOL\RC\uninstall.exe"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Compendium 1.5.2 --> "C:\Program Files\Compendium\unins000.exe"
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
FileZilla Client 3.0.6 --> C:\Program Files\FileZilla Client\uninstall.exe
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "D:\HijackThis.exe" /uninstall
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand MXa --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Netscape Navigator (9.0.0.5) --> C:\Program Files\Netscape\Navigator 9\uninstall\helper.exe
Text To PDF Converter v1.4 --> "C:\Program Files\Text2PDF v1.4\unins000.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u


-- Application Event Log -------------------------------------------------------

Event Record #/Type113 / Error
Event Submitted/Written: 05/25/2008 06:55:53 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 21955421.

Event Record #/Type112 / Error
Event Submitted/Written: 05/25/2008 06:55:46 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type111 / Error
Event Submitted/Written: 05/25/2008 06:55:42 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 21955421.

Event Record #/Type110 / Error
Event Submitted/Written: 05/25/2008 06:55:35 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type109 / Error
Event Submitted/Written: 05/25/2008 06:44:33 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 21971969.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type926 / Warning
Event Submitted/Written: 06/02/2008 10:59:26 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type848 / Warning
Event Submitted/Written: 05/26/2008 08:47:39 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type777 / Warning
Event Submitted/Written: 05/24/2008 11:03:23 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type776 / Error
Event Submitted/Written: 05/22/2008 08:01:18 PM
Event ID/Source: 61 / Print
Event Description:
The document UNewsNo10v2007_01 owned by mine failed to print. Win32 error code returned by the print processor: 3003 (0xbbb).

Event Record #/Type775 / Warning
Event Submitted/Written: 05/17/2008 11:01:23 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.



-- End of Deckard's System Scanner: finished at 2008-06-03 11:32:25 ------------

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:56 PM

Posted 05 June 2008 - 05:46 PM

Hello mikeeya,

Before we start, you need to realize that you are missing one important program on that computer: An antivirus.

That is the reason you are infected. :)

This is somewhat suicidal in today's digital world. :thumbsup:

You need to install an antivirus program as soon as you can and run a complete scan of the computer.

I recommend you download the free

Avast or
AntiVir or
AVG antivirus

Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.

Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!

After you run the antivirus scan, post it's log .

Edited by SifuMike, 05 June 2008 - 05:48 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:56 PM

Posted 19 June 2008 - 01:46 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users