Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

remove system security program from computer


  • This topic is locked This topic is locked
2 replies to this topic

#1 joeclar

joeclar

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 04 January 2009 - 05:38 PM

I seem to have an annoying virus or software on my computer that keeps popping up and threatening malicious activity. Please see attachments as requested and thanks in advance for your assistance.

DDS (Version 1.1.0) - NTFSx86
Run by Joe Clar at 16:35:15.95 on Sun 01/04/2009
Internet Explorer: 6.0.2900.2180

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.emachines.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: XML Class: {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll
BHO: QuickSearch SearchBar: {82315a18-6cfb-44a7-bdfd-90e36537c252} - c:\program files\quicksearch\QuickSearchBar3_28.dll
BHO: e404mgr Class: {8f10de2b-e923-4548-b524-4d9c5fa80777} - c:\program files\helper\1205070053.dll
TB: QuickSearch SearchBar: {82315a18-6cfb-44a7-bdfd-90e36537c252} - c:\program files\quicksearch\QuickSearchBar3_28.dll
TB: {FE6BC4EF-5676-484B-88AE-883323913256} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {9404901D-06DA-4B23-A0EE-3EA4F64EC9B3} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [MoneyAgent] "c:\program files\microsoft money\system\Money Express.exe"
uRun: [Cognac] c:\docume~1\joecla~1\locals~1\temp\1.tmp.exe
uRun: [MSFox] c:\docume~1\joecla~1\locals~1\temp\yyy3034.exe
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [DDCM] "c:\program files\wildtangent\ddc\ddcmanager\DDCMan.exe" -Background
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [WildTangent CDA] RUNDLL32.exe "c:\program files\wildtangent\apps\cda\cdaEngine0400.dll",cdaEngineMain
mRun: [SpyBlocker] c:\program files\spyblocker software\spyblocker.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [2098467898] "c:\documents and settings\all users\application data\1364631269\2098467898.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRunOnce: [DELDIR0.EXE] "c:\docume~1\joecla~1\locals~1\temp\deldir0.exe" "c:\program files\mcafee\mcafee shared components\guardian\"
dRun: [Cognac] c:\windows\temp\C.tmp.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.browsergate.com/redirect.php
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {d4c51fa4-9192-4a9a-8d2a-a0690c92f171} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\joecla~1\applic~1\mozilla\firefox\profiles\186dscpi.default user\
FF - prefs.js: keyword.URL - hxxp://ws1.appswebservice.com/index.php?tpid=10244&tspid=650244&ttid=105&st=

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-01-03 14:57 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-03 14:34 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-03 14:34 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-01-03 14:34 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-03 14:33 324,872 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-03 14:33 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-03 14:32 <DIR> --d----- c:\program files\AVG
2009-01-03 09:32 1,409 a------- c:\windows\QTFont.for
2009-01-03 09:32 54,156 a---h--- c:\windows\QTFont.qfn
2009-01-03 03:07 23,392 a------- c:\windows\system32\nscompat.tlb
2009-01-03 03:07 16,832 a------- c:\windows\system32\amcompat.tlb
2009-01-02 13:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\1364631269
2009-01-02 12:06 73,728 a------- c:\windows\system32\NL5882o3.exe
2009-01-02 12:06 0 a------- c:\windows\system32\NL5882o3.exe.a_a
2008-12-29 16:42 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2008-12-29 15:34 127,034 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2008-12-09 23:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8

==================== Find3M ====================

2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll
2008-10-16 05:37 659,456 a------- c:\windows\system32\wininet.dll
2005-06-19 18:31 456,384 ac------ c:\windows\inf\wlg-1103\ar5211.sys
2004-11-03 14:08 212,992 ac------ c:\windows\inf\wlg-1103\CopyWHQLDriver.exe

============= FINISH: 16:45:17.57 ===============
Attached File  Attach.txt   9.16KB   8 downloads

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:21 PM

Posted 18 January 2009 - 12:23 AM

Hello joeclar,

Posted Image

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:21 PM

Posted 30 January 2009 - 02:31 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users