Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspect Hacker Spy Computer Slow


  • This topic is locked This topic is locked
15 replies to this topic

#1 tripleblack

tripleblack

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 03 February 2009 - 11:29 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:08 PM, on 2/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
C:\Documents and Settings\Joe Ciaravino\Desktop\Tool Box\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ncrs.org/forums/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200353168531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15034/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8422 bytes

BC AdBot (Login to Remove)

 


#2 tripleblack

tripleblack
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 04 February 2009 - 12:36 PM

How would I know if someone is hacking into my information...............Spyware Doctor and AVG both do not detect any problems??

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:07:52 PM

Posted 17 February 2009 - 10:21 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 tripleblack

tripleblack
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 17 February 2009 - 02:06 PM

Thank you,
Here is the log:

*******************************************************

DDS (Ver_09-02-01.01) - NTFSx86
Run by Joe at 13:10:46.93 on Tue 02/17/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.419 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Joe\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ncrs.org/forums/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [CTStartup] c:\program files\creative\splash screen\CTEaxSpl.EXE /run
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CapFax] c:\program files\classic phonetools\CapFax.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\joe~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
mPolicies-explorer: <NO NAME> =
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: aol.com\free
Trusted Zone: musicmatch.com\online
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15031/CTSUEng.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200353168531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15034/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-3 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-3 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-3 107272]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-2-21 42376]
R3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-2-21 66952]
R3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-2-21 81288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-3 298264]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-2-21 747912]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-2-21 948616]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-2-3 903960]

=============== Created Last 30 ================

2009-02-10 17:06 8,461,312 a------- c:\windows\system32\shell32.backup
2009-02-10 14:50 811 a------- c:\windows\hpinfo.lnk
2009-02-10 12:26 61,224 a------- c:\documents and settings\joe\GoToAssistDownloadHelper.exe
2009-02-09 14:52 8,192 a------- c:\windows\fffffff.pcb
2009-02-09 14:51 35,262 a------- c:\windows\fffffff.acl
2009-02-09 14:35 8,192 a------- c:\windows\Joe.pcb
2009-02-09 14:35 35,262 a------- c:\windows\Joe.acl
2009-02-09 14:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grisoft
2009-02-09 14:05 <DIR> --d----- c:\windows\SxsCaPendDel
2009-02-08 17:46 53,248 a------- c:\windows\system32\hpfinsta.exe
2009-02-08 17:46 274,432 -------- c:\windows\system32\hpfinst.dll
2009-02-08 16:53 <DIR> --d----- c:\program files\UPHClean
2009-02-08 08:52 <DIR> --d----- c:\docume~1\joe~1\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-02-04 12:17 35,277 a------- c:\windows\CAMQUEST60408.INF
2009-02-04 12:17 <DIR> --d----- c:\program files\CamQuest6
2009-02-03 22:56 <DIR> --d----- c:\windows\system32\XPSViewer
2009-02-03 22:55 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-03 22:55 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-03 22:55 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-03 22:55 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-02-03 22:55 117,760 -------- c:\windows\system32\prntvpt.dll
2009-02-03 22:55 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-02-03 22:55 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-02-03 22:23 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-03 22:23 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-03 22:23 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-03 22:23 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-03 22:23 <DIR> --d----- c:\program files\AVG
2009-02-03 17:51 <DIR> --d----- c:\program files\Performance Trends
2009-02-03 14:06 <DIR> --d----- c:\docume~1\joecia~1\applic~1\BitZipper
2009-01-29 10:50 <DIR> --d----- c:\docume~1\joecia~1\applic~1\FrostWire
2009-01-29 10:49 <DIR> --d----- c:\program files\FrostWire
2009-01-26 19:15 1,060,864 a------- c:\windows\system32\mfc71.dll
2009-01-26 19:14 153,088 a------- c:\windows\UNWISE.EXE
2009-01-25 17:57 <DIR> --d----- c:\program files\DesktopDrag2003
2009-01-25 17:55 <DIR> --d----- c:\program files\DesktopDyno2003

==================== Find3M ====================

2009-02-03 20:58 12 ----h--- c:\program files\SyncToyDirectoryId.txt
2009-01-16 18:25 76,612 a------- c:\windows\system32\FontInfo.bin
2009-01-16 18:25 24,344 a------- c:\windows\system32\GlyphInfo.bin
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-05-07 10:05 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050720080508\index.dat

============= FINISH: 13:11:08.25 ===============




Attached File  attach.zip   3.46KB   8 downloads

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 17 February 2009 - 08:36 PM

Hello.

How would I know if someone is hacking into my information...............Spyware Doctor and AVG both do not detect any problems??

But why would you suspect you have someone trying to hack into your machine?

Since you think you do we will do a scan for rootkits.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
  • After the reboot, run Gmer again and click on the Rootkit tab.[list]
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
If GMER doesn't work in Normal Mode try running it in Safe Mode

Important!:Please do not select the Show all checkbox during the scan..

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 tripleblack

tripleblack
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 18 February 2009 - 09:22 PM

Hello.

How would I know if someone is hacking into my information...............Spyware Doctor and AVG both do not detect any problems??

But why would you suspect you have someone trying to hack into your machine?

Since you think you do we will do a scan for rootkits.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2[list]
[*]Make sure you are connected to the Internet.
[*]Double-click on Download_mbam-setup.exe to install the application.
[*]When the installation begins, follow the prompts and do not make any changes to default settings.
[*]When installation has finished, make sure you leave both of these checked:[list]
[*]Update Malwarebytes' Anti-Malware
[*]Launch Malwarebytes' Anti-Malware
[/list]
[*]Then click Finish.
[*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
[*]On the Scanner tab:[list]
[*]Make sure the "Perform Quick Scan" option is selected.
[*]Then click on the Scan button.
[/list]
[*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
[*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
[*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
[*]Click OK to close the message box and continue with the removal process.
[*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
[*]Make sure that everything is checked, and click Remove Selected.
[*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
[*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
[*]Copy and paste the contents of that report in your next reply and exit MBAM.
[/list]Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Download and Run Scan with GMER

We will use GMER to scan for rootkits.[list]
[*]Download gmer.zip and save to your desktop.
Alternate Download Site 1
[*]Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
[*]When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
[/list][list]
[*]Double-click on Gmer.exe to start the program.
[*]Allow the gmer.sys driver to load if asked.
[*]If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
[*]Click the >>>
[*]Click on Settings, then check the first five settings:[list]
[*]System Protection and Tracing
[*]Processes
[*]Save created processes to the log
[*]Drivers
[*]Save loaded drivers to the log
[/list]
[*]You will be prompted to restart your computer. Please do so.
[/list][list]After the reboot, run Gmer again and click on the Rootkit tab.[list]
[*]Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
[*]Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
[*]Click on the Scan and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
[*]When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
[/list]If GMER doesn't work in Normal Mode try running it in Safe Mode

Important!:Please do not select the Show all checkbox during the scan..

With Regards,
Extremeboy


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Thank you. I appreciate what you are doing for all of us.
Unfortunately, I made the mistake of going to a website that I should have avoided. Since then I am receiving lewd, vulgar, and usually unintelligible gibberish emails from numerous senders, who are always different. They began coming at the rate of 1-2/day, but have been increasing, and are now coming at about 3-4/day.
+++++++++++++++++++++++++++++++++++++++++++

Malwarebytes' Anti-Malware 1.34
Database version: 1778
Windows 5.1.2600 Service Pack 3

2/18/2009 8:02:21 PM
mbam-log-2009-02-18 (20-02-21).txt

Scan type: Quick Scan
Objects scanned: 67171
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

+++++++++++++++++++++++++++++++++++++++++++

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-18 21:04:22
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0xB9E2C794]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcessEx [0xB9E2CF1E]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwTerminateProcess [0xB9E2BD0A]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB70616D0]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0xB9E2B384]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\csrss.exe[504] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[504] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[504] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[504] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[504] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[504] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[504] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[532] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[532] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[576] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[576] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[576] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[576] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[576] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[576] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[576] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[588] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[588] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[588] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[588] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[588] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[588] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[588] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[740] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[740] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[740] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[740] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[740] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[740] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[800] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[868] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[868] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[868] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[868] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[868] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[868] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[868] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[908] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[908] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[908] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[908] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[908] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[908] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[908] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[932] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[932] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[932] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[932] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[932] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[932] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[932] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[980] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[984] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[984] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[984] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[984] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[984] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[984] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[984] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1136] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1136] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1136] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1136] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1136] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1136] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1144] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1144] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1144] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1144] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1144] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1144] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1144] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1208] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1208] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1208] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1208] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1208] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1208] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1208] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1208] KERNEL32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\Explorer.EXE[1296] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1296] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\Explorer.EXE[1296] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1296] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\Explorer.EXE[1296] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1296] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\Explorer.EXE[1296] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1416] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1416] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1460] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1460] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1460] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1460] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1460] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1460] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1460] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1460] KERNEL32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\system32\CTHELPER.EXE[1512] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\CTHELPER.EXE[1512] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\CTHELPER.EXE[1512] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\CTHELPER.EXE[1512] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\CTHELPER.EXE[1512] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\CTHELPER.EXE[1512] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\CTHELPER.EXE[1512] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[1540] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[1540] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[1540] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[1540] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[1540] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[1540] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe[1540] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1552] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1552] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1552] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1552] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1552] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1552] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1552] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1556] kernel32.dll!CreateThread + 1B 7C8106E2 3 Bytes [ 97, C3, 83 ]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1584] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1584] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1584] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1584] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1584] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1584] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[1584] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1604] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1604] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1604] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1604] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1604] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1604] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1604] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1672] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1672] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1672] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1672] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1672] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1672] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1672] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1716] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1716] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1716] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1716] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1716] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1716] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1716] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1748] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1748] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1748] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1748] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1748] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1748] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[1748] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1756] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1756] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1756] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1756] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1756] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1756] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1756] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1768] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1768] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1768] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1768] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1768] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1768] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1768] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[1824] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes [ FB, 95, C3, 83 ]
.text C:\WINDOWS\system32\ctfmon.exe[1908] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[1908] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1908] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[1908] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1908] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[1908] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[1908] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1988] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1988] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1988] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1988] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1988] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1988] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1988] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft Office\Office\FINDFAST.EXE[2020] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office\FINDFAST.EXE[2020] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\Program Files\Microsoft Office\Office\FINDFAST.EXE[2020] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office\FINDFAST.EXE[2020] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Microsoft Office\Office\FINDFAST.EXE[2020] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Microsoft Office\Office\FINDFAST.EXE[2020] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Microsoft Office\Office\FINDFAST.EXE[2020] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\UPHClean\uphclean.exe[2136] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\UPHClean\uphclean.exe[2136] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\Program Files\UPHClean\uphclean.exe[2136] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\UPHClean\uphclean.exe[2136] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\Program Files\UPHClean\uphclean.exe[2136] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\UPHClean\uphclean.exe[2136] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\Program Files\UPHClean\uphclean.exe[2136] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\MsPMSPSv.exe[2252] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MsPMSPSv.exe[2252] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\MsPMSPSv.exe[2252] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MsPMSPSv.exe[2252] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\MsPMSPSv.exe[2252] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\MsPMSPSv.exe[2252] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\MsPMSPSv.exe[2252] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2320] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2320] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2320] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2320] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2320] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2320] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2320] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[2784] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[2784] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[2784] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[2784] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[2784] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[2784] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[2784] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[3324] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3324] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3324] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3324] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3324] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[3324] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[3324] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[3324] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\iPod\bin\iPodService.exe[3568] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[3568] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[3568] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[3568] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[3568] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[3568] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[3568] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3568] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Documents and Settings\Joe Ciaravino\Desktop\gmer.exe[3772] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Joe Ciaravino\Desktop\gmer.exe[3772] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\Documents and Settings\Joe Ciaravino\Desktop\gmer.exe[3772] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Joe Ciaravino\Desktop\gmer.exe[3772] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\Documents and Settings\Joe Ciaravino\Desktop\gmer.exe[3772] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Joe Ciaravino\Desktop\gmer.exe[3772] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\Documents and Settings\Joe Ciaravino\Desktop\gmer.exe[3772] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\Joe Ciaravino\Desktop\gmer.exe[3772] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[3976] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[3976] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\alg.exe[3976] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[3976] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\alg.exe[3976] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[3976] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\alg.exe[3976] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\alg.exe[3976] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 19 February 2009 - 04:32 PM

Hello.

The GMER scan was clean and you can see that the MBAM scan was also clean. My word of advise, if you know it's from a bad user/sender. Block them and delete it. Do not open any attachments they send or reply back. My parents e-mail have this random user sending spam every day 2-4 times. We simply blocked it and send it to the trash to avoid clicking it and downloading it to out computer.

Run an online scan and post back with a new DDS scan log to confirm you are clean.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 tripleblack

tripleblack
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 20 February 2009 - 05:05 PM

Thank you. Is the reason that I get the toxic emails simply because a robot has gotten my email address.......if so, then if I deactivate the address, the problem should resolve. OR, is it something more serious, like a program resident on my machine?

DDS (Ver_09-02-01.01) - NTFSx86
Run by Joe Ciaravino at 16:15:44.65 on Fri 02/20/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.432 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
C:\Documents and Settings\Joe Ciaravino\Local Settings\Temp\jkos-Joe Ciaravino\binaries\ScanningProcess.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Joe Ciaravino\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ncrs.org/forums/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [mount.exe] c:\program files\moveonboot\mount.exe /z
mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [CTStartup] c:\program files\creative\splash screen\CTEaxSpl.EXE /run
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [CapFax] c:\program files\classic phonetools\CapFax.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\joecia~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
mPolicies-explorer: <NO NAME> =
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: aol.com\free
Trusted Zone: musicmatch.com\online
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15031/CTSUEng.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200353168531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su/ocx/15034/CTPID.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-3 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-3 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-3 107272]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-2-3 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-3 298264]
R3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-2-21 42376]
R3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-2-21 66952]
R3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-2-21 81288]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-2-21 747912]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-2-21 948616]

=============== Created Last 30 ================

2009-02-20 14:57 <DIR> --d----- c:\program files\UPHClean
2009-02-19 14:26 <DIR> --d----- c:\docume~1\joecia~1\applic~1\Desktopicon
2009-02-19 14:26 <DIR> --d----- c:\program files\Unlocker
2009-02-19 12:59 <DIR> --d----- c:\program files\common files\Gibinsoft Shared
2009-02-19 12:59 <DIR> --d----- c:\program files\MoveOnBoot
2009-02-19 12:59 <DIR> --d----- c:\program files\GiPo@Utilities
2009-02-18 20:38 345 a------- c:\windows\gmer.ini
2009-02-18 19:54 <DIR> --d----- c:\docume~1\joecia~1\applic~1\Malwarebytes
2009-02-18 19:54 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-18 19:54 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-18 19:54 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-18 19:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-18 11:32 <DIR> --d----- c:\program files\Sophos
2009-02-10 17:06 8,461,312 a------- c:\windows\system32\shell32.backup
2009-02-10 14:50 811 a------- c:\windows\hpinfo.lnk
2009-02-10 12:26 61,224 a------- c:\documents and settings\joe ciaravino\GoToAssistDownloadHelper.exe
2009-02-09 14:52 8,192 a------- c:\windows\fffffff.pcb
2009-02-09 14:51 35,262 a------- c:\windows\fffffff.acl
2009-02-09 14:35 8,192 a------- c:\windows\Joe.pcb
2009-02-09 14:35 35,262 a------- c:\windows\Joe.acl
2009-02-09 14:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grisoft
2009-02-09 14:05 <DIR> --d----- c:\windows\SxsCaPendDel
2009-02-08 17:46 53,248 a------- c:\windows\system32\hpfinsta.exe
2009-02-08 17:46 274,432 -------- c:\windows\system32\hpfinst.dll
2009-02-08 08:52 <DIR> --d----- c:\docume~1\joecia~1\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-02-04 12:17 35,277 a------- c:\windows\CAMQUEST60408.INF
2009-02-04 12:17 <DIR> --d----- c:\program files\CamQuest6
2009-02-03 22:56 <DIR> --d----- c:\windows\system32\XPSViewer
2009-02-03 22:55 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-03 22:55 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-03 22:55 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-03 22:55 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-02-03 22:55 117,760 -------- c:\windows\system32\prntvpt.dll
2009-02-03 22:55 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-02-03 22:55 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-02-03 22:23 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-03 22:23 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-03 22:23 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-03 22:23 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-02-03 22:23 <DIR> --d----- c:\program files\AVG
2009-02-03 17:51 <DIR> --d----- c:\program files\Performance Trends
2009-02-03 14:06 <DIR> --d----- c:\docume~1\joecia~1\applic~1\BitZipper
2009-01-29 10:50 <DIR> --d----- c:\docume~1\joecia~1\applic~1\FrostWire
2009-01-29 10:49 <DIR> --d----- c:\program files\FrostWire
2009-01-26 19:15 1,060,864 a------- c:\windows\system32\mfc71.dll
2009-01-26 19:14 153,088 a------- c:\windows\UNWISE.EXE
2009-01-25 17:57 <DIR> --d----- c:\program files\DesktopDrag2003
2009-01-25 17:55 <DIR> --d----- c:\program files\DesktopDyno2003

==================== Find3M ====================

2009-02-03 20:58 12 ----h--- c:\program files\SyncToyDirectoryId.txt
2009-01-16 18:25 76,612 a------- c:\windows\system32\FontInfo.bin
2009-01-16 18:25 24,344 a------- c:\windows\system32\GlyphInfo.bin
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-05-07 10:05 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008050720080508\index.dat

============= FINISH: 16:16:03.34 ===============


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, February 20, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, February 20, 2009 20:37:25
Records in database: 1822861
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 68655
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:18:32

No malware has been detected. The scan area is clean.

The selected area was scanned.

Attached Files


Edited by extremeboy, 20 February 2009 - 05:11 PM.
Remove unnecessary quotes


#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 20 February 2009 - 05:25 PM

Hello.

Your logs indeed look clean.

A few programs and things we can take care of. Regarding your question, I do not think there is any remote or programs trying to access your computer or sending this spam. If so they it must be hidding very well and none of the tools can find it. This is very unlikely to happen. Other than that that I cannot say much but block it and it should stop usually.

Please remove these programs, as they are outdated:
ava™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7


Next I would like to see a file as there was not alot of information on it.

Submit File to Online Scanner

There is a file that I would like you to check out for me using VirusTotal/VirSCAN
  • Open VirusTotal Online Scanner or VirSCAN. If one site is busy or down, try the other
  • At the top of the page you'll see a box. Paste in the following line(s) (do one line at a time).
  • c:\windows\fffffff.pcb
  • Click Submit.
  • Wait for the scan to finish.
  • Copy Scanner Results into your next reply.
  • If more than one file was listed, repeat for each of them.
O15 Entries Warning (Sites in your Trusted Zones)

I see you have some sites in your Trusted Zone. The security settings for the internet is not extremely high and once you put a site in your trusted zone basically almost anymore including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree? It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone. They can be accessed in the Internet via Tools>Internet Options>Security>Trusted Zone>Sites. Remove if there are any there.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 tripleblack

tripleblack
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 20 February 2009 - 08:57 PM

Hello.

Your logs indeed look clean.

A few programs and things we can take care of. Regarding your question, I do not think there is any remote or programs trying to access your computer or sending this spam. If so they it must be hidding very well and none of the tools can find it. This is very unlikely to happen. Other than that that I cannot say much but block it and it should stop usually.

Please remove these programs, as they are outdated:
ava™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7


Next I would like to see a file as there was not alot of information on it.

Submit File to Online Scanner

There is a file that I would like you to check out for me using VirusTotal/VirSCAN

  • Open VirusTotal Online Scanner or VirSCAN. If one site is busy or down, try the other
  • At the top of the page you'll see a box. Paste in the following line(s) (do one line at a time).
  • c:\windows\fffffff.pcb
  • Click Submit.
  • Wait for the scan to finish.
  • Copy Scanner Results into your next reply.
  • If more than one file was listed, repeat for each of them.
O15 Entries Warning (Sites in your Trusted Zones)

I see you have some sites in your Trusted Zone. The security settings for the internet is not extremely high and once you put a site in your trusted zone basically almost anymore including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree? It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone. They can be accessed in the Internet via Tools>Internet Options>Security>Trusted Zone>Sites. Remove if there are any there.

With Regards,
Extremeboy



Thank you.
In the same directory (c:\windows), are four 34.4kb files which appear to be identical when viewed with a text editor:

fffffff.acl (modified 2/9/2009)
Joe.acl (modified 2/9/2009)
Joe Ciaravino.acl
MS097.acl

and 2-7kb and 1-8kb file:

fffffff.pcb (modified 2/9/2009)
Joe.pcb (modified 2/9/2009)
Joe Ciaravino.pcb

Again, when viewed with a text editor, fffffff.pcb and Joe.pcb appear to be identical, and both contain reference to "Omnipage" among the gibberish. I was having logoff problems that particular day, and created two temporary users for logon purposes. They were "Joe" and "fffffff". Bothe have been deleted after the testing was performed. I installed UPH Cleanup which did not completely take care of the long logoff problem. May I safely delete those "pcb" and "acl" files? All 7 files were scanned and came up clean.


File fffffff.pcb received on 02.21.2009 02:18:04 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/39 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 42 and 60 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.21 -
AhnLab-V3 2009.2.21.0 2009.02.20 -
AntiVir 7.9.0.85 2009.02.20 -
Authentium 5.1.0.4 2009.02.20 -
Avast 4.8.1335.0 2009.02.20 -
AVG 8.0.0.237 2009.02.20 -
BitDefender 7.2 2009.02.21 -
CAT-QuickHeal 10.00 2009.02.20 -
ClamAV 0.94.1 2009.02.20 -
Comodo 983 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.21 -
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6368 2009.02.20 -
F-Prot 4.4.4.56 2009.02.20 -
F-Secure 8.0.14470.0 2009.02.20 -
Fortinet 3.117.0.0 2009.02.20 -
GData 19 2009.02.21 -
Ikarus T3.1.1.45.0 2009.02.21 -
K7AntiVirus 7.10.638 2009.02.20 -
Kaspersky 7.0.0.125 2009.02.21 -
McAfee 5531 2009.02.21 -
McAfee+Artemis 5531 2009.02.21 -
Microsoft 1.4306 2009.02.21 -
NOD32 3875 2009.02.21 -
Norman 6.00.06 2009.02.20 -
nProtect 2009.1.8.0 2009.02.20 -
Panda 10.0.0.10 2009.02.20 -
PCTools 4.4.2.0 2009.02.20 -
Prevx1 V2 2009.02.21 -
Rising 21.17.42.00 2009.02.20 -
SecureWeb-Gateway 6.7.6 2009.02.20 -
Sophos 4.39.0 2009.02.21 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.21 -
TheHacker 6.3.2.3.261 2009.02.20 -
TrendMicro 8.700.0.1004 2009.02.20 -
VBA32 3.12.10.0 2009.02.20 -
ViRobot 2009.2.20.1617 2009.02.20 -
VirusBuster 4.5.11.0 2009.02.20 -
Additional information
File size: 8192 bytes
MD5...: fe671e8307f3d4e9c5b0c9d591a12f73
SHA1..: b7ebaaa7207532f88855bd66ce0de29234b59596
SHA256: 9afcc77b4661cc592c64a503aabd9bde1de0d63cfdd983e158664bc0a3fb0eeb
SHA512: f4bfd4c106745c410abc118f39e22b300a9a218c155fd30e9adb908385380d27
b31ee6ee3ae0fadaa5a071d5012c13fdec941b97d0f23f0c44a05901c3b697f4
ssdeep: 48:r2zHqIIN51V3FOlcDDy/RM944vlEgstevo5qtJJpZZ17SgRaD:yHVG1V3FOlv
/O449Zstevo5qtJXMMaD
PEiD..: -
TrID..: File type identification
Generic OLE2 / Multistream Compound File (100.0%)
PEInfo: -

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 20 February 2009 - 09:02 PM

Yes. I think you can remove those files. They do not seem to be bad or legit. It's safe to delete.

Next time, no need to quote me.. It's not necessary. Tell me if you have any problems you have before we wrap up.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 tripleblack

tripleblack
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 21 February 2009 - 07:03 AM

Wow! Thanks again.
Computer seems to be running faster..........logoff, so far (three times) is back to normal as well.
I put all 7 of those files from the Windows directory into the recycle bin, but will not empty it until sure that they were not needed.
I'm very glad to have deleted all of the Java updates, as I thought that they, like the Windows updates, were not "cumulative". I frequently got "Java script error" messages. I'll watch to see that these will cease also.
Only one remaining "problem", which started late yesterday. When I boot, and before windows starts, on the black DOS screen, I get a message that the S.M.A.R.T. capability of the primary HDD is defective, and that HDD failure is imminent.......press F1 to continue. Scary!!!!! The HDD is only 3 months old. The problem began yesterday, immediately after a spontaneous hot shutdown due to the fact that I forgot to unload my spyware/virus guard programs before doing an online scan.


Joe

Edited by tripleblack, 21 February 2009 - 07:08 AM.


#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 21 February 2009 - 09:14 AM

Hello.

That is related to hardware to be more specific "Internal Hardware" problem. Start another topic here: http://www.bleepingcomputer.com/forums/f/7/internal-hardware/

I have seen that problem and sometimes the driver related to that may need to be disabled/reinstalled but I cannot confirm that.

Start a topic there and an expert will help you out. IF you have nothing else let me know so I can give you the all-clean and close this topic.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 tripleblack

tripleblack
  • Topic Starter

  • Members
  • 144 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 21 February 2009 - 02:37 PM

Thank you for all of the help!
I know the HDD is good, and I'll start another thread as you suggest.
Best regards,
Joe

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:52 PM

Posted 21 February 2009 - 03:20 PM

Hello.

Your welcome :)

Below are some prevention tips. Good luck :thumbup2:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.
Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...


Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Additional Security Programs

For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users