Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Protect 2009 malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 asaltydog

asaltydog

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 19 February 2009 - 11:09 AM

I am getting three screens that come up when ever I try to do work on any program. (1) Windows Security alert (2) Spyware Protect 2009 alert (3) Spyware Alert

DDS (Ver_09-02-01.01) - NTFSx86
Run by Kim at 10:54:20.07 on Thu 02/19/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2430.1853 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)

============== Running Processes ===============

J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
J:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
J:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
J:\WINDOWS\system32\Ati2evxx.exe
J:\WINDOWS\Explorer.EXE
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\McAfee.com\Agent\mcagent.exe
J:\WINDOWS\svcho.exe
J:\Program Files\AIM6\aim6.exe
J:\Program Files\Windows Live\Messenger\msnmsgr.exe
J:\Program Files\Messenger\msmsgs.exe
J:\WINDOWS\sysguard.exe
J:\Program Files\AIM6\aolsoftware.exe
J:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
j:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
j:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
J:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
J:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
J:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
J:\WINDOWS\system32\svchost.exe -k imgsvc
J:\WINDOWS\system32\UTSCSI.EXE
J:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
j:\program files\aim toolbar\aimtbServer.exe
J:\WINDOWS\system32\wuauclt.exe
J:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
J:\Program Files\Internet Explorer\iexplore.exe
J:\Program Files\Outlook Express\msimn.exe
J:\Documents and Settings\Kim\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://start.earthlink.net/AL/Search
uStart Page = hxxp://www.ask.com/
mSearch Page = hxxp://www.ask.com/
mStart Page = hxxp://www.ask.com/
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - j:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - j:\program files\aim toolbar\aimtb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - j:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - j:\program files\bitcomet\tools\BitCometBHO_1.2.2.28.dll
BHO: {465E08E7-F005-4389-980F-1D8764B3486C} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - j:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - j:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - j:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - j:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - j:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - j:\program files\aim toolbar\aimtb.dll
TB: {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - j:\program files\siber systems\ai roboform\roboform.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - j:\program files\aim toolbar\aimtb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - j:\program files\google\googletoolbar1.dll
TB: {40D41A8B-D79B-43D7-99A7-9EE0F344C385} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} - No File
TB: {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - No File
TB: {C7768536-96F8-4001-B1A2-90EE21279187} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File
EB: {6576EBAA-B570-4345-98E4-96153C77CF24} - No File
uRun: [Aim6] "j:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [msnmsgr] "j:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "j:\program files\messenger\msmsgs.exe" /background
uRun: [sysguard] j:\windows\sysguard.exe
mRun: [mcagent_exe] "j:\program files\mcafee.com\agent\mcagent.exe" /runkey
uExplorerRun: [svcho] j:\windows\svcho.exe
IE: &AIM Toolbar Search - j:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: &D&ownload &with BitComet - j:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - j:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - j:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Customize Menu - file://j:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://j:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://j:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://j:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - j:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - j:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - j:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {78162A52-6823-4C38-BD97-676D28566169} - j:\program files\bsi\edocxl lite\TriggerIE.exe
IE: {B82C5879-1AAF-4CFF-8062-8F2EF22FED4C} - j:\program files\bsi\edocxl lite\TriggerIE.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://j:\program files\bitcomet\tools\BitCometBHO_1.2.2.28.dll/206
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - j:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - j:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - j:\program files\aim toolbar\aimtb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - j:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
TCP: {F0B17515-3057-44C8-B066-26AD3C6907E7} = 24.151.8.211,24.251.8.210
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - j:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - j:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;j:\windows\system32\drivers\mfehidk.sys [2009-1-9 213640]
R2 aawservice;Lavasoft Ad-Aware Service;j:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 CmosTime;CmosTime;j:\windows\system32\cmostime.sys [2005-9-14 3502]
R2 McProxy;McAfee Proxy Service;j:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-2-12 359952]
R2 McShield;McAfee Real-time Scanner;j:\progra~1\mcafee\viruss~1\mcshield.exe [2009-2-12 144704]
R3 McSysmon;McAfee SystemGuards;j:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-2-12 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;j:\windows\system32\drivers\mfeavfk.sys [2009-2-12 79304]
R3 mfebopk;McAfee Inc. mfebopk;j:\windows\system32\drivers\mfebopk.sys [2009-2-12 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;j:\windows\system32\drivers\mfesmfk.sys [2009-2-12 40552]
R3 TridVid;X10 VA12A Video Capture;j:\windows\system32\drivers\TridVid.sys [2008-10-28 156928]
S3 iscFlash;iscFlash;\??\j:\windows\system32\drivers\iscflash.sys --> j:\windows\system32\drivers\iscflash.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;j:\windows\system32\drivers\mferkdk.sys [2009-2-12 34216]
S3 SydexFDD;Sydex Diskette Driver;j:\windows\system32\drivers\SYDEXFDD.SYS [2007-11-6 13359]
S4 Viewpoint Manager Service;Viewpoint Manager Service;j:\program files\viewpoint\common\ViewpointService.exe [2009-1-6 24652]

=============== Created Last 30 ================

2009-02-18 13:56 1,152 a------- j:\windows\system32\windrv.sys
2009-02-18 13:55 <DIR> --d----- j:\program files\SpyNoMore
2009-02-18 13:55 <DIR> --d----- j:\program files\common files\Download Manager
2009-02-18 13:07 16,896 a------- j:\windows\svcho.exe
2009-02-18 13:07 16,896 a------- j:\windows\syssvc.exe
2009-02-18 12:30 364,040 a------- j:\windows\sysguard.exe
2009-02-18 12:30 12,288 a------- j:\windows\system32\~.exe
2009-02-12 14:00 40,552 a------- j:\windows\system32\drivers\mfesmfk.sys
2009-02-12 14:00 35,272 a------- j:\windows\system32\drivers\mfebopk.sys
2009-02-12 14:00 79,304 a------- j:\windows\system32\drivers\mfeavfk.sys
2009-02-12 14:00 120,136 a------- j:\windows\system32\drivers\Mpfp.sys
2009-02-12 13:59 <DIR> --d----- j:\program files\common files\McAfee
2009-02-12 13:59 <DIR> --d----- j:\program files\McAfee.com
2009-02-12 13:58 <DIR> --d----- j:\program files\McAfee
2009-02-12 13:58 34,216 a------- j:\windows\system32\drivers\mferkdk.sys
2009-02-07 16:56 <DIR> --d----- j:\program files\Microsoft
2009-02-07 16:53 <DIR> --d----- j:\program files\Windows Live SkyDrive
2009-02-07 16:44 <DIR> --d----- j:\docume~1\alluse~1\applic~1\NortonInstaller
2009-02-07 15:34 <DIR> --d----- j:\windows\system32\CatRoot_bak
2009-02-07 14:39 <DIR> --d----- j:\windows\system32\scripting
2009-02-07 14:39 <DIR> --d----- j:\windows\l2schemas
2009-02-07 14:37 <DIR> --d----- j:\windows\ServicePackFiles
2009-02-07 14:34 <DIR> --d----- j:\program files\AIM6
2009-02-07 14:18 <DIR> --d----- j:\windows\system32\XPSViewer
2009-02-07 14:13 <DIR> --d----- j:\program files\MSXML 6.0
2009-01-24 14:30 5,632 a------- j:\windows\system32\ptpusb.dll
2009-01-24 14:30 159,232 a------- j:\windows\system32\ptpusd.dll
2009-01-23 17:45 <DIR> --d----- j:\docume~1\kim\applic~1\FastStone
2009-01-23 17:45 <DIR> --d----- j:\program files\FastStone Capture
2009-01-21 15:43 208,744 a------- j:\windows\system32\muweb.dll
2009-01-21 15:43 268,648 a------- j:\windows\system32\mucltui.dll
2009-01-21 14:15 <DIR> --d----- j:\windows\network diagnostic
2009-01-21 14:14 2,455,488 -c------ j:\windows\system32\dllcache\ieapfltr.dat
2009-01-21 14:14 991,232 -c------ j:\windows\system32\dllcache\ieframe.dll.mui

==================== Find3M ====================

2009-02-07 14:41 76,487 a------- j:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-09 12:03 213,640 a------- j:\windows\system32\drivers\mfehidk.sys
2008-12-02 22:37 49,480 a------- j:\windows\system32\sirenacm.dll
2008-01-25 14:03 56,912 a------- j:\documents and settings\kim\g2mdlhlpx.exe
2008-01-25 11:14 846,504 a------- j:\documents and settings\kim\JNativeCpp.dll

============= FINISH: 10:55:18.64 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:21 PM

Posted 01 March 2009 - 07:00 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:21 PM

Posted 06 March 2009 - 12:42 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users