Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unkown Malware/Rootkit security popups - Protect Spyware 2009


  • This topic is locked This topic is locked
2 replies to this topic

#1 jesus420monkey

jesus420monkey

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 22 March 2009 - 09:24 AM

Hello,

Please help!!! I only have a couple of days to fix this comp before I leave!!!

I am receiving security popups, Spyware Protect 2009 (I did not download) is in my task bar and keeps popping up with infiltration alerts, and IE keeps redirecting to http://browser-security.microsoft.com/blocked.php?r=21.0 displaying "Internet Explorer Warning - visiting this web site may harm your computer!" Then offering to link me to Purchase Spyware Protect 2009.

Here is my DDS Log file and attachment.

Thanks!!!
peace.b.


DDS (Ver_09-03-16.01) - NTFSx86
Run by John at 9:11:09.81 on Sun 03/22/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.223.43 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
svchost
C:\WINDOWS\sysguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\John\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: BHO: {abc42510-9b22-41c1-9dcd-8182a2d07c63} - c:\windows\system32\iehelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\nero\data\xtras\mssysmgr.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [system tool] c:\windows\sysguard.exe
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v5.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144186652609
DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} - hxxp://jrappliance.strategicvista.net/Ctl/WinWebPush.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-03-22 09:06 <DIR> --d----- c:\program files\Trend Micro
2009-03-22 01:53 10,752 a------- c:\windows\system32\iehelper.dll
2009-03-22 01:43 353,808 a------- c:\windows\sysguard.exe
2009-03-22 01:43 53,248 a------- c:\windows\system32\mcenspc.dll
2009-03-20 18:03 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-03-20 17:17 <DIR> --dsh--- c:\documents and settings\john\IECompatCache
2009-03-20 17:16 <DIR> --dsh--- c:\documents and settings\john\PrivacIE
2009-03-20 17:14 <DIR> --dsh--- c:\documents and settings\john\IETldCache
2009-03-20 17:05 <DIR> --d----- c:\windows\ie8updates
2009-03-20 17:03 <DIR> -cd-h--- c:\windows\ie8
2009-03-20 17:00 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-03-20 16:59 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 14:22 1,241,088 -------- c:\windows\system32\ieframe.dll.mui
2009-03-08 14:22 49,152 -------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:22 2,560 -------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:21 10,240 -------- c:\windows\system32\advpack.dll.mui
2009-03-08 14:21 4,096 -------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:20 81,920 -------- c:\windows\system32\iedkcs32.dll.mui
2009-03-08 14:09 638,816 -c------ c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 -c------ c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:34 1,469,440 -c------ c:\windows\system32\dllcache\inetcpl.cpl
2009-03-08 04:34 236,544 -c------ c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 -c------ c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 -c------ c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 -c------ c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 -c------ c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 -c------ c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 -c------ c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:33 25,600 -c------ c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 229,376 -c------ c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 125,952 -c------ c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 -c------ c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 173,056 -c------ c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 71,680 -c------ c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 -c------ c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 -c------ c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 -c------ c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 611,840 -c------ c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:31 183,808 -c------ c:\windows\system32\dllcache\iepeers.dll
2009-03-08 04:31 348,160 -c------ c:\windows\system32\dllcache\dxtmsft.dll
2009-03-08 04:31 216,064 -c------ c:\windows\system32\dllcache\dxtrans.dll
2009-03-08 04:31 34,816 -c------ c:\windows\system32\dllcache\imgutil.dll
2009-03-08 04:31 46,592 -c------ c:\windows\system32\dllcache\pngfilt.dll
2009-03-08 04:31 66,560 -c------ c:\windows\system32\dllcache\mshtmled.dll
2009-03-08 04:31 48,128 -c------ c:\windows\system32\dllcache\mshtmler.dll
2009-03-08 04:31 1,638,912 -c------ c:\windows\system32\dllcache\mshtml.tlb
2009-03-08 04:31 45,568 -c------ c:\windows\system32\dllcache\mshta.exe
2009-03-08 04:30 66,560 -c------ c:\windows\system32\dllcache\tdc.ocx
2009-03-08 04:24 68,608 -c------ c:\windows\system32\dllcache\hmmapi.dll

==================== Find3M ====================

2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-07 18:21 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-01-07 18:20 24,576 a------- c:\windows\system32\nlsdl.dll
2009-01-07 18:20 26,112 a------- c:\windows\system32\idndl.dll
2009-01-07 18:20 23,552 a------- c:\windows\system32\normaliz.dll
2009-01-07 18:20 265,720 a------- c:\windows\system32\msdbg2.dll
2008-07-27 13:11 23 a------- c:\documents and settings\john\jagex_runescape_preferences.dat

============= FINISH: 9:11:49.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 jesus420monkey

jesus420monkey
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 22 March 2009 - 01:32 PM

thank you! topic is resolved through off-post email reply.

Malware-bytes removal is the best!

peace.b.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:03:24 PM

Posted 22 March 2009 - 02:25 PM

Thanks for informing us.

Good luck.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users