Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't remove Security Warning icon


  • This topic is locked This topic is locked
12 replies to this topic

#1 rodge657

rodge657

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 23 March 2009 - 03:13 PM

I have a warning icon that appears when I start up and then keeps flashing the message 'Warning - You have a security problem.' When I double click on it, an online scan runs from 'tube-funs-world.com/promo3...' Then I get a 'Windows Security Alert' window asking me to 'Remove all' the detected trojans. I usually can't close these windows (close doesn't work or opens another window). To close the windows I have to 'End Program' from the Task Manager. I've run 'Malwarebytes Anti-Malware' several times. On the first run, 37 problems were found and removed. Now I'm down to 2 registry settings that it can't/won't undo. If I wait long enough, a window pops up with either 'VirusRemover2009' or 'SpywareRemover2009' in the title bar. I know these are not legit applications and that I shouldn't load them but I need to get rid of them.

Please help me...

Thanks,
Roger

DDS Log:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Roger at 15:37:06.50 on Mon 03/23/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1317 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\system32\oq32nEPk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Roger\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3081119
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3081119
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: CPrintEnhancer Object: {ae84a6aa-a333-4b92-b276-c11e2212e4fe} - c:\program files\hp\smart web printing\SmartWebPrinting.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [8169Diag] c:\program files\realtek\diagnostics utility\8169Diag.exe /hw
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-2-5 201320]
R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2008-11-19 8960]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-2-5 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-2-5 144704]
R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2008-11-19 11264]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-19 110080]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-2-5 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-5 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-5 35240]
R3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-5 33832]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-5 40488]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2008-11-19 16640]

=============== Created Last 30 ================

2009-03-23 13:50 <DIR> --d----- c:\windows\system32\NtmsData
2009-03-23 12:50 <DIR> --d----- c:\docume~1\roger\applic~1\Malwarebytes
2009-03-23 12:50 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-23 12:50 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-23 12:50 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-23 12:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-22 23:26 75,776 a------- c:\windows\system32\oq32nEPk.exe

==================== Find3M ====================

2009-03-22 23:25 59,392 a------- c:\windows\system32\userinit.exe
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys

============= FINISH: 15:37:24.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:52 AM

Posted 23 March 2009 - 04:07 PM

Hello rodge657,

Posted Image

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :thumbup2: If McAfee still gives you problems, then temporarily uninstall it.

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 rodge657

rodge657
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 24 March 2009 - 08:28 AM

Hi tea,
I did as you requested below and it seems to have removed the warning icon. Everything ran smoothly with the exception of installing the 'Windows Recovery Console' which ComboFix suggested that I do and I did.

Here's the ComboFix log... I'm not sure what you're asking for re: the 'new HijackThis log'. Are you asking me to run DDS again to get a new DDS log? If not, what are you asking for?

Thanks,
Roger

ComboFix 09-03-23.01 - Roger 2009-03-24 9:02:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1581 [GMT -4:00]
Running from: c:\documents and settings\Roger\My Documents\My Data\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\x64

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\system32\init32.exe


.
((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))
.

2009-03-24 08:44 . 2009-03-24 08:44 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-23 13:50 . 2009-03-23 14:31 <DIR> d-------- c:\windows\system32\NtmsData
2009-03-23 12:50 . 2009-03-23 12:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-23 12:50 . 2009-03-23 12:50 <DIR> d-------- c:\documents and settings\Roger\Application Data\Malwarebytes
2009-03-23 12:50 . 2009-03-23 12:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-23 12:50 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-23 12:50 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-22 23:26 . 2009-03-22 23:27 75,776 --a------ c:\windows\system32\oq32nEPk.exe
2009-02-25 14:23 . 2009-02-25 14:23 <DIR> d-------- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 18:48 --------- d-----w c:\program files\Coupons
2009-03-17 21:01 --------- d-----w c:\program files\Common Files\Adobe
2009-03-13 15:20 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-12 14:58 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-02-07 18:43 --------- d-----w c:\documents and settings\All Users\Application Data\Dell
2009-02-06 19:26 --------- d-----w c:\program files\McAfee
2009-02-05 17:08 --------- d-----w c:\program files\MSXML 4.0
2009-02-05 14:42 --------- d-----w c:\program files\Common Files\McAfee
2009-02-05 14:41 --------- d-----w c:\program files\McAfee.com
2009-02-05 14:40 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-02-04 13:54 --------- d-----w c:\program files\support.com
2009-01-28 16:24 --------- d-----w c:\documents and settings\Roger\Application Data\Image Zone Express
2009-01-28 16:14 --------- d-----w c:\documents and settings\Roger\Application Data\Printer Info Cache
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"8169Diag"="c:\program files\Realtek\Diagnostics Utility\8169Diag.exe" [2008-02-26 909312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-19 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 c:\windows\RTHDCPL.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-11-19 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2008-11-19 8960]
R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2008-11-19 11264]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-19 110080]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2008-11-19 16640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-03-23 c:\windows\Tasks\At1.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At10.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At11.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At12.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At13.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At14.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At15.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At16.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At17.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At18.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At19.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At2.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At20.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At21.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At22.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At23.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At24.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At25.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At26.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At27.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At28.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At29.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At3.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At30.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At31.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At32.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At33.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At34.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At35.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At36.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At37.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At38.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At39.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At4.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At40.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At41.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At42.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At43.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At44.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At45.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At46.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At47.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At48.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At5.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At6.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At7.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At8.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-03-23 c:\windows\Tasks\At9.job
- c:\windows\system32\oq32nEPk.exe [2009-03-22 23:27]

2009-02-05 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 14:32]

2009-02-05 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 14:32]

2008-12-10 c:\windows\Tasks\WebReg Deskjet F4100 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 22:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3081119
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 09:05:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Dell Support Center\gs_agent\dsc.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-03-24 9:06:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-24 13:06:15

Pre-Run: 239,742,873,600 bytes free
Post-Run: 239,753,465,856 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

236 --- E O F --- 2009-03-12 14:22:02

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:52 AM

Posted 24 March 2009 - 02:13 PM

Hi,

Sorry about that. :)
Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Just like the ComboFix report, could you post the HijackThis log in a reply here for me? :step4:

Glad it's running better. :thumbup2:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 rodge657

rodge657
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 24 March 2009 - 03:29 PM

Here it is, I think... Let me know if this is OK or not.

Roger

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:25:50 PM, on 3/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Roger\Local Settings\Temporary Internet Files\Content.IE5\YV33G02N\HiJackThis[1].exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3081119
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe /hw
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 7418 bytes

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:52 AM

Posted 24 March 2009 - 03:50 PM

Hi there,

Perfect, thanks. :thumbup2:

Your Java is out of date, which leaves your computer vulnerable.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6_u_12.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

File::
c:\windows\system32\oq32nEPk.exe


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

How is it running please?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 rodge657

rodge657
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 24 March 2009 - 04:12 PM

Using the link you provided ('Java Runtime Environment (JRE) 6_u_12'), I don't see what you ask me to look for ("The J2SE Runtime Environment (JRE) allows end-users to run Java applications".). The latest version of JRE is the following:
Java SE Runtime Environment (JRE)
JRE 6 Update 13
This release includes the highly anticipated 64-bit Java Plug-In (for 64-bit browsers only), Windows Server 2008 support, and performance improvements of Java and JavaFX applications .

Am I missing something or just not seeing it?

Roger

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:52 AM

Posted 24 March 2009 - 04:38 PM

Heh.....they updated the updates on me. :) Yes, please use update 13. :thumbup2:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 rodge657

rodge657
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 25 March 2009 - 08:17 AM

Hi tea,
It wasn't exactly per your instructions but I think I updated my Java. I think it may have changed a bit with the latest upgrade. Everything seemed to work. No error messages (other than having to disable my McAfee Virus Protection which I forgot to do first).

Let me know how I did...

Roger

Here are my logs:

ComboFix Log:
ComboFix 09-03-23.01 - Roger 2009-03-25 8:52:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1572 [GMT -4:00]
Running from: c:\documents and settings\Roger\My Documents\My Data\Virus Fix\ComboFix.exe
Command switches used :: c:\documents and settings\Roger\My Documents\My Data\Virus Fix\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point

FILE ::
c:\windows\system32\oq32nEPk.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\oq32nEPk.exe
c:\windows\Tasks\At1.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At15.job

.
((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-25 08:48 . 2009-03-25 08:48 <DIR> d-------- c:\program files\Java
2009-03-25 08:48 . 2009-03-25 08:48 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-25 08:48 . 2009-03-25 08:48 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-24 08:44 . 2009-03-24 08:44 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-23 13:50 . 2009-03-23 14:31 <DIR> d-------- c:\windows\system32\NtmsData
2009-03-23 12:50 . 2009-03-23 12:50 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-23 12:50 . 2009-03-23 12:50 <DIR> d-------- c:\documents and settings\Roger\Application Data\Malwarebytes
2009-03-23 12:50 . 2009-03-23 12:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-23 12:50 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-23 12:50 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-25 14:23 . 2009-02-25 14:23 <DIR> d-------- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 18:48 --------- d-----w c:\program files\Coupons
2009-03-17 21:01 --------- d-----w c:\program files\Common Files\Adobe
2009-03-13 15:20 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-12 14:58 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 18:43 --------- d-----w c:\documents and settings\All Users\Application Data\Dell
2009-02-06 19:26 --------- d-----w c:\program files\McAfee
2009-02-05 17:08 --------- d-----w c:\program files\MSXML 4.0
2009-02-05 14:42 --------- d-----w c:\program files\Common Files\McAfee
2009-02-05 14:41 --------- d-----w c:\program files\McAfee.com
2009-02-05 14:40 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-02-04 13:54 --------- d-----w c:\program files\support.com
2009-01-28 16:24 --------- d-----w c:\documents and settings\Roger\Application Data\Image Zone Express
2009-01-28 16:14 --------- d-----w c:\documents and settings\Roger\Application Data\Printer Info Cache
.

((((((((((((((((((((((((((((( SnapShot@2009-03-24_ 9.05.47.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-24 12:23:47 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-25 12:33:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-19 19:36:16 262,144 ---ha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
+ 2009-03-25 12:42:54 262,144 ---ha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
- 2009-03-24 12:23:47 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-25 12:33:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-24 12:23:47 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-25 12:33:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-10 07:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2009-03-25 12:48:35 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-10 07:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2009-03-25 12:48:35 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-10 08:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2009-03-25 12:48:35 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2009-03-25 12:49:03 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_d30.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]
"8169Diag"="c:\program files\Realtek\Diagnostics Utility\8169Diag.exe" [2008-02-26 909312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-19 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-25 148888]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 c:\windows\RTHDCPL.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-11-19 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-11-19 110080]
S2 LANPkt;Realtek LANPkt Protocol Driver;c:\windows\system32\drivers\LANPkt.sys [2008-11-19 8960]
S3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag69xp.sys [2008-11-19 11264]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2008-11-19 16640]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-03-23 c:\windows\Tasks\At10.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-24 c:\windows\Tasks\At11.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At13.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At14.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At16.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At17.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-24 c:\windows\Tasks\At18.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-24 c:\windows\Tasks\At19.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At2.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At20.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At21.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At22.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At23.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At24.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At25.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At26.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At27.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At28.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At29.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At3.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At30.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At31.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At32.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At33.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At34.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-24 c:\windows\Tasks\At35.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-24 c:\windows\Tasks\At36.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At37.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At38.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At39.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At4.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At40.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At41.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-24 c:\windows\Tasks\At42.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-24 c:\windows\Tasks\At43.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At44.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At45.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At46.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At47.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At48.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At5.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At6.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At7.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At8.job
- c:\windows\system32\oq32nEPk.exe []

2009-03-23 c:\windows\Tasks\At9.job
- c:\windows\system32\oq32nEPk.exe []

2009-02-05 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 14:32]

2009-02-05 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 14:32]

2008-12-10 c:\windows\Tasks\WebReg Deskjet F4100 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 22:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3081119
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-25 08:53:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-25 8:53:56
ComboFix-quarantined-files.txt 2009-03-25 12:53:54
ComboFix2.txt 2009-03-24 13:06:19

Pre-Run: 239,655,792,640 bytes free
Post-Run: 239,674,593,280 bytes free

234 --- E O F --- 2009-03-12 14:22:02


HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:30 AM, on 3/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Roger\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3081119
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe /hw
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 7184 bytes

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:52 AM

Posted 25 March 2009 - 04:35 PM

Hi Roger,

You did just fine. :thumbup2: Looking pretty good now....how is it on your end? :)

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 rodge657

rodge657
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 26 March 2009 - 08:54 AM

Everything is working fine. I think we can close this one out... :thumbup2:

I made a small contribution to keep you guys going so you'll still be there when I need you again. And I know I will need you again.

Thanks so much for your help.

Roger

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:52 AM

Posted 26 March 2009 - 04:27 PM

Hello,

Glad it's working well, and thank you very much. :thumbup2:

Please delete ComboFix and its accompanying folder C:\Qoobox. Empty your Recycle bin and reboot your computer.

Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

Regularly go to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. You should also turn on the Windows automatic update feature.

It is very important to maintain your Firewall.
A tutorial on understanding and using firewalls may be found here.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. A lot of free software can bundle other software, including spyware.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Please make sure to run your antivirus software regularly, and to keep it up-to-date.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Take care!
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:52 AM

Posted 28 March 2009 - 12:03 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users