Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing Rogue Anti-Virus


  • Please log in to reply
1 reply to this topic

#1 Lakota

Lakota

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 24 August 2009 - 06:13 PM

I am continually receiving the message "Your computer is infected. Windows has detected spyware and will now downloadand and install the most up-to-date antispyware for you. Click here to protect your computer from spyware".

Please help! I have no idea how to remove the icon (red circle with white x) in notification or how to remove/correct the problem. Any help is greatly appreciated. :thumbup2:



DDS (Ver_09-07-30.01) - NTFSx86
Run by Mom at 17:39:40.43 on Mon 08/24/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.319 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Wizet\MapleStory\npkcmsvc.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hphmon04.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Mom\Desktop\windowsmalewaredetection.exe
c:\d3e4b4b03f116326c0b64eba\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mom\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.att.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearchAssistant = hxxp://www.google.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn3\yt.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn3\yt.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [braviax] c:\windows\system32\braviax.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0\bin\jusched.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
mRun: [HPHUPD04] "c:\program files\hp photosmart 11\hphinstall\unipatch\hphupd04.exe"
mRun: [atwtusb] atwtusb.exe beta
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ScanSoft PaperPort 7 Registration Reminder] "c:\program files\scansoft\paperport\navbrowser.exe" /r /i "c:\program files\scansoft\paperport\NavLoad.ini"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [PC Antispyware 2010] "c:\program files\pc_antispyware2010\PC_Antispyware2010.exe" /hide
dRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft works\office10\OSA.EXE
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\ravenhawk\start menu\programs\imvu\Run IMVU.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/d/c/8/dc8362b3-f410-4e7d-b672-209d6bd8fcea/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124298604843
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: cru629.dat

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-9 24652]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-6-24 192896]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2006-9-27 21920]
S1 aiptektp;HyperPen;c:\windows\system32\drivers\aiptektp.sys [2005-7-15 22272]
S3 SaiH0460;SaiH0460;c:\windows\system32\drivers\SaiH0460.sys [2007-5-1 132232]
S4 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2005-6-24 4064]

=============== Created Last 30 ================

2009-08-24 15:51 <DIR> --d----- C:\d3e4b4b03f116326c0b64eba
2009-08-24 15:43 <DIR> --d----- c:\docume~1\mom\applic~1\Uniblue
2009-08-24 15:40 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-08-24 15:01 16,870 a------- c:\docume~1\alluse~1\applic~1\azyq.sys
2009-08-24 15:01 15,498 a------- c:\docume~1\alluse~1\applic~1\zyva.bin
2009-08-24 15:01 14,205 a------- c:\docume~1\alluse~1\applic~1\ijihev.scr
2009-08-24 15:01 14,068 a------- c:\docume~1\alluse~1\applic~1\kejy.pif
2009-08-24 15:01 13,899 a------- c:\program files\common files\bonujihexa.vbs
2009-08-24 14:59 11,264 a------- c:\windows\braviax.exe
2009-08-24 14:59 6,144 a------- c:\windows\system32\cru629.dat
2009-08-24 14:59 6,144 a------- c:\windows\cru629.dat
2009-08-24 14:58 36,864 a------- C:\sdlb.exe
2009-08-24 14:58 20,992 a------- C:\lcbckjms.exe
2009-08-24 14:58 0 a--sh--- C:\578677772
2009-08-24 14:58 190,745 a------- c:\windows\system32\wisdstr.exe
2009-08-24 14:58 29,184 a------- c:\windows\system32\dllcache\beep.sys
2009-08-24 14:58 11,264 a------- c:\windows\system32\braviax.exe
2009-08-24 14:58 80,384 a------- c:\windows\system32\~.exe
2009-08-20 09:44 <DIR> --dsh--- c:\documents and settings\mom\PrivacIE
2009-08-20 09:36 <DIR> --d----- c:\program files\Microsoft Plus!
2009-08-20 09:28 103,384 a------- c:\docume~1\mom\applic~1\GDIPFONTCACHEV1.DAT
2009-08-20 08:59 <DIR> --dsh--- c:\documents and settings\mom\IETldCache
2009-08-20 08:58 <DIR> --d----- c:\docume~1\mom\applic~1\Symantec
2009-08-20 08:58 <DIR> --d----- c:\documents and settings\Mom
2009-08-19 19:42 <DIR> -cd-h--- c:\windows\ie8
2009-08-16 00:26 <DIR> --d----- c:\program files\Shared
2009-08-10 00:24 <DIR> --d----- C:\fb3f93d48be0b61067f89d5d
2009-08-10 00:13 1,089,601 -------- c:\windows\system32\dllcache\ntprint.cat
2009-08-09 03:11 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-09 03:10 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-09 03:10 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-09 03:10 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-09 03:10 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-09 03:10 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-09 03:10 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-09 03:10 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-09 03:05 <DIR> --d----- c:\program files\MSXML 6.0
2009-08-09 03:00 <DIR> --d----- C:\909930ec52796bc502

==================== Find3M ====================

2009-08-24 15:01 19,761 a------- c:\windows\system32\elykemivo.bat
2009-08-24 15:01 18,526 a------- c:\program files\common files\omon.ban
2009-08-24 15:01 18,114 a------- c:\windows\iqufoqavy.sys
2009-08-24 15:01 18,054 a------- c:\windows\system32\dupujyp.reg
2009-08-24 15:01 16,971 a------- c:\windows\aviho.vbs
2009-08-24 15:01 16,819 a------- c:\windows\pynyq.exe
2009-08-24 15:01 16,108 a------- c:\windows\kovatyson.bat
2009-08-24 15:01 11,538 a------- c:\program files\common files\ecukibiqyn.lib
2009-08-24 15:01 11,497 a------- c:\windows\alududuke.bin
2009-08-24 14:58 29,184 a------- c:\windows\system32\drivers\beep.sys
2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 08:18 5,937,152 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-03 12:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-03 12:09 915,456 -------- c:\windows\system32\dllcache\wininet.dll
2009-07-03 12:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-07-03 12:09 1,208,832 -------- c:\windows\system32\dllcache\urlmon.dll
2009-07-03 12:09 206,848 -------- c:\windows\system32\dllcache\occache.dll
2009-07-03 12:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-07-03 12:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-03 12:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
2009-07-03 12:09 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-07-03 12:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-07-03 12:09 184,320 -------- c:\windows\system32\dllcache\iepeers.dll
2009-07-03 12:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-07-03 06:01 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-07-01 02:08 101,376 -------- c:\windows\system32\dllcache\iecompat.dll
2009-06-16 09:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-16 09:55 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 09:55 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 14:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-06-03 14:27 1,290,752 -------- c:\windows\system32\dllcache\quartz.dll
2009-05-31 07:51 262,144 a------- C:\ntuser.dat
2004-05-19 19:18 172,032 a------- c:\program files\Try Microsoft Office 2003 for 60 days.exe
2003-08-05 11:41 53,248 a------- c:\windows\inf\ap561.exe
2002-11-26 16:24 32,768 a------- c:\windows\inf\Remove561.exe
2002-11-22 15:56 118,784 a------- c:\windows\inf\ShowBmp.exe
2002-10-29 18:07 36,864 a------- c:\windows\inf\Setup8a.exe
2002-10-01 14:43 119,798 a------- c:\windows\inf\spca561.sys

============= FINISH: 17:40:30.43 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:53 PM

Posted 06 September 2009 - 05:55 AM

hi Lakota,

Sorry for delay, no shortage of posters. Your log is several days old. If you still need help reply to my post.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users