Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer acting up after a downlaod...


  • This topic is locked This topic is locked
8 replies to this topic

#1 edmil

edmil

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 01 July 2010 - 08:24 PM

Hi about a week I download a program and after that my pc start acting up...the disket unit strarted to make a weird noise , and every time we turn off the computer instead of doing it imediately a pop up saying the a program is still running it says services.exe...before it didn't do it, now is that and the noise like if I have a disk inside the unit , the computer froze a lot...and internet explorer redirects to other sites instead of my homepage...

I've scanned the pc with AD-Aware and this superantispyware and this is what I've got so far it show some stuff I click remove and restar but still is the same thing... and every time I scanned it shows the same results that some adware cookies and some redirect stuff are in my pc.

Can someone help me???? :thumbsup:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/01/2010 at 03:20 PM

Application Version : 4.34.1000

Core Rules Database Version : 5144
Trace Rules Database Version: 2956

Scan type : Complete Scan
Total Scan Time : 01:10:32

Memory items scanned : 551
Memory threats detected : 0
Registry items scanned : 5808
Registry threats detected : 0
File items scanned : 32781
File threats detected : 3

Adware.Flash Tracking Cookie
C:\Documents and Settings\Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MEFJVEWG\A.ADS2.MSADS(2).NET
C:\Documents and Settings\Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MEFJVEWG\ADS2.MSADS(2).NET
C:\Documents and Settings\Owner\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MEFJVEWG\B.ADS2.MSADS(2).NET



Logfile created: 7/1/2010 16:30:27
Ad-Aware version: 8.2.6
User performing scan: Owner

*********************** Definitions database information ***********************
Lavasoft definition file: 149.309
Genotype definition file version: 2010/06/29 05:52:39

******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 125192
Objects detected: 77


Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 77
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0



Removed items:
Description: gtm-self.avg.com(127.0.0.1) @ 39 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619922 Family ID: 560
Description: ns2.avast.com(127.0.0.1) @ 46 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619923 Family ID: 560
Description: symantec.com(127.0.0.1) @ 64 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53886 Family ID: 560
Description: tus1smtinbpex03.symantec.com(127.0.0.1) @ 67 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53886 Family ID: 560
Description: mail.trendmicro.com(127.0.0.1) @ 74 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53887 Family ID: 560
Description: ns2.mail.trendmicro.com(127.0.0.1) @ 75 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53887 Family ID: 560
Description: ns6.clamav.net(127.0.0.1) @ 88 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619927 Family ID: 560
Description: mail.avira.com(127.0.0.1) @ 111 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619924 Family ID: 560
Description: ns3.fortinet.com(127.0.0.1) @ 161 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619935 Family ID: 560
Description: group-4.is-rvk.aves.f-prot.com(127.0.0.1) @ 174 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619948 Family ID: 560
Description: group-4.is-rvk.aves.f-prot.com(127.0.0.1) @ 175 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619948 Family ID: 560
Description: group-4.is-rvk.aves.f-prot.com(127.0.0.1) @ 176 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619948 Family ID: 560
Description: test.mcafee.com(127.0.0.1) @ 212 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53878 Family ID: 560
Description: ns2.rising.com.cn(127.0.0.1) @ 223 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 586761 Family ID: 560
Description: mx5.sophos.com(127.0.0.1) @ 239 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53640 Family ID: 560
Description: ns2.mail.trendmicro.com(127.0.0.1) @ 256 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53887 Family ID: 560
Description: www.gtm-self.avg.com(127.0.0.1) @ 306 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619922 Family ID: 560
Description: www.ns2.avast.com(127.0.0.1) @ 313 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619923 Family ID: 560
Description: www.tus1smtinbpex03.symantec.com(127.0.0.1) @ 334 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53886 Family ID: 560
Description: www.ns2.mail.trendmicro.com(127.0.0.1) @ 342 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53887 Family ID: 560
Description: www.ns6.clamav.net(127.0.0.1) @ 355 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619927 Family ID: 560
Description: www.mail.avira.com(127.0.0.1) @ 378 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619924 Family ID: 560
Description: www.ns3.fortinet.com(127.0.0.1) @ 428 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619935 Family ID: 560
Description: www.group-4.is-rvk.aves.f-prot.com(127.0.0.1) @ 441 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619948 Family ID: 560
Description: www.group-4.is-rvk.aves.f-prot.com(127.0.0.1) @ 442 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619948 Family ID: 560
Description: www.group-4.is-rvk.aves.f-prot.com(127.0.0.1) @ 443 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619948 Family ID: 560
Description: www.test.mcafee.com(127.0.0.1) @ 479 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53878 Family ID: 560
Description: www.ns2.rising.com.cn(127.0.0.1) @ 490 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 586761 Family ID: 560
Description: www.mx5.sophos.com(127.0.0.1) @ 506 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53640 Family ID: 560
Description: www.ns2.mail.trendmicro.com(127.0.0.1) @ 523 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53887 Family ID: 560
Description: update.forum.pctools.com(127.0.0.1) @ 567 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619964 Family ID: 560
Description: update.mx.norman.com(127.0.0.1) @ 593 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619963 Family ID: 560
Description: update.mx.norman.com(127.0.0.1) @ 597 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619963 Family ID: 560
Description: update.comodo.com(127.0.0.1) @ 659 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619930 Family ID: 560
Description: update.forum.f-secure.com(127.0.0.1) @ 714 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53868 Family ID: 560
Description: update.forum.kaspersky.com(127.0.0.1) @ 738 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53876 Family ID: 560
Description: update.help.microsoft.com(127.0.0.1) @ 748 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 54005 Family ID: 560
Description: update.bitdefender.com(127.0.0.1) @ 764 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619925 Family ID: 560
Description: www.updatesalmanazar.virustotal.com(127.0.0.1) @ 895 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 54007 Family ID: 560
Description: www.updateeset.com(127.0.0.1) @ 955 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619972 Family ID: 560
Description: www.filesprevx.com(127.0.0.1) @ 1552 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619965 Family ID: 560
Description: www.filessecurityresponse.symantec.com(127.0.0.1) @ 1604 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53642 Family ID: 560
Description: www.filesliveupdate.symantecliveupdate.com(127.0.0.1) @ 1605 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53638 Family ID: 560
Description: www.filesviruslist.com(127.0.0.1) @ 1606 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53636 Family ID: 560
Description: www.filesnetworkassociates.com(127.0.0.1) @ 1608 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53626 Family ID: 560
Description: www.filesmast.mcafee.com(127.0.0.1) @ 1609 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53623 Family ID: 560
Description: www.filesdownload.mcafee.com(127.0.0.1) @ 1611 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53621 Family ID: 560
Description: www.filesdispatch.mcafee.com(127.0.0.1) @ 1612 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53620 Family ID: 560
Description: www.filesnai.com(127.0.0.1) @ 1614 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53881 Family ID: 560
Description: www.filesupdate.symantec.com(127.0.0.1) @ 1615 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53888 Family ID: 560
Description: www.filesupdates.symantec.com(127.0.0.1) @ 1616 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53617 Family ID: 560
Description: www.filesus.mcafee.com(127.0.0.1) @ 1617 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53616 Family ID: 560
Description: www.filesliveupdate.symantec.com(127.0.0.1) @ 1618 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53615 Family ID: 560
Description: www.filescustomer.symantec.com(127.0.0.1) @ 1619 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53614 Family ID: 560
Description: www.filesrads.mcafee.com(127.0.0.1) @ 1620 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53612 Family ID: 560
Description: update.forum.pctools.com(127.0.0.1) @ 1635 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619964 Family ID: 560
Description: update.mx.norman.com(127.0.0.1) @ 1661 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619963 Family ID: 560
Description: update.mx.norman.com(127.0.0.1) @ 1665 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619963 Family ID: 560
Description: update.comodo.com(127.0.0.1) @ 1727 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619930 Family ID: 560
Description: update.forum.f-secure.com(127.0.0.1) @ 1782 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53868 Family ID: 560
Description: update.forum.kaspersky.com(127.0.0.1) @ 1806 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53876 Family ID: 560
Description: update.help.microsoft.com(127.0.0.1) @ 1816 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 54005 Family ID: 560
Description: update.bitdefender.com(127.0.0.1) @ 1832 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619925 Family ID: 560
Description: www.update.forum.pctools.com(127.0.0.1) @ 1902 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619964 Family ID: 560
Description: www.update.mx.norman.com(127.0.0.1) @ 1928 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619963 Family ID: 560
Description: www.update.mx.norman.com(127.0.0.1) @ 1932 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619963 Family ID: 560
Description: www.update.comodo.com(127.0.0.1) @ 1994 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619930 Family ID: 560
Description: www.update.forum.f-secure.com(127.0.0.1) @ 2049 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53868 Family ID: 560
Description: www.update.forum.kaspersky.com(127.0.0.1) @ 2073 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53876 Family ID: 560
Description: www.update.help.microsoft.com(127.0.0.1) @ 2083 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 54005 Family ID: 560
Description: www.update.bitdefender.com(127.0.0.1) @ 2099 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619925 Family ID: 560
Description: download.my-etrust.com(127.0.0.1) @ 2411 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53880 Family ID: 560
Description: download.secure.nai.com(127.0.0.1) @ 2414 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53619 Family ID: 560
Description: download.grisoft.com(127.0.0.1) @ 2422 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619949 Family ID: 560
Description: www.download.my-etrust.com(127.0.0.1) @ 2678 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53880 Family ID: 560
Description: www.download.secure.nai.com(127.0.0.1) @ 2681 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 53619 Family ID: 560
Description: www.download.grisoft.com(127.0.0.1) @ 2689 Family Name: Redirected hostfile entry Engine: 1 Clean status: Success Item ID: 619949 Family ID: 560

Scan and cleaning complete: Finished correctly after 6908 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Full Scan
ID: folderstoscan, enabled:1, value: C:\,D:\
ID: useantivirus, enabled:1, value: true
ID: sections, enabled:1
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
ID: scanrootkits, enabled:1, value: true
ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily1, enabled:1, value: Daily 1
ID: time, enabled:1, value: Tue Jun 29 07:02:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily2, enabled:1, value: Daily 2
ID: time, enabled:1, value: Tue Jun 29 13:02:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily3, enabled:1, value: Daily 3
ID: time, enabled:1, value: Tue Jun 29 19:02:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updatedaily4, enabled:1, value: Daily 4
ID: time, enabled:1, value: Tue Jun 29 01:02:00 2010
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly1, enabled:1, value: Weekly
ID: time, enabled:1, value: Tue Jun 29 07:02:00 2010
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: true
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: true
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: Carbon.eGL, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: autoentertainmentmode, enabled:1, value: false
ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
ID: layers, enabled:1
ID: useantivirus, enabled:1, value: false
ID: usespywareheuristics, enabled:1, value: false
ID: modules, enabled:1
ID: processprotection, enabled:1, value: true
ID: onaccessprotection, enabled:1, value: true
ID: registryprotection, enabled:1, value: true
ID: networkprotection, enabled:1, value: true


****************************** System information ******************************
Computer name: EJAC
Processor name: Intel® Celeron® CPU 2.30GHz
Processor identifier: x86 Family 15 Model 2 Stepping 7
Processor speed: ~2292MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 519, number of processors 1, processor features: [MMX,SSE,SSE2]
Physical memory available: 371347456 bytes
Physical memory total: 795844608 bytes
Virtual memory available: 1782190080 bytes
Virtual memory total: 2147352576 bytes
Memory load: 53%
Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 440 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 488 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 512 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 556 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 568 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 724 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 768 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 836 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 868 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 992 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1096 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1184 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1276 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1308 name: C:\WINDOWS\system32\CTsvcCDA.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1360 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1412 name: C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1512 name: c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1592 name: c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1616 name: C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1676 name: C:\Program Files\McAfee\MPF\MPFSrv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1840 name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1928 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1532 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3056 name: C:\WINDOWS\Explorer.EXE owner: Owner domain: EJAC
PID: 3204 name: C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3716 name: C:\WINDOWS\system32\ctfmon.exe owner: Owner domain: EJAC
PID: 3740 name: C:\Program Files\Internet Explorer\services.exe owner: Owner domain: EJAC
PID: 3820 name: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe owner: Owner domain: EJAC
PID: 4012 name: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe owner: Owner domain: EJAC
PID: 376 name: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe owner: Owner domain: EJAC
PID: 3412 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3084 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3756 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2064 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Owner domain: EJAC
PID: 3892 name: C:\WINDOWS\system32\logonui.exe owner: SYSTEM domain: NT AUTHORITY

Startup items:
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: hpsysdrv
imagepath: c:\windows\system\hpsysdrv.exe
Name: Share-to-Web Namespace Daemon
imagepath: c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
Name: CamMonitor
imagepath: c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
Name: AutoTBar
imagepath: C:\hp\bin\autotbar.exe
Name: Recguard
imagepath: C:\WINDOWS\SMINST\RECGUARD.EXE
Name: Zero Knowledge Freedom
imagepath: C:\Program Files\Zero Knowledge\Freedom\AutoStarterR.exe
Name: PS2
imagepath: C:\WINDOWS\system32\ps2.exe
Name: Google Quick Search Box
imagepath: "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
Name: CTCheck
imagepath: C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
Name: mcagent_exe
imagepath: "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
Name: AlcxMonitor
imagepath: ALCXMNTR.EXE
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Name: TkBellExe
imagepath: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Name: Microsoft Updat
imagepath: C:\Program Files\Internet Explorer\services.exe
Name:
imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
imagepath: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
imagepath: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe

Bootexecute items:
Name:
imagepath: autocheck autochk *

Running services:
Name: ALG
displayname: Application Layer Gateway Service
Name: AudioSrv
displayname: Windows Audio
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Browser
displayname: Computer Browser
Name: Creative Service for CDROM Access
displayname: Creative Service for CDROM Access
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: ERSvc
displayname: Error Reporting Service
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FastUserSwitchingCompatibility
displayname: Fast User Switching Compatibility
Name: helpsvc
displayname: Help and Support
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: mcmscsvc
displayname: McAfee Services
Name: McNASvc
displayname: McAfee Network Agent
Name: McProxy
displayname: McAfee Proxy Service
Name: McSysmon
displayname: McAfee SystemGuards
Name: MpfService
displayname: McAfee Personal Firewall Service
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: SeaPort
displayname: SeaPort
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore Service
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: W32Time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wuauserv
displayname: Automatic Updates
Name: WudfSvc
displayname: Windows Driver Foundation - User-mode Driver Framework
Name: WZCSVC
displayname: Wireless Zero Configuration
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service

Edited by edmil, 02 July 2010 - 10:01 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:30 AM

Posted 02 July 2010 - 01:20 PM

OK, We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 edmil

edmil
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 02 July 2010 - 09:49 PM

ok I will do that! thank you !

#4 edmil

edmil
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 03 July 2010 - 11:34 AM

Hello is me againg I've been having a problem with Gmer...i've download the DDS and no problem, Ive dowload the other program to Defloger and no problem but everytime that i've want to download Gmer or run it my computer froze up to the point I've reset it 2 times... :thumbsup: and is only with Gmer What shoul I do??? by the way I run Malwarebytes and found 6 trojans ... what else we can do..???

Thankyou for your time and help I really appreciated!

Ps Ive posted this in the link that you told me :virus etc ...removal logs

Thank you

Edited by edmil, 03 July 2010 - 11:45 AM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:30 AM

Posted 03 July 2010 - 12:06 PM

Hello, hold off on GMER... Post the MBAM log only here.
How many Antivirus are active on here,I see several installed?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 edmil

edmil
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 03 July 2010 - 12:17 PM

Thank you Boopme to reply so fast :thumbsup:
well...
I have the Superanty spyware, and the ad aware but Mc fee is disable because in needs to be renew when we got the subscription with the cable company who provides internet it came with the package but now it's not working because is asking for a paid subscription and we are not using it... anyway thats why I have to use only the superantyspyware and the adaware that I found over here... yesterday I could download the Mbam and it work...well here is the log for it...


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4267

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/2/2010 2:40:47 PM
mbam-log-2010-07-02 (14-40-47).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|)
Objects scanned: 221093
Time elapsed: 1 hour(s), 10 minute(s), 58 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
C:\Program Files\Internet Explorer\services.exe (Trojan.Dialer.Gen) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft updat (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoft updat (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Internet Explorer\services.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\OJXC7YrVJrM6B88BYo\Hacks4Sale installer\1.1.0.0\Update-463237.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Microsoft.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP321\A0059522.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP322\A0059544.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP324\A0060325.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP327\A0060513.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP327\A0060530.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP327\A0060538.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP329\A0060555.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP329\A0061367.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.

Edited by edmil, 03 July 2010 - 12:18 PM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:30 AM

Posted 03 July 2010 - 12:25 PM

OK,you need an Antivirus also those are not. Keep MBAM and SAS as a complimnent. Update and scan at least weekly with them and your Antivirus.
Install One of these free AV's and scan with it and post the log.

AntiVir

Avast

Note: A dialer which is used to access pornographic websites by dialing a high-cost phone number using a modem. It also hijacks your homepage.
http://www.threatexpert.com/report.aspx?md...d42befa27b873df

Edited by boopme, 03 July 2010 - 12:27 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 edmil

edmil
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:30 AM

Posted 03 July 2010 - 01:51 PM

well Ive try to download this links that you send me but I can't acces I was using mozzilla and I thought it was because mozilla it self but now I;m using IE and tells me web page cannot be displayed...

#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,807 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:30 AM

Posted 03 July 2010 - 03:16 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/328865/computer-acting-up-after-a-download/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users