Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

bogus Windows XP Fix


  • This topic is locked This topic is locked
9 replies to this topic

#1 mo5

mo5

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 02 August 2011 - 01:46 PM

this program appeared that says it is a Windows XP fix program. It has taken over my computer. When i log on, there was a black screen with this program running and supposedly looking for problems which it finds many of. There is nothing else available to me. No start, no other programs or capability to do anything.
I went in as a guest. There are no programs in the All Programs file and my c and d hard drives are empty when i open them (they show they have content but nothing is displayed).
As a guest, I was able to run my virus detection (Webroot) and found some files relating to this program which i deleted. But i still cannot access anything and when i go into my admin account the Windows XP fix program is not running but there is nothing else available or visible (only light blue screen). As a guest again, I tried to run the fix for this in your site but i could not run the programs. Either the program would not run (DeFogger) or i get a message that says that i don't have authority to run them because i am not the administrator.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:12 AM

Posted 02 August 2011 - 01:58 PM

Hello, did you follow our Removal Guide here Remove Windows XP Fix (Uninstall Guide) .
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 mo5

mo5
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 02 August 2011 - 02:11 PM

As i said, if i go to the 'Remove Windows Fix (Uninstall Guide)' for the windows fix malware, i cannot proceed. When i try to do the first thing (run the preparation guide per the instructions), it asks me to run defogger and i cannot because it stops and says it cannot be run. It doesn't say why but i have tried to run other programs and load hardware and they say i cannot because i am not the administrator (actually, i am not logged in as the administrator). So maybe that is the reason but it didn't say. Since i can't do anything in the administrator log in, i seem to be in a catch 22 situation.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:12 AM

Posted 02 August 2011 - 02:43 PM

OK, can you just run and post the DDS log in a new topic in the other forum and explain this again there ?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 mo5

mo5
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 02 August 2011 - 03:20 PM

Sorry, I don't know what a DDS Log is or where it is located. What other forum? I only see one forum. Since i haven't cleared out all the malware, i can't do anything. The instructions are written as if one can do things but i cannot do anything in Admin. and very little when logged in as a guest. The inability to download and run any programs is related to the malware and the fact that i cannot do anything in the Admin. position - is this a misconception on my part?
As i understand your reply, you want me to do this again in another forum? I don't understand what you mean.
thx, mo

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:12 AM

Posted 02 August 2011 - 03:35 PM

In the Prep guide do ONLY step 7

http://www.bleepingcomputer.com/forums/topic34773.html

Edited by boopme, 02 August 2011 - 03:36 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 mo5

mo5
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 02 August 2011 - 04:10 PM

step 7 of the prep has the same problem as step 6. Since i am logged in as a guest, i don't have admin rights and it says that i don't have authority to download or run the program. And i can't do anything in admin. so guest is the only way i can do anything.
Is there any way that i can circumvent this? If i could, then i could run the procedure that exists.
thx, mo

#8 mo5

mo5
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:12 AM

Posted 02 August 2011 - 04:48 PM

i figured out a way to do the thing as admin. but i can't save the file to desktop because i don't have one, ha. Actually, i can save it but where it is i have no idea. It isn't on my pale blue screen.
Anyway, i will copy and put here and hope it can work.
thx, again, mo

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/9/2009 3:24:19 PM
System Uptime: 8/2/2011 10:45:07 AM (4 hours ago)
.
Motherboard: Micro-Star Inc. | | MS-6566E
Processor: Intel® Pentium® 4 CPU 2.40GHz | FC-478 | 2400/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 13.139 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 373 GiB total, 83.313 GiB free.
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: RAID Controller
Device ID: PCI\VEN_1095&DEV_0680&SUBSYS_36801095&REV_02\4&1A671D0C&0&10F0
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1095&DEV_0680&SUBSYS_36801095&REV_02\4&1A671D0C&0&10F0
Service:
.
==== System Restore Points ===================
.
RP659: 5/12/2011 1:42:04 AM - System Checkpoint
RP660: 5/12/2011 3:03:39 AM - Software Distribution Service 3.0
RP661: 5/12/2011 3:40:14 AM - Software Distribution Service 3.0
RP662: 8/1/2011 11:43:50 AM - System Checkpoint
RP663: 8/2/2011 3:01:53 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
50 FREE MP3s +1 Free Audiobook!
Acrobat.com
Adobe AIR
Adobe Creative Suite
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.4.4
Adobe SVG Viewer 3.0
Agere Systems PCI Soft Modem
AOL Radio Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AudibleManager
Bonjour
BoontyBox 2.1
Canon Camera Access Library
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PowerShot SX20 IS Camera User Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Chinese Simplified Fonts Support For Adobe Reader 9
Choice Guard
Creative Mass Storage Drivers
Creative MediaSource
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative Zen Nano Plus
Creative ZEN Vision M Series
Critical Update for Windows Media Player 11 (KB959772)
Download Updater (AOL LLC)
Driver Wizard
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 2170 series
hp psc 2170 series
iTunes
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java™ 6 Update 23
jZip
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.3
Microsoft IntelliType Pro 6.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6.0 Parser (KB925673)
NVIDIA Drivers
PIXELA ImageMixer
QuickTime
Realtek AC'97 Audio
Recovery Commander 3
Registry Utilities Pro
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Spelling Dictionaries Support For Adobe Reader 9
System Requirements Lab
Uniblue RegistryBooster 2010
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WeatherBug
WebFldrs XP
Webroot Software
Winamp
Winamp Detector Plug-in
Winamp Toolbar
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Essentials
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Presentation Foundation
XML Paper Specification Shared Components Pack 1.0
Yahoo! BrowserPlus 2.7.1
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
YOU DON'T KNOW JACK Volume 3
ZENcast Organizer
.
==== Event Viewer Messages From Past Week ========
.
8/2/2011 6:43:07 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2512827).
8/1/2011 3:56:32 PM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/1/2011 3:56:31 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.
8/1/2011 3:56:25 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
.
==== End Of File ===========================


DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Owner at 14:29:43 on 2011-08-02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.380 [GMT -7:00]
.
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.
============== Running Processes ===============
.
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\VCOM\RECOVE~1\MXTask.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\VCOM\RECOVE~1\mxtask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\VCOM\RECOVE~1\mxtask.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\VCOM\RECOVE~1\RC.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\common files\logitech\lu\lulnchr.exe
c:\program files\common files\logitech\lu\LogitechUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
uSearch Page =
uSearch Bar =
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: AOL Radio Toolbar Loader: {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - c:\program files\aol radio toolbar\aolradiotb.dll
BHO: {334b5227-d99d-38a9-8c7a-fc553cdd0848} - D
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: AOL Radio Toolbar: {9167da98-6f9b-46f1-991d-826cae46cab6} - c:\program files\aol radio toolbar\aolradiotb.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [Weather] "c:\program files\aws\weatherbug\Weather.exe" 1
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [vKLuVrOIsaEYCN] "c:\documents and settings\all users\application data\vKLuVrOIsaEYCN.exe"
uRunOnce: [FlashPlayerUpdate] "c:\windows\system32\macromed\flash\FlashUtil10p_Plugin.exe" -update plugin
mRun: [SoundMan] "SOUNDMAN.EXE"
mRun: [AGRSMMSG] "AGRSMMSG.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] "c:\windows\ime\imkr6_1\IMEKRMIG.EXE"
mRun: [MSPY2002] "c:\windows\system32\ime\pintlgnt\ImScInst.exe" /SYNC
mRun: [PHIME2002ASync] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /SYNC
mRun: [PHIME2002A] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /IMEName
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [nwiz] "nwiz.exe" /install
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoDesktop = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &AOL Radio Toolbar Search - c:\documents and settings\all users\application data\aol radio toolbar\ietoolbar\resources\en-us\local\search.html
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUfox000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231545954765
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/msxml4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C19F14E9-248F-4662-9CAF-B9139F53DBEC} : DhcpNameServer = 192.168.1.254
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\w8ql6nqe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT655988&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://aol.com
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\w8ql6nqe.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\MailUtil.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\w8ql6nqe.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12); user_pref(yahoo.homepage.dontask, true);user_pref(general.useragent.extra.zencast, Creative ZENcast v2.01.01);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2009-1-20 6097]
R2 Recovery Commander Task Manager;Recovery Commander Task Manager;c:\progra~1\vcom\recove~1\mxtask.exe -service --> c:\progra~1\vcom\recove~1\MXTask.exe -Service [?]
R2 ssfmonm;ssfmonm;c:\windows\system32\drivers\ssfmonm.sys [2011-3-17 47120]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [2011-3-17 3900032]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\security\current\framework\WRConsumerService.exe [2011-5-13 3276136]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-21 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-21 135664]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2009-1-20 299923]
S3 Termfb;Termfb; [x]
.
=============== Created Last 30 ================
.
2011-08-02 13:35:20 553048 ----a-w- c:\windows\system32\PerfStringBackup.TMP
.
==================== Find3M ====================
.
2011-06-02 14:02:05 1858944 ---ha-w- c:\windows\system32\win32k.sys
.
============= FINISH: 14:32:53.85 ===============

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:12 AM

Posted 02 August 2011 - 06:40 PM

OK good... Now we need to repost that log so the DDS log analyst can review it.

Please do step 9
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,854 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:12 AM

Posted 04 August 2011 - 07:07 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic412585.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users