Jump to content

bhed

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you for your help. Here are the DDS logs, and I've attached the GMER log as a ZIP. DDS (Ver_10-03-17.01) - NTFSx86 Run by Eric at 10:15:22.21 on Sun 05/02/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.2047.1521 [GMT -7:00] ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\FolderSize\FolderSizeSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Empowering Technology\eLock\LockServ.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\TUProgSt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Eric\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://google.com/ mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=0&o=xpp&d=0209&m=veriton_m460 mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=0&o=xpp&d=0209&m=veriton_m460 uInternet Settings,ProxyOverride = *.local TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [<NO NAME>] mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe uPolicies-explorer: NoFolderOptions = 30 IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab Notify: AtiExtEvent - Ati2evxx.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\eric\applic~1\mozilla\firefox\profiles\1irjg9r2.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.com FF - plugin: c:\documents and settings\eric\application data\move networks\plugins\071802000001\npqmp071802000001.dll FF - plugin: c:\documents and settings\eric\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\eric\application data\move networks\plugins\npqmp071701000002.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [2006-6-8 17664] R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [2006-6-6 90112] R2 LockServ;LockServ;c:\acer\empowering technology\elock\lockserv.exe -p --> c:\acer\empowering technology\elock\LockServ.exe -p [?] S0 mfeyei;mfeyei; [x] S1 f40fdded;f40fdded;c:\windows\system32\drivers\f40fdded.sys --> c:\windows\system32\drivers\f40fdded.sys [?] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-18 25832] S3 diskchk;diskchk;\??\c:\windows\system32\diskchk.sys --> c:\windows\system32\diskchk.sys [?] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-2-21 20952] S4 bocmsiks;bocmsiks;c:\windows\system32\drivers\umtsrsn.sys [2010-4-24 54016] S4 cftn;cftn;c:\windows\system32\drivers\euuc.sys [2010-4-24 54016] S4 hidt;hidt;c:\windows\system32\drivers\mgnmnr.sys [2010-4-24 54016] =============== Created Last 30 ================ 2010-04-29 23:29:58 711168 ----a-w- c:\windows\is-HB0SR.exe 2010-04-29 23:29:58 399 ----a-w- c:\windows\is-HB0SR.lst 2010-04-29 23:29:58 10562 ----a-w- c:\windows\is-HB0SR.msg 2010-04-24 20:25:52 0 d-----w- c:\docume~1\alluse~1\applic~1\avG 2010-04-24 20:13:44 115343872 --sha-w- C:\eDS_PSD_drive.vmdf 2010-04-24 20:13:37 188 ----a-w- c:\windows\system32\eDataSecurity.dat 2010-04-24 20:13:37 188 ----a-w- c:\windows\system32\eDataSecurity.bak 2010-04-24 19:42:27 0 d-----w- c:\program files\CCleaner 2010-04-24 16:34:08 54016 ----a-w- c:\windows\system32\drivers\mgnmnr.sys 2010-04-24 16:33:01 54016 ----a-w- c:\windows\system32\drivers\umtsrsn.sys 2010-04-24 16:28:30 54016 ----a-w- c:\windows\system32\drivers\euuc.sys 2010-04-24 15:21:58 163328 ----a-w- c:\windows\Ocuheb.exe 2010-04-24 15:17:03 144 ----a-w- c:\windows\system32\PRAGMAsrcr.dat 2010-04-24 15:16:28 0 d-----w- c:\docume~1\eric\applic~1\D90D0396956E036D8A802033D987447A 2010-04-24 15:16:26 163328 ----a-w- c:\windows\Ocuhea.exe 2010-04-09 16:50:43 0 d-----w- c:\docume~1\eric\applic~1\HandBrake 2010-04-09 16:50:39 0 d-----w- c:\program files\Handbrake ==================== Find3M ==================== 2010-04-29 22:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 22:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-27 01:26:05 52736 ----a-w- c:\windows\system32\drivers\i8042prt.sys 2010-03-30 08:00:47 699904 ----a-w- c:\windows\is-4U2TF.exe 1999-05-07 12:22:00 8944 ----a-w- c:\windows\inf\USBSCAN.SYS ============= FINISH: 10:16:21.04 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-03-17.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 2/20/2009 9:48:34 PM System Uptime: 5/2/2010 10:05:18 AM (0 hours ago) Motherboard: ACER | | EG31M Processor: Intel® Core2 Duo CPU E4700 @ 2.60GHz | CPU 1 | 2593/200mhz Processor: Intel® Core2 Duo CPU E4700 @ 2.60GHz | CPU 1 | 2593/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 70 GiB total, 25.901 GiB free. D: is FIXED (NTFS) - 70 GiB total, 64.353 GiB free. E: is CDROM () F: is FIXED (NTFS) - 71 GiB total, 37.3 GiB free. G: is FIXED (NTFS) - 233 GiB total, 117.466 GiB free. ==== Disabled Device Manager Items ============= Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318} Description: ATI Function Driver for High Definition Audio - ATI AA01 Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&FE52FAD&0&0001 Manufacturer: ATI Name: ATI Function Driver for High Definition Audio - ATI AA01 PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&FE52FAD&0&0001 Service: AtiHdmiService Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318} Description: Microsoft PS/2 Mouse Device ID: ACPI\PNP0F03\4&EDAA9BC&0 Manufacturer: Microsoft Name: Microsoft PS/2 Mouse PNP Device ID: ACPI\PNP0F03\4&EDAA9BC&0 Service: i8042prt ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== Acer eDataSecurity Management Acer eDataSecurity Management 2.0.4093 Acer eLock Management Acer Empowering Technology Acer ePerformance Management Acer eProtection Acer eSettings Management Add or Remove Adobe Creative Suite 3 Web Premium Adobe Acrobat 8 Professional Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe BridgeTalk Plugin CS3 Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Creative Suite 3 Web Premium Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Flash Player 10 Plugin Adobe Flash Player 9 ActiveX Adobe Flash Video Encoder Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader 8.1.0 Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 AHV content for Acrobat and Flash AiO_Scan_CDA AiOSoftwareNPI Apple Software Update ATI - Software Uninstall Utility ATI AVIVO Codecs ATI Catalyst Control Center ATI Display Driver ATI Problem Report Wizard GMERLOG.zip
  2. Is there a way to get rid of this without reformatting my hard drive and reinstalling XP? Latest Scan (This has been going on for a week) - Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4056 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 4/30/2010 4:14:52 PM mbam-log-2010-04-30 (16-14-52).txt Scan type: Quick scan Objects scanned: 152611 Time elapsed: 6 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Eric\Local Settings\Temp\RarSFX0\smwi152.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
  3. I see there are other LeaseWeb IP's blocked as well. While I understand that they host some sketchy sites, until you enable an ignore list for IP addresses (seriously, a popping noise every 4 seconds regardless of the site I'm visiting?), I'm going to have to disable IP protection, which seriously weakens the whole point of PAYING for MWB-AM. I unfortunately cannot give this product a positive review until this gets resolved.
  4. Tracked to LeaseWeb, a major ISP in the Netherlands. Pops up every 4 seconds
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.