Jump to content

Nikanj

Members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Posts posted by Nikanj

    Malwarebytes Update = Severe XP issues

    in Malwarebytes for Windows Support Forum

    Posted

    I too started to exprience frequent desktop freezes etc. when my pro version of Malwarebytes was updated to version 1.6 a couple of days ago.

    I'm currently using:

    Windows XP with SP3

    Zone Alarm Extreme Security ver 9.3.037.000

    which includes

    Truevector security engine ver 9.3.037.000

    Driver Version 9.1.522.000

    AV/ASW engine version 8.0.2.48

    Antispam version 6.0.0.2383

    Browser Security 41.5.152.14

    I originally thought the desktop freeze-ups were a further symptom of a possible infection I may have (I'd posted an as yet unreplied to request for assistance in the Hijack this logs forum - the dds log included with my Dec 27th post was generated when I still had malwarebytes ver 1.51.2.1300 installed.) The day after posting the log, I updated to the newly released MB version 1.6 to see if it could shed some light on the alerts I was getting from ZoneAlarm. Shortly thereafter the freeze-ups began.

    In my case, when the freeze-up occurs (sometimes right after a computer re-start, other times a few minutes after a re-boot, and in two instances a little over a hour after re-boot), the mouse cursor can still be moved freely around the desktop but it cannot highlight, select or enagage any of the icons on either the desktop or task bar. The desktop clock is frozen but the clock on my logitec keyboard remains active and current. During one of my trouble-shooting attempts after the freezes first appeared, I happened to have the processes tab of task manager open (sorting by CPU usage). After the desktop freezes, the image names of the processes continue to suffle as CPU usage changes (including the regular appearance of MB's process as it uses 40 - 60%). After a minute or two however, even the task manager window freezes.

    I stumbled onto this thread by accident and I'm glad I did.

    As malwarebyte's checked box indicating active live protection was greyed out and could not be unchecked, I accessed msconfig and disabled malwarebvytes from starting up altogether. After re-booting, I have not experienced any further desktop freezes.

    Possible Sinowal.knt Infection or false positive

    in Resolved Malware Removal Logs

    Posted

    Hi,

    I've started to get disquieting alerts from my anti-virus program (ZoneAlarm) notifying me that backdoor.Win32.Sinowal.knt has been discovered and repaired, only to have the same notice appear several times again later - about 10 "repairs" made since the notices started late last week (Dec 23rd). Zone Alarm says it is making repairs to \DEVICE\HARDDISK0\DR0 and \Device\harddisk1\DR1.

    I have not installed any new programs recently.

    I have Malwarebytes Anti-Malware Pro v1.51.2.1300 but it does not identify any issues when full and flash scans are run.

    First thing I tried was restoring XP to a point before the alerts started to appear only to find that the system would not restore to any of the dates I tried (I get the failed to restore notice at re-boot)

    I ran msconfig and looked through the start-up programs. There was one start-up program on the list written in a long string of Asian characters. I unchecked it and re-booted. Towards the end of the reboot, a sequence of two pop-up windows appeared saying a program referenced in registry was unable to start, but no indication was given as to what the program was. I went back to the list of start-up programs in msconfig and the one with the long string of Asian characters was gone, but there was now a startup program with one Asian character followed by a dot in the list.

    I also discovered that all my Windows XP restore points were also gone.

    I scanned my system with a couple of rootkit analyzers [rootkit buster and fseasyclean] with mixed results. Rootkit buster did highlight some potential issues (Several I suspect being tied to false positives with Acronis TrueImage.] I tried repairing the ones not Acronis specific but received "Could not repair" notices for all. fseayclean did not find anything.

    Whenever I re-boot, I still get the sequence of two pop-up windows appearing that say a program referenced in registry was unable to start, but there is no indication as to what the program is.

    I've included the DDS text output below and added the attach.zip with the attach.txt file as requested.

    Could you have a look through these logs to see if there is an issue? Perhaps Zone Alarm is giving a false positive (latest virus list for scanning was updated Dec 27) but I cannot find any reference to this problem on their forum. Also, if you happen to discover what the "missing program at start-up" is during your review, could you notify me so I can delete it entirely.

    Your help is appreciated.

    Best Regards

    Doug

    .

    DDS (Ver_2011-08-26.01) - NTFSx86

    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

    Run by Doug at 16:52:30 on 2011-12-27

    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1225 [GMT -6:00]

    .

    AV: ZoneAlarm Extreme Security Antivirus *Disabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}

    FW: ZoneAlarm Extreme Security Firewall *Enabled*

    .

    ============== Running Processes ===============

    .

    C:\WINDOWS\system32\svchost -k DcomLaunch

    svchost.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    svchost.exe

    svchost.exe

    C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Creative\Shared Files\CTAudSvc.exe

    svchost.exe

    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

    C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\CTsvcCDA.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Program Files\Microsoft LifeCam\MSCamS32.exe

    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

    C:\WINDOWS\system32\nvsvc32.exe

    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

    C:\WINDOWS\system32\svchost.exe -k imgsvc

    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    C:\Program Files\Winamp\winampa.exe

    C:\WINDOWS\vVX3000.exe

    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\Nuance\PDF Create! 5\pdfcreate5hook.exe

    C:\WINDOWS\system32\RunDLL32.exe

    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

    C:\Program Files\Pure Networks\Network Magic\nmapp.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Program Files\Logitech\G-series Software\LGDCore.exe

    C:\Program Files\Logitech\G-series Software\LCDMon.exe

    C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe

    C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe

    C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe

    C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe

    C:\Program Files\Logitech\SetPointP\SetPoint.exe

    C:\WINDOWS\system32\CTXFIHLP.EXE

    C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe

    C:\WINDOWS\CTHELPER.EXE

    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

    C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FTCtrl32.exe

    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

    C:\PROGRAM FILES\FAXTALK COMMUNICATOR\FAPIEXE.EXE

    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

    C:\Program Files\Quicken\bagent.exe

    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\wscntfy.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.canadagrain.com/

    uWindows: load=?

    uWindows: Run=?

    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll

    BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf create! 5\bin\ZeonIEFavClient.dll

    BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll

    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll

    TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

    TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf create! 5\bin\ZeonIEFavClient.dll

    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

    uRun: [QuickenScheduledUpdates] c:\program files\quicken\bagent.exe

    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

    uRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel Photo Downloader.exe" -startup

    mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"

    mRun: [Nuance PDF Create! 5-reminder] "c:\program files\nuance\pdf create! 5\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\pdf create! 5\ereg\Ereg.ini"

    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

    mRun: [VX3000] c:\windows\vVX3000.exe

    mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r

    mRun: [updReg] c:\windows\UpdReg.EXE

    mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

    mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

    mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

    mRun: [PDFHook] c:\program files\nuance\pdf create! 5\pdfcreate5hook.exe

    mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf create! 5\RegistryController.exe

    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

    mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"

    mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash

    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

    mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

    mRun: [Launch LGDCore] "c:\program files\logitech\g-series software\LGDCore.exe" /SHOWHIDE

    mRun: [Launch LCDMon] "c:\program files\logitech\g-series software\LCDMon.exe"

    mRun: [Launch Ai Booster] "c:\program files\asus\ai booster\OverClk.exe"

    mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup

    mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

    mRun: [CTxfiHlp] CTXFIHLP.EXE

    mRun: [CTHelper] CTHELPER.EXE

    mRun: [Corel File Shell Monitor] c:\program files\corel\corel paintshop photo pro\x3\pspclassic\CorelIOMonitor.exe

    mRun: [CallControl 4.7] "c:\program files\faxtalk communicator\FTCtrl32.exe" /autoload

    mRun: [bCWipeTM Startup] "c:\program files\jetico\bcwipe\BCWipeTM.exe" startup

    mRun: [AsusStartupHelp] c:\program files\asus\aasp\1.00.16\AsRunHelp.exe

    mRun: [AGRSMMSG] AGRSMMSG.exe

    mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin

    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

    mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

    IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf create! 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

    IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf create! 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

    IE: Append to existing PDF file - c:\program files\nuance\pdf create! 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

    IE: Create PDF file - c:\program files\nuance\pdf create! 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

    IE: Create PDF file from the content of the link - c:\program files\nuance\pdf create! 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

    IE: Create PDF files from the selected links - c:\program files\nuance\pdf create! 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

    DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab

    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

    DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab

    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1270315320046

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

    DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab

    TCP: DhcpNameServer = 192.168.100.254

    TCP: Interfaces\{962AC4CF-53EB-4FCD-A927-80C74451C492} : DhcpNameServer = 192.168.100.254

    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll

    Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll

    Handler: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - c:\program files\common files\intuit\intu-res.dll

    Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll

    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll

    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - c:\documents and settings\doug\application data\mozilla\firefox\profiles\9rb8mt3h.default\

    FF - prefs.js: browser.startup.homepage -

    FF - prefs.js: network.proxy.http - 127.0.0.1

    FF - prefs.js: network.proxy.http_port - 4444

    FF - prefs.js: network.proxy.ssl - 127.0.0.1

    FF - prefs.js: network.proxy.ssl_port - 4445

    FF - prefs.js: network.proxy.type - 0

    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

    FF - plugin: c:\program files\nos\bin\np_gp.dll

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2011-9-15 128016]

    R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2010-4-7 911680]

    R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [2010-4-3 6144]

    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-9-15 317072]

    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-9-15 528128]

    R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-4-7 2480048]

    R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-8-27 26352]

    R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-8-27 493032]

    R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-3-23 10448]

    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-5 366152]

    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-17 2253120]

    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

    R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-4-7 160704]

    R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]

    R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]

    R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]

    R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2010-8-27 35568]

    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-5 22216]

    R3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\26.tmp --> c:\windows\system32\26.tmp [?]

    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-27 136176]

    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-9-23 16512]

    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-4-2 79360]

    S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]

    S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]

    S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]

    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-27 136176]

    S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-2-28 14336]

    S4 BCSWAP;BCSWAP;c:\windows\system32\drivers\BCSwap.sys [2002-8-15 87968]

    .

    =============== Created Last 30 ================

    .

    2011-12-26 07:20:33 -------- d-----w- c:\program files\Sophos

    2011-12-26 06:23:28 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys

    2011-12-25 21:21:45 59888 ------w- c:\windows\system32\pxwma.dll

    2011-12-25 21:21:45 126448 ------w- c:\windows\system32\pxinsi64.exe

    2011-12-25 21:21:45 123888 ------w- c:\windows\system32\pxcpyi64.exe

    2011-12-25 21:16:14 -------- d-----w- c:\documents and settings\doug\local settings\application data\Apple

    2011-12-02 04:59:55 -------- d-----w- c:\program files\IrfanView

    .

    ==================== Find3M ====================

    .

    2011-12-20 23:59:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2011-12-01 01:34:42 2828 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys

    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll

    2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

    2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

    2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec

    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll

    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll

    2011-10-26 21:29:28 88 --sh--r- c:\documents and settings\all users\application data\E644C5072D.sys

    2011-10-26 21:12:48 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin

    2011-10-26 21:12:48 1 ----a-w- c:\windows\system32\nvdrssel.bin

    2011-10-26 21:11:57 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin

    2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

    2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2011-10-24 20:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

    2011-10-24 20:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts

    2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll

    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

    2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll

    2011-10-03 07:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl

    .

    ============= FINISH: 16:53:59.23 ===============

    Problem with Trojan Fraudpack malware

    in Resolved Malware Removal Logs

    Posted

    It appears my first posting a few days ago may have been overlooked. Given the number of requests for help that I see this site getting and the fact I am fortunate to have a current back-up of all my files on a separate hard drive, I decided this past weekend to bite-the-bullet and re-install windows rather than direct further effort towards removing the malware.

    In closing, some observations about the malware infecting my system:

    1) The malware appears to have affected one or more of the network resource files; as mentioned in my earlier post, since becoming infected on the 26th of March, I have been getting a MS Outlook application pop-up stating

    Problem with Trojan Fraudpack malware

    in Resolved Malware Removal Logs

    Posted

    I've encountered an issue I hope you can help with.

    Background

    During research for my agriculture news service, I visit hundreds of web pages daily. This Friday past, when loading one of the Asian news sites on my regular daily review list, my firewall (ZoneAlarm} issued a couple of quick warnings concerning suspicious behaviour.. I declined access in both instances, but something else must have gotten through as, about a minute later, my computer suddenly re-booted as I was typing an e-mail.

    Observations

    i) After the re-boot, the computer was performing noticeably slower, and on occasion would freeze (windows, taskbars, etc could not be accessed, but mouse cursor could be moved around freely.)

    ii) I started to get an MS Outlook alert window that "Either there is no default e-mail client or the e-mail client cannot fulfill the messaging request, please install Outlook...." [Note: MS Outlook has never been installed on this computer. I use another e-mail client]. This MS Outlook alert window appears right after a re-boot and every time I submit a web based form using either IE or Firefox (such as entering an ID and password, registering for this site, etc... the Post action appears to trigger a request to access Outlook.. someone trying to get my access info delivered to their in-box?)

    iii) Since Friday, I have had 3 BSOD events... the first identified the problem as IRQL-not-equal-or-less-than [or something to that effect] while the other two gave Stop 0x0000008e 0xC0000005 0x805B1547 0x9354DC30 0x00000000 as the error code. To eliminate the possibility of ram issues, I ran memtest for four hours: no errors were found.

    With frustrating frequency, the computer continues to freeze, with no consistent obvious cause.

    iv) I noticed Sunday that my fax modem would no longer initialize (agere USB fax modem). I also discovered that a link's in control panel was corrupted (generic icon present but no description or path associated with it) and that in hardware devices there were no com ports to be found (one of which was previously associated with the fax modem)

    Actions taken to date;

    Confirmed Zone Alarm and Windows XP are up-to-date with latest resource files and security patches.

    Performed a deep scan using Zone Alarm: no infections found.

    Performed a 4 hour test of the RAM using memtest: no errors found.

    Downloaded and ran Malwarebytes' Anti-Malware quick scan: no errors found

    Rebooted windows into safe mode and did a full scan using Malwarebytes' Anti-Malware: trojan fraudpack found in registry. I had the program fix the problem.

    Rebooted windows in Normal mode: warning concerning the default e-mail client appeared again. Computer seemed to be faster than earleir. After about an hour, however, the computer froze again as before [often, but not always, when 3 or more IE and or Firefox tabs are loading pages (a Java issue??), but freezes have also occurred when using file manager, sending an e-mail, and even once while writing this message in notepad whih no other applications running.]

    Re-installed modem driver: modem will still not initialize

    Deleted java and re-installed the latest version available at Sun Microsytems website: no change in computer's behaviour (still get default email notice, periodic freeze-ups and unable to initialize modem.

    Ran Malwarebytes' Anti-Malware quick scan: no errors found

    Any help or direction would be appreciated.

    Here is the HikjackThis report created this morning (I am about to perform another full scan using Malwarebytes' Anti-Malware while in safe mode. It takes about 2.5 hours to complete.)

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 9:09:33 AM, on 3/30/2010

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\CTsvcCDA.exe

    C:\Program Files\Java\jre6\bin\jqs.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

    C:\Program Files\Microsoft LifeCam\MSCamS32.exe

    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

    C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe

    C:\WINDOWS\system32\PnkBstrA.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\SearchIndexer.exe

    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

    C:\Program Files\FaxTalk Communicator\FTCtrl32.exe

    C:\Program Files\Logitech\G-series Software\LGDCore.exe

    C:\Program Files\Logitech\G-series Software\LCDMon.exe

    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe

    C:\WINDOWS\system32\CTHELPER.EXE

    C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe

    C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe

    C:\WINDOWS\system32\CTXFIHLP.EXE

    C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe

    C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe

    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

    C:\Program Files\Pure Networks\Network Magic\nmapp.exe

    C:\Program Files\Winamp\winampa.exe

    C:\WINDOWS\vVX3000.exe

    C:\Program Files\Motorola\Software Update\mumservice.exe

    C:\Program Files\FaxTalk Communicator\FAPIEXE.EXE

    C:\Program Files\Nuance\PDF Create! 5\pdfcreate5hook.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Quicken\bagent.exe

    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Logitech\SetPoint\SetPoint.exe

    C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

    C:\WINDOWS\system32\notepad.exe

    C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe

    C:\WINDOWS\system32\SearchProtocolHost.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canadagrain.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

    O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll

    O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Create! 5\bin\ZeonIEFavClient.dll

    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe

    O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"

    O4 - HKLM\..\Run: [CallControl 4.7] C:\Program Files\FaxTalk Communicator\FTCtrl32.exe /autoload

    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"

    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"

    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

    O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

    O4 - HKLM\..\Run: [bCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup

    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe

    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"

    O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe

    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Create! 5\pdfcreate5hook.exe

    O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Create! 5\RegistryController.exe

    O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

    O4 - HKLM\..\Run: [Nuance PDF Create! 5-reminder] "C:\Program Files\Nuance\PDF Create! 5\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\PDF Create! 5\Ereg\Ereg.ini"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [QuickenScheduledUpdates] C:\Program Files\Quicken\bagent.exe

    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O4 - Global Startup: NCProTray.lnk = ?

    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8942.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1240200632109

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15107/CTPID.cab

    O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

    O23 - Service: Google Update Service (gupdate1c9cfeded8a9190) (gupdate1c9cfeded8a9190) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe

    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --

    End of file - 11611 bytes

    PS: The web site I suspect was the source of this problem has been narrowed down to one of 6 to 8 (they were the pages loading into IE tabs at the time of the ZoneAlarm alert. They are all agriculture information and/or government news sites based in asia I have visted on a daily basis for the past copiule of years without issue. I can forward these links if you would like to test them on a protected machine (I have not tried accessing any of them again since Friday.)

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.