Jump to content

about:SecurityRisk when explorer opens


Recommended Posts

I get this when explore opens:about:SecurityRisk I cant install Adobe Flash Play. computer runs very slow. thanks for your help

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by A at 8:05:30 on 2012-03-02

.

============== Running Processes ===============

.

C:\WINDOWS\Explorer.EXE

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\clclean.0001

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\XM Tuner\XMTunerService.exe

C:\WINDOWS\system32\imapi.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrator\Desktop\dds.scr

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZon0.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZon0.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: RewardsArcadeSuite: {b6ef6c45-5e8d-4c3b-b580-a5073261a381} - c:\program files\rewardsarcadesuite\RewardsArcadeSuite.dll

BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: {B6CDE539-A03C-484B-8FC0-B8A3775C5220} - No File

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZon0.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [Creative MediaSource Go] "c:\program files\creative\mediasource\go\CTCMSGo.exe" /SCB

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [setDefaultMIDI] MIDIDef.exe

uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r

mRun: [iSW]

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/swdir8d204.cab

DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} - hxxp://software-dl.real.com/0627ec326cdc0242a823/windows/mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1223341285390

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{B51A5632-EB54-4323-801F-6E773D2F468E} : DhcpNameServer = 192.168.2.1

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 c:\windows\system32\ddcYqrOE

Hosts: 91.206.201.8 esysprotector.microsoft.com

Hosts: 91.206.201.8 esysprotector.com

Hosts: 91.206.201.8 www.esysprotector.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\un2sueu1.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=109929&babsrc=HP_ss&mntrId=984355df000000000000001372166f3a

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109929&babsrc=adbartrp&mntrId=984355df000000000000001372166f3a&q=

FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.id - 984355df000000000000001372166f3a

FF - user.js: extensions.BabylonToolbar_i.hardId - 984355df000000000000001372166f3a

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15399

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:37:56

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109929

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

============= SERVICES / DRIVERS ===============

.

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? EraserUtilDrvI11;EraserUtilDrvI11

R? McComponentHostService;McAfee Security Scan Component Host Service

R? McrdSvc;Media Center Extender Service

R? vsmon;TrueVector Internet Monitor

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

S? aswFsBlk;aswFsBlk

S? aswSnx;aswSnx

S? aswSP;aswSP

S? avast! Antivirus;avast! Antivirus

S? gupdate;Google Update Service (gupdate)

S? ISWKL;ZoneAlarm Toolbar ISWKL

S? IswSvc;ZoneAlarm Toolbar IswSvc

S? MBAMProtector;MBAMProtector

S? MBAMService;MBAMService

S? Vsdatant;Vsdatant

S? WsAudioDevice_383;WsAudioDevice_383

S? XMTunerService;XMTuner

.

=============== Created Last 30 ================

.

2012-03-01 08:59:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-01 00:09:42 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes

2012-03-01 00:09:31 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-03-01 00:09:29 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-01 00:09:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-29 01:37:51 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Babylon

2012-02-29 01:37:50 -------- d-----w- c:\documents and settings\all users\application data\Babylon

2012-02-29 01:37:50 -------- d-----w- c:\documents and settings\administrator\application data\Babylon

2012-02-28 23:53:52 -------- d-----w- c:\windows\system32\Adobe

2012-02-28 23:11:42 -------- d--h--w- c:\windows\system32\GroupPolicy

2012-02-28 00:59:55 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan

2012-02-28 00:59:53 -------- d-----w- c:\program files\McAfee Security Scan

2012-02-28 00:40:31 16640 ----a-w- c:\windows\system32\drivers\WsAudioDevice_383.sys

2012-02-28 00:40:29 -------- d-----w- c:\program files\Wondershare

2012-02-28 00:37:23 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache

2012-02-24 13:08:55 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE

2012-02-24 13:03:41 -------- d-sh--w- c:\documents and settings\administrator\IETldCache

2012-02-24 02:09:14 -------- d-----w- c:\windows\ie8updates

2012-02-24 02:07:12 -------- dc-h--w- c:\windows\ie8

2012-02-24 02:03:35 6144 ------w- c:\windows\system32\dllcache\iecompat.dll

2012-02-24 02:03:28 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2012-02-24 02:03:27 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2012-02-24 02:03:27 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2012-02-24 02:02:34 -------- d-----w- C:\eeaa99526a0027c709c32acc37eb6a

2012-02-19 00:39:24 -------- d-----w- c:\windows\system32\cache

2012-02-17 15:13:46 -------- d-----w- c:\documents and settings\all users\application data\WeCareReminder

2012-02-17 15:04:04 -------- d-----w- c:\program files\AVG Secure Search

2012-02-17 15:04:00 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2012-02-17 14:26:45 -------- d-----w- c:\documents and settings\administrator\application data\CheckPoint

2012-02-17 14:26:25 -------- d-----w- c:\documents and settings\administrator\local settings\application data\ZoneAlarm_Security

2012-02-17 14:26:25 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Temp

2012-02-17 14:26:25 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Conduit

2012-02-17 14:26:24 -------- d-----w- c:\program files\ZoneAlarm_Security

2012-02-17 14:25:39 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint

2012-02-17 14:24:20 -------- d-----w- c:\program files\CheckPoint

2012-02-17 14:18:24 610648 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-02-17 14:18:13 41184 ----a-w- c:\windows\avastSS.scr

2012-02-16 06:32:09 3072 ------w- c:\windows\system32\iacenc.dll

2012-02-16 06:32:09 3072 ------w- c:\windows\system32\dllcache\iacenc.dll

2012-02-10 01:28:06 -------- d-----w- c:\program files\Roni Music

2012-02-10 00:58:24 -------- d-----w- c:\program files\Guitar and Bass

2012-02-10 00:58:24 -------- d-----w- c:\documents and settings\all users\application data\Guitar and Bass

2012-02-10 00:49:39 -------- d-----w- c:\program files\Audacity

2012-02-10 00:49:25 -------- d-----w- c:\program files\RewardsArcadeSuite

2012-02-08 01:03:50 -------- d-----w- c:\documents and settings\administrator\local settings\application data\mdnslib

2012-02-08 01:02:58 -------- d-----w- c:\windows\Replay Music

2012-02-08 01:02:58 -------- d-----w- c:\program files\Replay Music 4

2012-02-08 00:27:55 -------- d-----w- c:\documents and settings\all users\application data\XMTuner

2012-02-08 00:26:24 -------- d-----w- c:\program files\XM Tuner

2012-02-07 01:43:15 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla

2012-02-07 01:42:59 -------- d-----w- c:\program files\Aurora

2012-02-07 00:45:23 -------- d-----w- c:\program files\CCleaner

2012-02-03 03:56:33 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Adobe

2012-02-02 08:16:59 -------- d-----w- c:\documents and settings\administrator\local settings\application data\SupportSoft

2012-02-02 00:39:31 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Apple Computer

.

==================== Find3M ====================

.

2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys

2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:46:36 43520 ------w- c:\windows\system32\licmgr10.dll

2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:22:58 385024 ------w- c:\windows\system32\html.iec

2009-01-28 18:39:50 9216 --sha-w- c:\windows\system32\yenegito.dll

.

============= FINISH: 8:07:21.89 ===============

dds.txt

attach.txt

Link to post
Share on other sites

Hi mcavender and Welcome to Malwarebytes!

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

---------------------------------------------------------------------------------------------

I see you have avast! Free Antivirus and ZoneAlarm Security in your computer.Two Anti-Virus Programs takeup an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove one of them.

Let's check for a Tdss rootkit:

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

Link to post
Share on other sites

  • 1 month later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.