Hope someone can help

[alicez]

Today is my 75th birthday and I had to have infections when I ran the Malwasre Bytes scan. I thought i couldn quarantine the infections, but guess that is not possible. I saw a pop up earlier in the day about "System Shutdown NT authority and then I saw this page http://support.gateway.com/s/issues/2-976684501.shtml.

(Don't know how this could have happened since I use modem/router and PC Tools Firewall and ShiledsUp said everything was in stealth. I have WinXPsp3 / IE 8.)

But then when I ran the MB scan, it found 8 infections. After the scan I didn't know what to do I was so excited; so I just closed MB without doing anything.

Can anyone help me please? I hope it is not really serious because this is the only computer I have. I have been up most of the night trying to find answers. Please help.

I also keep getting a pop-up from PC Tools Firewall, which reads something like: VMware NAT Service...VMware NAT Service is attempting to use another process Network Command Shell with parameters..Vmonitor.exe. I don't allow it!

======

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:22:54 PM, on 1/11/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Digital Media Reader\shwiconem.exe

C:\WINDOWS\zHotkey.exe

C:\WINDOWS\ALCWZRD.EXE

C:\Program Files\Common Files\AOL\1168442579\ee\AOLSoftware.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\DOCUME~1\ALLUSE~1\APPLIC~1\OFFICE~1\vmonitor.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\PC Tools Firewall Plus\FWService.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\WgaTray.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O3 - Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168442579\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [vmonitor] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OFFICE~1\vmonitor.exe -mode=background

-check=memory

O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe

-Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR

2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.adobe.com/shockwave/welcome/"

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL

Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL

Toolbar\toolbar.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.intuit.com

O15 - Trusted Zone: http://*.intuit.com

O15 - Trusted Zone: http://*.mcafee.com

O15 - Trusted Zone: http://*.turbotax.com

O15 - Trusted Zone: http://flagship.vanguard.com

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -

https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) -

https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) -

http://install.homestead.com/~site/Install...ive/HS_live.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.microsoft.com/windowsupd...b?1256668986375

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O21 - SSODL: SwUpdate - {009541A0-3B00-1F1C-00F3-040224001C01} - C:\Documents and Settings\All

Users\Application Data\Macromedia\SwUpdate\swupdate.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update

Service\IntuitUpdateService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe (file

missing)

O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall

Plus\FWService.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New

Boundary\PrismXL\PRISMXL.SYS

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 8319 bytes

======

Malwarebytes' Anti-Malware 1.44

Database version: 3539

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

1/11/2010 1:59:28 AM

mbam-log-2010-01-11 (01-59-14).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 205251

Time elapsed: 41 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 1

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll (Trojan.Chksyn) -> No action taken.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{009541a0-3b00-1f1c-00f3-040224001c01} (Trojan.Chksyn) -> No action taken.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\swupdate (Trojan.Chksyn) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vmonitor (Trojan.Dropper) -> No action taken.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\swupdate.dll (Trojan.Chksyn) -> No action taken.

C:\Documents and Settings\All Users\Application Data\OfficeGuardian\vmonitor.exe (Worm.KoobFace) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\Local.dtd (Malware.Trace) -> No action taken.

C:\Documents and Settings\All Users\Application Data\Macromedia\SwUpdate\Ui.dtd (Malware.Trace) -> No action taken.

[extremeboy]

Hello and welcome to Malwarebytes.

I Apologize for the late response.

If you still require assistance, we would like to see the latest state of your system. So, please take a read in this thread on instructions on running the tools and posting the logs for instructions: http://www.malwarebytes.org/forums/index.php?showtopic=9573

In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.

Please note that the forum is very busy and if I don

[extremeboy]

Hello.

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,

Extremeboy