Jump to content

Unknown problem


goober

Recommended Posts

Hi guys and girls, thanks for the help. I just defragged my comp today using winutilities, after the restart how ever, i noticed microsoft security essentials icon go from blue to yellow and a window saying that my windows needs to be verified and the antivirus will expire in 30 days. So i click on the link to download and run a program that i need to verify my copy online. I checked the url and it was a www.microsoft.com/ something something. But the window from security essentials did look a tad off. Anways it did not verify, it just did nothing after i clicked it. I also get a untrusted connection to one of my bank websites, and to outlook for my .edu email, but not hotmail address. Im not sure if its a virus, or if winutilities did something to my registry. Oh and now when i try to log into starcraft i have a authorization for language pack needed. Below are the logs.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Goo at 19:40:41.87 on Mon 02/21/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2029.1496 [GMT -8:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

d:\Program Files\Microsoft Security Essentials\MsMpEng.exe

D:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

D:\WINDOWS\system32\acs.exe

svchost.exe

D:\Program Files\NETGEAR\WNA1100\WifiSvc.exe

D:\WINDOWS\system32\wuauclt.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Microsoft Security Essentials\msseces.exe

D:\Program Files\IDT\WDM\sttray.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\NETGEAR\WNA1100\WNA1100.exe

D:\Program Files\Trillian\trillian.exe

D:\WINDOWS\System32\svchost.exe -k HTTPFilter

D:\Program Files\Mozilla Firefox\firefox.exe

D:\Documents and Settings\Goo\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe

mRun: [MSSE] "d:\program files\microsoft security essentials\msseces.exe" -hide -runkey

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

StartupFolder: d:\docume~1\goo\startm~1\programs\startup\trillian.lnk - d:\program files\trillian\trillian.exe

StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - d:\program files\netgear\wna1100\WNA1100.exe

IE: E&xport to Microsoft Excel - d:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - d:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - d:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252263256703

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_19-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - d:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\goo\applic~1\mozilla\firefox\profiles\6a14x3x3.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.jiayo.com/phpBB2/index.php

FF - plugin: d:\documents and settings\goo\application data\facebook\npfbplugin_1_0_0.dll

FF - plugin: d:\documents and settings\goo\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: d:\progra~1\micros~3\office14\NPAUTHZ.DLL

FF - plugin: d:\progra~1\micros~3\office14\NPSPWRAP.DLL

FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

d:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

d:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

d:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

d:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

d:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;d:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]

R2 WSWNA1100;WSWNA1100;d:\program files\netgear\wna1100\WifiSvc.exe [2010-9-12 278528]

R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;d:\windows\system32\drivers\athuw.sys [2010-9-12 1710944]

R3 JSWSCIMD;jswscimd Service;d:\windows\system32\drivers\jswscimd.sys [2010-9-12 57440]

S3 jswpsapi;JumpStart Wi-Fi Protected Setup;d:\program files\netgear\wna1100\jswpsapi.exe [2010-9-12 360529]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files\microsoft office\office14\GROOVE.EXE [2009-10-29 30603640]

S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [2005-8-2 32512]

S3 osppsvc;Office Software Protection Platform;d:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]

=============== Created Last 30 ================

2011-02-22 03:36:33 20 ----a-w- d:\documents and settings\goo\defogger_reenable

2011-02-22 02:55:02 0 d-----w- d:\docume~1\goo\applic~1\Malwarebytes

2011-02-22 02:54:49 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys

2011-02-22 02:54:48 0 d-----w- d:\docume~1\alluse~1\applic~1\Malwarebytes

2011-02-22 02:54:47 20952 ----a-w- d:\windows\system32\drivers\mbam.sys

2011-02-22 02:54:47 0 d-----w- d:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

============= FINISH: 19:40:58.35 ===============

Thanks again.

attach.zip

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.