TB1RedShoe Posted November 14, 2008 ID:34772 Share Posted November 14, 2008 Good Evening,Well, for starters, technology is wonderful when it works, yet when it doesn't...its not so wonderful! <groan>So, that having been said I've noticed a few (bad) changes to my computer within the last few days.1.) I receive multiple pop-ups when opening my web browser (Internet Explorer). The Webpage replicates itself up to 172 times (completely taking over my monitor screen + slowing down my computer/freezing it entirely).2.) My Computer, even those areas not directly affected, is VERY slow...3.) When checking my Anti-Virus (McAfee Security Center) I notice 3 Trojans quarantined (yet not deleted/removed). The 3 Trojans are JS/FakeAlert-AB.dldr .Their pathways are the same:C:\Program Files\Internet Explorer\iexplore.exeC:\Users\Blondie\AppData\Local\Microsoft\Temporary Internet Files\Low\Content.IE5\BI40B174\_freescan[1].htmC:\Users\Blondie\AppData\Local\Microsoft\Temporary Internet Files\Low\Content.IE5\WKKU1CXH\_freescan[1].htm4.) Last, but not least, I noticed that in my Firewall log (McAfee Security Center), under outbound events, it noted that Microsoft Office PowerPoint tried to access the internet (yet was blocked by the firewall twice). I, however, have never opened/used PowerPoint (bit worried about that to tell you the truth).So, here's what I've done so far...Deleted the TEMP file in IE & updated ALL my security software (SpySweeper, MBAM, McAfee Security Center, SpywareBlaster, CCleaner) and ran scans. Not sure though if that did the trick could someone PLEASE check my logs to see if ALL is okay?Malwarebytes' Anti-Malware 1.30Database version: 1390Windows 6.0.6001 Service Pack 111/12/2008 6:39:03 PMmbam-log-2008-11-12 (18-39-03).txtScan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)Objects scanned: 120811Time elapsed: 1 hour(s), 6 minute(s), 33 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:33:30 PM, on 11/13/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\RtHDVCpl.exeC:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Windows\wdcbg.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Windows\System32\WDBtnMgr.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\System32\mobsync.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\McAfee\MSK\mskagent.exeC:\Program Files\McAfee\MSC\mcshell.exeC:\PROGRA~1\McAfee\MSC\McLgView.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Users\Mickey C\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellcommunity.com/supportforums...=0&nav=trueR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by DellR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [ECenter] "C:\Dell\E-Center\EULALauncher.exe"O4 - HKLM\..\Run: [RtHDVCpl] "C:\Windows\RtHDVCpl.exe"O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyO4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKLM\..\Run: [WDCBG] "C:\Windows\WDCBG.EXE"O4 - HKLM\..\Run: [WD Button Manager] "C:\Windows\system32\WDBtnMgr.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscriptO4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttrayO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintrayO4 - HKCU\..\Run: [WindowsWelcomeCenter] "C:\Windows\system32\rundll32.exe" oobefldr.dll,ShowWelcomeCenterO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLLO20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dllO23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exeO23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exeO23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exeO23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exeO23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeO23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe--End of file - 8777 bytesO23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (WHAT THE HECK???)O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (Again...WHAT THE HECK???)I also did a Panda ActiveScan 2.0 (albeit I didn't get a log file) that said, "Congratulations you don't have any infections today."I am, as said, REALLY worried about the Firewall Outbound events (Microsoft PowerPoint) as well.I thany you ALL for any and all help in this matter.Blondie Link to post Share on other sites More sharing options...
JeanInMontana Posted November 14, 2008 ID:34858 Share Posted November 14, 2008 Hello again. ;-) Please move HJT to Program Files\HiJack This . PowerPoint is part of Office, it may try to access for updates. I wouldn't be too worried about PP accessing, it's not malware. The two HJT lines you question are from System Mechanic. If you have it installed.What McAfee found was in temp files and not resident. CCleaner <=== not a security application.I see no malware in your logs, MBAM is outdated.You have lots of stuff starting at boot up that is not needed. You must update the following.You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.Your running an outdated and unsafe version of Adobe Acrobat Reader latest version. Or get the alternative faster lighter on resources Foxit PDF Reader and Editor Look at the Downloads tab here or Downloads if you don't want to see the features etc. Link to post Share on other sites More sharing options...
TB1RedShoe Posted November 26, 2008 Author ID:36562 Share Posted November 26, 2008 Dear Jean,Well, for starters, thank you ever SO MUCH for reading & responding to my post/thread! <Big Hug>Sorry for not being able to get back to you sooner (I got sick the day after I started this thread...several trips to the doctor's office...this is my first opportunity to post here again) lest you think I forgot about this thread I had started (or worse...that I was inpolite & took you for granted).So, that having been said, thank you for looking at my logs & for your GREAT input! What made me a wee bit nervous about PowerPoint is that on one hand it is not the only program on my desktop's harddrive, yet it is the ONLY program that appears under "Outbound Events" for my McAfee Firewall (combine that with the trojans & the many pop-ups, hence my concern...thought a hacker was trying to upload/highjack information from my desktop...I get SO many attacks on my firewall on a daily basis...people trying to access various ports on my comp).System Mechanic? Sorry, the blonde, blue-eyed, German girl (that also majored in Social Science) doesn't have a clue...No, I don't really consider CCleaner to be a real security feature/alternative, yet I use it primarily to delete cookies (rather than making space on my harddrive). Oh, on that note, if I have a trojan in my browsers TEMP file...and I delete Internet Explorer's (Browser history) + run CCleaner...does that then also mean that I killed off the trojans (sorry if the question sounds naive)?I'm going to follow your suggestions and make the necessary changes to my desktop...if its okay I'll post here on this thread (within the next few days) should I run into any trouble. In the interval..I hope you have a great Thanksgiving!From the German klutz,Blondie Link to post Share on other sites More sharing options...
Recommended Posts