1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved windows.exe has stopped working?

Discussion in 'Malware and Virus Removal Archive' started by darricksux, 2009/06/01.

  1. 2009/06/01
    darricksux

    darricksux Inactive Thread Starter

    Joined:
    2009/06/01
    Messages:
    49
    Likes Received:
    0
    [Resolved] windows.exe has stopped working?

    :(Whenever i on my laptop, this windows.exe has stopped working microsoft message will appear. It reads, : "A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available." So i pressed Close program then it dissappear for like 5 seconds then the message pops out again. I can still use other program as normal but I really worried about this problem. Anyone knows or experienced this please tell me a solution to it.:(:(:(:(
     
  2. 2009/06/01
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,889
    Likes Received:
    386
    Welcome to WindowsBBS :)

    I suspect your computer is infected - I have moved your thread to the Malware & Virus Removal forum.

    Please read this as indicated at the head of the forum and post the logs requested in this thread.
     

  3. to hide this advert.

  4. 2009/06/01
    darricksux

    darricksux Inactive Thread Starter

    Joined:
    2009/06/01
    Messages:
    49
    Likes Received:
    0
    So what do i do???
     
  5. 2009/06/01
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,889
    Likes Received:
    386
    As I posted .....

    Please read this as indicated at the head of the forum and post the logs requested in this thread.

    I cannot be more straightford than that - read the announcement, download DDS, run it and copy/paste the logs generated in this thread.
     
  6. 2009/06/01
    darricksux

    darricksux Inactive Thread Starter

    Joined:
    2009/06/01
    Messages:
    49
    Likes Received:
    0
    DDS (Ver_09-05-14.01) - NTFSx86
    Run by bernice at 23:02:41.76 on Mon 01/06/2009
    Internet Explorer: 7.0.6000.16830
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.65.1033.18.3062.1454 [GMT 8:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
    SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: F-Secure Internet Security 2008 8.00 *enabled* (Outdated) {0651C4B0-1D7E-4682-B965-2E9523C483A5}
    SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
    FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\SingTel\McciTrayApp.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Windows\ehome\ehtray.exe
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Windows\system32\WerCon.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Users\bernice\AppData\Roaming\windows.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\WerFault.exe
    C:\Users\bernice\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=81&bd=Presario&pf=laptop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=81&bd=Presario&pf=laptop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_sg&c=81&bd=Presario&pf=laptop
    uInternet Settings,ProxyServer = proxy.tp.edu.sg:80
    uInternet Settings,ProxyOverride = *.tp.edu.sg;*.local;securlogin.arubanetworks.com;<local>
    BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
    BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
    TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    uRun: [{A6AF5514-F9F2-A9BB-BE69-36DE872CC057}] c:\users\bernice\appdata\local\temp\ixp000.tmp\PINWED~1.EXE
    uRun: [windows] c:\users\bernice\appdata\roaming\windows.exe
    uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe "
    mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0 "
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
    mRun: [isCfgWiz] "c:\program files\common files\symantec shared\opc\{c86ea115-facd-4aa8-bfa2-398c677d0936}\SYMCUW.exe" -G:{77CCBE0B-A541-49a9-883E-14F8337EC861} -T:Config -REBOOT
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [singtelRV_McciTrayApp] c:\program files\smartfix\McciTrayApp.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
    mRun: [SingTel_McciTrayApp] c:\program files\singtel\McciTrayApp.exe
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [windowsUpdate] c:\users\bernice\appdata\roaming\windows.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    Trusted Zone: hotmail.com
    Trusted Zone: tp.edu.sg\epoly
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-sg.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: avgrsstx.dll

    ============= SERVICES / DRIVERS ===============

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-17 325896]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-1 108552]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-10-17 908568]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-17 298776]
    R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
    R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-8-25 149864]
    S3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20070823.002\IDSvix86.sys [2007-12-16 180272]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

    =============== Created Last 30 ================

    2009-06-01 14:30 <DIR> --d----- c:\users\bernice\appdata\roaming\Uniblue
    2009-06-01 14:29 <DIR> --d----- c:\program files\Uniblue
    2009-06-01 14:29 <DIR> -cd-h--- c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
    2009-06-01 14:29 <DIR> -cd-h--- c:\progra~2\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
    2009-05-30 01:00 <DIR> a-d----- c:\programdata\TEMP
    2009-05-30 01:00 <DIR> --d----- C:\Fraps
    2009-05-29 20:59 486,912 a------- c:\users\bernice\appdata\roaming\svchost.exe
    2009-05-24 11:32 1,970,176 a------- c:\windows\system32\d3dx9.dll
    2009-05-24 11:32 679,936 a------- c:\windows\system32\D3DX81ab.dll
    2009-05-24 11:32 <DIR> --d----- c:\program files\Cheat Engine

    ==================== Find3M ====================

    2009-06-01 17:47 2,484 a------- c:\windows\bthservsdp.dat
    2009-05-10 19:37 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
    2009-05-10 19:37 11,952 a------- c:\windows\system32\avgrsstx.dll
    2009-05-10 19:37 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
    2009-04-05 17:24 56,415 a------- c:\windows\War3Unin.dat
    2009-03-17 11:16 40,960 a------- c:\windows\apppatch\apihex86.dll
    2009-03-17 11:16 14,848 a------- c:\windows\system32\apilogen.dll
    2009-03-17 11:16 25,600 a------- c:\windows\system32\amxread.dll
    2008-12-12 20:10 174 a--sh--- c:\program files\desktop.ini
    2008-07-18 18:41 51,200 a------- c:\windows\inf\infpub.dat
    2008-07-18 18:41 86,016 a------- c:\windows\inf\infstrng.dat
    2008-07-18 18:41 86,016 a------- c:\windows\inf\infstor.dat
    2008-06-12 03:17 665,600 a------- c:\windows\inf\drvindex.dat
    2006-11-02 20:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 20:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 20:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 20:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 17:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 17:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 17:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 17:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
    2006-05-09 04:21 486,912 a--shr-- c:\users\bernice\appdata\roaming\windows.exe
    2006-02-19 11:46 11,701 ---shr-- c:\users\bernice\appdata\roaming\logs.dat
    2005-08-30 10:53 244,224 a--shr-- c:\users\bernice\appdata\roaming\plugin.dat

    ============= FINISH: 23:03:40.87 ===============
     
  7. 2009/06/01
    darricksux

    darricksux Inactive Thread Starter

    Joined:
    2009/06/01
    Messages:
    49
    Likes Received:
    0
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-05-14.01)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 24/3/2008 1:52:58 PM
    System Uptime: 6/1/2009 6:19:54 PM (3509 hours ago)

    Motherboard: Wistron | | 30CD
    Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz | U2E1 | 2400/667mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 139 GiB total, 70.114 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 2.415 GiB free.
    E: is CDROM (CDFS)

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================


    ==== Installed Programs ======================

    µTorrent
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    32 Bit HP CIO Components Installer
    Activation Assistant for the 2007 Microsoft Office suites
    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe After Effects CS3 Presets
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe Dreamweaver CS3
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player 9 Plugin
    Adobe Flash Player ActiveX
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 8.1.2
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Setup
    Adobe Shockwave Player
    Adobe SING CS3
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AHV content for Acrobat and Flash
    AIM 6
    AIO_Scan
    AppCore
    AVG Free 8.5
    BufferChm
    Business Contact Manager for Outlook 2007 SP1
    Cards_Calendar_OrderGift_DoMorePlugout
    ccCommon
    Cheat Engine 5.5
    Choice Guard
    Component Framework
    Conexant HD Audio
    Copy
    CustomerResearchQFolder
    CyberLink YouCam
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DJ_AIO_ProductContext
    DJ_AIO_Software
    DJ_AIO_Software_min
    DVD Suite
    EA Sports FIFA Online 2
    ESU for Microsoft Vista
    eSupportQFolder
    F2100
    F2100_doccd
    F2100_Help
    Fraps
    Garena
    Google Toolbar for Internet Explorer
    Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hewlett-Packard Active Check
    Hewlett-Packard Asset Agent for Health Check
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Customer Participation Program 9.0
    HP Deskjet All-In-One Software 9.0
    HP Doc Viewer
    HP DVD Play 3.6
    HP Easy Setup - Frontend
    HP Help and Support
    HP Imaging Device Functions 9.0
    HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
    HP Photosmart Essential 2.5
    HP Product Assistant
    HP Quick Launch Buttons 6.30 E1
    HP QuickTouch 1.00 C4
    HP Smart Web Printing
    HP Solution Center 9.0
    HP Update
    HP User Guides 0090
    HP Wireless Assistant
    HPPhotoSmartDiscLabel_PaperLabel
    HPPhotoSmartDiscLabel_PrintOnDisc
    HPPhotoSmartDiscLabel_Tattoo
    HPPhotoSmartDiscLabelContent1
    hpphotosmartdisclabelplugin
    HPPhotoSmartPhotobookHolidayPack1
    HPPhotoSmartPhotobookModernPack1
    HPPhotoSmartPhotobookPlayfulPack1
    HPPhotoSmartPhotobookScrapbookPack1
    HPPhotoSmartPhotobookWebPack1
    HPProductAssistant
    HPSSupply
    Intel(R) Graphics Media Accelerator Driver
    Java(TM) 6 Update 11
    Java(TM) 6 Update 2
    Java(TM) 6 Update 7
    Junk Mail filter update
    LabelPrint
    LightScribe System Software 1.10.13.1
    LiveUpdate (Symantec Corporation)
    MapleStory
    MarketResearch
    Marvell Miniport Driver
    MediaRing Talk
    Microsoft Application Error Reporting
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office Access 2007
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    MSCU for Microsoft Vista
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    muvee autoProducer 6.1
    My HP Games
    NetWaiting
    Norton AntiVirus
    Norton AntiVirus Help
    Norton Confidential Core
    Norton Internet Security
    Norton Internet Security (Symantec Corporation)
    Norton Protection Center
    PDF Settings
    Power2Go
    PowerDirector
    PSSWCORE
    QuickPlay SlingPlayer 0.4.4
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
    Scan
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB960003)
    Security Update for Microsoft Office Excel 2007 (KB959997)
    Security Update for Microsoft Office OneNote 2007 (KB950130)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB950114)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office system 2007 (KB956828)
    Security Update for Microsoft Office Word 2007 (KB956358)
    SmartFix
    SolutionCenter
    SopCast 2.0.4
    SPBBC 32bit
    Status
    Symantec Real Time Storage Protection Component
    SymNet
    Toolbox
    Touch Pad Driver
    TrayApp
    Uniblue RegistryBooster 2009
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB952142)
    Update for Microsoft Office Outlook 2007 Help (KB957246)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (kb968503)
    VideoToolkit01
    Viewpoint Media Player
    Warcraft III
    Warcraft III: All Products
    WebReg
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Upload Tool
    WinRAR archiver

    ==== End Of File ===========================
     
  8. 2009/06/01
    darricksux

    darricksux Inactive Thread Starter

    Joined:
    2009/06/01
    Messages:
    49
    Likes Received:
    0
    will that do??
     
  9. 2009/06/01
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,889
    Likes Received:
    386
    Thanks :)

    One of our trained malware analysts will take a look at your logs ASAP, but it may be a day or so before you get a response as they are always very busy. All logs are dealt with in the order received.

    Thank you for your patience.
     
  10. 2009/06/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    WOW!
    To start with, you're running THREE antivirus programs, and it's a big NO-NO.
    Two of them have to go, but before you do anything, I need to know, which one you want to keep.
     
  11. 2009/06/02
    darricksux

    darricksux Inactive Thread Starter

    Joined:
    2009/06/01
    Messages:
    49
    Likes Received:
    0
    wow do i have three??? i have avg. Is norton counted? but i do not know the last one. i think i'm gonna keep avg
     
  12. 2009/06/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download, and run Norton Removal Tool: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039
    Check "Programs and Features" in Control Panel for F-Secure Internet Security. If present, uninstall.

    If any problems with the above actions, because of your Windows Explorer problems, proceed to the steps listed below, right away.

    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Click Scan your Computer... button.
    * Click Scanning Preferences/Control Center... button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    - Close browsers before scanning.
    - Terminate memory threats before quarantining.

    * Click the Close button to leave the control center screen.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    - Click Preferences, then click the Statistics/Logs tab.
    - Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    - If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    - Please copy and paste the Scan Log results in your next reply.

    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  13. 2009/06/03
    darricksux

    darricksux Inactive Thread Starter

    Joined:
    2009/06/01
    Messages:
    49
    Likes Received:
    0
    do i have to on my laptop in safe mode for every scan? And why do i have to install so many anti-virus softwares. I thought u said that i should not have so many software?
     
  14. 2009/06/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    As the instructions say, Superantispyware only.

    You don't have to, but if you want to have your computer being cleaned up, that's the way it's gonna be.
     
  15. 2009/06/04
    darricksux

    darricksux Inactive Thread Starter

    Joined:
    2009/06/01
    Messages:
    49
    Likes Received:
    0
    ok i'm in the process of scanning, just wanna ask, can i remove these softwares after my laptop is clean? My friend told me that these softwares are very powerful and sometimes hard to handle. And btw, the windows.exe has stopped working microsoft message has stopped appearing... So do i resume all the scan? I finished the SUPERAntiSpyware scan already.
     
  16. 2009/06/04
    darricksux

    darricksux Inactive Thread Starter

    Joined:
    2009/06/01
    Messages:
    49
    Likes Received:
    0
    Opps, while i was scanning using the Malwarebytes' Anti-Malware my laptop shuts down by itself half-way through. Went to a blue screen that say there's a error and have to be shut down. When i on my laptop again, the windows.exe has stopped working microsoft message is back... So do i keep scanning????
     
  17. 2009/06/04
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    First of all, did you:
    Then...
    I surely don't know what is your friend security issues knowledge level, but those programs don't run by themselves, and they're only on-demand scanners.
    They're very safe, and one of the best free tools on the market.
    I don't recommend removing them, and I recommend to use them once in a while to make sure your computer is safe.

    Surely keep scanning, because your computer is infected (windows.exe is not a legit file, but a trojan).
    Make sure, you report any occurring problems, so, if we need to, we may use some other ways of cleaning.
     
  18. 2009/06/06
    darricksux

    darricksux Inactive Thread Starter

    Joined:
    2009/06/01
    Messages:
    49
    Likes Received:
    0
    I have removed norton. For f-secure, i removed it long time ago with its removal tool and it is not present in the "Programs and Features" in Control Panel. Because i was busy these few days,i only managed to scan until Malwarebytes' Anti-Malware. Do u want me to post these 2 logs first? I am still scanning the other one.
     
    Last edited: 2009/06/06
  19. 2009/06/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Surely, at your convenience...:)
     
  20. 2009/06/06
    darricksux

    darricksux Inactive Thread Starter

    Joined:
    2009/06/01
    Messages:
    49
    Likes Received:
    0
    wow u are fast! Haha ok i will post the first two logs
     
  21. 2009/06/06
    darricksux

    darricksux Inactive Thread Starter

    Joined:
    2009/06/01
    Messages:
    49
    Likes Received:
    0
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 06/03/2009 at 04:40 PM

    Application Version : 4.26.1004

    Core Rules Database Version : 3910
    Trace Rules Database Version: 1854

    Scan type : Complete Scan
    Total Scan Time : 01:31:58

    Memory items scanned : 273
    Memory threats detected : 0
    Registry items scanned : 8242
    Registry threats detected : 0
    File items scanned : 211442
    File threats detected : 1

    Trojan.Dropper/SVCHost-Fake
    C:\USERS\BERNICE\APPDATA\ROAMING\SVCHOST.EXE
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.