Active Is the alert bogus?

Unsprung · 2010/02/21

[Active] Is the alert bogus?

This is my first post. Despite my popup blocker, I am repeatedly getting a popup called "Windows Security Alert" that tells me that my computer is infected with a number of viruses and Trojans. It prompts me to download some software to remove the files but I have not yet done so. I reluctant to download anything these days. But it is nearly impossible to close the menu. I run Avira anti-virus software that is up to date.

Below are the DDS files that your rules request.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Peter Blood at 8:35:39.35 on Sun 02/21/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.134 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Peter Blood\Application Data\Juniper Networks\Setup Client\JuniperSetupClient.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://news.yahoo.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Iomega Automatic Backup Pro] "c:\program files\iomega\automatic backup pro\LiveSystem.exe" -s
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AnyDVD] "c:\program files\slysoft\anydvd\AnyDVD.exe "
uRun: [DriverUpdaterPro] c:\program files\ixi tools\driver updater pro\DriverUpdaterPro.exe -t
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SPAMfighter Agent] "c:\program files\spamfighter\SFAgent.exe" update delay 60
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autode~1.lnk - c:\program files\iconcepts music express\MEAutoDetect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smcwus~1.lnk - c:\program files\smc\smcwusb-g 802.11g wireless usb 2.0 adapter\SMCWGUTI.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: westat.com\email
Trusted Zone: westat.com\remoteuser
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://remoteuser.westat.com/dana-cached/sc/JuniperSetupClient.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 IABFilt;Iomega Snapshot Volume Filter;c:\windows\system32\drivers\IABFilt.sys [2006-8-30 19328]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-21 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-21 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-21 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-21 56816]
R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\spamfighter\sfus.exe [2009-8-27 189064]
R3 ZD1211BU(Atheros);Atheros ZD1211B IEEE 802.11 Wireless LAN Driver (USB)(Atheros);c:\windows\system32\drivers\ZD1211BU.sys [2008-4-11 722432]

=============== Created Last 30 ================

2010-02-21 13:34:54 524288 ----a-w- C:\dds.scr
2010-02-17 13:26:45 36864 ----a-w- c:\documents and settings\peter blood\Brittanys, DO NOT LOOK FOR PERSONAL REASONS.doc
2010-02-16 09:13:48 19968 ----a-w- c:\documents and settings\peter blood\BREAKFAST MENU.doc
2010-02-12 15:53:47 0 d-----w- c:\program files\SMC
2010-02-12 15:53:18 0 d-----w- c:\windows\{9CA05E9B-68D2-4EEC-8569-8C474416B082}
2010-02-09 21:38:14 0 d-----w- C:\temp
2010-02-02 00:48:00 46080 ----a-w- c:\documents and settings\peter blood\You have been invited to Brittany.doc
2010-01-31 02:05:46 19968 ----a-w- c:\documents and settings\peter blood\frog princees small movies folowup link.doc
2010-01-24 02:13:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Applications

==================== Find3M ====================

2010-01-24 04:26:23 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-22 08:31:41 1763080 ----a-w- c:\program files\spamfighter_web.exe
2010-01-22 03:00:01 30909992 ----a-w- c:\program files\avira_antivir_personal_en.exe
2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:03 353792 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-29 12:07:19 139264 ----a-w- C:\sysdump.exe
2009-12-21 13:19:18 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-20 17:36:47 1565796 ----a-w- C:\siw.zip.zip
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-16 18:43:27 343040 ------w- c:\windows\system32\dllcache\mspaint.exe
2009-12-15 22:21:45 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-14 07:08:23 33280 ------w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 09:23:28 474112 ------w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 17920 ------w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11:44 1291776 ------w- c:\windows\system32\dllcache\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 8704 ------w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:35 28672 ------w- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 48128 ------w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07:34 11264 ------w- c:\windows\system32\dllcache\msrle32.dll
2009-04-14 11:10:18 1284432 ----a-w- c:\program files\PCFixerSetup.exe
2009-04-14 07:17:27 2938128 ----a-w- c:\program files\ParetoLogic DriverCure.exe
2008-07-07 23:37:23 202071 ----a-w- c:\program files\RipIt4Me.zip
2007-08-02 03:51:18 14871552 ----a-w- c:\program files\setupeng.exe
2006-10-08 18:37:09 644 ----a-w- c:\program files\Remove_VobBlanker_WindowCoordinates.reg
2006-10-08 18:37:08 402 ----a-w- c:\program files\Remove_VobBlanker_settings.reg
2006-10-08 18:37:06 529883 ----a-w- c:\program files\VobBlanker.chm
2006-10-08 18:37:06 26030 ----a-w- c:\program files\ReadmeVobBlanker.txt
2006-10-08 18:37:02 950354 ----a-w- c:\program files\VobBlanker.exe
2006-10-08 18:37:01 26430 ----a-w- c:\program files\lgpl.txt
2006-09-05 03:22:25 2855080 ----a-w- c:\program files\aawsepersonal.exe
2004-08-04 10:00:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 00:11:56 1028096 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12:01 343040 --sha-w- c:\windows\system32\msvcrt.dll
2008-04-14 00:12:02 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12:02 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
2008-11-10 00:11:20 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008110920081110\index.dat

============= FINISH: 8:36:52.67 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/29/2006 11:49:07 PM
System Uptime: 2/19/2010 1:11:21 PM (43 hours ago)

Motherboard: Dell Computer Corp. | | 0WF887
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 109 GiB total, 51.901 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 12.187 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1224: 11/23/2009 5:29:30 PM - System Checkpoint
RP1225: 11/24/2009 1:37:30 AM - Software Distribution Service 3.0
RP1226: 11/25/2009 8:30:15 AM - Software Distribution Service 3.0
RP1227: 11/26/2009 8:38:43 AM - System Checkpoint
RP1228: 11/26/2009 12:42:34 PM - Software Distribution Service 3.0
RP1229: 11/28/2009 1:56:59 AM - System Checkpoint
RP1230: 11/30/2009 7:22:08 AM - System Checkpoint
RP1231: 11/30/2009 5:33:55 PM - Software Distribution Service 3.0
RP1232: 12/1/2009 7:55:59 PM - System Checkpoint
RP1233: 12/3/2009 7:09:43 PM - Unsigned driver install
RP1234: 12/3/2009 7:20:55 PM - Software Distribution Service 3.0
RP1235: 12/4/2009 7:50:20 PM - System Checkpoint
RP1236: 12/6/2009 10:26:32 AM - System Checkpoint
RP1237: 12/6/2009 11:30:56 PM - Unsigned driver install
RP1238: 12/7/2009 5:35:53 PM - Software Distribution Service 3.0
RP1239: 12/8/2009 5:43:08 PM - System Checkpoint
RP1240: 12/9/2009 9:30:22 PM - System Checkpoint
RP1241: 12/10/2009 12:52:24 AM - Software Distribution Service 3.0
RP1242: 12/10/2009 6:12:44 PM - Software Distribution Service 3.0
RP1243: 12/11/2009 6:37:55 PM - System Checkpoint
RP1244: 12/12/2009 9:25:36 PM - System Checkpoint
RP1245: 12/14/2009 9:08:08 PM - Software Distribution Service 3.0
RP1246: 12/15/2009 11:55:16 PM - System Checkpoint
RP1247: 12/17/2009 12:36:10 AM - System Checkpoint
RP1248: 12/17/2009 8:32:23 PM - Software Distribution Service 3.0
RP1249: 12/18/2009 8:37:25 PM - System Checkpoint
RP1250: 12/19/2009 11:48:48 PM - System Checkpoint
RP1251: 12/21/2009 12:53:17 PM - System Checkpoint
RP1252: 12/21/2009 1:13:48 PM - Software Distribution Service 3.0
RP1253: 12/22/2009 2:06:31 PM - System Checkpoint
RP1254: 12/23/2009 2:21:44 PM - System Checkpoint
RP1255: 12/24/2009 3:42:22 PM - System Checkpoint
RP1256: 12/25/2009 5:10:52 AM - Software Distribution Service 3.0
RP1257: 12/26/2009 8:20:50 AM - Unsigned driver install
RP1258: 12/26/2009 5:30:52 PM - Installed iTunes
RP1259: 12/26/2009 5:51:01 PM - Unsigned driver install
RP1260: 12/27/2009 6:36:48 PM - System Checkpoint
RP1261: 12/28/2009 5:52:38 PM - Software Distribution Service 3.0
RP1262: 12/29/2009 6:45:02 PM - System Checkpoint
RP1263: 1/1/2010 6:58:17 AM - Software Distribution Service 3.0
RP1264: 1/2/2010 11:42:12 AM - System Checkpoint
RP1265: 1/2/2010 12:41:18 PM - Unsigned driver install
RP1266: 1/3/2010 1:22:49 PM - System Checkpoint
RP1267: 1/5/2010 3:49:18 AM - Software Distribution Service 3.0
RP1268: 1/6/2010 7:28:55 AM - System Checkpoint
RP1269: 1/7/2010 7:41:18 AM - System Checkpoint
RP1270: 1/7/2010 6:42:12 PM - Software Distribution Service 3.0
RP1271: 1/8/2010 1:11:27 AM - Unsigned driver install
RP1272: 1/9/2010 9:38:29 AM - System Checkpoint
RP1273: 1/10/2010 10:48:09 AM - System Checkpoint
RP1274: 1/12/2010 1:55:03 AM - Software Distribution Service 3.0
RP1275: 1/13/2010 3:00:38 AM - Software Distribution Service 3.0
RP1276: 1/14/2010 8:21:12 AM - System Checkpoint
RP1277: 1/15/2010 1:27:47 AM - Software Distribution Service 3.0
RP1278: 1/16/2010 10:02:02 AM - System Checkpoint
RP1279: 1/17/2010 12:07:06 PM - System Checkpoint
RP1280: 1/18/2010 12:14:03 PM - System Checkpoint
RP1281: 1/18/2010 1:57:08 PM - Software Distribution Service 3.0
RP1282: 1/19/2010 5:26:51 PM - System Checkpoint
RP1283: 1/20/2010 9:27:38 AM - Windows Defender Checkpoint
RP1284: 1/21/2010 3:00:26 AM - Software Distribution Service 3.0
RP1285: 1/21/2010 9:43:35 AM - Software Distribution Service 3.0
RP1286: 1/21/2010 7:51:49 PM - Windows Defender Checkpoint
RP1287: 1/21/2010 11:05:26 PM - Removed BitDefender Antivirus 2010
RP1288: 1/21/2010 11:18:05 PM - Avira AntiVir Personal - 1/21/2010 23:17
RP1289: 1/22/2010 1:57:13 AM - Installed SPAMfighter.
RP1290: 1/22/2010 3:00:21 AM - Software Distribution Service 3.0
RP1291: 1/22/2010 8:10:14 AM - Software Distribution Service 3.0
RP1292: 1/23/2010 8:19:44 AM - System Checkpoint
RP1293: 1/23/2010 10:01:43 PM - Removed Windows Defender
RP1294: 1/23/2010 10:03:13 PM - Installed Microsoft Easy Assist v2
RP1295: 1/24/2010 10:08:17 PM - System Checkpoint
RP1296: 1/26/2010 1:58:50 AM - System Checkpoint
RP1297: 1/27/2010 8:53:25 AM - System Checkpoint
RP1298: 1/28/2010 9:59:39 AM - System Checkpoint
RP1299: 1/29/2010 6:56:49 PM - System Checkpoint
RP1300: 1/30/2010 10:40:35 PM - System Checkpoint
RP1301: 2/1/2010 12:28:16 AM - System Checkpoint
RP1302: 2/2/2010 1:07:49 AM - System Checkpoint
RP1303: 2/3/2010 1:44:27 AM - System Checkpoint
RP1304: 2/4/2010 1:47:25 AM - System Checkpoint
RP1305: 2/5/2010 1:58:22 AM - System Checkpoint
RP1306: 2/6/2010 2:13:01 AM - System Checkpoint
RP1307: 2/7/2010 5:57:38 PM - System Checkpoint
RP1308: 2/8/2010 6:03:28 PM - System Checkpoint
RP1309: 2/9/2010 5:45:44 PM - Unsigned driver install
RP1310: 2/10/2010 3:00:33 AM - Software Distribution Service 3.0
RP1311: 2/11/2010 3:40:19 AM - System Checkpoint
RP1312: 2/12/2010 8:23:07 AM - System Checkpoint
RP1313: 2/12/2010 10:53:39 AM - Installed SMCWUSB-G 802.11g Wireless USB 2.0 Adapter
RP1314: 2/13/2010 11:27:37 AM - System Checkpoint
RP1315: 2/14/2010 12:54:17 PM - System Checkpoint
RP1316: 2/15/2010 3:02:20 PM - System Checkpoint
RP1317: 2/16/2010 3:27:42 PM - System Checkpoint
RP1318: 2/16/2010 6:02:47 PM - Unsigned driver install
RP1319: 2/17/2010 7:26:26 PM - System Checkpoint
RP1320: 2/18/2010 7:35:19 PM - System Checkpoint
RP1321: 2/19/2010 8:15:13 PM - System Checkpoint
RP1322: 2/21/2010 4:22:54 AM - System Checkpoint

==== Installed Programs ======================

01-mp3search 4.0
3ivx MPEG-4 5.0.1 Decoder (remove only)
725plc32
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
AncestryView
Any DVD Shrink 1.1.8
AnyDVD
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Funhouse 1.0
ArcSoft PhotoImpression 4
Avira AntiVir Personal - Free Antivirus
Bde
Bonjour
Busytown Uninstall
CCScore
Clifford Reading
Conexant D850 56K V.9x DFVc Modem
Dell CinePlayer
Dell Color Printer 725
Dell Driver Reset Tool
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab Decrypter 2.9.8.3
EarthLink setup files
Easy Bake Kitchen
EducateU
ELIcon
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
Family History Library Catalog
Family History Resource File Viewer 4.0
Finding Nemo: Nemo's Underwater World of Fun Special Edition
Games, Music, & Photos Launcher
Hallmark Smilebox
HijackThis 2.0.2
HLPPDOCK
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
hp deskjet 5600 series
hp officejet v series
HP Photo Printing Software
iConcepts Music Express
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
InterActual Player
Internet Service Offers Launcher
Iomega Automatic Backup Pro
iTunes
J2SE Runtime Environment 5.0 Update 6
Julie Saves the Eagles (remove only)
JumpStart Kindergarten Reading v1.0
Juniper Networks Cache Cleaner 6.4.0
Juniper Networks Setup Client
Juniper Terminal Services Client
kgcbase
KODAK Camera Connection Software Help
Kodak EasyShare software
KODAK Memory Albums
KODAK Picture Software
KSU
Learn2 Player (Uninstall Only)
LiveUpdate 2.6 (Symantec Corporation)
MCU
Mia2
MiaMath
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.4
Microsoft Office XP Standard
Microsoft Office XP Web Components
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Plugin 1.0
My Little CD Tots
Netflix Movie Viewer
NetWaiting
Notifier
OfotoXMI
OTtBP
OTtBPSDK
OverDrive Media Console
Pando Media Booster
PC Fixer
QuickTime
RealPlayer Basic
RootsMagic 2.0
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Search Assist
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SFR
SHASTA
SKIN0001
SKINXSDK
SMCWUSB-G 802.11g Wireless USB 2.0 Adapter
Sonic Activation Module
Sonic Update Manager
SPAMfighter
staticcr
The Complete Interactive Cookbook
Turbo Lister 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WIRELESS
WordPerfect Office 12
World Explorer 2.0

==== Event Viewer Messages From Past Week ========

2/17/2010 11:27:59 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the dlcf_device service to connect.
2/17/2010 11:27:59 AM, error: Service Control Manager [7000] - The dlcf_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/17/2010 11:27:58 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service dlcf_device with arguments " " in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441060}
2/16/2010 10:07:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: bdpredir

==== End Of File ===========================

broni · 2010/02/21

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***

STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 3. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Installer under Version 2.0.2
[DO NOT download version 2.0.3 (beta)]
Install, and run it.
Post HijackThis log.
NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Unsprung · 2010/02/22

Is the alert bogus? - ran applications

I ran the three appications as instructed. The log files follow:

Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.44
Database version: 3774
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/22/2010 7:50:34 AM
mbam-log-2010-02-22 (07-50-01).txt

Scan type: Quick Scan
Objects scanned: 130860
Time elapsed: 11 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Csrss (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\sysdump.exe (Trojan.Downloader) -> No action taken.

GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-22 18:54:13
Windows 5.1.2600 Service Pack 3
Running: 6932ts5i.exe; Driver: C:\DOCUME~1\PETERB~1\LOCALS~1\Temp\pwtdapod.sys

---- System - GMER 1.0.15 ----

SSDT F8B5391E ZwCreateKey
SSDT F8B53914 ZwCreateThread
SSDT F8B53923 ZwDeleteKey
SSDT F8B5392D ZwDeleteValueKey
SSDT F8B53932 ZwLoadKey
SSDT F8B53900 ZwOpenProcess
SSDT F8B53905 ZwOpenThread
SSDT F8B5393C ZwReplaceKey
SSDT F8B53937 ZwRestoreKey
SSDT F8B53928 ZwSetValueKey
SSDT F8B5390F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF733EF80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[172] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2156E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[172] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[172] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E43AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[172] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E42E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[172] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[172] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E41B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[172] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[172] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[172] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[692] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2156E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD189 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2548CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E43AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E42E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E41B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED9C0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2500] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[2500] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IABFilt.sys (Iomega Volume Filter Driver for Windows 2000/XP/2003/Iomega)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IABFilt.sys (Iomega Volume Filter Driver for Windows 2000/XP/2003/Iomega)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IABFilt.sys (Iomega Volume Filter Driver for Windows 2000/XP/2003/Iomega)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IABFilt.sys (Iomega Volume Filter Driver for Windows 2000/XP/2003/Iomega)

Device \FileSystem\Fastfat \Fat ED34BD20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:02 PM, on 2/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Iomega Automatic Backup Pro] "C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe "
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Auto Detect.lnk = C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
O4 - Global Startup: SMCWUSB-G 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMCWUSB-G 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://remoteuser.westat.com/dana-cached/sc/JuniperSetupClient.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

--
End of file - 7822 bytes

broni · 2010/02/22

Malwarebytes log shows "No action taken" after each line, so you either didn't apply fixes, or you posted a log from before fixes.
Please, correct the issue.

Log in or Sign up

Active Is the alert bogus?

Unsprung Inactive Thread Starter

broni Moderator Malware Analyst

Unsprung Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Active Is the alert bogus?

Unsprung Inactive Thread Starter

broni Moderator Malware Analyst

Unsprung Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches