Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Join the Team

Live Tag Cloud
PC Forum PC Help Forum » Security & Safety » [Pending] HJT Logs » pop ups and a fake windows secuirty center

[Pending] HJT Logs - pop ups and a fake windows secuirty center posted in the Security & Safety forums; someone please help me i have tryed adware and other programs to get this off my computer. It keeps popping a window that wants to reconnect so that pop up ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
  #1  
Old 07-16-2008
New Poster
  
Join Date: Jul 2008
Posts: 1
PC Experience: Some Experience
justinc423 - See this Members User comments on their Profile page
Exclamation pop ups and a fake windows secuirty center
someone please help me i have tryed adware and other programs to get this off my computer. It keeps popping a window that wants to reconnect so that pop up can come on the screen and there is a fake windows security center in my control panel that i cant delete and its got a bunch of ads and spyware stuff that i never downloaded. here is my log.

Deckard's System Scanner v20071014.68
Run by Justin on 2008-07-16 03:21:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 84% (more than 75%).
Total Physical Memory: 256 MiB (512 MiB recommended).


-- HijackThis (run as Justin.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:21:41 AM, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Justin\Desktop\dss.exe
C:\DOCUME~1\Justin\Desktop\TEMP\Justin.exe

O2 - BHO: (no name) - {1D8C2408-F681-4767-96FA-EC0318B4C653} - C:\WINDOWS\system32\advpac.dll
O2 - BHO: BhoApp Class - {32131238-5434-4234-4234-432432423432} - C:\Program Files\syscmd\mscmp32.dll
O2 - BHO: 609856 helper - {59B964D9-C9D7-4AA0-9F28-C49F8EC10B67} - (no file)
O2 - BHO: (no name) - {6DD25A3E-52D0-46B4-BF7C-7492251A800A} - C:\WINDOWS\system32\urqqr.dll
O2 - BHO: cj helper - {B552B8A4-76AC-4e8c-A469-C1585B111116} - C:\Program Files\IE Extensions\cj.v5.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor
O4 - HKLM\..\Run: [34df2394] rundll32.exe "C:\WINDOWS\system32\stumyuau.dll",b
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: jkkjgdc - jkkjgdc.dll (file missing)
O21 - SSODL: zip - {6a0e67da-87f1-47ea-84bc-bf9db8d2ab05} - C:\WINDOWS\Installer\{6a0e67da-87f1-47ea-84bc-bf9db8d2ab05}\zip.dll
O21 - SSODL: RunOnceWin - {bc17e82c-6712-48a4-a87f-cf981067c164} - C:\WINDOWS\Installer\{bc17e82c-6712-48a4-a87f-cf981067c164}\RunOnceWin.dll
O21 - SSODL: ComponentVolume - {d5b119cd-5fa2-4851-80df-10422c0f4018} - C:\WINDOWS\Installer\{d5b119cd-5fa2-4851-80df-10422c0f4018}\ComponentVolume.dll
O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 3493 bytes

-- Files created between 2008-06-16 and 2008-07-16 -----------------------------

2008-07-16 02:46:13 147456 --a------ C:\Documents and Settings\Justin\Application Data\temp.dll <Not Verified; ; MsVCL1 Module>
2008-07-16 02:45:11 86016 --a------ C:\WINDOWS\system32\14672.exe
2008-07-16 02:45:04 20480 --a------ C:\Program Files\tmp2173865.exe
2008-07-16 02:45:02 20480 --a------ C:\Program Files\tmp2171842.exe
2008-07-16 02:44:07 20480 --a------ C:\Program Files\tmp2114340.exe
2008-07-16 02:44:06 20480 --a------ C:\Program Files\tmp2115662.exe
2008-07-16 02:44:06 20480 --a------ C:\Program Files\tmp2115351.exe
2008-07-16 02:44:06 20480 --a------ C:\Program Files\tmp2113669.exe
2008-07-16 02:44:06 16616 --a------ C:\Program Files\tmp2113629.exe
2008-07-16 02:44:06 20480 --a------ C:\Program Files\tmp2113619.exe
2008-07-16 02:44:06 20480 --a------ C:\Program Files\tmp2112307.exe
2008-06-23 21:32:05 1490578 ---hs---- C:\WINDOWS\system32\uauymuts.ini2


-- Find3M Report ---------------------------------------------------------------

2008-07-16 03:13:10 345 --ahs---- C:\WINDOWS\system32\rqqru.ini2
2008-07-16 02:46:14 0 d-------- C:\Program Files\syscmd
2008-07-16 02:44:07 0 d-------- C:\Program Files\IE Extensions
2008-07-16 02:43:57 101632 --a------ C:\WINDOWS\system32\advpac.dll
2008-05-30 01:59:08 1414 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-29 00:45:04 0 d-------- C:\Program Files\Viewpoint
2008-05-20 01:39:21 0 d-------- C:\Program Files\VirtualDJ
2008-05-20 01:37:26 19968 --a------ C:\Program Files\tmp2100029.exe
2008-05-20 01:37:22 19968 --a------ C:\Program Files\tmp2101692.exe
2008-05-20 01:37:22 16516 --a------ C:\Program Files\tmp2100039.exe
2008-05-20 01:37:21 16492 --a------ C:\Program Files\tmp2100109.exe
2008-05-20 00:32:09 0 d-------- C:\Program Files\Lavasoft
2008-05-20 00:30:32 0 d-------- C:\Program Files\Common Files
2008-05-20 00:30:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-19 14:33:38 2624 --a------ C:\WINDOWS\system32\sgoyhmvh.exe
2008-05-19 14:33:34 100928 --a------ C:\WINDOWS\system32\nhjxsuoq.dll
2008-05-19 14:31:49 93248 -----n--- C:\WINDOWS\system32\stumyuau.dll
2008-05-19 14:31:28 98880 --a------ C:\WINDOWS\system32\kqlnprmx.dll
2008-05-19 14:01:09 16656 --a------ C:\Program Files\tmp396570828.exe
2008-05-19 09:32:38 100928 --a------ C:\WINDOWS\system32\xfjgqvwy.dll
2008-05-19 09:29:37 2112 --a------ C:\WINDOWS\system32\irfwxxnj.exe
2008-05-19 09:23:37 96832 --a------ C:\WINDOWS\system32\doklmpts.dll
2008-05-19 09:21:08 3648 --a------ C:\WINDOWS\system32\lxijhtkc.dll
2008-05-18 02:40:14 100928 --a------ C:\WINDOWS\system32\hhuwdtue.dll
2008-05-18 02:37:13 2112 --a------ C:\WINDOWS\system32\yynyugsc.exe
2008-05-18 02:31:13 96832 --a------ C:\WINDOWS\system32\aiwjclup.dll
2008-05-18 02:30:10 3648 --a------ C:\WINDOWS\system32\glitfdis.dll
2008-05-16 14:25:41 2112 --a------ C:\WINDOWS\system32\qgtqnspy.exe
2008-05-16 14:22:42 102464 --a------ C:\WINDOWS\system32\tbojpfqt.dll
2008-05-16 14:19:42 96832 --a------ C:\WINDOWS\system32\xymegcaq.dll
2008-05-16 14:19:29 3648 --a------ C:\WINDOWS\system32\qldpasxg.dll
2008-05-16 14:13:34 279040 -----n--- C:\WINDOWS\system32\urqqr.dll
2008-05-16 13:44:14 19968 --a------ C:\Program Files\tmp136353135.exe
2008-05-15 00:03:24 2152 --a------ C:\Documents and Settings\Justin\Application Data\autobahn-killer.log
2008-05-04 17:02:21 477 --ahs---- C:\WINDOWS\system32\aacdd.ini2
2008-05-04 00:59:43 105536 --a------ C:\WINDOWS\system32\opvqvnun.dll
2008-05-04 00:56:38 96320 --a------ C:\WINDOWS\system32\tvphjdhp.dll
2008-05-04 00:54:52 105536 --a------ C:\WINDOWS\system32\ikldypgb.dll
2008-05-04 00:52:53 1379 --a------ C:\Documents and Settings\Justin\Application Data\autobahn.log
2008-05-03 01:58:56 4096 --a------ C:\WINDOWS\userconfig9x.dll
2008-05-03 01:58:56 4096 --a------ C:\WINDOWS\system32\winlogonpc.exe
2008-05-03 01:58:56 4096 --a------ C:\WINDOWS\system32\hoproxy.dll
2008-05-03 01:58:56 4096 --a------ C:\WINDOWS\FVProtect.exe
2008-05-03 01:58:55 4096 --a------ C:\WINDOWS\system32\taack.exe
2008-05-03 01:58:55 4096 --a------ C:\WINDOWS\system32\taack.dat
2008-05-03 01:58:55 4096 --a------ C:\WINDOWS\system32\sncntr.exe
2008-05-03 01:58:55 4096 --a------ C:\WINDOWS\system32\mwin32.exe
2008-05-03 01:58:55 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.exe
2008-05-03 01:58:55 4096 --a------ C:\WINDOWS\system32\hxiwlgpm.dat
2008-05-03 01:58:55 4096 --a------ C:\WINDOWS\a.bat
2008-05-03 01:58:54 4096 --a------ C:\WINDOWS\system32\psoft1.exe
2008-05-03 01:58:54 4096 --a------ C:\WINDOWS\system32\psof1.exe
2008-05-03 01:58:54 4096 --a------ C:\WINDOWS\system32\ps1.exe
2008-05-03 01:58:54 4096 --a------ C:\WINDOWS\system32\bsva-egihsg52.exe
2008-05-03 01:58:54 4096 --a------ C:\WINDOWS\iTunesMusic.exe
2008-05-03 01:58:53 4096 --a------ C:\WINDOWS\system32\ssurf022.dll
2008-05-03 01:58:53 4096 --a------ C:\WINDOWS\system32\msnbho.dll
2008-05-03 01:58:52 4096 --a------ C:\WINDOWS\system32\temp#01.exe
2008-05-03 01:58:52 4096 --a------ C:\WINDOWS\system32\ssvchost.exe
2008-05-03 01:58:52 4096 --a------ C:\WINDOWS\system32\ssvchost.com
2008-05-03 01:58:52 4096 --a------ C:\WINDOWS\system32\regm64.dll
2008-05-03 01:58:52 4096 --a------ C:\WINDOWS\system32\regc64.dll
2008-05-03 01:58:52 4096 --a------ C:\WINDOWS\system32\netode.exe
2008-05-03 01:58:52 4096 --a------ C:\WINDOWS\system32\mtr2.exe
2008-05-03 01:58:52 4096 --a------ C:\WINDOWS\system32\msvchost.exe
2008-05-03 01:58:52 4096 --a------ C:\WINDOWS\system32\msgp.exe
2008-05-03 01:58:52 4096 --a------ C:\WINDOWS\system32\h@tkeysh@@k.dll
2008-05-03 01:58:52 4096 --a------ C:\WINDOWS\system32\dpcproxy.exe
2008-05-03 01:58:51 4096 --a------ C:\WINDOWS\system32\vcatchpi.dll
2008-05-03 01:58:51 4096 --a------ C:\WINDOWS\system32\thun32.dll
2008-05-03 01:58:51 4096 --a------ C:\WINDOWS\system32\thun.dll
2008-05-03 01:58:51 4096 --a------ C:\WINDOWS\system32\Rundl1.exe
2008-05-03 01:58:51 4096 --a------ C:\WINDOWS\system32\newsd32.exe
2008-05-03 01:58:51 4096 --a------ C:\WINDOWS\system32\akttzn.exe
2008-05-03 01:58:50 4096 --a------ C:\WINDOWS\winsystem.exe
2008-05-03 01:58:50 4096 --a------ C:\WINDOWS\system32\WINWGPX.EXE
2008-05-03 01:58:50 4096 --a------ C:\WINDOWS\system32\winsystem.exe
2008-05-03 01:58:50 4096 --a------ C:\WINDOWS\system32\sysreq.exe
2008-05-03 01:58:50 4096 --a------ C:\WINDOWS\system32\mssecu.exe
2008-05-03 01:58:50 4096 --a------ C:\WINDOWS\system32\bdn.com
2008-05-03 01:58:50 4096 --a------ C:\WINDOWS\system32\anticipator.dll
2008-05-03 01:58:50 4096 --a------ C:\WINDOWS\mssecu.exe
2008-05-03 01:58:50 4096 --a------ C:\WINDOWS\bdn.com
2008-05-03 01:58:48 4096 --a------ C:\WINDOWS\system32\vbsys2.dll
2008-05-03 01:58:48 4096 --a------ C:\WINDOWS\system32\awtoolb.dll
2008-05-03 01:56:55 102400 --a------ C:\WINDOWS\system32\mbicczjw.exe
2008-05-03 00:57:59 105536 --a------ C:\WINDOWS\system32\nyqfyesg.dll
2008-05-03 00:53:11 105536 --a------ C:\WINDOWS\system32\irdtfgrl.dll
2008-05-03 00:16:36 15328 --a------ C:\WINDOWS\system32\sysrest.sys
2008-05-02 23:45:12 105536 --a------ C:\WINDOWS\system32\djyuaoyt.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D8C2408-F681-4767-96FA-EC0318B4C653}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32131238-5434-4234-4234-432432423432}]
07/16/2008 02:46 AM 147456 --a------ C:\Program Files\syscmd\mscmp32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59B964D9-C9D7-4AA0-9F28-C49F8EC10B67}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6DD25A3E-52D0-46B4-BF7C-7492251A800A}]
05/16/2008 02:13 PM 279040 --------- C:\WINDOWS\system32\urqqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B552B8A4-76AC-4e8c-A469-C1585B111116}]
07/16/2008 02:44 AM 17408 --a------ C:\Program Files\IE Extensions\cj.v5.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [12/19/2005 09:08 AM]
"iSecurity applet"="iSecurity.cpl" [05/03/2008 12:44 AM C:\WINDOWS\system32\iSecurity.cpl]
"34df2394"="C:\WINDOWS\system32\stumyuau.dll" [05/19/2008 02:31 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"zip"= {6a0e67da-87f1-47ea-84bc-bf9db8d2ab05} - C:\WINDOWS\Installer\{6a0e67da-87f1-47ea-84bc-bf9db8d2ab05}\zip.dll [02/18/2008 10:07 PM 38438]
"RunOnceWin"= {bc17e82c-6712-48a4-a87f-cf981067c164} - C:\WINDOWS\Installer\{bc17e82c-6712-48a4-a87f-cf981067c164}\RunOnceWin.dll [05/03/2008 01:55 AM 14374]
"ComponentVolume"= {d5b119cd-5fa2-4851-80df-10422c0f4018} - C:\WINDOWS\Installer\{d5b119cd-5fa2-4851-80df-10422c0f4018}\ComponentVolume.dll [02/20/2008 03:38 PM 14374]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjgdc]
jkkjgdc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\wowfx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\urqqr

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll, xlibgfl254.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autobahn.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autobahn.lnk
backup=C:\WINDOWS\pss\autobahn.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ClientManager3.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ClientManager3.lnk
backup=C:\WINDOWS\pss\ClientManager3.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Justin^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Justin\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\34df2394]
rundll32.exe "C:\WINDOWS\system32\ktfhoeem.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthorizationAg ent]
C:\WINDOWS\system32\BluetoothAuthorizationAgent.ex e

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM37ec1008]
Rundll32.exe "C:\WINDOWS\system32\irdtfgrl.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nrrr]
"C:\DOCUME~1\Justin\MYDOCU~1\CROSOF~1.NET\wuauclt. exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Umogf]
"C:\Program Files\s?mbols\??ool32.exe"




-- End of Deckard's System Scanner: finished at 2008-07-16 03:23:04 ------------

this was all that it put out

here is the hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:25:17 AM, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Justin\Desktop\TEMP\Justin.exe

O2 - BHO: (no name) - {1D8C2408-F681-4767-96FA-EC0318B4C653} - C:\WINDOWS\system32\advpac.dll
O2 - BHO: BhoApp Class - {32131238-5434-4234-4234-432432423432} - C:\Program Files\syscmd\mscmp32.dll
O2 - BHO: 609856 helper - {59B964D9-C9D7-4AA0-9F28-C49F8EC10B67} - (no file)
O2 - BHO: (no name) - {6DD25A3E-52D0-46B4-BF7C-7492251A800A} - C:\WINDOWS\system32\urqqr.dll
O2 - BHO: cj helper - {B552B8A4-76AC-4e8c-A469-C1585B111116} - C:\Program Files\IE Extensions\cj.v5.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor
O4 - HKLM\..\Run: [34df2394] rundll32.exe "C:\WINDOWS\system32\stumyuau.dll",b
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: jkkjgdc - jkkjgdc.dll (file missing)
O21 - SSODL: zip - {6a0e67da-87f1-47ea-84bc-bf9db8d2ab05} - C:\WINDOWS\Installer\{6a0e67da-87f1-47ea-84bc-bf9db8d2ab05}\zip.dll
O21 - SSODL: RunOnceWin - {bc17e82c-6712-48a4-a87f-cf981067c164} - C:\WINDOWS\Installer\{bc17e82c-6712-48a4-a87f-cf981067c164}\RunOnceWin.dll
O21 - SSODL: ComponentVolume - {d5b119cd-5fa2-4851-80df-10422c0f4018} - C:\WINDOWS\Installer\{d5b119cd-5fa2-4851-80df-10422c0f4018}\ComponentVolume.dll
O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE (file missing)

--
End of file - 3433 bytes
  #2  
Old 07-16-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,087
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: pop ups and a fake windows secuirty center
You have a real nasty mess here...


Ok.Lets download ComboFix.exe. This will give me a better view to the files running and also hidden on your computer and also those in the registry..Please visit this webpage for downloading and instructions for running the tool:

Go here ======> A guide and tutorial on using ComboFix <====== Go here

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use SP2

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should get a prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Mal use can cause serious computer problems

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.


__________________
  • An Australian Member of
  • and
My real name is Eddy

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!

Bookmarks

Tags
center , fake , secuirty , windows

« Pop ups appearing when IE not open | Help! I have a virus and can't install Hijack This »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top

All times are GMT +1. The time now is 05:29 AM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top
Cadillac
Resource for Lincoln and Cadillac automobile owners

Mortgage
Mortgage information and advice from the experts at moneyexpert.com

Mortgage
Mortgage help and advice from Moneyweb, the UK mortgage experts.