Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

fake Windows Security Alert - Trojan/Malware

(In Progress)
(!)

Cookiegal's Avatar
Administrator & Malware Removal Specialist with 98,380 posts.
 
Join Date: Aug 2003
19-Jan-2009, 05:34 PM #76
1) I'm not sure if I asked you for an uninstall list before so please do this:

Open HijackThis and click on "Config" and then on the "Misc Tools" button. If you're viewing HijackThis from the Main Menu then click on "Open the Misc Tools Section". Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here please.

2) Yes, if you are going with the free programs then I agree with that setup. I would also add SpywareBlaster but I usually recommend that in my final instructions.


I don't think we've checked error messages so that might give us a clue.

Please go to Start - Run - type in eventvwr.msc to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.
__________________
Microsoft MVP - Consumer Security
heleneh's Avatar
heleneh heleneh is offline
Computer Specs
Member with 72 posts.
THREAD STARTER
 
Join Date: Dec 2008
Experience: Intermediate
19-Jan-2009, 06:32 PM #77
The AOL services that are running that I am concerned with are aolacsd, aoltsmon, but don't show up here;
OK, here is the uninstall list:

Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.9
Adobe Shockwave Player
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
Bonjour
Dell Support Center (Support Software)
DellSupport
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Image Zone 4.2
HP Product Detection
HP PSC & OfficeJet 4.2
hp psc 2400 series
iTunes
Java(TM) 6 Update 11
LEAD MCMP_MJPEG Codec
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
OpenOffice.org Installer 1.0
Philips SPC 200NC PC Camera
Photodex Presenter
ProShow Producer
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Skype™ 3.8
Spybot - Search & Destroy
Trope Trainer
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11


Here is the eventvwr.msc errors that I picked out:
Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 8
Date: 1/17/2009
Time: 7:08:35 PM
User: N/A
Computer: DBZGB421
Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


------------------------------------------------------------------------------

Event Type: Information
Event Source: MBackMonitor
Event Category: None
Event ID: 0
Date: 1/19/2009
Time: 2:15:04 PM
User: N/A
Computer: DBZGB421
Description:
PowerEvent handled successfully by the service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

------------------------------------------------------------------------------


Event Type: Error
Event Source: atapi
Event Category: None
Event ID: 9
Date: 1/19/2009
Time: 3:08:53 PM
User: N/A
Computer: DBZGB421
Description:
The device, \Device\Ide\IdePort1, did not respond within the timeout period.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0f 00 50 00 01 00 a4 00 ..P....
0008: 00 00 00 00 09 00 04 c0 .......
0010: 00 01 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 00 00 00 00 00 00 00 00 ........
0030: 00 00 00 00 07 00 00 00 ........
0038: 40 00 00 0e 00 00 01 00 @.......
0040: ff 20 0a 12 48 01 00 10 ..H...
0048: 00 00 00 00 e8 03 00 00 .......
0050: f0 ec 35 83 60 81 29 83 5`)
0058: 00 00 00 00 08 06 16 83 .......
0060: 01 00 00 00 00 00 00 00 ........
0068: 4a 01 00 00 52 00 00 00 J...R...
0070: 08 00 00 00 00 00 00 00 ........


------------------------------------------------------------------------------

Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 1/18/2009
Time: 10:34:32 PM
User: N/A
Computer: DBZGB421
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-b.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


------------------------------------------------------------------------------


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7026
Date: 1/15/2009
Time: 6:52:18 AM
User: N/A
Computer: DBZGB421
Description:
The following boot-start or system-start driver(s) failed to load:
MPFIREWL

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.




And here is one I am just curious about, it appears a lot in eventvwr.msc as ''information'';

Event Type: Information
Event Source: MBackMonitor
Event Category: None
Event ID: 0
Date: 1/19/2009
Time: 2:15:04 PM
User: N/A
Computer: DBZGB421
Description:
PowerEvent handled successfully by the service.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 98,380 posts.
 
Join Date: Aug 2003
19-Jan-2009, 06:59 PM #78
Are you no longer using AOL to connect?
heleneh's Avatar
heleneh heleneh is offline
Computer Specs
Member with 72 posts.
THREAD STARTER
 
Join Date: Dec 2008
Experience: Intermediate
19-Jan-2009, 07:51 PM #79
I have free aol email, but I connect through firefox

my current install of aol does not connect; i am thinking i should reinstall and have a working version, just to be able to occassionally backup my email.

what happens now is though I am not using aol, all the addon services are running unnecessarily.

Last edited by heleneh; 20-Jan-2009 at 01:47 PM..
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 98,380 posts.
 
Join Date: Aug 2003
20-Jan-2009, 07:54 PM #80
Firefox is your browser but I mean what Internet Service Provider are you using?
heleneh's Avatar
heleneh heleneh is offline
Computer Specs
Member with 72 posts.
THREAD STARTER
 
Join Date: Dec 2008
Experience: Intermediate
20-Jan-2009, 08:40 PM #81
not aol - i connect to the internet via comcast
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 98,380 posts.
 
Join Date: Aug 2003
21-Jan-2009, 11:36 AM #82
Here are the descriptions of the two services you mention:

aolacsd - Internet connection driver

AOL TopSpeed - to speed up browsing

You also have this showing in your program uninstall list:

AOL Instant Messenger

As well as this uninstaller program.
AOL Uninstaller (Choose which Products to Remove)

I'm not familiar with AOL but I assume you can run that uninstaller and select what you want to uninstall. But since you're using AOL email, I'm not sure if it will affect that.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 98,380 posts.
 
Join Date: Aug 2003
21-Jan-2009, 11:43 AM #83
As for the first error listed, please go to Microsoft Windows Updates and let me know two things:

1) Are there any critical updates/patches available for you?

2) Please check your update history (you'll see that option on the left side) and let me know if there are any failed updates shown there.
heleneh's Avatar
heleneh heleneh is offline
Computer Specs
Member with 72 posts.
THREAD STARTER
 
Join Date: Dec 2008
Experience: Intermediate
24-Jan-2009, 06:00 AM #84
Regarding AOL; I used the AOL uninstaller to uninstall TopSpeedMonitor, and connectivity; yet I still see these services running : aolacsd, aoltsmon; I don't understand how/why, and would like to stop them from running.

There are other services that I believe do not need to be running either; cdac11ba.ese (c-dilla), jqs.conf (java quick start), adskscsrv.exe (autodesk), and any other you recommend.

The only Microsoft update that is pending is service pack 3; I beleive the error you see in the previous listing is where I cancelled it. I hesitate to install it in the middle of everything else we are doing, and want to make sure I have the appropriate backups.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 98,380 posts.
 
Join Date: Aug 2003
25-Jan-2009, 01:37 PM #85
Please open HijackThis.
Click on Open Misc Tools Section
Make sure that both boxes beside "Generate StartupList Log" are checked:
  • List all minor sections(Full)
  • List Empty Sections(Complete)
Click Generate StartupList Log.
Click Yes at the prompt.
It will open a text file. Please copy the entire contents of that page and paste it here.
heleneh's Avatar
heleneh heleneh is offline
Computer Specs
Member with 72 posts.
THREAD STARTER
 
Join Date: Dec 2008
Experience: Intermediate
26-Jan-2009, 08:57 AM #86
Hijack this startup log
file attached
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 98,380 posts.
 
Join Date: Aug 2003
27-Jan-2009, 07:20 PM #87
Go to Start - Run type in cmd then click OK. The MSDOS window will be displayed. At the prompt type the following:

SC Stop Aolacsd
Press Enter

Type:

SC Delete Aolacsd
Press Enter

SC Stop aoltsmon
Press Enter

Type:

SC Delete aoltsmon
Press Enter


Reboot and post a new HijackThis log please.
heleneh's Avatar
heleneh heleneh is offline
Computer Specs
Member with 72 posts.
THREAD STARTER
 
Join Date: Dec 2008
Experience: Intermediate
27-Jan-2009, 10:40 PM #88
for each of the commands you requested, i received back the message "the specified service does not exist as an installed service"

hijack this attached
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 98,380 posts.
 
Join Date: Aug 2003
28-Jan-2009, 11:20 AM #89
OK, let's try these commands then:

Go to Start - Run type in cmd then click OK. The MSDOS window will be displayed. At the prompt type the following:

SC Stop "AOL Connectivity Service"
Press Enter

Type:

SC Delete "AOL Connectivity Service"
Press Enter

SC Stop "AOL TopSpeed Monitor"
Press Enter

Type:

SC Delete "AOL TopSpeed Monitor"
Press Enter

Type:

Exit


Then post a new HijackThis startup log as well as the regular scan log.
heleneh's Avatar
heleneh heleneh is offline
Computer Specs
Member with 72 posts.
THREAD STARTER
 
Join Date: Dec 2008
Experience: Intermediate
28-Jan-2009, 01:34 PM #90
for each of the commands you requested, i received back the message "the specified service does not exist as an installed service"

hijackthis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:47 PM, on 1/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://registration.aol.com/mail?s_u...te-CurrentProd
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: RemindU - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/en...ach_core_1.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/...ploader4_5.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://trueswitch.com/TrueInstall.exe
O16 - DPF: {FFFFFFFF-CAFE-BABE-BABE-01AA0055595A} - http://www.truesuite.com/trueclean/TrueCleanInstall.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10048 bytes


Startup log attached

thanks
Helene
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
malware, trojan

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2