1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

XP - sudden massive malware issues!!

Discussion in 'Virus & Other Malware Removal' started by pghgirl, Apr 23, 2010.

Thread Status:
Not open for further replies.
  1. pghgirl

    pghgirl Thread Starter

    Joined:
    Apr 23, 2010
    Messages:
    32
    Hello. I was surfing the net a little bit ago and hung on a web site. Immediately afterwards, I started getting all these "XP Security popups " the popups looked EXACTLY like a real window (perhaps it was) but kept saying "unregistered version". This is my work laptop so everything is typically registered. It showed several of my c:\ directories and various malware infections (said I have 33 of them). I didn't click on the window, but did delete the popup window(s) through task manager. Down where the XP shield is on my tool/task bar (bottom right by clock) I keep getting the 'callout' windows saying my security has been compromised, etc.

    My machine runs mcafee but i didn't see anything suspicous found in recent scans. Please help me! My laptop had crashed a few weeks back (bad hard drive) and I just got myself all pulled together again only to get this :( The IT staff at my company is typically not much help (the answers are always "we will have to rebuild your machine") and I can't afford that unless absolutely necessary! I've used you guys before and have recommened people to you and know you guys rock...hoping you can help me!! Thanks in advance!!!

    My hijack log is below:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:11:34 AM, on 4/23/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17023)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\McAfee\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\oracle\product\10.2.0\client_1\bin\omtsreco.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
    C:\WINDOWS\system32\StacSV.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
    C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\McAfee\udaterui.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\McAfee\McTray.exe
    C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\jacksonn\Local Settings\Application Data\ave.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.98.20.24:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = jsqpstsps;josqpstssr;poprojapp;*.adpcorp.com;*.nj.adp.com;149.83.*.*;*.bis.adp.com;*.jsq.bsg.ad.adp.com;*.bsgint.adp.com;*.bsg.ad.adp.com;rbcportal.fg.rbc.com;*.adphc.com;spsportal;Jsqpstmoss01;Apbatchprint.broadridge.com;Apworkflow.broadridge.com;Brcentralprod.broadridge.com;Apdocs.broadridge.com;copernicus.broadridge.com;*.bsgnet.adp.com;*.adp.edgewood.com;orgplus.broadridge.com;*.sps.broadridge.com;*.spsnet.broadridge.com;*.iws.broadridge.com;sim.broadridge.com;*.adp-ics.com;*.wilco-int.com;170.19.*.*;38.128.*.*;192.168.*.*;*.broadridge.net;*.spsi.broadridge.com;iciportal1;brcentraluat.broadridge.com;194.62.144.*;194.62.146.*;peintra.documentmailbox.com;peintra2.documentmailbox.com;attask.investigocorp.com;*.adp-ids.com;spsinet.broadridge.com;morningstar.com;*.aidsarg04.*;brcentralqa.broadridge.com;172.16.*.*;10.*.*.*;idm.broadridge.com;149.84.*.*;adc-sps-vm.internal;*.adpdataphile.ca;intranet.documentmailbox.com;*.adp-ic
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    O4 - HKLM\..\Run: [SgeEcView] "C:\Program Files\Utimaco\SafeGuard Easy\Ecview.exe"
    O4 - HKLM\..\Run: [EdWizard] "C:\Program Files\Utimaco\SafeGuard Easy\EdWizard.exe" as
    O4 - HKLM\..\Run: [QPMEnroll] C:\WINDOWS\system32\QPMEnroll.exe
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\udaterui.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    O4 - Global Startup: VPN Client.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://adc-sps-vm.internal.accessdc.com
    O15 - Trusted Zone: http://*.adc-sps-vm
    O15 - Trusted Zone: *.adp-icd.net
    O15 - Trusted Zone: *.broadridge.com
    O15 - Trusted Zone: *.adp.edgewood.com
    O15 - Trusted Zone: http://emma.msrb.org
    O15 - Trusted Zone: http://www.munifilings.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bsg.ad.adp.com
    O17 - HKLM\Software\..\Telephony: DomainName = bsg.ad.adp.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bsg.ad.adp.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = salesvision.local,bsg.ad.adp.com,ad.adp.com,adp.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = salesvision.local,bsg.ad.adp.com,ad.adp.com,adp.com
    O23 - Service: BrlAPI - Unknown owner - C:\cygwin\bin\cygrunsrv.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\product\10.2.0\client_1\bin\omtsreco.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    O23 - Service: SafeGuardĀ® Easy Control (SgeCtl) - Utimaco Safeware AG - C:\Program Files\Utimaco\SafeGuard Easy\SgeCtl.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
    O23 - Service: SafeGuardĀ® Easy Workstation Server (WksCfgSrv) - Utimaco Safeware AG - C:\Program Files\Utimaco\SafeGuard Easy\WksCfgSrv.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
    --
    End of file - 8967 bytes
     
  2. pghgirl

    pghgirl Thread Starter

    Joined:
    Apr 23, 2010
    Messages:
    32
    downloaded Microsoft Security essentials and that detected win32/FakeRean as well as another item. The security essentials program cleaned it up a nd all seems better now. this site is the best. thanks guys!!!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/918776

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice