Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Fake Window Security icon [Solved]


  • This topic is locked This topic is locked

#1
benjob

benjob

    Member

  • Member
  • PipPip
  • 26 posts
Hi all,

When my computer starts up an icon appears in the bottom right which then pops up and says my computer may be at risk. It is a Windows Security Alert and appears to be a virus from the research I have done. Obviously I want to remove this and any other possible infections I have in the computer.

Hope you can help and am grateful for the support.

Ben

Please find the OTL text below:

OTL logfile created on: 13/07/2013 15:44:44 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\admin\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.04 Mb Total Physical Memory | 348.55 Mb Available Physical Memory | 34.10% Memory free
2.40 Gb Paging File | 1.74 Gb Available in Paging File | 72.46% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 53.20 Gb Total Space | 20.82 Gb Free Space | 39.13% Space Free | Partition Type: FAT32
Drive D: | 53.69 Gb Total Space | 2.02 Gb Free Space | 3.77% Space Free | Partition Type: FAT32

Computer Name: ADMIN-E1436EB8B | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/13 15:44:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\admin\My Documents\Downloads\OTL.exe
PRC - [2013/07/12 19:49:48 | 000,846,288 | ---- | M] (Google Inc.) -- D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2013/07/05 18:23:56 | 001,104,384 | ---- | M] (Spotify Ltd) -- D:\Documents and Settings\admin\Application Data\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/05/25 01:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- D:\Documents and Settings\admin\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2006/06/23 10:40:58 | 000,086,016 | ---- | M] (Logitech) -- d:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006/04/14 11:49:28 | 000,397,381 | ---- | M] (Intel Corporation) -- D:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/12 19:49:46 | 000,396,240 | ---- | M] () -- D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 19:49:44 | 013,599,184 | ---- | M] () -- D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
MOD - [2013/07/12 19:49:44 | 004,052,944 | ---- | M] () -- D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 19:48:50 | 001,597,392 | ---- | M] () -- D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2013/03/13 21:48:52 | 024,978,944 | ---- | M] () -- D:\Documents and Settings\admin\Application Data\Dropbox\bin\libcef.dll
MOD - [2012/11/14 00:32:50 | 003,558,400 | ---- | M] () -- D:\Documents and Settings\admin\Application Data\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- D:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/04/14 12:00:00 | 000,059,904 | ---- | M] () -- D:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 12:00:00 | 000,014,336 | ---- | M] () -- D:\WINDOWS\system32\msdmo.dll
MOD - [2006/04/14 12:04:58 | 000,876,544 | ---- | M] () -- D:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2006/04/14 12:04:58 | 000,208,965 | ---- | M] () -- D:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/04/14 12:04:58 | 000,053,322 | ---- | M] () -- D:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/03/10 11:49:30 | 000,970,862 | ---- | M] () -- D:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005/11/11 20:40:48 | 000,757,760 | ---- | M] () -- D:\WINDOWS\system32\bcm1xsup.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2006/06/23 10:40:58 | 000,086,016 | ---- | M] (Logitech) [Auto | Running] -- d:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TFSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2006/06/28 16:25:24 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/06/23 10:40:58 | 002,400,128 | ---- | M] () [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2006/06/23 10:40:58 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2006/06/19 12:20:24 | 001,097,728 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av)
DRV - [2006/06/19 12:16:16 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/06/16 19:17:38 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/06/16 19:17:38 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/06/16 19:17:36 | 000,061,056 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/04/14 13:04:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/04/04 03:17:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006/01/17 10:21:52 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/01/17 10:19:46 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/01/17 10:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/01/17 10:15:36 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/01/17 10:11:56 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/10/31 14:17:00 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADRA_enGB415
IE - HKCU\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-re...=GB&ver=4.0.0.0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Documents and Settings\admin\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: D:\Documents and Settings\admin\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Documents and Settings\admin\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.ft.com/
CHR - plugin: Shockwave Flash (Enabled) = D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = D:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = D:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = D:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = D:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = D:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Google Update (Enabled) = D:\Documents and Settings\admin\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = D:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,734 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [Spotify] D:\Documents and Settings\admin\Application Data\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] D:\Documents and Settings\admin\Application Data\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: D:\Documents and Settings\admin\Start Menu\Programs\Startup\Dropbox.lnk = D:\Documents and Settings\admin\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1295277526752 (WUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F6696F1-89B8-4AB2-8ECF-8A3018341A6E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Antiwpa: DllName - (wpa.dll) - File not found
O24 - Desktop WallPaper: D:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/18 22:41:54 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/12 22:03:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\admin\Application Data\Malwarebytes
[2013/07/12 22:03:22 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[8 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/13 15:39:02 | 000,000,884 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/13 14:53:14 | 000,051,048 | ---- | M] () -- D:\WINDOWS\System32\nvapps.xml
[2013/07/13 14:33:18 | 000,000,880 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/13 14:32:48 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2013/07/13 12:51:58 | 000,002,214 | ---- | M] () -- D:\Documents and Settings\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/13 12:51:56 | 000,002,196 | ---- | M] () -- D:\Documents and Settings\admin\Desktop\Google Chrome.lnk
[2013/07/13 12:42:10 | 000,000,926 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1123561945-1644491937-1003Core1ce7fbd5ee7e3c8.job
[2013/07/12 21:49:26 | 000,002,495 | ---- | M] () -- D:\Documents and Settings\admin\Desktop\Microsoft Office Excel 2003.lnk
[2013/07/12 18:54:06 | 000,013,646 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2013/07/12 18:54:00 | 000,160,344 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/12 18:35:10 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2013/07/10 20:29:04 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK
[2013/07/02 20:07:08 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/06/17 19:49:22 | 000,002,497 | ---- | M] () -- D:\Documents and Settings\admin\Desktop\Microsoft Office Word 2003.lnk
[8 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/13 12:37:35 | 000,000,926 | ---- | C] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1123561945-1644491937-1003Core1ce7fbd5ee7e3c8.job
[2012/09/15 11:11:02 | 000,000,664 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2012/09/06 16:09:51 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\admin\Local Settings\Application Data\{3377ACB9-C07D-425B-8FAE-F8BD07277DDC}
[2011/01/16 12:36:25 | 000,076,288 | ---- | C] () -- D:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2011/01/16 12:18:26 | 000,000,227 | RHS- | M] () -- D:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/11/05 05:05:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = D:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = D:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/01/17 17:18:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/17 17:50:38 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/20 15:50:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/01/20 15:57:32 | 000,000,000 | -H-D | M] -- D:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/03/29 14:20:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TuneClone
[2011/11/15 11:03:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\InstallMate
[2011/11/15 11:03:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Premium
[2011/01/20 20:23:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\admin\Application Data\ElevatedDiagnostics
[2011/01/20 21:50:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\admin\Application Data\Spotify
[2011/10/13 08:32:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\admin\Application Data\OpenOffice.org
[2011/11/20 10:12:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\admin\Application Data\TestApp
[2012/01/12 17:33:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\admin\Application Data\Dropbox
[2012/04/12 10:31:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\admin\Application Data\Amazon

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello benjob and :welcome:

I am nathdep and I will be helping you with your malware problems.

Note: Just to let you know, I am still in the process of training to become a malware expert. I want you to know that I have a teacher who will be reviewing all the fixes that I post here. Thank you for being part of my learning process! :)

Also, I ask that you please stay here through the entire malware removal process. Leaving midway can cause more complications as the malware will not be fully removed. Once agian, please stay here until the malware removal process is complete.


Here are some general steps to follow during the clean up procedure:


  • Please print these instructions as well as future instructions as you may have to boot in safe mode and will not be able to access this site via the internet. Another solution is saving these instructions by copying and pasting them into notebook and saving the file in a convenient location.
  • Please be patient as the malware removal process could be lengthy, complex, and at times frustrating. Your cooperation throughout the entire process will benefit you as it will expedite your removal time. Please keep this issue in this post and do not post this same issue on a different site. Doing so can be compared to a patient seeing two different doctors. If the two different doctors are not aware of what medication the other doctor is prescribing, the patient could be risking his life. This is synonymous to a computer's health.
  • Please read (and re-read) the instructions entirely as not following the instructions carefully can produce damaging results.
  • Please tell me how your computer is running in the beginning of each post. Tell me both recurring and new
    issues
    as this added information can shed even more light to the problems you are experiencing.

I have to get my first fix approved by my teacher. I will be back ASAP!
  • 0

#3
benjob

benjob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi Nathdep,

Thanks for your reply and help, look forward to working with you. At the moment, computer is not running too badly but the icon mentioned remains at the bottom of the taskbar.



Thanks

Ben
  • 0

#4
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello benjob!

Please follow these instructions very carefully:

First, navigate to your Desktop and either minimize or close any open windows.

Follow the instructions here.

Upload the picture in your next post.
  • 0

#5
benjob

benjob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi,

cant seem to be able to attach the screen shot to the reply or paste it in the text? Links at top of email don't seem to make it possible. Any hints?
  • 0

#6
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Try this:

When you go down to make a reply, click on Use Full Editor.

If you look underneath the text box, there should be an area under Attachments.

Click Browse... and choose the picture.

Click Open and then Attach This File.

Sorry about the confusion! If this doesn't work let me know.
  • 0

#7
benjob

benjob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi,

sorry, missed this before. Have attached a jpeg, hope this helps...

Attached Thumbnails

  • untitled.JPG

  • 0

#8
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts

sorry, missed this before. Have attached a jpeg, hope this helps...


It's fine! I should have told you how to attach it.

I do have a question though. Do you have an antivirus installed?
  • 0

#9
benjob

benjob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
No,I don't at the moment. Used to have PC Spyware Doctor.
  • 0

#10
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello again benjob!

I believe the problem you are having is not because you have malware. It is because you do not have an antivirus installed.

Always keep one antivirus program running.

There are many different programs to choose from. Many programs will not offer you the level of protection needed to keep your computer safe. Here is a program that will give you an exceptional amount of security:


Next, you need to run Malwarebytes' Anti-Malware

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Next, download the GMER Rootkit Scanner by clicking here. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

In your next post, be sure to include
  • The MBAM log
  • GMER.txt
  • A report if the above instructions solved your initial problem. Also tell me if you have any issues while following the above instructions.

  • 0

#11
benjob

benjob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi,

ran a MBAM scan recently. Didn't get rid of the virus but it meant my laptop was a lot slower then normal so got removed the programme. Downloaded it again and am running another scan and it didn't detect anything this time. Will the microsoft security essentials programme. Doing the next part of your instructions may take some time as am quite busy atm so please bear with me.
  • 0

#12
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
That's fine! :)

Take all the time you need. I'd rather you take your time than rush through the instructions.
  • 0

#13
benjob

benjob

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi,hope you're well. Here is the MBAM report and GMER report. Unfortunately, the security icon is still at the bottom of the taskbar. Going to download the microsoft security essentials package soon.

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.23.09

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
admin :: ADMIN-E1436EB8B [administrator]

Protection: Disabled

23/07/2013 22:11:21
mbam-log-2013-07-23 (22-11-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240153
Time elapsed: 9 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)










GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-23 22:00:06
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541212H9AT00 rev.HP4OA23C 111.79GB
Running: gmer.exe; Driver: D:\DOCUME~1\admin\LOCALS~1\Temp\pwpyykow.sys


---- Kernel code sections - GMER 2.1 ----

.text D:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6FC8360, 0x22379D, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 80, 4F, 00]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 83, 4F, 00]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 80, 4F, 00]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 81, 4F, 00]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91259A
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 82, 4F, 00]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 81, 4F, 00]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 82, 4F, 00]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91260B
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 80, 4F, 00]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912739
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 81, 4F, 00]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 82, 4F, 00]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 83, 4F, 00]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1680] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A4, 92, 00]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, A7, 92, 00]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A4, 92, 00]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A5, 92, 00]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9168BE
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, A6, 92, 00]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A5, 92, 00]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, A6, 92, 00]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91692F
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A4, 92, 00]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B916A5D
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A5, 92, 00]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, A6, 92, 00]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, A7, 92, 00]
.text D:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2376] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text D:\Documents and Settings\admin\Application Data\Spotify\Spotify.exe[3404] ntdll.dll!DbgBreakPoint 7C90120E 1 Byte [C3]
.text D:\Documents and Settings\admin\Application Data\Spotify\Spotify.exe[3404] ntdll.dll!DbgUiRemoteBreakin 7C9520EC 5 Bytes JMP 7C9225C8 D:\WINDOWS\system32\ntdll.dll

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys

---- EOF - GMER 2.1 ----
  • 0

#14
nathdep

nathdep

    Member

  • Member
  • PipPipPip
  • 587 posts
Hello again!

Unfortunately, the security icon is still at the bottom of the taskbar. Going to download the microsoft security essentials package soon.


I would definitely download Microsoft Security Essentials as soon as possible.

I think the reason why you are seeing the security icon is because Windows will alert you if there isn't any anitivirus software installed. I didn't see any evidence of you having an antivirus.

I am curious to see if this icon goes away after you install Microsoft Security Essentials. Let me know if it does.
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP