Windows fake security alert-can't get to internet

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Windows fake security alert-can't get to internet16th October 2010, 1:55 pm

I have Windows Vista on my laptop. I accidentally clicked on an add and suddenly the windows alert box popped up everywhere. Will not let me get to the internet to download Malware Byte to get rid of it. Tried safemode but no go. Crash dumping HELP!!

NOTE: Was able to control alt delete at start up and stop the malware long enough to reach the internet to download Malware-Bites can't scan it though because the security alerts keep popping up and will not allow it. HELPPPPP!

Last edited by hiway on 16th October 2010, 5:58 pm; edited 2 times in total (Reason for editing : added updated info)

Re: Windows fake security alert-can't get to internet16th October 2010, 8:35 pm

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:

Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
If you have already asked for help somewhere, please post the link to the topic you were helped.
We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

Reply to this topic with the word BUMP, or
see this topic.
Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please download and run RKill.

Download mirror 1 - Download mirror 2 - Download mirror 3

Save it to your Desktop.
Double click the RKill desktop icon.
It will quickly run and launch a log. If it does not launch a log, try another download link until it does.
Please post its log in your next reply.
After it has run successfully, delete RKill.

Note: This tool only kills the active infection, the actual infection will not be gone. Once you reboot the infection will be active again! Please do not reboot until instructed further to do so.

Note: the following tool is to only be used under the guidance of a malware helper. In the event you already have the tool, please delete the old copy and download a new copy.

Please download ComboFix Windows fake security alert-can't get to internet Combofix

Windows fake security alert-can't get to internet Combofix

from BleepingComputer.com

Alternate link: Forospyware.com (Click the green button on the page to download it).

Rename ComboFix.exe to combo-fix.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\combo-fix.exe" /killall
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*NOTE*: If you already have the Recovery Console installed, ComboFix will skip this part and will continue scanning for malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Windows fake security alert-can't get to internet Query_RC

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Windows fake security alert-can't get to internet RC_successful

Windows fake security alert-can't get to internet RC_successful

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

Re: Windows fake security alert-can't get to internet16th October 2010, 9:48 pm

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Laurie on 10/16/2010 at 17:12:54.

Services Stopped:

Processes terminated by Rkill or while it was running:
C:\Users\Laurie\Pictures\rkill(2).com
Rkill completed on 10/16/2010 at 17:14:10.

ComboFix 10-10-16.01 - Laurie 10/16/2010 17:26:40.1.1 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1013.393 [GMT -4:00]
Running from: c:\users\Laurie\Pictures\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msin_isv.dll
c:\windows\system32\service
c:\windows\system32\service\19052009_TIS17_SfFniAU.log

.
((((((((((((((((((((((((( Files Created from 2010-09-16 to 2010-10-16 )))))))))))))))))))))))))))))))
.

2010-10-16 21:34 . 2010-10-16 21:37 -------- d-----w- c:\users\Laurie\AppData\Local\temp
2010-10-16 21:34 . 2010-10-16 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-16 18:25 . 2010-10-16 18:25 -------- d-----w- c:\users\Laurie\AppData\Roaming\Malwarebytes
2010-10-16 17:36 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-16 17:36 . 2010-10-16 17:36 -------- d-----w- c:\programdata\Malwarebytes
2010-10-16 17:36 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-16 17:36 . 2010-10-16 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-16 04:54 . 2010-10-16 05:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps
2010-10-15 14:25 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{86D07FF2-1B0B-45E0-9380-82CB455C247D}\mpengine.dll
2010-10-14 01:43 . 2010-10-14 13:15 -------- d-----w- c:\windows\system32\MpEngineStore
2010-10-14 00:42 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 00:42 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 00:41 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 00:40 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 00:40 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 00:40 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 00:40 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 00:40 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 00:40 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 00:40 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-14 00:40 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-14 00:34 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-14 00:34 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-14 00:33 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 00:33 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-14 00:33 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 00:33 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-09-29 10:58 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 10:58 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-23 14:44 . 2010-09-23 14:44 -------- d-----w- c:\program files\Common Files\Software Update Utility

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Glary Memory Optimizer"="c:\program files\Glary Utilities\memdefrag.exe" [2010-05-26 108344]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-23 39408]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 833072]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 151552]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-02 675840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk
backup=c:\windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Laurie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 11:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-19 23:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-23 04:18 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2008-10-08 3328]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-16 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-08-09 14:01]

2010-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:51]

2010-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:51]

2010-09-28 c:\windows\Tasks\HPCeeScheduleForLaurie.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-12-18 00:08]

2010-10-16 c:\windows\Tasks\User_Feed_Synchronization-{D4B1B372-1C92-4538-B476-01342B145F30}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:29775
uInternet Settings,ProxyOverride =
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Laurie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
FF - ProfilePath - c:\users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\l6ugm1oc.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
MSConfigStartUp-UfSeAgnt - (no file)

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2496)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2010-10-16 17:44:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-16 21:44

Pre-Run: 14,404,136,960 bytes free
Post-Run: 14,318,157,824 bytes free

- - End Of File - - 6E459DBAA2EBF5F002211095D1D16633

Re: Windows fake security alert-can't get to internet16th October 2010, 11:56 pm

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the codebox below into it:
dds::
uInternet Settings,ProxyServer = http=127.0.0.1:29775
uInternet Settings,ProxyOverride =
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1

Link 2

Link 3

Double-click on MBRCheck.exe to run it.
It will open a black window...please do not fix anything (if it gives you an option).
When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
Please copy and paste the contents of that log in your next reply.

BUMP17th October 2010, 1:52 am

Not sure if this is the right combo log. Looks the same as the other. Pls let me know if I did something wrong. Thanks

ComboFix 10-10-16.01 - Laurie 10/16/2010 17:26:40.1.1 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1013.393 [GMT -4:00]
Running from: c:\users\Laurie\Pictures\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msin_isv.dll
c:\windows\system32\service
c:\windows\system32\service\19052009_TIS17_SfFniAU.log

.
((((((((((((((((((((((((( Files Created from 2010-09-16 to 2010-10-16 )))))))))))))))))))))))))))))))
.

2010-10-16 21:34 . 2010-10-16 21:37 -------- d-----w- c:\users\Laurie\AppData\Local\temp
2010-10-16 21:34 . 2010-10-16 21:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-16 18:25 . 2010-10-16 18:25 -------- d-----w- c:\users\Laurie\AppData\Roaming\Malwarebytes
2010-10-16 17:36 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-16 17:36 . 2010-10-16 17:36 -------- d-----w- c:\programdata\Malwarebytes
2010-10-16 17:36 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-16 17:36 . 2010-10-16 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-16 04:54 . 2010-10-16 05:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\CrashDumps
2010-10-15 14:25 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{86D07FF2-1B0B-45E0-9380-82CB455C247D}\mpengine.dll
2010-10-14 01:43 . 2010-10-14 13:15 -------- d-----w- c:\windows\system32\MpEngineStore
2010-10-14 00:42 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 00:42 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 00:41 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 00:40 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 00:40 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 00:40 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 00:40 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 00:40 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 00:40 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 00:40 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-14 00:40 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-14 00:34 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-14 00:34 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-14 00:33 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 00:33 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-14 00:33 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 00:33 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-09-29 10:58 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 10:58 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-23 14:44 . 2010-09-23 14:44 -------- d-----w- c:\program files\Common Files\Software Update Utility

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Glary Memory Optimizer"="c:\program files\Glary Utilities\memdefrag.exe" [2010-05-26 108344]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-23 39408]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 833072]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-02-26 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-02-26 151552]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-02 675840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk
backup=c:\windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Laurie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 05:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 11:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-19 23:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-23 04:18 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2008-10-08 3328]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-16 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-08-09 14:01]

2010-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:51]

2010-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:51]

2010-09-28 c:\windows\Tasks\HPCeeScheduleForLaurie.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-12-18 00:08]

2010-10-16 c:\windows\Tasks\User_Feed_Synchronization-{D4B1B372-1C92-4538-B476-01342B145F30}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:29775
uInternet Settings,ProxyOverride =
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Laurie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
FF - ProfilePath - c:\users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\l6ugm1oc.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
MSConfigStartUp-UfSeAgnt - (no file)

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2496)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2010-10-16 17:44:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-16 21:44

Pre-Run: 14,404,136,960 bytes free
Post-Run: 14,318,157,824 bytes free

- - End Of File - - 6E459DBAA2EBF5F002211095D1D16633

BUMP17th October 2010, 1:59 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6000 (RD870AV#ABA)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 165):
0x82404000 \SystemRoot\system32\ntkrnlpa.exe
0x827BD000 \SystemRoot\system32\hal.dll
0x80405000 \SystemRoot\system32\kdcom.dll
0x8040C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047C000 \SystemRoot\system32\PSHED.dll
0x8048D000 \SystemRoot\system32\BOOTVID.dll
0x80495000 \SystemRoot\system32\CLFS.SYS
0x804D6000 \SystemRoot\system32\CI.dll
0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80689000 \SystemRoot\system32\drivers\acpi.sys
0x806CF000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D8000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E0000 \SystemRoot\system32\drivers\pci.sys
0x80707000 \SystemRoot\System32\drivers\partmgr.sys
0x80716000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80719000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80723000 \SystemRoot\system32\drivers\volmgr.sys
0x80732000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077C000 \SystemRoot\system32\drivers\intelide.sys
0x80783000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80791000 \SystemRoot\System32\drivers\mountmgr.sys
0x807A1000 \SystemRoot\system32\drivers\atapi.sys
0x807A9000 \SystemRoot\system32\drivers\ataport.SYS
0x807C7000 \SystemRoot\system32\drivers\msahci.sys
0x805B6000 \SystemRoot\system32\drivers\fltmgr.sys
0x807D1000 \SystemRoot\system32\drivers\fileinfo.sys
0x807E1000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82A00000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82A71000 \SystemRoot\system32\drivers\ndis.sys
0x82B7C000 \SystemRoot\system32\drivers\msrpc.sys
0x82BA7000 \SystemRoot\system32\drivers\NETIO.SYS
0x83001000 \SystemRoot\System32\drivers\tcpip.sys
0x830EB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8320B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8331B000 \SystemRoot\system32\drivers\volsnap.sys
0x83354000 \SystemRoot\System32\Drivers\spldr.sys
0x8335C000 \SystemRoot\System32\Drivers\mup.sys
0x8336B000 \SystemRoot\System32\drivers\ecache.sys
0x83392000 \SystemRoot\system32\drivers\disk.sys
0x833A3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x833C4000 \SystemRoot\system32\drivers\crcdisk.sys
0x833EF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x83200000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x83106000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x833FA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x83115000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x89C09000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8311E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8A1E0000 \SystemRoot\System32\drivers\watchdog.sys
0x8A40C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A80A000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8AA32000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8AA3D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8AA7B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AA8A000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8AA9A000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8AAA8000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8AAC2000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8AAD0000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8AAE4000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8AB35000 \SystemRoot\system32\DRIVERS\e100b325.sys
0x8AB5C000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x8AB5F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8AB6F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8AB76000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8AB89000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8AB94000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8ABBF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8ABC1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8ABCC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8A499000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8A4C8000 \SystemRoot\system32\DRIVERS\storport.sys
0x8ABE4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8A509000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8ABEF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A520000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A543000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A552000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8A566000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8A57B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8ABFA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8A58B000 \SystemRoot\system32\DRIVERS\ks.sys
0x8A800000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8A5B5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8A5C2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8A5F7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8A1EC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x831BF000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8BA0E000 \SystemRoot\system32\drivers\portcls.sys
0x8BA3B000 \SystemRoot\system32\drivers\drmk.sys
0x8BA60000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8BA9D000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8BC06000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8BCBA000 \SystemRoot\system32\drivers\modem.sys
0x8BCC7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8BCD0000 \SystemRoot\System32\Drivers\Null.SYS
0x8BCD7000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BCDE000 \SystemRoot\System32\drivers\vga.sys
0x8BCEA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BD0B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BD13000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BD1B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BD26000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BD34000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8BD3D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BD53000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8BD5D000 \SystemRoot\system32\DRIVERS\smb.sys
0x8BD71000 \SystemRoot\system32\drivers\afd.sys
0x8BDB9000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8BDBE000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8BBA0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8BDF0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8BDFE000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x8BBB6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C402000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C43E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C448000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C45F000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8C486000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8CA0A000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x8CD5D000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8CD6A000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x8CD71000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8CD7E000 \SystemRoot\System32\Drivers\bthport.sys
0x8C49D000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8C4C6000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x8C4E0000 \SystemRoot\system32\drivers\btwavdt.sys
0x8C546000 \SystemRoot\system32\drivers\btwaudio.sys
0x8C5C1000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x8C5C4000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C5D1000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8C5DC000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x99CE0000 \SystemRoot\System32\win32k.sys
0x8C5E6000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C5F0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99F00000 \SystemRoot\System32\TSDDD.dll
0x99F20000 \SystemRoot\System32\cdd.dll
0x8BBC9000 \SystemRoot\system32\drivers\luafv.sys
0xAB608000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0xAB63F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xAB64A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAB65A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAB684000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAB68E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAB6A1000 \SystemRoot\system32\drivers\HTTP.sys
0xAB70E000 \SystemRoot\system32\drivers\spsys.sys
0xAB7BE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAB7DB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8BBE4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x833CD000 \SystemRoot\system32\drivers\mrxdav.sys
0xAE405000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAE424000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAE45D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAE475000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAE49D000 \SystemRoot\System32\DRIVERS\srv.sys
0xAE503000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAE507000 \SystemRoot\system32\drivers\peauth.sys
0xAE5E5000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAE5EF000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAE4EB000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x82BE2000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAE4F5000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x77370000 \Windows\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
428 C:\Windows\System32\smss.exe
512 csrss.exe
556 C:\Windows\System32\wininit.exe
564 csrss.exe
604 C:\Windows\System32\winlogon.exe
640 C:\Windows\System32\services.exe
652 C:\Windows\System32\lsass.exe
660 C:\Windows\System32\lsm.exe
812 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\audiodg.exe
1196 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\SLsvc.exe
1244 C:\Windows\System32\svchost.exe
1388 C:\Windows\System32\svchost.exe
1512 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1804 C:\Windows\System32\spoolsv.exe
1840 C:\Windows\System32\svchost.exe
552 C:\Windows\System32\taskeng.exe
824 C:\Windows\System32\svchost.exe
820 C:\Windows\System32\dwm.exe
1340 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
492 C:\Windows\System32\svchost.exe
2060 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2452 C:\Windows\System32\taskeng.exe
2584 C:\Windows\System32\svchost.exe
2640 C:\Program Files\Viewpoint\Common\ViewpointService.exe
2676 C:\Windows\System32\svchost.exe
2708 C:\Windows\System32\SearchIndexer.exe
2840 C:\Windows\System32\drivers\XAudio.exe
2884 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2996 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3432 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
2824 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3512 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
1744 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
3624 C:\Windows\System32\hkcmd.exe
3648 C:\Program Files\HP\QuickPlay\QPService.exe
3912 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3840 C:\Windows\WindowsMobile\wmdSync.exe
3608 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3276 C:\Program Files\Glary Utilities\memdefrag.exe
3920 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2372 C:\Program Files\Windows Media Player\wmpnscfg.exe
2564 C:\Program Files\Windows Media Player\wmpnetwk.exe
624 WmiPrvSE.exe
1756 C:\Windows\System32\svchost.exe
1024 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3364 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
304 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2496 C:\Windows\explorer.exe
2656 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3184 C:\Program Files\Windows Defender\MSASCui.exe
2696 C:\Windows\System32\wuauclt.exe
3872 C:\Program Files\Internet Explorer\iexplore.exe
3268 C:\Program Files\Internet Explorer\iexplore.exe
2188
1016 C:\Program Files\Internet Explorer\iexplore.exe
3896 C:\Users\Laurie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J5OVU94N\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`6d543200 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK6034GSX, Rev: AH101H

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Re: Windows fake security alert-can't get to internet17th October 2010, 4:25 pm

Sorry for using Bump in the subject lines. I misunderstood the instructions. Wasn't inpatient. Just misunderstood directions. Totally appreciate all that you do and realize how busy all the volunteers arre! Thank you for your help.

Re: Windows fake security alert-can't get to internet18th October 2010, 8:57 am

Fix using MBRCheck.exe

Run MBRCheck.exe again by double-clicking on it.

Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Enter 'Y' and then press Enter.
When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
Enter 0 and press the Enter key.
The program will show Available MBR codes followed by a list of operating systems as shown below:
Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive:

Please select your version of Windows from the list and enter the corresponding number and then press Enter.
When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
Left-click on the title bar (where program name and path is written).
From the menu chose Edit -> Select All.
Press the Enter key to copy selected text.
Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
If your computer does not restart on its own, please restart it manually.

Important Note: The Master Boot Record contains the Partition Table for the hard disk and a a little executable code for the boot start. While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the MBR, which may cause the computer to not boot up or it may corrupt a partition.

The following are signs of a damaged MBR:

Invalid Partition Table
Missing Operating System
Error loading operating system

If it is the worst case scenario, and your computer cannot boot, please take note of the following:

Please have your Windows CD available, which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then, if any problems occur, the links below explain how to use and repair the MBR:

If you do not have a Windows CD available, please let me know. You will need access to a computer that can burn CDs.

MBRCheck.txt18th October 2010, 11:07 am

Re: Windows fake security alert-can't get to internet18th October 2010, 10:20 pm

Ok. Now, re-run MBRCheck and post a log...

AND

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Next MBRCheck18th October 2010, 10:58 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6000 (RD870AV#ABA)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 165):
0x82404000 \SystemRoot\system32\ntkrnlpa.exe
0x827BD000 \SystemRoot\system32\hal.dll
0x80405000 \SystemRoot\system32\kdcom.dll
0x8040C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047C000 \SystemRoot\system32\PSHED.dll
0x8048D000 \SystemRoot\system32\BOOTVID.dll
0x80495000 \SystemRoot\system32\CLFS.SYS
0x804D6000 \SystemRoot\system32\CI.dll
0x80600000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067C000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80689000 \SystemRoot\system32\drivers\acpi.sys
0x806CF000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806D8000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E0000 \SystemRoot\system32\drivers\pci.sys
0x80707000 \SystemRoot\System32\drivers\partmgr.sys
0x80716000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80719000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80723000 \SystemRoot\system32\drivers\volmgr.sys
0x80732000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077C000 \SystemRoot\system32\drivers\intelide.sys
0x80783000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80791000 \SystemRoot\System32\drivers\mountmgr.sys
0x807A1000 \SystemRoot\system32\drivers\atapi.sys
0x807A9000 \SystemRoot\system32\drivers\ataport.SYS
0x807C7000 \SystemRoot\system32\drivers\msahci.sys
0x805B6000 \SystemRoot\system32\drivers\fltmgr.sys
0x807D1000 \SystemRoot\system32\drivers\fileinfo.sys
0x807E1000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82A00000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82A71000 \SystemRoot\system32\drivers\ndis.sys
0x82B7C000 \SystemRoot\system32\drivers\msrpc.sys
0x82BA7000 \SystemRoot\system32\drivers\NETIO.SYS
0x83001000 \SystemRoot\System32\drivers\tcpip.sys
0x830EB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8320B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8331B000 \SystemRoot\system32\drivers\volsnap.sys
0x83354000 \SystemRoot\System32\Drivers\spldr.sys
0x8335C000 \SystemRoot\System32\Drivers\mup.sys
0x8336B000 \SystemRoot\System32\drivers\ecache.sys
0x83392000 \SystemRoot\system32\drivers\disk.sys
0x833A3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x833C4000 \SystemRoot\system32\drivers\crcdisk.sys
0x833EF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x83200000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x83106000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x833FA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x83115000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x89C09000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8311E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8A1E0000 \SystemRoot\System32\drivers\watchdog.sys
0x8A40C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A80A000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8AA32000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8AA3D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8AA7B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AA8A000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8AA9A000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8AAA8000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8AAC2000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8AAD0000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8AAE4000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8AB35000 \SystemRoot\system32\DRIVERS\e100b325.sys
0x8AB5C000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x8AB5F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8AB6F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8AB76000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8AB89000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8AB94000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8ABBF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8ABC1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8ABCC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8A499000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8A4C8000 \SystemRoot\system32\DRIVERS\storport.sys
0x8ABE4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8A509000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8ABEF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A520000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A543000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A552000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8A566000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8A57B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8ABFA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8A58B000 \SystemRoot\system32\DRIVERS\ks.sys
0x8A800000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8A5B5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8A5C2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8A5F7000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8A1EC000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x831BF000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8BA0E000 \SystemRoot\system32\drivers\portcls.sys
0x8BA3B000 \SystemRoot\system32\drivers\drmk.sys
0x8BA60000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8BA9D000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8BC06000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8BCBA000 \SystemRoot\system32\drivers\modem.sys
0x8BCC7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8BCD0000 \SystemRoot\System32\Drivers\Null.SYS
0x8BCD7000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BCDE000 \SystemRoot\System32\drivers\vga.sys
0x8BCEA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BD0B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BD13000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BD1B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8BD26000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8BD34000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8BD3D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8BD53000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8BD5D000 \SystemRoot\system32\DRIVERS\smb.sys
0x8BD71000 \SystemRoot\system32\drivers\afd.sys
0x8BDB9000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8BDBE000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8BBA0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8BDF0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8BDFE000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x8BBB6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C402000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C43E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C448000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C45F000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8C486000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8CA0A000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x8CD5D000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8CD6A000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x8CD71000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x8CD7E000 \SystemRoot\System32\Drivers\bthport.sys
0x8C49D000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8C4C6000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x8C4E0000 \SystemRoot\system32\drivers\btwavdt.sys
0x8C546000 \SystemRoot\system32\drivers\btwaudio.sys
0x8C5C1000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x8C5C4000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C5D1000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8C5DC000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x99CE0000 \SystemRoot\System32\win32k.sys
0x8C5E6000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C5F0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x99F00000 \SystemRoot\System32\TSDDD.dll
0x99F20000 \SystemRoot\System32\cdd.dll
0x8BBC9000 \SystemRoot\system32\drivers\luafv.sys
0xAB608000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0xAB63F000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xAB64A000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xAB65A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xAB684000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAB68E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAB6A1000 \SystemRoot\system32\drivers\HTTP.sys
0xAB70E000 \SystemRoot\system32\drivers\spsys.sys
0xAB7BE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAB7DB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8BBE4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x833CD000 \SystemRoot\system32\drivers\mrxdav.sys
0xAE405000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAE424000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAE45D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAE475000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAE49D000 \SystemRoot\System32\DRIVERS\srv.sys
0xAE503000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAE507000 \SystemRoot\system32\drivers\peauth.sys
0xAE5E5000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAE5EF000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAE4EB000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x82BE2000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAE4F5000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x77370000 \Windows\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
428 C:\Windows\System32\smss.exe
512 csrss.exe
556 C:\Windows\System32\wininit.exe
564 csrss.exe
604 C:\Windows\System32\winlogon.exe
640 C:\Windows\System32\services.exe
652 C:\Windows\System32\lsass.exe
660 C:\Windows\System32\lsm.exe
812 C:\Windows\System32\svchost.exe
892 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\audiodg.exe
1196 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\SLsvc.exe
1244 C:\Windows\System32\svchost.exe
1388 C:\Windows\System32\svchost.exe
1512 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1804 C:\Windows\System32\spoolsv.exe
1840 C:\Windows\System32\svchost.exe
552 C:\Windows\System32\taskeng.exe
824 C:\Windows\System32\svchost.exe
820 C:\Windows\System32\dwm.exe
1340 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
492 C:\Windows\System32\svchost.exe
2060 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2452 C:\Windows\System32\taskeng.exe
2584 C:\Windows\System32\svchost.exe
2640 C:\Program Files\Viewpoint\Common\ViewpointService.exe
2676 C:\Windows\System32\svchost.exe
2708 C:\Windows\System32\SearchIndexer.exe
2840 C:\Windows\System32\drivers\XAudio.exe
2884 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2996 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3432 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
2824 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3512 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
1744 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
3624 C:\Windows\System32\hkcmd.exe
3648 C:\Program Files\HP\QuickPlay\QPService.exe
3912 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3840 C:\Windows\WindowsMobile\wmdSync.exe
3608 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3276 C:\Program Files\Glary Utilities\memdefrag.exe
3920 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2372 C:\Program Files\Windows Media Player\wmpnscfg.exe
2564 C:\Program Files\Windows Media Player\wmpnetwk.exe
624 WmiPrvSE.exe
1756 C:\Windows\System32\svchost.exe
1024 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
3364 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
304 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2496 C:\Windows\explorer.exe
2656 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3184 C:\Program Files\Windows Defender\MSASCui.exe
3420 C:\Windows\System32\wuauclt.exe
4280 C:\Program Files\Internet Explorer\iexplore.exe
5560 C:\Program Files\Internet Explorer\iexplore.exe
5220 C:\Windows\servicing\TrustedInstaller.exe
152 C:\Program Files\Internet Explorer\iexplore.exe
4912 C:\Users\Laurie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J5OVU94N\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`6d543200 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK6034GSX, Rev: AH101H

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

ESET Online Scan19th October 2010, 1:11 am

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=3e5dc8d993dd064a8c8229107f26e290
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-19 12:43:32
# local_time=2010-10-18 08:43:32 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 19489840 19489840 0 0
# compatibility_mode=5892 16776637 100 100 0 124050679 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=187050
# found=3
# cleaned=3
# scan_time=5904
C:\Program Files\Registry Patrol\RegistryPatrol.exe a variant of Win32/Adware.RegistryPatrol application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\msin_isv.dll.vir a variant of Win32/PSW.Papras.BO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Laurie\Downloads\SetupPlaySushi.exe Win32/Adware.Gamevance.AE application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Last edited by hiway on 19th October 2010, 1:15 am; edited 1 time in total (Reason for editing : orig. couldn't find log file. Found & posted)

Re: Windows fake security alert-can't get to internet19th October 2010, 5:15 am

Please reboot your computer, and when booting, select the new extra option you should have, and boot into the recovery console.

Windows fake security alert-can't get to internet Recoveryconsole-startup

Windows fake security alert-can't get to internet Recoveryconsole-startup

Once in the RC, type in "fixmbr" and hit Enter.

Windows fake security alert-can't get to internet Fixmbr

Type 'y' if asked to, and allow it to do it's job.

Once it's done that and shows the next bit for another command, type "exit"

This will reboot your machine again, allow it to boot normally.

Post a new MBRCheck log afterward.

Re: Windows fake security alert-can't get to internet19th October 2010, 11:07 am

I rebooted several times but was taken directly to the desktop. I never got the black screen offering me options. (?)

Re: Windows fake security alert-can't get to internet19th October 2010, 5:25 pm

Shut down the computer. Then, power it back on. At the first screen, begin pressing F8, until you get a menu with options, then choose "Repair your computer" and take my instructions from above for the rest.

Re: Windows fake security alert-can't get to internet19th October 2010, 6:20 pm

I got the black screen, was able to choose repair your computer and was then prompted to input a password. Administrator, guest or me. I chose me and put in my password. It now brought me to a screen that gives the options of : 1) System Recovery Tool 2) Startup Repair 3) System Restore 4) Windows COmplete PC Restore 5) Windows Memory Diagnostic Tool 6) Command Prompt 7) Restore Application

No idea which one to pick. Thank you

Re: Windows fake security alert-can't get to internet19th October 2010, 6:22 pm

As I said, pick Command Prompt.

In command prompt, enter in this:

bootrec /FixMbr

exit

Re: Windows fake security alert-can't get to internet19th October 2010, 6:49 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Basic Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6000 (RD870AV#ABA)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 164):
0x8241E000 \SystemRoot\system32\ntkrnlpa.exe
0x827D7000 \SystemRoot\system32\hal.dll
0x80407000 \SystemRoot\system32\kdcom.dll
0x8040E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047E000 \SystemRoot\system32\PSHED.dll
0x8048F000 \SystemRoot\system32\BOOTVID.dll
0x80497000 \SystemRoot\system32\CLFS.SYS
0x804D8000 \SystemRoot\system32\CI.dll
0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80689000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80696000 \SystemRoot\system32\drivers\acpi.sys
0x806DC000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E5000 \SystemRoot\system32\drivers\msisadrv.sys
0x806ED000 \SystemRoot\system32\drivers\pci.sys
0x80714000 \SystemRoot\System32\drivers\partmgr.sys
0x80723000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80726000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80730000 \SystemRoot\system32\drivers\volmgr.sys
0x8073F000 \SystemRoot\System32\drivers\volmgrx.sys
0x80789000 \SystemRoot\system32\drivers\intelide.sys
0x80790000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8079E000 \SystemRoot\System32\drivers\mountmgr.sys
0x807AE000 \SystemRoot\system32\drivers\atapi.sys
0x807B6000 \SystemRoot\system32\drivers\ataport.SYS
0x807D4000 \SystemRoot\system32\drivers\msahci.sys
0x805B8000 \SystemRoot\system32\drivers\fltmgr.sys
0x807DE000 \SystemRoot\system32\drivers\fileinfo.sys
0x807EE000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82A07000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82A78000 \SystemRoot\system32\drivers\ndis.sys
0x82B83000 \SystemRoot\system32\drivers\msrpc.sys
0x82BAE000 \SystemRoot\system32\drivers\NETIO.SYS
0x8300C000 \SystemRoot\System32\drivers\tcpip.sys
0x830F6000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8320F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8331F000 \SystemRoot\system32\drivers\volsnap.sys
0x83358000 \SystemRoot\System32\Drivers\spldr.sys
0x83360000 \SystemRoot\System32\Drivers\mup.sys
0x8336F000 \SystemRoot\System32\drivers\ecache.sys
0x83396000 \SystemRoot\system32\drivers\disk.sys
0x833A7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x833C8000 \SystemRoot\system32\drivers\crcdisk.sys
0x833F3000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x83200000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x83111000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x83209000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x83120000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8A007000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x83129000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8A5DE000 \SystemRoot\System32\drivers\watchdog.sys
0x89A04000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A60A000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8A832000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A83D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A87B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A88A000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8A89A000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8A8A8000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8A8C2000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8A8D0000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8A8E4000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8A935000 \SystemRoot\system32\DRIVERS\e100b325.sys
0x8A95C000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
0x8A95F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8A96F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8A976000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A989000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A994000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8A9BF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8A9C1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8A9CC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x89A91000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x89AC0000 \SystemRoot\system32\DRIVERS\storport.sys
0x8A9E4000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x89B01000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8A9EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x89B18000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x89B3B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x89B4A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x89B5E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x89B73000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8A9FA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x89B83000 \SystemRoot\system32\DRIVERS\ks.sys
0x8A600000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x89BAD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x89BBA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x89BEF000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8A5EA000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x831CA000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8B604000 \SystemRoot\system32\drivers\portcls.sys
0x8B631000 \SystemRoot\system32\drivers\drmk.sys
0x8B656000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8B693000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8B404000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8B4B8000 \SystemRoot\system32\drivers\modem.sys
0x8B4C5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8B4CE000 \SystemRoot\System32\Drivers\Null.SYS
0x8B4D5000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B4DC000 \SystemRoot\System32\drivers\vga.sys
0x8B4E8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B509000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B511000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B519000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B524000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B532000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8B53B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B551000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8B55B000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B56F000 \SystemRoot\system32\drivers\afd.sys
0x8B5B7000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8B5BC000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8B796000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B5EE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B5FC000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
0x8B7AC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8B7BF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x83000000 \SystemRoot\system32\drivers\nsiproxy.sys
0x82BE9000 \SystemRoot\System32\Drivers\dfsc.sys
0x8BE02000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8BE29000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8BE36000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8BE41000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x8BE4B000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x93601000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x93954000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x93961000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x93968000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x93975000 \SystemRoot\System32\Drivers\bthport.sys
0x96AD0000 \SystemRoot\System32\win32k.sys
0x939F5000 \SystemRoot\System32\drivers\Dxapi.sys
0x8BE62000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x8BE8B000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x8BE95000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x8BEAF000 \SystemRoot\system32\drivers\btwavdt.sys
0x8BF15000 \SystemRoot\system32\drivers\btwaudio.sys
0x8BF90000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x8BF93000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96CF0000 \SystemRoot\System32\TSDDD.dll
0x96D10000 \SystemRoot\System32\cdd.dll
0x8BFA2000 \SystemRoot\system32\drivers\luafv.sys
0x8BFBD000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8BFF4000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x833D1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xABE05000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xABE2F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xABE39000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xABE4C000 \SystemRoot\system32\drivers\spsys.sys
0xABEFC000 \SystemRoot\system32\drivers\HTTP.sys
0xABF69000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xABF86000 \SystemRoot\system32\DRIVERS\bowser.sys
0xABF9F000 \SystemRoot\System32\drivers\mpsdrv.sys
0xABFB4000 \SystemRoot\system32\drivers\mrxdav.sys
0xABFD5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAE00E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAE047000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAE05F000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAE087000 \SystemRoot\System32\DRIVERS\srv.sys
0xAE0ED000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xAE0F1000 \SystemRoot\system32\drivers\peauth.sys
0xAE1CF000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAE1D9000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAE1E5000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xAE0D5000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x774A0000 \Windows\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
428 C:\Windows\System32\smss.exe
504 csrss.exe
556 C:\Windows\System32\wininit.exe
564 csrss.exe
604 C:\Windows\System32\winlogon.exe
640 C:\Windows\System32\services.exe
656 C:\Windows\System32\lsass.exe
664 C:\Windows\System32\lsm.exe
820 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\audiodg.exe
1196 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\SLsvc.exe
1248 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\svchost.exe
1508 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1812 C:\Windows\System32\spoolsv.exe
1836 C:\Windows\System32\svchost.exe
1988 C:\Windows\System32\svchost.exe
2040 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
552 C:\Windows\System32\svchost.exe
1904 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
808 C:\Windows\System32\taskeng.exe
2052 C:\Windows\System32\dwm.exe
2080 C:\Windows\explorer.exe
2200 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2208 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
2216 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
2240 C:\Windows\System32\hkcmd.exe
2280 C:\Program Files\HP\QuickPlay\QPService.exe
2292 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
2332 C:\Windows\WindowsMobile\wmdSync.exe
2356 C:\Windows\System32\svchost.exe
2384 C:\Windows\vsnp2uvc.exe
2424 C:\Program Files\Viewpoint\Common\ViewpointService.exe
2440 C:\Windows\System32\svchost.exe
2468 C:\Windows\System32\SearchIndexer.exe
2612 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2680 C:\Windows\System32\drivers\XAudio.exe
2768 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
2776 C:\Program Files\Glary Utilities\memdefrag.exe
2812 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2836 C:\Program Files\Windows Media Player\wmpnscfg.exe
2864 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3268 C:\Windows\System32\taskeng.exe
3476 WmiPrvSE.exe
3676 C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
4084 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
1240 C:\Program Files\Windows Media Player\wmpnetwk.exe
2128 C:\Windows\System32\svchost.exe
2748 C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
1596 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3256 C:\Program Files\Internet Explorer\iexplore.exe
3300 C:\Program Files\Internet Explorer\iexplore.exe
1260
2980 C:\Windows\servicing\TrustedInstaller.exe
3536 C:\Windows\System32\wuauclt.exe
3128 C:\Program Files\Internet Explorer\iexplore.exe
2896 C:\Users\Laurie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J5OVU94N\MBRCheck[1].exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000c`6d543200 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK6034GSX, Rev: AH101H

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Done!

Re: Windows fake security alert-can't get to internet20th October 2010, 8:04 am

Excellent.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Re: Windows fake security alert-can't get to internet20th October 2010, 12:32 pm

Re: Windows fake security alert-can't get to internet20th October 2010, 9:44 pm

Any other signs of infection?

Should we clean up the tools and finish?

Re: Windows fake security alert-can't get to internet20th October 2010, 11:38 pm

I don't believe there are any other signs of infection. I haven't used the laptop to go to any other sites but yours and the scanners you told me to. If you think I did all that you said correctly, I would LOVE to clean up the tools and finish! Thank you.

Re: Windows fake security alert-can't get to internet22nd October 2010, 3:09 am

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

Go to Control Panel and select System and Maintenance
Select System
On the left select Advance System Settings and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name i.e. Clean
Select Create

Now we can purge the infected ones

Go back to the System and Maintenance page
Select Performance Information and Tools
On the left select Open Disk Cleanup
Select Files from all users and accept the warning if you get one
In the drop down box select your main drive i.e. C
For a few moments the system will make some calculations
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:

Cleaned System Restore
Ran OTC
Ran TFC
Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.

Re: Windows fake security alert-can't get to internet22nd October 2010, 8:00 pm

I completed all four tasks as requested without any problems. My computer seems to be running fine. I do have a couple of questions. Right now I have several programs installed to clean up/antivirus/malware. Just wanted to know if I should keep or get rid of some of these: CCleaner, Glary Utilities, Spybot Search & Destroy, Avast Free Anti-Virus, Malware-Bytes Anti-Malware and of course the Windows Security Alerts. Seems like an awful lot! Also, The Security Check and TFC shortcuts are still on my desktop. Ok to remove? One last thing, Do I have to reactivate my avast since I disabled it along with windows defender? (if I'm keeping them)
Thank You!

Here is the Security Check Log:

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 11
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.0.22.87
Adobe Reader 8.1.3
Out of date Adobe Reader installed!
Mozilla Firefox (3.0.10) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Spybot Teatimer.exe is disabled!
Alwil Software Avast5 AvastSvc.exe
````````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)

``````````End of Log````````````

Re: Windows fake security alert-can't get to internet22nd October 2010, 9:06 pm

You can delete any of those that you want to delete. We are done with them.

I will say that CCleaner is a good tool to use for cleanup of temporary files. Also, MBAM is good to keep around as a scanner only.

Update Firefox

Firefox is out of date. Firefox is a very popular web browser, and if it is out of date, it is very vulnerable to security bugs, and other holes. To update it now, click Help > Check for Updates.

Update Adobe Reader

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Update Java

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

=========================================

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
PC Tools Firewall Plus: free and excellent firewall.

AntiSpyware

SpywareBlaster
SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
Spybot - Search & Destroy.
Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Securing your computer

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

Firefox may be downloaded from here: http://www.getfirefox.com
Opera is available here: http://www.opera.com/download/

See this page for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

Re: Windows fake security alert-can't get to internet22nd October 2010, 10:36 pm

For some reason the computer will not allow me to uninstall Java SE Runtime Environment 6 or the updates 3 and 5. Any idea why or what I should do? I did uninstall Adobe and Firefox. Going to install the updates in a min.

Thank you so much for all your help.

Re: Windows fake security alert-can't get to internet23rd October 2010, 12:30 am

Download Revo Uninstaller, and try it on those Java programs: http://www.revouninstaller.com/download-freeware-version.php

Re: Windows fake security alert-can't get to internet23rd October 2010, 4:11 am

That worked! What is now installed is Java 6 Update 33 and Java SE Runtime Environment 6. Hope that is up to date.

I think I'm all set now. You have no idea how very much I appreciate your help. You are a genius!

Re: Windows fake security alert-can't get to internet24th October 2010, 6:15 pm

Glad to be of help.

Windows fake security alert-can't get to internet

descriptionWindows fake security alert-can't get to internet16th October 2010, 1:55 pm

descriptionRe: Windows fake security alert-can't get to internet16th October 2010, 8:35 pm

descriptionRe: Windows fake security alert-can't get to internet16th October 2010, 9:48 pm

descriptionRe: Windows fake security alert-can't get to internet16th October 2010, 11:56 pm

descriptionBUMP17th October 2010, 1:52 am

descriptionBUMP17th October 2010, 1:59 am

descriptionRe: Windows fake security alert-can't get to internet17th October 2010, 4:25 pm

descriptionRe: Windows fake security alert-can't get to internet18th October 2010, 8:57 am

descriptionMBRCheck.txt18th October 2010, 11:07 am

descriptionRe: Windows fake security alert-can't get to internet18th October 2010, 10:20 pm

descriptionNext MBRCheck18th October 2010, 10:58 pm

descriptionESET Online Scan19th October 2010, 1:11 am

descriptionRe: Windows fake security alert-can't get to internet19th October 2010, 5:15 am

descriptionRe: Windows fake security alert-can't get to internet19th October 2010, 11:07 am

descriptionRe: Windows fake security alert-can't get to internet19th October 2010, 5:25 pm

descriptionRe: Windows fake security alert-can't get to internet19th October 2010, 6:20 pm

descriptionRe: Windows fake security alert-can't get to internet19th October 2010, 6:22 pm

descriptionRe: Windows fake security alert-can't get to internet19th October 2010, 6:49 pm

descriptionRe: Windows fake security alert-can't get to internet20th October 2010, 8:04 am

descriptionRe: Windows fake security alert-can't get to internet20th October 2010, 12:32 pm

descriptionRe: Windows fake security alert-can't get to internet20th October 2010, 9:44 pm

descriptionRe: Windows fake security alert-can't get to internet20th October 2010, 11:38 pm

descriptionRe: Windows fake security alert-can't get to internet22nd October 2010, 3:09 am

descriptionRe: Windows fake security alert-can't get to internet22nd October 2010, 8:00 pm

descriptionRe: Windows fake security alert-can't get to internet22nd October 2010, 9:06 pm

descriptionRe: Windows fake security alert-can't get to internet22nd October 2010, 10:36 pm

descriptionRe: Windows fake security alert-can't get to internet23rd October 2010, 12:30 am

descriptionRe: Windows fake security alert-can't get to internet23rd October 2010, 4:11 am

descriptionRe: Windows fake security alert-can't get to internet24th October 2010, 6:15 pm

descriptionRe: Windows fake security alert-can't get to internet