My desktop is behaving badly. Originally, it was running slow and would reboot on it's own quite often - eventually rebooting time after time in a continuous loop. It still reboots from time to time on it's own, but now it has an application that pops up as soon as it boots up. It's called Security Tool and it says there are worms that are trying to steal credit card information, but then asks to enter credit card info to buy protection. It also will not allow me to add/delete programs, and also won't allow ctrl+alt+del functionality. Here are my scans, although it would not let me run the GMER or OTL scans. ????
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 2 Stepping 7, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[sharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 7.0.5730.13
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:111 Go - Free:63 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [Removable]
.
Scan : 22:18.45
Path : C:\Documents and Settings\Trisha Merrill\Desktop\Rooter.exe
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\compilations\breakthrough\12 breakin' at the cracks.m4a
c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\compilations\victoria secret's classics by request (v\06 nutcracker - pas de deux - tchaik.m4a
c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\compilations\victoria secret's classics by request (v\11 nutcracker - waltz of the flowers.m4a
c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\hootie & the blowfish\cracked rear view\02 hold my hand.m4a
c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\hootie & the blowfish\cracked rear view\03 let her cry.m4a
c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\hootie & the blowfish\cracked rear view\04 only wanna be with you.m4a
c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\hootie & the blowfish\cracked rear view\08 time.m4a
c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\hootie & the blowfish\cracked rear view\11 goodbye.m4a
Computer has mind of it's own
in Malware Removal
Posted
My desktop is behaving badly. Originally, it was running slow and would reboot on it's own quite often - eventually rebooting time after time in a continuous loop. It still reboots from time to time on it's own, but now it has an application that pops up as soon as it boots up. It's called Security Tool and it says there are worms that are trying to steal credit card information, but then asks to enter credit card info to buy protection. It also will not allow me to add/delete programs, and also won't allow ctrl+alt+del functionality. Here are my scans, although it would not let me run the GMER or OTL scans. ????
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 2 Stepping 7, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[sharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 7.0.5730.13
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:111 Go - Free:63 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [Removable]
.
Scan : 22:18.45
Path : C:\Documents and Settings\Trisha Merrill\Desktop\Rooter.exe
User : Trisha Merrill ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [system Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (320)
______ \??\C:\WINDOWS\system32\csrss.exe (368)
______ \??\C:\WINDOWS\system32\winlogon.exe (392)
______ C:\WINDOWS\system32\services.exe (444)
______ C:\WINDOWS\system32\lsass.exe (456)
______ C:\WINDOWS\system32\svchost.exe (616)
______ C:\WINDOWS\system32\svchost.exe (668)
______ C:\WINDOWS\System32\svchost.exe (712)
______ C:\WINDOWS\System32\svchost.exe (792)
______ C:\WINDOWS\System32\svchost.exe (888)
______ C:\WINDOWS\system32\spoolsv.exe (1056)
______ C:\WINDOWS\Explorer.EXE (1264)
______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (1272)
______ C:\WINDOWS\System32\svchost.exe (1480)
______ C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (1544)
______ C:\Program Files\Dell\Support\Alert\bin\DAMon.exe (1564)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1592)
______ C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (1616)
______ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (1648)
______ C:\Program Files\iTunes\iTunesHelper.exe (1688)
______ C:\WINDOWS\system32\RUNDLL32.EXE (1700)
______ C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (1724)
______ C:\WINDOWS\system32\ctfmon.exe (1732)
______ C:\WINDOWS\system32\devldr32.exe (1812)
______ C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (1820)
______ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (1860)
______ C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe (2008)
______ C:\Palm\HOTSYNC.EXE (2032)
______ C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe (308)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1240)
______ C:\WINDOWS\System32\CTsvcCDA.EXE (1228)
______ C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (816)
______ C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe (1536)
______ C:\WINDOWS\System32\nvsvc32.exe (1572)
______ C:\WINDOWS\system32\HPZipm12.exe (1340)
______ C:\Program Files\Internet Explorer\iexplore.exe (2432)
______ C:\WINDOWS\System32\locator.exe (2544)
______ C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe (2572)
______ C:\WINDOWS\System32\svchost.exe (2608)
______ C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (2652)
______ C:\WINDOWS\system32\wdfmgr.exe (2684)
______ C:\WINDOWS\System32\MsPMSPSv.exe (2736)
______ C:\WINDOWS\system32\wuauclt.exe (2884)
______ C:\WINDOWS\system32\wscntfy.exe (3572)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (3608)
______ C:\Program Files\iPod\bin\iPodService.exe (3772)
______ C:\WINDOWS\System32\alg.exe (3932)
______ C:\Documents and Settings\Trisha Merrill\Desktop\Rooter.exe (664)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:32868864)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:32901120 | Length:119965708800)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\DESKTOP.INI
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 22:19.56
.
C:\Rooter$\Rooter_2.txt - (31/08/2010 | 22:19.57)
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
LockSearch by jpshortstuff (05.11.09.1)
Log created at 22:21 on 31/08/2010 (Trisha Merrill)
Scanning C:\
C:\hiberfil.sys
-------------------------
C:\pagefile.sys
-------------------------
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
-------------------------
C:\Program Files\Microsoft\DesktopLayer.exe
-------------------------
-=E.O.F=-
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\compilations\breakthrough\12 breakin' at the cracks.m4a
c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\compilations\victoria secret's classics by request (v\06 nutcracker - pas de deux - tchaik.m4a
c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\compilations\victoria secret's classics by request (v\11 nutcracker - waltz of the flowers.m4a
c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\hootie & the blowfish\cracked rear view\02 hold my hand.m4a
c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\hootie & the blowfish\cracked rear view\03 let her cry.m4a
c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\hootie & the blowfish\cracked rear view\04 only wanna be with you.m4a
c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\hootie & the blowfish\cracked rear view\08 time.m4a
c:\documents and settings\trisha merrill\my documents\my music\itunes\itunes music\hootie & the blowfish\cracked rear view\11 goodbye.m4a
scanner sequence 3.CE.11
----- EOF -----
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Windows Validation Check
Version: 1.8.8.3
Log Created On: 2227_31-08-2010
------------------------
Windows Information
-----------------------
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal
WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
------------------------------
Last Success Time for Update Detection: 2010-08-01 14:31:11
Last Success Time for Update Download: 2010-07-14 08:46:00
Last Success Time for Update Installation: 2010-07-14 09:05:42
WVCheck's File Dump
-------------------
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\82L1X4IP\crossdomainCAFOQNBJ.xml
Size: 672 bytes
Matched: *cafo*
------------------------------
WVCheck's Dir Dump
-------------------
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
Size: 0 bytes
Matched: *Genuine?Advantage*
------------------------------
WVCheck's Missing File Check
-------------------
WVCheck found no missing Windows files.
WVCheck's MBAM Quarantine Check
-------------------
There were no bad files quarantined by MBAM.
WVCheck's HOSTS File Check
-------------------
WVCheck found no bad lines in the hosts file.
WVCheck's MD5 Check
EXPERIMENTAL!!
-------------------
user32.dll - b26b135ff1b9f60c9388b4a7d16f600b
-------- End of File, program close at 2229_31-08-2010 --------
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%