Over 1 million tech questions and answers.

Infected with Defense Center (? Defence Center)

Q: Infected with Defense Center (? Defence Center)

-- after visiting various advertising/recommendations sites for vacation rentals, the computer performed badly and became 'flaky'. Noticed 'Defense Center' pop-ups began appearing. Research showed it as malware. -- after returning computer to earlier restore point, startup displayed a black screen with white arrow cursor and did not progress to Welcome screen or Windows desktop. -- after attempts with other boot CDs, normal boot prompted for 'Windows Startup Repair' after which could login to Windows 7 -- after clean-up with VIPRERescue and reboot was unable to run any .exe file. Only Windows Media Center will run. Same behavior in Safe Mode. Friend was able to run .exe files in Safe Mode with Command Prompt.Attach.txt attached but computer shutdown during the run of GMER so no ark.txt attached.DDS (Ver_10-03-17.01) - NTFSx86 MINIMAL Run by James at 18:17:16.10 on 19/06/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3039.2602 [GMT 1:00]AV: avast! antivirus 4.8.1229 [VPS 081218-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}SP: avast! antivirus 4.8.1229 [VPS 081218-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\Explorer.EXEC:\Windows\system32\ctfmon.exeC:\Windows\helppane.exeC:\Windows\System32\svchost.exe -k secsvcsH:\Downloads\Bleeping\dds.scrC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exe============== Pseudo HJT Report ===============uDefault_Page_URL = hxxp://www.club-vaio.comuDefault_Search_URL = hxxp://www.google.com/ieuSearch Bar = hxxp://www.google.com/ieuSearch Page = hxxp://www.google.comuStart Page = hxxp://www.google.co.uk/mDefault_Page_URL = hxxp://www.club-vaio.comuInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dllBHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dllBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\BAE.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dllTB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllEB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dllEB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dlluRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRunuRun: [ehTray.exe] c:\windows\ehome\ehTray.exeuRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [Google Update] "c:\users\james\appdata\local\google\update\GoogleUpdate.exe" /cuRun: [kdx] c:\program files\kontiki\KHost.exe -alluRun: [Xmarks] c:\program files\xmarks\ie extension\xmarkssync.exe -quRun: [Cxecotiji] rundll32.exe "c:\users\james\appdata\local\onasofihutafuzac.dll",StartupmRun: [Apoint] c:\program files\apoint\Apoint.exemRun: [RtHDVCpl] RtHDVCpl.exemRun: [Skytel] Skytel.exemRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXEmRun: [4oD] "c:\program files\kontiki\KHost.exe" -allmRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"mRun: [AML] c:\program files\sony\vaio launcher\AML.exe InitAppmRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exemRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logonmRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logonmRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startupmRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostartmRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exemRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exemRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /noguimRun: [<NO NAME>] mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osbootmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exemRun: [SBRegRebootCleaner] c:\viprerescue\SBRC.exeStartupFolder: c:\users\james\appdata\roaming\micros~1\windows\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exeStartupFolder: c:\users\james\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXEStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\setpoint\SetPoint.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.icomPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.htmlIE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLLTrusted Zone: corel.comTrusted Zone: corel.com\wwwTrusted Zone: intervideo.comTrusted Zone: intervideo.com\wwwDPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cabHandler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: VESWinlogon - VESWinlogon.dllAppInit_DLLs: c:\progra~1\google\google~1\GO36F4~1.DLL================= FIREFOX ===================FF - ProfilePath - c:\users\james\appdata\roaming\mozilla\firefox\profiles\eyyzx1c8.default\FF - prefs.js: browser.search.selectedEngine - UserLogosFF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?account_id=leggjr%40googlemail.com#inbox|http://www.google.co.uk/FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dllFF - component: c:\users\james\appdata\roaming\mozilla\firefox\profiles\eyyzx1c8.default\extensions\[email protected]\components\coolirisstub.dllFF - component: c:\users\james\appdata\roaming\mozilla\firefox\profiles\eyyzx1c8.default\extensions\[email protected]\platform\winnt\components\nsTwitterFoxSign.dllFF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLLFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dllFF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dllFF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dllFF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dllFF - plugin: c:\users\james\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dllFF - plugin: c:\users\james\appdata\roaming\mozilla\firefox\profiles\eyyzx1c8.default\extensions\[email protected]\plugins\npcoolirisplugin.dllFF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}---- FIREFOX POLICIES ----FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);============= SERVICES / DRIVERS ===============R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-6-16 93872]R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-8-11 9344]S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-11-12 164048]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-12 19024]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-11-12 51792]S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-7 40384]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]S2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-8-22 299008]S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]S2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-8-11 104992]S2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-8-11 411488]S2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-6-20 415744]S2 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-3 30152]S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-10-9 493248]S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-7 40384]S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-7 40384]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-8-11 29736]S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-22 30192]S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-8-22 103712]S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-8-22 353568]S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-8-22 62752]S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-8-22 337184]S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-8-22 83232]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-3 1343400]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]============== File Associations ===============.exe=secfile=============== Created Last 30 ================2010-06-19 16:25:47 9216 ----a-w- C:\regedt32.com2010-06-16 16:26:31 62464 ----a-w- C:\reg.exe2010-06-16 16:18:10 880 ----a-w- C:\exe.reg2010-06-16 15:52:18 0 d-----w- c:\program files\CCleaner2010-06-16 14:05:44 104 ----a-w- c:\windows\system32\SBRC.dat2010-06-16 14:05:31 93872 ----a-w- c:\windows\system32\drivers\SBREDrv.sys2010-06-16 14:05:31 27944 ----a-w- c:\windows\system32\sbbd.exe2010-06-16 14:05:17 0 d-----w- C:\VIPRERESCUE2010-06-16 13:51:58 65536 --sha-w- c:\users\james\ntuser.dat{2ec51cf2-794e-11df-b215-001dba8061cf}.TM.blf2010-06-16 13:51:58 524288 --sha-w- c:\users\james\ntuser.dat{2ec51cf2-794e-11df-b215-001dba8061cf}.TMContainer00000000000000000002.regtrans-ms2010-06-16 13:51:58 524288 --sha-w- c:\users\james\ntuser.dat{2ec51cf2-794e-11df-b215-001dba8061cf}.TMContainer00000000000000000001.regtrans-ms2010-06-15 17:42:04 65536 --sha-w- c:\users\james\ntuser.dat{6d978514-789f-11df-a00d-ec5e54649980}.TM.blf2010-06-15 17:42:04 524288 --sha-w- c:\users\james\ntuser.dat{6d978514-789f-11df-a00d-ec5e54649980}.TMContainer00000000000000000002.regtrans-ms2010-06-15 17:42:04 524288 --sha-w- c:\users\james\ntuser.dat{6d978514-789f-11df-a00d-ec5e54649980}.TMContainer00000000000000000001.regtrans-ms2010-06-15 16:39:21 0 d-----w- c:\programdata\Roxio2010-06-14 20:26:32 0 d-----w- c:\users\james\appdata\roaming\Defense Center2010-06-10 17:57:28 2326528 ----a-w- c:\windows\system32\win32k.sys2010-06-10 17:57:27 67584 ----a-w- c:\windows\system32\asycfilt.dll2010-06-10 17:57:18 977920 ----a-w- c:\windows\system32\wininet.dll2010-06-10 17:57:11 34304 ----a-w- c:\windows\system32\atmlib.dll2010-06-10 17:57:11 293888 ----a-w- c:\windows\system32\atmfd.dll2010-06-03 17:17:44 0 d-----w- c:\windows\system32\Wat2010-05-25 17:06:53 2048 ----a-w- c:\windows\system32\tzres.dll==================== Find3M ====================2010-05-12 10:21:16 221568 ----a-w- c:\windows\system32\MpSigStub.exe2010-05-06 20:34:10 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2010-04-12 16:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll2010-04-08 12:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll2010-04-08 12:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat2010-01-23 11:13:05 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat2010-01-23 11:13:05 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat2010-01-23 11:13:05 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat2010-01-23 11:13:05 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat2009-11-30 20:23:11 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009112320091130\index.dat2009-11-30 20:23:11 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009113020091201\index.dat2009-12-06 13:58:26 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009120620091207\index.dat2009-12-11 16:13:35 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009121120091212\index.dat2009-12-16 17:06:00 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009121620091217\index.dat2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe============= FINISH: 18:18:20.94 ===============

RELEVANCY SCORE 200
Preferred Solution: Infected with Defense Center (? Defence Center)

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Infected with Defense Center (? Defence Center)

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Gmer is the best but can be hard to get a log lets try this and see what we get.Scan with exeHelper:Please download exeHelper to your desktop.Double-click on exeHelper.com to run the fix.A black window should pop up, press any key to close once the fix is completed.Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).Scan With RKUnHookerPlease Download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?"Gringo

Read other 32 answers
RELEVANCY SCORE 100

Keep getting fake security warnings and virus alerts. Please help remove.DDS (Ver_10-03-17.01) - NTFSx86 Run by Larry Gray at 21:10:43.40 on Fri 07/16/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.337 [GMT -5:00]AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}AV: Webroot Internet Security Essentials *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}FW: Webroot Internet Security Essentials *enabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}============== Running Processes ===============C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEsvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\svchost.exe -k hpdevmgmtC:\Program Files\Java\jre6\bin\jqs.exeC:\Pro... Read more

A:infected with defense center

I followed the prep directions and have attached the logs. Can anyone help me get rid of this?EDIT: Please be patient. There are over 300 unanswered topics in this forum at present and the current average wait time to receive help is 5 days. ~BP

Read other 15 answers
RELEVANCY SCORE 100

I have a virus called Defense Center, it acts exactly the same as Antivirus Soft and Antivirus Suite. It pops up and acts like its scanning, spams my screen with offers to purchase an upgrade. It also disables the internet, although im not sure if its in exactly the same way as the others. I searched google and looked through forum threads but found no reference to Defense Center. I also tried fixing it in the same way as antivus soft by running the .reg file to disable it and then malwarebytes in safemode. Malwarebytes found plenty of stuff but not defense center and it was still there when i restarted. Also rkill.com file when ran did not find the virus.DDS (Ver_10-03-17.01) - NTFSx86 Run by Rixter at 18:34:00.20 on Fri 06/11/2010Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_16Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.3326.1935 [GMT -6:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\Windows\system32\lsm.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Windows\system32\... Read more

A:Infected with Defense Center

Thanks for the responses and help, but i didn't really have any data i need to save on my comp so i just reformated.

Read other 2 answers
RELEVANCY SCORE 100

Defense center shuts down computer just before GMER scan finishes scanning window files. I had to stop the scan in windows and copy at that point. I also have no program bar on bottom of desktop. DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 9:48:43.31 on Sun 07/11/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.608 [GMT -4:00]AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}============== Running Processes ===============e:\windows\system32\svchost -k dcomlaunchsvchost.exee:\windows\system32\svchost.exe -k netsvcssvchost.exesvchost.exeE:\WINDOWS\system32\spoolsv.exeE:\WINDOWS\Explorer.EXEE:\Program Files\RegCure\RegCure.exeE:\DOCUME~1\Owner\LOCALS~1\Temp\AUTMGR32.EXEE:\WINDOWS\system32\BacsTray.exesvchost.exeE:\Program Files\Java\jre6\bin\jqs.exee:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeE:\DOCUME~1\Owner\LOCALS~1\Temp\wscsvc32.exeE:\Program Files\Common Files\Java\Java Update\jusched.exeE:\Program Files\Messenger\MSMSGS.EXEE:\WINDOWS\system32\ctfmon.exeE:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exee:\windows\syste... Read more

A:Infected with defense center

Good evening. Your logs show no security programs installed, either anti-virus or third-party firewall. Can you tell me how long this has been the case.

Read other 6 answers
RELEVANCY SCORE 96.8

My computer was recently infected by a virus that tried to get me to install a fake antivirus software called Defense Center. I used online help with Norton to try and clear up everything, but I'm still having issues:- My computer seems to run very slowly- When clicking on search results from Google, I occasionally am redirected to an advertisement instead of the website I selected- My sound card is not working.I downloaded Hijackthis and ran it - here is the log: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:04:15 AM, on 7/18/2010Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17055)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\L... Read more

A:Infected with Defense Center Virus - Partially Removed

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

Read other 2 answers
RELEVANCY SCORE 89.6

Defence Center keeps on wanting to install on my computer,I keep gettingwarning messages abput malicious software. It automattically shuts off real time scanning of my Mcaffee anti virous. It also would not allow me to use Task manager, i got around that in safe mode and edted the registry key. i see this in task manager: esentut64.exe sometimes as many as 3 version running at one time.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Paul at 20:42:41.50 on Fri 06/11/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.702.404 [GMT -7:00]AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\WIN... Read more

A:Defence Center Malware

Hello I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen prompt that says:The Recovery Console was successfully installed.Please continue as follows:Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Click Yes to allow ComboFix to continue scanning for malware.When the tool is finished, it will produce a report for you. Please include the report in your next post:C:\ComboFix.txt"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo

Read other 14 answers
RELEVANCY SCORE 89.6

hi, i used one of your guides to removal defence center http://www.bleepingcomputer.com/virus-remo...-defense-center seems to work and i have no more messages and in program files no more sign of defence center folders, but when i try to switch from safe mode to normal mode my screen in normal mode remains black i cant do anything, can you help plz

A:Defence center problem

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 88.4

It has disabled all internet connection after 5 minutes of being booted. Pop-ups as an anti-virus program ever 15 seconds. Deleted the registry file "DefCen" but it keeps coming back after every boot. Will not allow me to complete a full scan of Avast. Can't install any kind of anti-virus or malware program because it says that Defense Center mus be deleted first. Cannot delete it from the Add/Remove or Program Files locations.DDS (Ver_10-03-17.01) - NTFSx86 Run by jonga at 23:07:19.85 on Fri 06/11/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.991.451 [GMT -4:00]AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}FW: F-Secure Anti-Virus Client Security 6.01 *disabled* {D4747503-0346-49EB-9262-997542F79BF4}============== Running Processes ===============c:\windows\system32\svchost -k dcomlaunchsvchost.exeC:\Program Files\Windows Defender\MsMpEng.exec:\windows\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\DOCUME~1\jonga\LOCALS~1\Temp\esentutl64.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\VIAudioi\SBADeck\ADeck.exeC:\DOCUME~1\jonga\LOCALS~1\Temp\wscsvc32.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\uTorrent\uTorrent.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP... Read more

A:Defence Center Virus/Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 11 answers
RELEVANCY SCORE 88.4

Old user, but don't remember how to run beginning scripts.
Obviously had "Defense Center" on system. Suspect teenagers but don't really know how it got into the computer (hate to think i did this myself). Ran through the help steps to remove Defense Center and thought the problem was over. However, I'm still getting pop-up web sites and several programs do not run properly (Especially my Outlook and AutoCAD software). I have to restart the computer to get these programs to work. Computer almost never shuts down now by itself and I have to hold the power button to get it to go off.
I get a scripting error often for all kinds of programs that are trying to run. The "just in time debugger" pops up trying to find the error.
Tried to gather initial system analysis files for you but the dds.scr script returns an error that says "this program cannot run in dos mode".
HELP

A:Started with Defence Center - then grew:(

OS is WindowsXP Pro

Read other 4 answers
RELEVANCY SCORE 87.6

Hi all,

My PC was recently infected with the Defence Center virus and also the trojanaspx.js.win32 problem. I followed instructions and used the TDSSkiller and MBAM both of which said they had removed items. I rebooted my PC and the virus appears to have gone, the popups and everything has gone but the PC is completely messed up.

No shortcuts work, they either tell me the program cannot be found or I get a box asking me what program I want to use to open the file. It's as if the PC has forgotten what to do with executables. However, if I go to the folder where the .exe file is and right click I get a "start" option and this works. Once I'm on the internet or have a program running it seems fine it's just a pain getting them open. I also get a run32 error when I try to create a new shortcut and I attempted to install a new program and it failed because it couldn't create any services.

Has anybody any ideas about this or experienced anything similar. I don't really want to have to re-install Windows as I no longer have the driver disks or anything. If I can patch it up for around 6 weeks I was going to buy a new PC then anyway.

Any help would be appreciated.

Thanks.

A:Defence Center/TDSSkiller gone but PC not working properly

Hello, I am going with XP here.what program do i want to open file (FILE ASSOC FIX)Go here to Doug KNox's Windows? XP File Association FixesRun 9th down on left... EXE File Association Fix ... the EXE not EML one.If the other issue is this..A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads. To resolve this, download Autoruns, search for the related entry and then delete it.Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)Open the folder and double-click on autoruns.exe to launch it.Please be patient as it scans and populates the entries.When done scanning, it will say Ready at the bottom.Scroll through the list and look for a startup entry related to the file(s) in the error message.Right-click on the entry and choose delete.Reboot your computer and see if the startup error retu... Read more

Read other 2 answers
RELEVANCY SCORE 87.6

sometime last week I came home to find the warnings and popups for defence center. I didn't click on any of the popups and went straight to ctrl/alt/deland was told I didn't have admin privileges. So I tried a system restore but it wouldn't allow that either. thought I'd look it up on the internet but it kept redirecting my google search on firefox. So stupid me... reboot! Now I have no internet but my modem is working like crazy so I unplug the modem and routerI tried removing firefox in safe mode and it seemed to work for about 10 minutes I got my internet back then more of the same.but in those 10 minutes I was able to run spybot, although it would not let me update the definitions. It found nothing other than the usual cookies.Same with CA antivirus, found nothing.The next day, on my basement computer, I did some research and found an update for spybot. Back upstairs I managed to get spybot updated and it found all kinds of malware related to defence center (although I'm not sure what now as I just removed it.) I thought I was done computer seemed OK for a few minutes...Then google search redirect.The other thing that I've noticed is a few months ago the kids somehow installed MyWeb Searchbar I removed it but somehow its still hanging in there as I get an unable to load rundll error for it every time I boot.I found this site a couple days ago and downloaded MAM and SAS. I ran both IN safe mode and after a regular boot numerous times until they... Read more

A:google redirects/after defence center warnings

Hi sammer47,Welcome to Malware Removal (VTSMR) forum. I am going to assist you with your problem.Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more.If the issue is not resolved please update me on the current condition of your computer. No need for new logs at this moment.

Read other 12 answers
RELEVANCY SCORE 87.6

Hi folks. Helping a friend out with their computer, and having some trouble. Since I've been using linux for the last few years, I'm not entirely up to date on the best malware removers.These programs keep popping up wanting her to subscribe to get protection. Obvious fakes, but, I've run deep scans with Ad-aware, AVG, and Malware-Bytes, and every time something seems to remain, and everything comes back on a restart. Also, getting repeated popups asking to debug a script, and whenever I go into the debugger it's doing something in mouse events, but having no object when one is expected.Any help greatly appreciated, and DDS.txt below. Thank you in advance.DDS (Ver_10-03-17.01) - NTFSx86 Run by Silky at 0:56:47.35 on Sun 07/11/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1296 [GMT -7:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\PROGRA~1\AVG\AVG8\avgwdsvc.exeC:\Program Files\Bonjour\mDNSRespon... Read more

A:Anti-malware Doc(tor) and Defence Center infections

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 5 answers
RELEVANCY SCORE 84

I've feared my netbook to be infected for sometime. These fears were confirmed when Defense Center appeared the other day. It was all I could do to make that go away giving me the ability to use the internet. Though it is not currently still in my face, I fear it is not gone. I've also noticed other mysterious events. Links in a Google search more often than not take me to some garbage webpage, upon start-up a message appears telling me to clean up space on the never used Outlook Express, and most recently I've been getting 'can not display the page' messages when launching IE. When I ask windows to fix the problem I'm told windows is not managing the internet like I asked it to do.I have run the DDS logs and they are attached. Upon running GMER I encountered some trouble. I ran the program four times and each time the program would close and the computer would restart. Sometimes the crash would take 20 minutes, another time GMER ran for 2 plus hours before crashing. I ran the program a fifth time and then stopped it after 30 or so minutes to save the log. It is attached, however, it is incomplete.Thanks in adavnce for your help.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Admin at 23:29:37.53 on Mon 06/21/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1495 [GMT -4:00]AV: Panda Cloud Antivirus *On-access scanning enabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}AV: Microsoft... Read more

A:Defense Center and more

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like to get a new set of logs pleaseDeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear Click OKDeFogger may ask you to reboot the machine, if it does - click OKDo not re-e... Read more

Read other 15 answers
RELEVANCY SCORE 82.8

windows xp pro sp2 or 3 i believeit has pgp 9.6 full disk encryptionand the defense center virus is so bad that i cant access my desktop after logging in.nothing can load, cmd.exe, taskmgr.exe, etc. its all blocked saying they are "infected"bootable CDs cant read my hard drive since it is completely encrypted.so im writing from a different computer.Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:defense center virus

Hello, can we try from Safe Mode???Please follow our Removal Guide here How to remove Defense CenterYou will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Read other 7 answers
RELEVANCY SCORE 82.8

Yesterday the family computer was attacked by Defense Center, and asked me to purchase their AV to prevent further infection. Of course I didn't, and found this site from a secure computer.I followed the instructions here: http://www.bleepingcomputer.com/virus-remo...-defense-centerAfter the scan and reboot everything seems back to normal. However the safe-mode icon for MBAM was different from the regular mode (regular mode had a windows security center shield in the corner of the icon, safe mode did not). Am I paranoid, or is this normal?I'm just not sure if I am completely clean, here are the MBAM logs ran from safe-mode as the walkthrough suggests.Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4247Windows 6.0.6001 Service Pack 1 (Safe Mode)Internet Explorer 7.0.6001.180006/27/2010 1:39:12 PMmbam-log-2010-06-27 (13-39-12).txtScan type: Full scan (C:\|D:\|)Objects scanned: 255624Time elapsed: 47 minute(s), 24 second(s)Memory Processes Infected: 2Memory Modules Infected: 1Registry Keys Infected: 1Registry Values Infected: 3Registry Data Items Infected: 2Folders Infected: 0Files Infected: 22Memory Processes Infected:C:\Users\Family\AppData\Local\Temp\AUTMGR32.EXE (Trojan.Dropper) -> Unloaded process successfully.C:\Users\Family\AppData\Local\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Unloaded process successfully.Memory Modules Infected:C:\Users\Family\A... Read more

Read other answers
RELEVANCY SCORE 82.8

Hi, I'm new to this and also not very familiar with computers. But recently i had a virus call "AV suite security"(appeared as an antivirus). I followed the instructions on this site to remove it, but after removing it i got another virus call "Defense Center". I tried running malwarebytes and spybot in safemode to remove it. First time i finished the scan and removed the problems it found, but the second time around the scan didn't finish (about 50 minutes into it), a window popped up and said there was an error and that the computer needed to shutdown in about 25 seconds. Please help. I would really really appreciate it. Thanks in advance.

A:"Defense Center" Virus?

ok, so after many many countless hours, i think i managed to get rid of most of the problems. Right now i have AVG and spywaredoctor on. But i still get redirected from the links i click from google. Also my computer seems to be much slower than before. Although i dont have popups im still getting redirected to other random sites and loading appears slower than usual. Also i now see something call "DrWatson" i dont kno and hope that it isn't another virus. Please help. Thankss!!!!

Read other 3 answers
RELEVANCY SCORE 82.8

This virus does not redirect me to other websites, it just has obnoxious pop ups, sounds, and places porn icons on my desktop.

I tried to follow a fix from another user having a similar issue (or so I thought) http://forums.techguy.org/virus-other-malware-removal/934997-please-help-defense-center-virus.html

So I ran the combofix in safe mode and then rebooted back into safemode and ran the dsskiller and it said I had no infected files. I restarted my computer back into normal mode and defense center was still running.

I have attached the combofix log and if anyone could help me out I would really appreciate it.
 

A:Defense Center Virus - Need Help

Read other 6 answers
RELEVANCY SCORE 82.8

I keep getting this DANGER Warning telling me malwarebytes is a virus and it insists on uninstalling it.
I ran malware in safe mode found items and I removed them, But after reboot it comes back

C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\AUTMGR32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\wscsvc32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\asdE.tmp.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\AUTMGR32.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.companion.yahoo.com/slv/ycheck/as/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.companion.yahoo.com/slv/ycheck/as/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.companion.yahoo.com/slv/ycheck/as/*http://searc... Read more

Read other answers
RELEVANCY SCORE 82.8

Yesterday, I opened up a website and the Defense Center Malware/Virus popped up. I read one of the other posts on here about it. It was suggested that the person download ComboFix. I did that, but the Defense Center continues to pop up. I need to know what I can do from here to get rid of it completely. Thank you.I ran the ComboFix and saved the log, but somehow it got deleted. Here are my results from DDS and GMER that I ran after that. DDS (Ver_10-03-17.01) - NTFSx86 Run by Katie at 22:23:02.75 on Sun 06/13/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.415 [GMT -4:00]AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\dlcxcoms.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\... Read more

A:Defense Center Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 82.8

Can some one please help me remove defense center from my computer here's my hjt log

logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:06:41 AM, on 9/18/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal
Running processes:
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
C:\Users\User\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Sear... Read more

Read other answers
RELEVANCY SCORE 82.8

BTW thank you soo much!here's my log from the dds and the attachmentevery time i tried to run GMER (even in safe mode)--i was sent to the blue screen of doom--(fatal system error with a bunch of 0000's)hopefully there's enough to work withTHANKS AGAIN!!!DDS (Ver_10-03-17.01) - NTFSx86 Run by Terree at 10:30:45.87 on Wed 08/18/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1236 [GMT -5:00]AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\McAfee\SiteAdvisor\McSACore.exeC:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:�... Read more

A:defense center infect

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open wit... Read more

Read other 10 answers
RELEVANCY SCORE 82.8

So i followed your directions from this post the previous post AND SO HERE is the follow up ......Step 6...i don't have any cd emulation software so im skipping this step...Step 7. ran successfully Step 8: Did not work...I receive a prompt that says to choose the program i would like to use to open the file gmer.exe as it asks this with most programs that are on my computer. Back to Step 6..here is the requested DDS.txt log DDS (Ver_10-03-17.01) - NTFSx86 Run at 14:08:05.17 on Fri 06/18/2010Internet Explorer: 7.0.5730.11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.217 [GMT -5:00]AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\dlcccoms.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\wscntfy.exeC:\... Read more

A:Defense Center Removal Help

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Scan with exeHelper:Please download exeHelper to your desktop.Double-click on exeHelper.com to run the fix.A black window should pop up, press any key to close once the fix is completed.Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)Note: If the window shows a message t... Read more

Read other 17 answers
RELEVANCY SCORE 82.8

Hi:I just finished the process of removing both of these with MBAM. It was quite the mess and I actually acquired the Defense Center infection after removal of AVSoft. After that, I suspected rootkit activity so I ran ComboFix since it was suggested. Here is my log below...ComboFix 10-06-27.03 - Administrator 06/27/2010 20:40:04.1.1 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.656 [GMT -5:00]Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exeAV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Administrator\Application Data\380694ad.exec:\documents and settings\Administrator\Local Settings\Application Data\{7143650D-FA8A-40B4-B940-47641A2B8416}c:\documents and settings\Administrator\Local Settings\Application Data\{7143650D-FA8A-40B4-B940-47641A2B8416}\chrome.manifestc:\documents and settings\Administrator\Local Settings\Application Data\{7143650D-FA8A-40B4-B940-47641A2B8416}\chrome\content\_cfg.jsc:\documents and settings\Administrator\Local Settings\Application Data\{7143650D-FA8A-40B4-B940-47641A2B8416}\chrome\content\overlay.xulc:\documents and settings\Ad... Read more

A:AVSoft, Defense Center...

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 82.8

Let me start off by noting that I've posted a problem here once before, dealing with a "Google Redirect Virus." That issue was resolved thru help from a member of the help team.The Info:This afternoon I got a pop up balloon stating my computer "may be infected" (hooray) and it also said to download 'their' free antivirus software (not a chance). After this balloon, a window popped with "Defense Center" as the header. So I googled defense center and found a link to here, on the page it said to reboot in safe mode and use MalwareBytes. I followed the instructions and it found 4 infected items. Upon finding the 4 items, 6 new icons appeared on my desktop. They were 3 shortcuts to "pornotube" and two other related names not coming to mind, as well as 3 items labeled "spam1," "spam2," and "trojan." I saved the log and proceeded to remove the infected items. A message came up stating that not all items could be removed. Then it prompted me to reboot, I did.To the main issue:After rebooting, all seemed well.. Until WinPatrol (the program i was encouraged to get by my helper after my first issue was resolved) popped up and said i had something trying to create a startup program. One of my main concerns is that i cannot find anything on these ".DLL's." One is coming from C:\WINDOWS\oqaresox.dll,Startup by and unknown company. If i select "NO" the window closes followed immediat... Read more

A:Started out as Defense Center?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 2 answers
RELEVANCY SCORE 82.8

Hello my name is Angie,sorry if I'm posting in the wrong forum, i tried posting in the malware forum, but it wouldn't let me post, so i found a post similar to mine in hopes it will get redirected to the right place.I run Microsoft xp home editionI had Defense Center malware on my computer. So I looked through forums and found malwarebytes and superantispyware. ran scans and they seemingly removed all defense center files and seemed fine until i search on yahoo or google. then i get redirected to random pages(that i'm not clicking on), I can't figure out what to do next. So now i joined the forum so i can get help specifically for my computer.Thank you in advance!angie I downloaded hijack this and here is my log: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:28:07 PM, on 6/28/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeC:\WINDOWS\System32\hkcmd.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SUPERAn... Read more

A:defense center removal

Hi ang27871,Welcome to Bleeping Computer!My name is mpascal, and I will be helping you fix your problem.Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.Please do not do anything or perform other steps unless I have asked you to do so.Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.If you are unsure of how to reply, or need help with anything regarding the website, please look here.STEP 1 - Preparation GuidePlease follow the instructions in the Preparation Guide until you have reached step 6. You may stop once you have finished step 6 and continue with the instructions here.STEP 2 - MBAMPlease download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.W... Read more

Read other 2 answers
RELEVANCY SCORE 82.8

Aarghh! Not having any luck with removing defense center from my computer. Have tried many spyware removers...only 1 worked temporarily, then it came back after rebooting. Spywareexterminator was the one that worked, but when I tried again, nothing happened. Spy Doctor did the scan, but I would need to purchase to remove viruses, and I'm in no position to buy ANYTHING with a credit card online right now! Have malwarebytes anti-virus protection in the meantime. Got any suggestions to FREE Defense Center removal that'll work for me before all is lost to those damned hackers?
 

Read other answers
RELEVANCY SCORE 82.8

This is the Attach.txtUNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH ITDDS (Ver_10-03-17.01)Microsoft Windows XP Home EditionBoot Device: \Device\HarddiskVolume2Install Date: 12/25/2009 10:36:41 AMSystem Uptime: 7/17/2010 7:56:08 PM (1 hours ago)Motherboard: Dell Inc. | | CN0Y53Processor: Intel® Atom™ CPU N270 @ 1.60GHz | U1 | 1596/533mhz==== Disk Partitions =========================C: is FIXED (NTFS) - 139 GiB total, 128.643 GiB free.D: is CDROM (CDFS)E: is Removable==== Disabled Device Manager Items =============Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}Description: COMPAL Embedded System ControlDevice ID: ACPI\CPL0002\2&DABA3FF&0Manufacturer: COMPALName: COMPAL Embedded System ControlPNP Device ID: ACPI\CPL0002\2&DABA3FF&0Service: EMSC==== System Restore Points ===================RP120: 4/19/2010 6:23:47 AM - System CheckpointRP121: 4/20/2010 6:23:54 AM - System CheckpointRP122: 4/21/2010 7:23:54 AM - System CheckpointRP123: 4/22/2010 8:23:54 AM - System CheckpointRP124: 4/23/2010 9:23:53 AM - System CheckpointRP125: 4/24/2010 10:23:54 AM - System CheckpointRP126: 4/25/2010 11:22:22 AM - System CheckpointRP127: 4/26/2010 11:46:09 AM - System CheckpointRP128: 4/27/2010 12:51:57 PM - System CheckpointRP129: 4/28/2010 1:14:38 PM - System CheckpointRP130: 4/29/2010 3:52:05 PM - System CheckpointRP131: 4/30/2010 4:14:38 PM - System CheckpointRP132: 5/1/2010 4:14... Read more

A:Defense Center Infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions... Read more

Read other 7 answers
RELEVANCY SCORE 82.4

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

A:Infected with Control center/Privacy center

Due to the lack of feedback, this topic is now closed.If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.

Read other 2 answers
RELEVANCY SCORE 82

Hi~So, I've a nasty bug (or a nasty couple of bugs) that, in addition to placing shortcuts to porn sites on my work desktop, has also installed the terrible Defense Center, with its rotating security threat warnings, disabled TaskManager and etcetera.I've been following the instructions at the bleepingcomputer tutorial on removing Defense Center and have made good progress. 14 threats identified by Malwarebytes, all look applicable to the issue at hand.The trouble is that, before the anti-malware software can complete its scan, some malicious process shuts everything down and turns my computer off.Oh halp.I'm pasting the DDS.txt log below and attaching the Attach.txt, here. However, my machine also shuts down when I commence scan using GMER, so I'm unable to include that step.Thanks much for any advice/suggestions you can offer...ClaireDDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by clairer at 15:15:37.67 on Wed 07/21/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1503.1106 [GMT -4:00]AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcsC:\Program Files\AVG\AVG9\avgchsvx.exesvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\DOCUME~1\... Read more

A:Defense Center Removal Problem

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 6 answers
RELEVANCY SCORE 82

i signed up a couple days ago, did some reading found the how to: to remove defense center. i have done it 4 times now with no success. the first time it removed 20 infected files. now it only finds 2 corrupt files, supposedly removes them but when i do the scan again they are still there.

this virus is annoying to say the least.

thanks ahead of time guys.

A:Defense Center Virus, Won't Leave!

Hi
The following solution will remove the Defense Center pop up
> Restart the computer in safe mode
> Delete the following file from the location
C:\Program Files\Defense Center\defcnt.exe

Read other 16 answers
RELEVANCY SCORE 82

Hello,

I saw your answer to the person who had the Defense Center virus. You recommended starting up in the Safe Mode F8 and then running Malwarebytes. I can't do this as I get the blue screen of death if I try to boot up in Safe Mode. I can hit the F11 key and startup with the previous configuration of the system. This works fine and I can run Malwarebytes but, it doesn't delete any of the viruses selected even though it says it does. One of the viruses it displays is the Malwarebytes Hijacker. When I restart the PC and run Malwarebytes all the same viruses are there. I am doing this on a different user - (Guest) than mine. If I select my user, run Malwarebytes, it finds the viruses but, when I click to see them, it leaves the Malwarebytes program.

Help!

A:How to remove Defense Center virus

Hello, I am moving this from XP to the Am I Infected forum.Please post that MBAM scan log yopu have..Next run SAS in normal mode.Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen.Back on the main screen, under "Scan for Harmful Software" click Scan your computer.On the left, make sure you check C:\Fixed Drive.On the right, under "Complete Scan", choose Perform Complete Scan.Click "Next" to start the scan. Please be patient while it scans your computer.After the scan is complete, a Scan Summary box will appea... Read more

Read other 22 answers
RELEVANCY SCORE 82

hello-- i just got able to log on thru mozilla but my i-explorer isn't loading any pages--(check firewall settings for HTTP port (80) -HTTPS port (443) -and FTP port(21) )
I ran atf cleaner mcafee and superantispyware thru all profiles on safe mode and still got pwned by defense center in regular windows--
so in regular windows I did a McAfee scan and it said it fixed the problem--but i still have a bunch of unknown processes in task manager that come back when i try to end them
examples include--wmiprvse.exe --BCMWLTRY.EXE --mfevtps.exe --(several)svchost.exe --WLTRAY.EXE xpnetdiag.exe
and i-explorer is still off

oh ya --windows xp home--Dell vostro1500

but ya between the atf cleaner-the SAS-and a tdss killer this lil bastard keeps getting thru?

help much appreciated
PLEASE and THANK YOU

A:recurring trojan--defense center ?

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 2 answers
RELEVANCY SCORE 82

I have several defense center programs show up when I start up windows. I am also having problems with chrome crashing which I think is related. I have run mbam and it shows no infections. Thank you for helping me.

A:Defense center, chrome problems in XP

Hello and welcome. I would like you to try scanning and posting back those logs like this. Reboot into Safe Mode with Networking How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not... Read more

Read other 4 answers
RELEVANCY SCORE 82

Hi there,My Dad has somehow got Defense Center on this laptop and it is utterly buggered. I hve tried running MalwareBytes, SUPERantispyware, spybot and Microsoft Security Essentials (that my Dad installed) in safe mode and it is still infected. Please help!!THANKSLogfile of Trend Micro HijackThis v2.0.4Scan saved at 08:42:43, on 29/07/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17055)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\agrsmsvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exeC:\WINDOWS\system32\TODDSrv.exec:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeC:\Program Files\T-Mobile Mobile Broadband Manager\AssistantServices.exeC:\Program Files\Trend Micro ... Read more

A:Laptop ravaged by Defense Center

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 2 answers
RELEVANCY SCORE 82

A few months ago I got the Defense Center virus on my computer. I followed the direction on this website for its removal and it seemed to remove it. However, I did notice my internet browser would get redirected to various websites (including one to download the Defense Center). I ran scans with both my McAfee and Malwarebytes' Anti-Malware and neither one found problems with my computer.On August 31st, everything changed. The Defense Center came back. My McAfee security center has been totally locked out (and I can not access it). In addition, my internet explorer will not run Java scripts which really limits what I can do online. I have enabled scripts so I am not sure why this does not work.I have followed the routine on your website - Preparation Guide for Using Malware Removal Tools and Requesting Help. However, I cannot add attachments (is this a java script?). I am at the end of my rope and don't know what to do.I have included below (since I can't do attachments) both the dds.txt file and the ark.txt file. The attach.txt file specifically tells me not to post it but I can certainly provide it to you when you need it.Please help.Thanks,LarryHere is my dds.txt file:DDS (Ver_10-03-17.01) - NTFSx86 Run by Lawrence Fadden at 19:14:11.35 on Thu 09/02/2010Internet Explorer: 7.0.5730.11Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.478 [GMT -4:00]AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c... Read more

A:Defense Center and registry problems

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open wit... Read more

Read other 2 answers
RELEVANCY SCORE 82

I used the remove "Defense Center" guide, but <alwarebytes Anti-Malware only removed part of the problem. My computer still slows down and grinds to a stop after about half an hour. Also, ie, firefox, and chrome are all going slow and redirecting me to search engine sites. I ran Hijackthis and can anyone help me remove what I don't need?Anyone have any other suggestions?Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:40:11 PM, on 6/14/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17055)Boot mode: NormalRunning processes:E:\WINDOWS\System32\smss.exeE:\WINDOWS\system32\winlogon.exeE:\WINDOWS\system32\services.exeE:\WINDOWS\system32\lsass.exeE:\WINDOWS\system32\nvsvc32.exeE:\WINDOWS\system32\svchost.exeE:\WINDOWS\System32\svchost.exeE:\WINDOWS\system32\spoolsv.exeE:\WINDOWS\Explorer.EXEE:\WINDOWS\ehome\ehtray.exeE:\WINDOWS\RTHDCPL.EXEE:\Program Files\Common Files\Java\Java Update\jusched.exeE:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeE:\WINDOWS\system32\RUNDLL32.EXEE:\Program Files\Winamp\winampa.exeE:\WINDOWS\system32\ctfmon.exeE:\Program Files\Spybot - Search & Destroy\TeaTimer.exeE:\Program Files\DAEMON Tools Lite\dae... Read more

A:Hijackthis and "Defense Center" Malware

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 82

I have removed most of the inital Defense Center virus (pop ups, etc) although I still have lingering bugs that will not go away. Everytime I go to a search engine & click on the site I'm looking for it redirects me to somethine else:
Here is my Hijack this log: PLEASE HELP
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:36:39 PM, on 7/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malw... Read more

A:PLEASE HELP! Defense Center Virus Will NOT LEAVE!

Read other 15 answers
RELEVANCY SCORE 81.2

I had the Defense Center virus.
I removed it, but bad stuff still happens
-Internet Explorer sometimes has a 'stop script' error
-Links when web browsing sometimes redirects me

Malware defense scan - after 24 hours, new infected objects are found
So recently, I did combofix and all the stuff in your "READ ME BEFORE POSTING"


I do not have access to a Windows CD.

Thank you for your time!

A:Virus scan - post Defense Center

Welcome to TSF :)

Please download Malwarebytes' Anti-Malware from Here.



Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.


Extra Note:



If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Read other 1 answers
RELEVANCY SCORE 81.2

Just finished removing Defense Center from a customers computer.
I'm down to one last bug..
when the computer starts up and gets to the "Press Cntrl-Alt-Delete to login,

If you just let it sit there and don't login then after about 60 seconds the computer will reboot.. If you login everything seems fine after that..

Any Ideas.. This is probably just a registry key but I can't find anything about it.. Tried all the usual searches. XPPro is o/s

Thanks

John

A:Defense center post removal bugs

Hello jpspen,

Hard to say what's causing it without a set of logs to see what's going on. It would also help if you itemize what you've done to remove this. Did you run any tools? Did you do manual removal?

Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 1 answers
RELEVANCY SCORE 81.2

On Friday afternoon, I started getting popups related to 'Defense Center' on my laptop. Short version... I ran Malwarebytes and it found items and I removed them. After rebooting, all seemed ok when Windows came up, no popups... however, I noticed I couldn't get online or access any of my network drives.

It's like I'm not online, but both the wireless network connection and wired network connection say that I'm connected. I am able to access the internet from my desktop, so it's not my network/modem. I'm guessing Malwarebytes fixed the issues related to 'Defense Center', but something is off that is keeping the laptop from seeing that I'm on the network.

Help please?

(Edit to add: I've tried using System Restore to go back to points prior to Friday afternoon. Any attempt of System Restore fails with a message stating System Restore was not possible. Also, be aware that Pointsec is running on this laptop.)

A:Remaining issues after dealing with Defense Center

What operating system do you use?

Read other 12 answers
RELEVANCY SCORE 81.2

32 bit vista

I started getting the Defense Center scam virus. Was able to run Malwarebytes and clean a lot of junk--but I'm still having problems. And even though I will have a clean scan..I will find and delete viruses using another scanner (windows defender, bit defender).

Here are my problems now:

1. I can't download anything. The http download automatically gets canceled. When I click retry, it sometimes look like it finished but is nowhere to be found. Other times, I actually did find it but it arrived and wasn't able to be run.

2. Many of my system privileges have been taken away. I can't run system restore (turned off by group policy). I can't run my Housecall Launcher (windows cannot access the specified device path or file. you may not have the appropriate privileges).

3. When I click a link from a Google search, I get redirected to another search result page; which never actually loads, but the URL always has viafind.com
Since I can't download, I haven't been able to get hijack this. This is my latest MBAM log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

7/13/2010 9:24:50 PM
mbam-log-2010-07-13 (21-24-50).txt

Scan type: Full scan (C:\|)
Objects scanned: 274948
Time elapsed: 1 hour(s), 4 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry ... Read more

A:Defense Center Virus still causing problems

Can you update Malwarebytes Anti-Malware?

Read other 5 answers
RELEVANCY SCORE 81.2

Started getting 2 different popups today. One is a malware defense installer message, the other is a secuirty center alert wanting me to enable protection.DDS (Ver_09-12-01.01) - NTFSx86 Run by Dale at 22:46:17.11 on Mon 01/11/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.300 [GMT -5:00]AV: avast! antivirus 4.8.1368 [VPS 100111-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupsvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\fsproflt.exeC:\Program Files\Common Files\LogiShrd&... Read more

A:Security center alert and Malware defense HELP

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand cor... Read more

Read other 2 answers
RELEVANCY SCORE 81.2

Hello Everybody. I got infected with Defense Center and used MalwareBytes to clean it. It doesn't show in the scan now but I cannot run windows update. I get the error: Internet Explorer cannot display the webpageIn Microsoft Security Essentials I get error 0x80072EFE when trying to update definitions.I suspect that something was left out in the cleaning process.Thanks for your Help.DDS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Karen Morley at 21:02:55.25 on Wed 06/30/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.86 [GMT -7:00]AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Java\jre6\bin\jqs.exeC:... Read more

A:Can't update windows after infection with Defense Center

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.I order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is ... Read more

Read other 3 answers
RELEVANCY SCORE 81.2

Followed the instructions on Defense center removal. Started in safe mode, and ran malewarebytes but it cant seem to delete smss.exe and services.exe after a reboot and running malware bytes its back. Also Paladin was picked up by spybot and that seems to be fixed. I went through the registry and files and i dont see anything associated with the two, but malwarebytes keeps complaining about smss.exe and services.exe. Obviously these are not the correct windows processes...Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4279Windows 5.1.2600 Service Pack 3 (Safe Mode)Internet Explorer 8.0.6001.187027/5/2010 4:10:44 PMmbam-log-2010-07-05 (16-10-44).txtScan type: Full scan (C:\|)Objects scanned: 311151Time elapsed: 54 minute(s), 39 second(s)Memory Processes Infected: 2Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 2Memory Processes Infected:C:\System Volume Information\Microsoft\services.exe (Trojan.Cycler) -> Failed to unload process.C:\System Volume Information\Microsoft\smss.exe (Trojan.Cycler) -> Failed to unload process.Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantin... Read more

A:Defense center and paladin removal not working

Welcome to the BleepingComputer Forums. Step !If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instructed to do so! Let me know if any of the links do not work or if any of the tools do not work.... Read more

Read other 7 answers
RELEVANCY SCORE 81.2

Hi,My computer (IBM thinkpad R50e, Windows XP, not networked) became infected with the Defense Center virus several weeks ago, and also has a Google redirect virus. I was not aware that my McAfee security program had expired over a year ago. I seem to have gotten rid of Defense Center by using MalwareBytes and the tutorial on the Bleeping Comuter website, but I think the virus is still acting as the system administrator. When I log on - the screen simply says "welcome", instead of the usual log on as the system administrator.However, the Google redirect virus has been persistant - and I don't know how to remove it. It is not currently redirecting every time. One of the sites it redirects to is iseeksite.com. My computer is acting unstable & has had several stop (blue screen) errors, caused by a device or driver, according to microsoft.comI am concerned about getting my system clean again to insure the privacy of my passwords etc.Pasted below is the DDS log, and I've attached the ark.txt and attach files. DDS (Ver_10-03-17.01) - NTFSx86 Run by Eric at 23:05:11.11 on Fri 07/23/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.875 [GMT -7:00]AV: Defense Center *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Fire... Read more

A:Defense center and Google redirect infection

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 34 answers
RELEVANCY SCORE 81.2

Hey everybody! New to the site, and I have some questions. I removed Defense Center crap with AVG Free program. Now when I try to double click on any shortcut on the screen it asks "choose the program you want to use to open this file". It gives me the normal options of notepad, media player etc.. When I right click on the shortcut I want and click on "start" it runs fine. I don't know much about computers so any help would be great! Greg

A:Removed Defense Center, now shortcuts won't work

BC Removal Guide, Defense CenterYou might try #12 at http://www.kellys-korner-xp.com/xp_tweaks.htm.Louis

Read other 1 answers