Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijacked IE browser

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijacked IE browser

Unread postby carolinehalloran » September 5th, 2008, 7:24 am

My IE browser has been hijacked, so that I'm redirected to commercial sites--the only way to access a URL I want is to cut and paste the web address into address window. I've switched to Mozilla, but would like to fix this problem...so far, Lavasoft, Spyware Doctor, and other programs haven't been able to fix. Here's my log, thanks to all!:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:49 AM, on 9/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Desktop Maestro\deskmech.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] ;"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SrvCmd] ;C:\WINDOWS\system32\ybipwlwt.exe
O4 - HKCU\..\Run: [DesktopMaestro] C:\Program Files\Desktop Maestro\deskmech.exe /H
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-21-1229272821-606747145-725345543-500\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-1229272821-606747145-725345543-500\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Administrator')
O4 - HKUS\S-1-5-21-1229272821-606747145-725345543-500\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Administrator')
O4 - S-1-5-21-1229272821-606747145-725345543-500 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Administrator')
O4 - S-1-5-21-1229272821-606747145-725345543-500 User Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Administrator')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O21 - SSODL: srvmntcfg - {3B346137-B820-FFC6-57A0-0229E92C44B6} - C:\Program Files\lmcntsf\srvmntcfg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: M-Audio Fast Track Ultra Installer (MAudioFTUService) - Unknown owner - C:\Program Files\M-Audio\Fast Track Ultra\MAUSBFTUInst.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 5943 bytes
carolinehalloran
Active Member
 
Posts: 3
Joined: September 5th, 2008, 7:21 am
Advertisement
Register to Remove

Re: Hijacked IE browser

Unread postby mz30 » September 5th, 2008, 10:06 am

Hi
I'm Mz30
I will be helping you with your malware issue's.
I am currently reviewing your hjt log and will post back soon with instructions.
As I am still in training, everything that I post to you, must be checked by an Admin or Moderator. Therefore there could be a delay between posts, but it shouldn't be too long.

  • The fixes i post, are for fixing your issues only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean,as even if you appear clean the chances are you are not.
  • Please bookmark or favourite this page. In case you need it as reference.
  • Please remember that all the staff here are volunteers and help in our free time and you will sometimes have to wait for a reply.

    Important
  • Please do not attempt to remove anything or fix anything unless i ask,This includes running any sort of anti-virus/spyware programs as they may make thing's harder to remove.
User avatar
mz30
Regular Member
 
Posts: 1683
Joined: June 23rd, 2007, 9:39 am
Location: liverpool

Re: Hijacked IE browser

Unread postby mz30 » September 6th, 2008, 8:22 am

RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)
User avatar
mz30
Regular Member
 
Posts: 1683
Joined: June 23rd, 2007, 9:39 am
Location: liverpool

Re: Hijacked IE browser

Unread postby carolinehalloran » September 6th, 2008, 9:03 am

Thank you--here's the log:

info.txt logfile of random's system information tool 2008-09-06 09:01:31

Uninstall list

-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\Adobe\Premiere 5.1\DeIsL1.isu" -c"C:\Program Files\Adobe\Premiere 5.1\Uninst.dll"
-->MsiExec.exe /I{0CDCA5CD-C404-41FD-9216-9B4B3D24A7AA}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
43-127 File Manager Software(FMS) V1.10-->"C:\Program Files\43-127 FMS\uninstall.exe"
Ableton Live v7.0.2-->"C:\Program Files\Ableton\Live 7.0.2\Uninstall\unins000.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
BEHRINGER USB AUDIO DRIVER-->C:\WINDOWS\usb-audio.deBehringer2902\Setup.exe /l1
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Compact Wireless-G USB Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F855C3AE-992D-4B84-A09D-07103CDCDAC2}\setup.exe" -l0x9
Cool Edit 2000-->C:\Program Files\Cool2000\ce2Kunin.exe
Cool Edit Pro 2.1-->C:\Program Files\CoolPro\cep2unin.exe
Desktop Maestro 3.0-->"C:\Program Files\Desktop Maestro\unins000.exe" /Log
Fast Track Ultra-->C:\Program Files\InstallShield Installation Information\{3AD21E47-B172-4A88-9821-21A1C5E031BE}\setup.exe -runfromtemp -l0x0009 -removeonly
Final Draft 7-->MsiExec.exe /I{78D62D17-D970-42DA-B8CF-5E5576293B33}
FL Studio 7-->C:\Program Files\Image-Line\FL Studio 7\uninstall.exe
Font FX Version 1.10-->C:\WINDOWS\uninst.exe -f"C:\Program Files\FontFX\DeIsL1.isu"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
iCorrect EditLab Pro 5.0-->MsiExec.exe /X{51EAC675-7917-4EF6-B16D-7E861AE5FAED}
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Publisher 2002-->MsiExec.exe /I{90190409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PRX Member Tools v2.0-->"C:\Program Files\PRX\unins000.exe"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Registrar Registry Manager 5.66-->"C:\Program Files\Resplendent 5.6\unins000.exe"
Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
WinZip 11.2-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune-->c:\Program Files\Zune\ZuneSetup.exe /x
Zune-->MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}

Hosts File

127.0.0.1 localhost

Security center information

AV: Spyware Doctor with AntiVirus

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
carolinehalloran
Active Member
 
Posts: 3
Joined: September 5th, 2008, 7:21 am

Re: Hijacked IE browser

Unread postby carolinehalloran » September 6th, 2008, 9:04 am

A second log popped up:

Logfile of random's system information tool (written by random/random)
Run by At the Well at 2008-09-06 09:00:53
Microsoft Windows XP Professional Service Pack 2
System drive C: has 25 GB (66%) free of 38 GB
Total RAM: 1022 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:59 AM, on 9/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Desktop Maestro\deskmech.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\At the Well\Local Settings\Temporary Internet Files\Content.IE5\ERI7SNZT\RSIT[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\At the Well.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Aim6] ;"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SrvCmd] ;C:\WINDOWS\system32\ybipwlwt.exe
O4 - HKCU\..\Run: [DesktopMaestro] C:\Program Files\Desktop Maestro\deskmech.exe /H
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-21-1229272821-606747145-725345543-500\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-1229272821-606747145-725345543-500\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User 'Administrator')
O4 - HKUS\S-1-5-21-1229272821-606747145-725345543-500\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Administrator')
O4 - S-1-5-21-1229272821-606747145-725345543-500 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Administrator')
O4 - S-1-5-21-1229272821-606747145-725345543-500 User Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Administrator')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O21 - SSODL: srvmntcfg - {3B346137-B820-FFC6-57A0-0229E92C44B6} - C:\Program Files\lmcntsf\srvmntcfg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: M-Audio Fast Track Ultra Installer (MAudioFTUService) - Unknown owner - C:\Program Files\M-Audio\Fast Track Ultra\MAUSBFTUInst.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 5990 bytes

Scheduled tasks folder

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1216748798.job

Registry dump

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-05-25 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-05-25 126976]
"M-Audio Taskbar Icon"=C:\WINDOWS\System32\M-AudioTaskBarIcon.exe [2008-01-08 210952]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-07-16 1166216]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
"Aim6"=;C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp []
"SrvCmd"=;C:\WINDOWS\system32\ybipwlwt.exe []
"DesktopMaestro"=C:\Program Files\Desktop Maestro\deskmech.exe [2008-08-01 3213200]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe [2008-07-08 2828184]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2006-05-25 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
srvmntcfg - {3B346137-B820-FFC6-57A0-0229E92C44B6} - C:\Program Files\lmcntsf\srvmntcfg.dll [2008-08-11 102400]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

List of files/folders created in the last three months

2008-09-06 09:00:53 ----D---- C:\rsit
2008-09-01 10:02:35 ----D---- C:\Program Files\NOS
2008-09-01 10:02:35 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-01 03:36:44 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-09-01 03:36:42 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2008-09-01 03:36:16 ----D---- C:\Program Files\Zune
2008-09-01 03:35:18 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-09-01 03:35:09 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-09-01 03:32:04 ----RSD---- C:\WINDOWS\assembly
2008-09-01 03:31:18 ----D---- C:\WINDOWS\Microsoft.NET
2008-09-01 03:25:02 ----D---- C:\e55fe073097131c0638c54b7aed7
2008-08-25 22:53:53 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-08-20 17:34:59 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-08-20 07:50:05 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2008-08-20 07:50:01 ----D---- C:\Program Files\WinZip
2008-08-20 03:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-08-20 03:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-08-20 03:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-08-19 12:39:23 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-08-19 12:39:12 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-08-19 12:39:11 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-08-19 12:38:46 ----D---- C:\Program Files\Windows Media Connect 2
2008-08-19 12:38:34 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-08-19 12:37:34 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-08-19 12:36:54 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-08-16 17:59:29 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-15 17:54:59 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-14 07:21:26 ----D---- C:\Documents and Settings\At the Well\Application Data\Mozilla
2008-08-14 07:21:18 ----D---- C:\Program Files\Mozilla Firefox
2008-08-14 07:00:06 ----D---- C:\Program Files\Registry Mechanic
2008-08-14 03:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-14 03:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-14 03:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-14 03:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-14 03:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-14 03:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-14 03:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-14 03:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-14 03:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-14 03:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-14 03:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-14 03:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-14 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB885884$
2008-08-14 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-08-14 03:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-08-13 17:02:23 ----D---- C:\Program Files\Common Files\PC Tools
2008-08-13 17:02:14 ----D---- C:\Program Files\Spyware Doctor
2008-08-13 17:02:14 ----D---- C:\Documents and Settings\At the Well\Application Data\PC Tools
2008-08-13 17:02:14 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-08-13 16:58:26 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-08-13 16:50:52 ----D---- C:\Documents and Settings\At the Well\Application Data\Desktop Maestro
2008-08-13 16:50:20 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-13 16:50:12 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2008-08-13 16:50:10 ----D---- C:\Program Files\Desktop Maestro
2008-08-13 16:30:43 ----D---- C:\WINDOWS\system32\PreInstall
2008-08-13 16:30:42 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-08-13 16:30:41 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-08-13 13:29:41 ----A---- C:\WINDOWS\system32\muweb.dll
2008-08-13 13:29:41 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-08-13 13:29:41 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-08-12 07:20:16 ----D---- C:\WINDOWS\ERUNT
2008-08-12 07:00:08 ----D---- C:\Program Files\SDFix
2008-08-12 06:57:35 ----D---- C:\Program Files\Trend Micro
2008-08-12 06:53:08 ----D---- C:\Documents and Settings\At the Well\Application Data\Help
2008-08-12 06:09:24 ----D---- C:\Documents and Settings\At the Well\Application Data\McAfee
2008-08-12 06:02:49 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-12 05:22:07 ----D---- C:\Program Files\Lavasoft
2008-08-12 05:22:07 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-11 22:55:50 ----A---- C:\WINDOWS\system32\crtdl.dll
2008-08-11 22:52:21 ----D---- C:\Program Files\lmcntsf
2008-08-11 22:52:17 ----D---- C:\Documents and Settings\All Users\Application Data\axyrufen
2008-08-11 22:52:16 ----A---- C:\WINDOWS\system32\ypqzqlkd.exe
2008-08-11 22:52:16 ----A---- C:\WINDOWS\system32\ybipwlwt.exe
2008-08-07 03:05:02 ----D---- C:\WINDOWS\system32\LogFiles
2008-08-06 20:16:04 ----D---- C:\Documents and Settings\At the Well\Application Data\acccore
2008-08-06 20:14:44 ----D---- C:\Program Files\AIM6
2008-07-23 20:00:45 ----D---- C:\Documents and Settings\At the Well\Application Data\Opera
2008-07-22 13:47:11 ----D---- C:\Documents and Settings\At the Well\Application Data\Hewlett-Packard
2008-07-22 13:44:29 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2008-07-22 12:54:48 ----D---- C:\Program Files\Hewlett-Packard
2008-07-22 12:54:01 ----D---- C:\Program Files\HP
2008-07-20 17:46:37 ----D---- C:\Documents and Settings\At the Well\Application Data\Apple Computer
2008-07-18 18:16:48 ----D---- C:\Program Files\QuickTime
2008-07-18 18:15:53 ----D---- C:\Program Files\Apple Software Update
2008-07-18 18:15:53 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-18 18:11:17 ----D---- C:\Program Files\PRX
2008-07-14 07:09:18 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-07-10 14:39:39 ----D---- C:\Documents and Settings\At the Well\Application Data\Syntrillium
2008-07-09 21:02:07 ----D---- C:\Documents and Settings\At the Well\Application Data\AdobeUM
2008-07-06 15:58:14 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-06 15:58:09 ----D---- C:\Program Files\Windows Live
2008-07-06 15:57:58 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-06 07:12:37 ----D---- C:\Documents and Settings\At the Well\Application Data\Macromedia
2008-07-06 07:12:36 ----D---- C:\Documents and Settings\At the Well\Application Data\Adobe
2008-07-06 07:06:31 ----D---- C:\Documents and Settings\At the Well\Application Data\Identities
2008-07-06 07:06:23 ----ASH---- C:\Documents and Settings\At the Well\Application Data\desktop.ini
2008-07-06 07:06:22 ----SD---- C:\Documents and Settings\At the Well\Application Data\Microsoft
2008-07-01 09:49:41 ----D---- C:\Program Files\driver
2008-07-01 09:49:40 ----D---- C:\Program Files\Radio Shak Docs
2008-06-27 19:23:10 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-27 19:23:09 ----D---- C:\Program Files\Viewpoint
2008-06-27 19:23:09 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-06-27 19:23:00 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-06-27 19:23:00 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-06-27 19:22:42 ----D---- C:\Program Files\Common Files\AOL
2008-06-27 17:57:41 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-27 17:57:08 ----A---- C:\YServer.txt
2008-06-27 17:57:00 ----D---- C:\Program Files\Yahoo!
2008-06-21 20:50:55 ----A---- C:\WINDOWS\coolacm.ini
2008-06-12 14:43:47 ----A---- C:\WINDOWS\ntbtlog.txt
2008-06-08 17:44:22 ----A---- C:\WINDOWS\COOLSYS.INI
2008-06-08 17:42:59 ----D---- C:\Program Files\Cool2000

List of drivers

R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-06-02 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-06-10 81288]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\system32\System32\drivers\ws2ifsl.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-05-29 20747]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 40704]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2003-07-11 121856]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-05-25 807804]
R3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-24 245248]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-02-28 545024]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
S3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO; C:\WINDOWS\System32\Drivers\BUSB2902.sys [2007-11-06 340480]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 MAUSBRI;M-Audio Fast Track Ultra Service; C:\WINDOWS\system32\DRIVERS\mausbftu.sys [2008-01-08 135944]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

List of services

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-12 611664]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-08-07 1073544]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 61856]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 MAudioFTUService;M-Audio Fast Track Ultra Installer; C:\Program Files\M-Audio\Fast Track Ultra\MAUSBFTUInst.exe []
S2 WUSB54GCSVC;WUSB54GCSVC; C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe [2005-07-04 53307]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-18 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-04-29 5065120]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 245664]

-----------------EOF-----------------
carolinehalloran
Active Member
 
Posts: 3
Joined: September 5th, 2008, 7:21 am

Re: Hijacked IE browser

Unread postby mz30 » September 6th, 2008, 10:13 am

Please visit this webpage for instructions for downloading ComboFix at your DESKTOP:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
Please ensure you read this guide carefully and install the Recovery Console first.

Additional links to download the tool:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
User avatar
mz30
Regular Member
 
Posts: 1683
Joined: June 23rd, 2007, 9:39 am
Location: liverpool

Re: Hijacked IE browser

Unread postby Shaba » September 11th, 2008, 11:01 am

Due to Lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 43 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware