Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser Hijacked

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser Hijacked

Unread postby kclewis9965 » July 7th, 2009, 4:26 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:16:05 PM, on 07/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\windows\system32\spoolsv.exe
c:\drivers\audio\r190031\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\windows\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\windows\system32\AESTFltr.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\crypserv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\Prot_srv.exe
C:\windows\system32\pstartSr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=4080826
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.millimanbrc.com/signin.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=4080826
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\DellTPad\Apoint.exe"
O4 - HKLM\..\Run: [SysTrayApp] "%ProgramFiles%\IDT\WDM\sttray.exe"
O4 - HKLM\..\Run: [AESTFltr] "%SystemRoot%\system32\AESTFltr.exe" /NoDlg
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
O4 - HKLM\..\Run: [NVHotkey] "rundll32.exe" nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [Pointsec Tray] "C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [UninstallLockedSOSFiles] C:\DOCUME~1\KaseyW\LOCALS~1\Temp\UninstallLockedSOSFiles.lnk
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] "C:\windows\system32\ctfmon.exe"
O4 - HKCU\..\Policies\Explorer\Run: [1] \\dalnas2\software\scheduler\scheduler.hta
O4 - HKUS\S-1-5-18\..\Run: [systemprofile] C:\windows\system32\config\systemprofile\systemprofile.exe /i (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [systemprofile] C:\windows\system32\config\systemprofile\systemprofile.exe /i (User 'Default user')
O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.advisorchannel.com
O15 - Trusted Zone: *.mandr.com
O15 - Trusted Zone: *.milliman.com
O15 - Trusted Zone: *.millimanbenefits.com
O15 - Trusted Zone: *.millimanbrc.com
O15 - Trusted Zone: *.millimandallas.com
O15 - Trusted Zone: *.millimandocs.com
O15 - Trusted Zone: *.millimandocumentation.com
O15 - Trusted Zone: *.millimanonline.com
O15 - Trusted Zone: *.millimanpension.com
O15 - Trusted Zone: *.millimantrc.com
O15 - Trusted Zone: *.omnimanager.eb
O15 - Trusted Zone: *.omnitrade.eb
O15 - Trusted Zone: *.powerimage.eb
O15 - Trusted Zone: *.prod.om.eb
O15 - Trusted Zone: *.prod.ot.eb
O15 - Trusted Zone: *.prod.pi.eb
O15 - Trusted Zone: *.operationscenter.schwab.com
O15 - Trusted Zone: *.test.om.eb
O15 - Trusted Zone: *.test.ot.eb
O15 - Trusted Zone: *.test.pi.eb
O15 - Trusted Zone: *.tpasource.com
O15 - Trusted Zone: *.trust3000anywhere.com
O15 - Trusted Zone: *.advisorchannel.com (HKLM)
O15 - Trusted Zone: *.mandr.com (HKLM)
O15 - Trusted Zone: *.milliman.com (HKLM)
O15 - Trusted Zone: *.millimanbenefits.com (HKLM)
O15 - Trusted Zone: *.millimanbrc.com (HKLM)
O15 - Trusted Zone: *.millimandallas.com (HKLM)
O15 - Trusted Zone: *.millimandocs.com (HKLM)
O15 - Trusted Zone: *.millimandocumentation.com (HKLM)
O15 - Trusted Zone: *.millimanonline.com (HKLM)
O15 - Trusted Zone: *.millimanpension.com (HKLM)
O15 - Trusted Zone: *.millimantrc.com (HKLM)
O15 - Trusted Zone: *.omnimanager.eb (HKLM)
O15 - Trusted Zone: *.omnitrade.eb (HKLM)
O15 - Trusted Zone: *.powerimage.eb (HKLM)
O15 - Trusted Zone: *.prod.om.eb (HKLM)
O15 - Trusted Zone: *.prod.ot.eb (HKLM)
O15 - Trusted Zone: *.prod.pi.eb (HKLM)
O15 - Trusted Zone: *.operationscenter.schwab.com (HKLM)
O15 - Trusted Zone: *.test.om.eb (HKLM)
O15 - Trusted Zone: *.test.ot.eb (HKLM)
O15 - Trusted Zone: *.test.pi.eb (HKLM)
O15 - Trusted Zone: *.tpasource.com (HKLM)
O15 - Trusted Zone: *.trust3000anywhere.com (HKLM)
O16 - DPF: FirstViewer - http://204.64.21.87/PlansOnline/Components/FirstVwr.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fb.familylink.com/we_are_related ... oader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1111632454
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dall.milliman.com
O17 - HKLM\Software\..\Telephony: DomainName = dall.milliman.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dall.milliman.com
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\windows\SYSTEM32\crypserv.exe
O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: Pointsec - Unknown owner - C:\windows\system32\Prot_srv.exe
O23 - Service: Pointsec Service Start (Pointsec_start) - Unknown owner - C:\windows\system32\pstartSr.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r190031\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\windows\system32\DRIVERS\xaudio.exe

--
End of file - 12227 bytes



Uninstall List

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
All Day Battery Life Configuration
Apple Mobile Device Support
Apple Software Update
BioAPI Framework
Bonjour
Broadcom USH Host Components
Browser Address Error Redirector
Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2
Citrix Presentation Server Client
Client for Microsoft Office SharePoint Portal Server 2003
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.3
Dell ControlPoint System Manager
Dell Security Device Driver Pack
Dell Touchpad
EXP AG
Fantastic Flame Screensaver
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Intel(R) Network Connections 13.0.42.0
Intel(R) PRO Alerting Agent
Intel® Matrix Storage Manager
iTunes
J2SE Runtime Environment 5.0 Update 11
Kyocera Wireless USB Device Drivers
Lotus Notes 8.0.2
Lucent Intuity Message Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Runtime (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007
Microsoft Office SharePoint Designer 2007
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
Microsoft Office SharePoint Designer MUI (English) 2007
Microsoft Office Visio Viewer 2003 (English)
Microsoft Office Word MUI (English) 2007
Microsoft Project Standard 2002
Microsoft SQL Server 2008
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Milliman RPAS Agent for COM 2.0
Mozilla Firefox (3.5)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6.0 Parser (KB933579)
NetObjects Fusion Essentials
NVIDIA Drivers
OmniPay 4.1 32 bit GUI - Full Installation
Paint.NET v3.36
PlanConvert
Pointsec PC
PowerDVD
QuickTime
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
RPAS Data Client for COM
SearchAssist
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
SnagIt 8
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
SwiftFile 4.0
TextPad 5
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VanDyke Software SecureFX 4.0
VZAccess Manager
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
WinZip
WinZip Command Line Support Add-On
kclewis9965
Active Member
 
Posts: 4
Joined: July 7th, 2009, 4:23 pm
Advertisement
Register to Remove

Re: Browser Hijacked

Unread postby Odd dude » July 9th, 2009, 1:09 pm

Hello and welcome to the forums!

I'm Odd dude, pleased to meet you; if it helps, you can call me OD ;). I will be helping you with your infection. However, it is important to take note of the following - quite the wall of text, I know, but please bear with me:

  • Logs from malware removal programs (Hijackthis is one of them) can take some time to analyze. I need you to be patient whilst I analyze any logs you post.
  • Please carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Only YOU must use these instructions, they are not suitable for any other computer, similar issues or not.
  • Do not do things I do not ask for, such as running a spyware scan. The one thing you should always do, though, is making sure that your antivirus definitions are up-to-date!
  • If I tell you to download a tool which you already have, please re-download it and do not use the copy you already have. This is because the tools are updated regularly.
  • In Windows Vista, all tools need to be started by right clicking and selecting Run as administrator!
  • Lastly, I am no magican. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system. Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

I am now analyzing your situation and hope to be back with you soon. While I am reviewing your situation, could you please do the following for me:

Make an Uninstall List
I need you to create an uninstall list so I can further analyze your situation.

  • Start HijackThis.
  • Click Open the Misc Tools section
  • Click Open Uninstall Manager
  • Click Save list...
  • Save the list to your desktop, or any other convenient place and post it in your next reply.

GMER
Do not touch the computer while GMER is running! If you do, it'll go completely unresponsive and you'll have to shut it down using the power switch. Just don't touch the PC while GMER is working.
Please download gmer.zip by GMER and save it to your desktop.

  • Right click the file you just downloaded and choose Extract all
  • Click Next
  • Click Browse
  • Click the + next to My Computer
  • Click Local Disk (C:)
  • Click Make new folder
  • Enter GMER
  • Click OK, then Next
  • Check Show extracted files and click Finish
  • Double click on GMER.exe to run it.
  • Select the Rootkit tab.
  • On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click on the Scan button.
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  • Open Notepad or a similar text editor.
  • Paste the clipboard contents into the text editor.
  • Save the GMER scan log and post it in your next reply.
  • Close GMER.

Please post back:
  • Uninstall list
  • Gmer log
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Browser Hijacked

Unread postby kclewis9965 » July 9th, 2009, 1:50 pm

Hi OD,



The GMER application returned this message box: Warning!!! "GMER has found system modification caused by ROOTKIT activity." Clicked OK and it stopped scan. Here are the results it produced prior to stopping:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-09 12:48:35
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 85FEA4B8 ZwEnumerateKey
Code 85FEA740 ZwFlushInstructionCache
Code 85FEA4EE IofCallDriver
Code 85FEA266 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 85FEA4F3
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 85FEA26B
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 85FEA744
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 85FEA4BC
? C:\windows\system32\drivers\prot_2k.sys The process cannot access the file because it is being used by another process.
? C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys The system cannot find the file specified. !
? C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS The system cannot find the file specified. !
? C:\Program Files\SUPERAntiSpyware\SASENUM.SYS The system cannot find the file specified. !
.text ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003A000A

---- User code sections - GMER 1.0.15 ----

.text C:\windows\system32\rundll32.exe[224] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009D000A
.text C:\windows\system32\wbem\wmiprvse.exe[232] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0077000A
.text C:\windows\system32\RUNDLL32.EXE[240] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009D000A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[356] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009A000A
.text ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 prot_2k.sys
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\windows\system32\winlogon.exe [992] 0x01450000

---- EOF - GMER 1.0.15 ----

Here is the HJT Unitstall LOG

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
All Day Battery Life Configuration
Apple Mobile Device Support
Apple Software Update
BioAPI Framework
Bonjour
Broadcom USH Host Components
Browser Address Error Redirector
Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2
Citrix Presentation Server Client
Client for Microsoft Office SharePoint Portal Server 2003
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.3
Dell ControlPoint System Manager
Dell Security Device Driver Pack
Dell Touchpad
EXP AG
Fantastic Flame Screensaver
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Intel(R) Network Connections 13.0.42.0
Intel(R) PRO Alerting Agent
Intel® Matrix Storage Manager
iTunes
J2SE Runtime Environment 5.0 Update 11
Kyocera Wireless USB Device Drivers
Lotus Notes 8.0.2
Lucent Intuity Message Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Runtime (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007
Microsoft Office SharePoint Designer 2007
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
Microsoft Office SharePoint Designer MUI (English) 2007
Microsoft Office Visio Viewer 2003 (English)
Microsoft Office Word MUI (English) 2007
Microsoft Project Standard 2002
Microsoft SQL Server 2008
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Milliman RPAS Agent for COM 2.0
Mozilla Firefox (3.5)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6.0 Parser (KB933579)
NetObjects Fusion Essentials
NVIDIA Drivers
OmniPay 4.1 32 bit GUI - Full Installation
Paint.NET v3.36
PlanConvert
Pointsec PC
PowerDVD
QuickTime
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
RPAS Data Client for COM
SearchAssist
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
SnagIt 8
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
SwiftFile 4.0
TextPad 5
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VanDyke Software SecureFX 4.0
VZAccess Manager
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
WinZip
WinZip Command Line Support Add-On
kclewis9965
Active Member
 
Posts: 4
Joined: July 7th, 2009, 4:23 pm

Re: Browser Hijacked

Unread postby Odd dude » July 10th, 2009, 2:44 am

Is this a business computer? The reason I ask is that that could have implications for the procedure to follow next.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Browser Hijacked

Unread postby kclewis9965 » July 10th, 2009, 2:53 am

Yes it is a business computer.
kclewis9965
Active Member
 
Posts: 4
Joined: July 7th, 2009, 4:23 pm

Re: Browser Hijacked

Unread postby Odd dude » July 10th, 2009, 4:10 am

Unfortunately, we cannot help remove malware from any business related computer. Such systems may have specific modifications made which might hinder our tools, or worse, be removed by them. Also, if the computer is infected, there's a chance other computers it has been networked with (as is the case in many businesses) have been infected as well.

An extract taken from our rules:
In General, we do not help in cleaning business or corporate computers. There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware. There may also be legal issues regarding any loss of business data that we do not wish to deal with.
If you ask for help and, unknown to us, it involves a business computer, you need to understand that any damages resulting from our advice are YOUR RESPONSIBILITY.


Because of the above reasons, it is suggested that you take this issue to your IT department instead.

You can delete GMER from your desktop, and I recommend that your IT department installs some sort of antivirus program on the computer.

Please let me know you have read this so that the topic can be closed. I am sorry I could not have been of further assistance.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Browser Hijacked

Unread postby NonSuch » July 13th, 2009, 3:57 pm

As this topic involves a business computer, and therefore falls outside the scope of this forum, the topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27301
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware