Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

browser hijacker and other problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: browser hijacker and other problems

Unread postby alango1 » October 14th, 2009, 12:25 am

sorry for the double post on the combo-fix log. I will provide the blacklight and hijacklog tomorrow thanks.
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm
Advertisement
Register to Remove

Re: browser hijacker and other problems

Unread postby Dakeyras » October 14th, 2009, 12:33 pm

OK and not problem. :thumbup:
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: browser hijacker and other problems

Unread postby alango1 » October 14th, 2009, 9:24 pm

computer seems slow tonight

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:20 PM, on 10/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\internet explorer\iexplore.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xmk046YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11135 bytes
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby alango1 » October 14th, 2009, 10:49 pm

Blacklight log:

10/14/09 22:01:43 [Info]: BlackLight Engine 2.2.1092 initialized
10/14/09 22:01:43 [Info]: OS: 5.1 build 2600 (Service Pack 3)
10/14/09 22:01:43 [Note]: 7019 4
10/14/09 22:01:43 [Note]: 7005 0
10/14/09 22:01:45 [Note]: 7006 0
10/14/09 22:01:46 [Note]: 7011 2344
10/14/09 22:01:46 [Note]: 7035 0
10/14/09 22:01:46 [Note]: 7026 0
10/14/09 22:01:46 [Note]: 7026 0
10/14/09 22:01:51 [Note]: FSRAW library version 1.7.1024
10/14/09 22:48:15 [Note]: 7007 0
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby Dakeyras » October 15th, 2009, 6:26 am

Hi. :)

computer seems slow tonight
OK lets see what we can do to remedy this as you do have a lot of applications set to start with every system startup/reboot etc. Plus the actual machine could do with more RAM(random access memory) being installed. I will advise about the latter in my next post.

Next:

You did not update Malwarebytes' Anti-Malware before running the scan, the database you used is not current:-
Malwarebytes' Anti-Malware 1.41
Database version: 2947
When I ask you to run a scan with this again, please ensure you check for updates and apply them, thank you.

Next:

It would be prudent to reset your Linksys router at this point in time and apply a new admin password.

If not sure how to acomplish this, merely inform myself the exact make & modal in use and I will gladly provide instructions.

Next:

Check for updates with the installed McAfee AntiVirus >> Run a full scan >> have it fix/remove anything found.

StartUpLite:

Please download this small application from here.

It is very simple to use and quite effective and will advise about any unnecessary system startups that can be safely removed.

Next:

Please download OTM to your Desktop.

  • Double-click OTM to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
Code: Select all
:Processes

:Files
c:\windows\bx4657.dat
c:\windows\z81409py5.exe
c:\documents and settings\Andrew\Application Data\a?sembly
c:\documents and settings\Dad\Local Settings\Application Data\Symantec

:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform a Quick Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)

  • Double click once on RSIT.exe
  • RSIT will start running, at the disclaimer click on Continue.
  • When done, 1 log will be produced.
  • Post that in your next reply.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any other symptoms and or problems encountered?
  • OTM Log.
  • Malwarebytes Anti-Malware Log.
  • RSIT Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: browser hijacker and other problems

Unread postby alango1 » October 16th, 2009, 9:32 pm

After I ran oit, the computer rebooted and I lost my internet connection as well as the oit log. The mouse cursor froze as well. I have since restored my internet connection but I do not know where the oit log is located.

Previous to this, I updated mcafee and ran a full scan. 59 items were detected. I also got a message stating that mcafee could not completely remove Artemis 588FABD25551 unwanted program
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby Dakeyras » October 17th, 2009, 6:05 am

Hi. :)

To locate the OTM log as follows:-

My Computer >> Local Disk C:\ >> _OTM >> MovedFiles >> xxxxxxxx_xxxxxx.txt <-- The X's denote date/time of creation.

Next:

Please post the McAfee AntiVirus scan report in your next reply.

Also carry out the rest of my prior instructions from Malwarebytes Anti-Malware on-wards as outlined in my prior post, thank you.

Note: Post all requested logs separately if it makes it easier to do so.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: browser hijacker and other problems

Unread postby alango1 » October 17th, 2009, 9:16 pm

All processes killed
========== PROCESSES ==========
========== FILES ==========
c:\windows\bx4657.dat moved successfully.
c:\windows\z81409py5.exe moved successfully.
c:\documents and settings\Andrew\Application Data\aѕsembly moved successfully.
c:\documents and settings\Dad\Local Settings\Application Data\Symantec moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Andrew
->Temp folder emptied: 84850 bytes
->Temporary Internet Files folder emptied: 140032529 bytes
->Java cache emptied: 35342837 bytes

User: Dad
->Temp folder emptied: 35221 bytes
->Temporary Internet Files folder emptied: 20026810 bytes
->Java cache emptied: 25493189 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 1043614 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 735314 bytes

%systemdrive% .tmp files removed: 6597 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 5552657 bytes
Windows Temp folder emptied: 2744209 bytes
RecycleBin emptied: 926 bytes

Total Files Cleaned = 220.44 mb


OTM by OldTimer - Version 3.0.0.6 log created on 10162009_205655

Files moved on Reboot...

Registry entries deleted on Reboot...
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby alango1 » October 17th, 2009, 9:38 pm

can you tell me how to provide you a copy of the mcafee lof. I did a screen shot but could not transfer the picture.
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby alango1 » October 17th, 2009, 9:48 pm

I located the file in C:\....\applications\data
tizupd.bin and deleted it.
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby alango1 » October 17th, 2009, 10:10 pm

Malwarebytes' Anti-Malware 1.41
Database version: 2977
Windows 5.1.2600 Service Pack 3

10/17/2009 10:05:36 PM
mbam-log-2009-10-17 (22-05-36).txt

Scan type: Quick Scan
Objects scanned: 113900
Time elapsed: 11 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e5f0d38-214b-4085-ad2a-d2290e6a2d2c} (Adware.MediaAccess) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9} (Adware.MediaMotor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c900b400-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SecuritySoldier (Rogue.SecuritySoldier) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Anti-Leech (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SecuritySoldier (Rogue.SecuritySoldier) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby alango1 » October 17th, 2009, 10:19 pm

ogfile of random's system information tool 1.06 (written by random/random)
Run by Dad at 2009-10-17 22:16:35
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 38 GB (52%) free of 73 GB
Total RAM: 502 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:51 PM, on 10/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\internet explorer\iexplore.exe
c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
C:\Program Files\MSN\Toolbar\3.0.1125.0\msntask.exe
C:\Documents and Settings\Dad\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Dad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1242254589-3928601052-1316946525-1008\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 (User 'Andrew')
O4 - HKUS\S-1-5-21-1242254589-3928601052-1316946525-1008\..\Run: [SecretSmileys] C:\PROGRA~1\SECRET~1\ss.exe (User 'Andrew')
O4 - HKUS\S-1-5-21-1242254589-3928601052-1316946525-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Andrew')
O4 - HKUS\S-1-5-21-1242254589-3928601052-1316946525-1008\..\Run: [FRAG TICK] C:\Documents and Settings\Andrew\Application Data\Acid Body Poll\This Cash.exe (User 'Andrew')
O4 - HKUS\S-1-5-21-1242254589-3928601052-1316946525-1008\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Andrew')
O4 - HKUS\S-1-5-21-1242254589-3928601052-1316946525-1008\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Andrew')
O4 - HKUS\S-1-5-21-1242254589-3928601052-1316946525-1008\..\Run: [Woibldvj] "C:\Program Files\Common Files\s?stem\t?skmgr.exe" (User 'Andrew')
O4 - HKUS\S-1-5-21-1242254589-3928601052-1316946525-1008\..\Run: [Cacascde] C:\WINDOWS\F?nts\?serinit.exe (User 'Andrew')
O4 - HKUS\S-1-5-21-1242254589-3928601052-1316946525-1008\..\Run: [Cdunih] "C:\Program Files\?asks\m?iexec.exe" (User 'Andrew')
O4 - HKUS\S-1-5-21-1242254589-3928601052-1316946525-1008\..\Run: [Hwkznvx] "C:\Documents and Settings\Andrew\My Documents\?ppPatch\j?vaw.exe" (User 'Andrew')
O4 - HKUS\S-1-5-21-1242254589-3928601052-1316946525-1008\..\Run: [Qhpghzoo] "C:\Documents and Settings\Andrew\Application Data\?dobe\?ttrib.exe" (User 'Andrew')
O4 - HKUS\S-1-5-21-1242254589-3928601052-1316946525-1008\..\Run: [Kqdy] "C:\Documents and Settings\Andrew\Application Data\W?nSxS\e?plorer.exe" (User 'Andrew')
O4 - HKUS\S-1-5-21-1242254589-3928601052-1316946525-1008\..\Run: [Lbcq] "C:\Documents and Settings\Andrew\My Documents\?racle\w?aclt.exe" (User 'Andrew')
O4 - HKUS\S-1-5-21-1242254589-3928601052-1316946525-1008\..\Run: [McAfee Update] C:\DOCUME~1\Andrew\LOCALS~1\Temp\mcupdate_1253555467.exe /insfin C:\DOCUME~1\Andrew\LOCALS~1\Temp\mcupdate_1253555467.ini /syncfin (User 'Andrew')
O4 - HKUS\S-1-5-21-1242254589-3928601052-1316946525-1008\..\Run: [Sen] "C:\DOCUME~1\Andrew\MYDOCU~1\RACLE~1\smss.exe" -vt yazb (User 'Andrew')
O4 - HKUS\S-1-5-21-1242254589-3928601052-1316946525-1008\..\Run: [Hofyaxz] "C:\Program Files\?ppPatch\?srss.exe" (User 'Andrew')
O4 - HKUS\S-1-5-21-1242254589-3928601052-1316946525-1008\..\Run: [oovoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized (User 'Andrew')
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xmk046YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13010 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 292947]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-13 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-10-08 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-07-08 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
ooVoo Toolbar - C:\Program Files\oovootb\oovoodx.dll [2009-05-08 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll [2009-02-09 82768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-08 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 292947]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AIM Toolbar - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll [2007-10-10 1090912]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll [2009-02-09 82768]
{A1FB2F9A-D35E-11DD-8935-E46A56D89593} - ooVoo Toolbar - C:\Program Files\oovootb\oovoodx.dll [2009-05-08 86016]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-13 122939]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-10-14 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-10-14 114688]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"Linksys Wireless Manager"=C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe [2009-02-16 1358384]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-02-03 233304]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-07-10 645328]
"McAfee Backup"=C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe [2009-07-08 5134864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-10-17 20:42:00 ----D---- C:\Documents and Settings\Dad\Application Data\EmailNotifier
2009-10-17 20:41:40 ----D---- C:\Documents and Settings\Dad\Application Data\oovootb
2009-10-16 23:11:50 ----D---- C:\Documents and Settings\All Users\Application Data\EmailNotifier
2009-10-16 23:11:42 ----D---- C:\Program Files\oovootb
2009-10-16 20:56:55 ----D---- C:\_OTM
2009-10-14 22:00:27 ----SHD---- C:\RECYCLER
2009-10-14 00:36:38 ----SHD---- C:\Config.Msi
2009-10-14 00:35:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-14 00:32:14 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-14 00:32:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-14 00:31:57 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-14 00:31:48 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-14 00:30:19 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-14 00:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-14 00:28:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-14 00:28:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-13 23:45:30 ----A---- C:\ComboFix.txt
2009-10-13 23:18:38 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2009-10-12 14:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-10-12 14:08:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-10-12 14:08:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-12 14:08:15 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-12 13:41:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-12 13:23:25 ----D---- C:\Program Files\Common Files\McAfee
2009-10-12 13:22:52 ----D---- C:\Program Files\McAfee
2009-10-12 12:29:47 ----A---- C:\Boot.bak
2009-10-12 12:29:36 ----RASHD---- C:\cmdcons
2009-10-12 12:28:17 ----A---- C:\WINDOWS\zip.exe
2009-10-12 12:28:17 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-10-12 12:28:17 ----A---- C:\WINDOWS\SWSC.exe
2009-10-12 12:28:17 ----A---- C:\WINDOWS\SWREG.exe
2009-10-12 12:28:17 ----A---- C:\WINDOWS\sed.exe
2009-10-12 12:28:17 ----A---- C:\WINDOWS\PEV.exe
2009-10-12 12:28:17 ----A---- C:\WINDOWS\NIRCMD.exe
2009-10-12 12:28:17 ----A---- C:\WINDOWS\grep.exe
2009-10-12 12:27:01 ----D---- C:\Qoobox
2009-10-12 12:24:33 ----D---- C:\WINDOWS\ERDNT
2009-10-12 12:23:12 ----D---- C:\Program Files\ERUNT
2009-10-08 16:39:45 ----D---- C:\Program Files\Microsoft
2009-10-08 16:38:04 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-08 16:38:04 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-08 16:38:04 ----A---- C:\WINDOWS\system32\java.exe
2009-10-08 16:38:04 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-08 14:07:27 ----D---- C:\Malwarebytes' Anti-Malware
2009-10-08 13:41:27 ----D---- C:\New Folder
2009-10-08 11:49:09 ----D---- C:\HostsXpert
2009-10-05 15:38:54 ----A---- C:\WINDOWS\resetlog.txt
2009-10-05 14:35:42 ----D---- C:\WINDOWS\system32\NtmsData
2009-10-02 20:22:44 ----D---- C:\Program Files\trend micro
2009-10-02 20:22:42 ----D---- C:\rsit
2009-09-23 17:00:59 ----D---- C:\WINDOWS\pss
2009-09-19 22:57:52 ----D---- C:\Program Files\Linksys
2009-09-19 22:56:39 ----D---- C:\Program Files\Common Files\Pure Networks Shared
2009-09-19 22:56:21 ----D---- C:\Documents and Settings\All Users\Application Data\Pure Networks
2009-09-19 22:55:34 ----A---- C:\WINDOWS\system32\RaCoInst.dll

======List of files/folders modified in the last 1 months======

2009-10-17 22:16:43 ----D---- C:\WINDOWS\Prefetch
2009-10-17 22:16:39 ----D---- C:\WINDOWS\Temp
2009-10-17 20:53:19 ----D---- C:\WINDOWS
2009-10-17 20:45:53 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-17 20:45:47 ----D---- C:\Program Files
2009-10-17 20:40:36 ----A---- C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2009-10-17 04:56:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-17 04:49:31 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-17 04:47:34 ----D---- C:\WINDOWS\system32\FxsTmp
2009-10-16 20:57:49 ----D---- C:\WINDOWS\SYSTEM32
2009-10-14 21:48:59 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-14 21:48:50 ----RSD---- C:\WINDOWS\ASSEMBLY
2009-10-14 00:40:31 ----SHD---- C:\WINDOWS\Installer
2009-10-14 00:39:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-14 00:38:31 ----D---- C:\WINDOWS\WinSxS
2009-10-14 00:35:17 ----HD---- C:\WINDOWS\INF
2009-10-14 00:32:17 ----A---- C:\WINDOWS\imsins.BAK
2009-10-14 00:32:16 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-10-14 00:31:19 ----D---- C:\WINDOWS\system32\en-US
2009-10-14 00:31:19 ----D---- C:\Program Files\Internet Explorer
2009-10-14 00:30:57 ----D---- C:\WINDOWS\ie7updates
2009-10-14 00:28:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-13 23:45:36 ----D---- C:\WINDOWS\system32\DRIVERS
2009-10-13 23:35:53 ----A---- C:\WINDOWS\system.ini
2009-10-13 23:25:15 ----D---- C:\WINDOWS\AppPatch
2009-10-13 23:24:55 ----D---- C:\Program Files\Common Files
2009-10-13 22:45:54 ----D---- C:\Program Files\Java
2009-10-12 13:30:06 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-10-12 13:29:21 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-12 13:24:00 ----SD---- C:\WINDOWS\Tasks
2009-10-12 13:23:51 ----D---- C:\Program Files\McAfee.com
2009-10-12 12:50:45 ----D---- C:\WINDOWS\system32\CONFIG
2009-10-12 12:29:48 ----RASH---- C:\BOOT.INI
2009-10-08 16:39:49 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-08 16:38:35 ----D---- C:\Program Files\MSN
2009-10-08 16:30:46 ----D---- C:\WINDOWS\Minidump
2009-10-08 14:22:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-08 14:21:23 ----D---- C:\Program Files\SpywareBlaster
2009-10-08 11:22:00 ----D---- C:\Program Files\Google
2009-10-05 16:24:34 ----D---- C:\Program Files\DivX
2009-10-05 14:58:28 ----D---- C:\Documents and Settings\Dad\Application Data\DivX
2009-10-02 14:01:57 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-28 11:40:00 ----SHD---- C:\System Volume Information
2009-09-24 21:42:20 ----SD---- C:\Documents and Settings\Dad\Application Data\Microsoft
2009-09-19 23:26:49 ----D---- C:\WINDOWS\network diagnostic
2009-09-19 23:13:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-09-19 22:57:22 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-07-08 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-11-16 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-08-13 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-12-12 23984]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-12-12 25264]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-13 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-13 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-13 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-13 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-13 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-13 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-13 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-13 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-13 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-17 1042432]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-17 212224]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-07-08 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-07-08 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-07-08 40552]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-17 680704]
R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter; C:\WINDOWS\system32\DRIVERS\WUSB54GCv3.sys [2008-12-04 627072]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\alango1\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-10-11 41752]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-07-08 34248]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-10-11 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-10-11 1279000]
S3 RT2500;Linksys Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2004-04-22 120448]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tj2knd5;Terayon Cable Modem (NDIS); C:\WINDOWS\system32\DRIVERS\tj2knd5.sys [2002-10-14 17616]
S3 tj2kunic;Terayon Cable Modem (WDM); C:\WINDOWS\system32\DRIVERS\tj2kunic.sys [2002-10-14 69680]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-10 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [2003-08-06 1376360]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-08 153376]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-07-08 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-07-10 894136]
R2 MSSQL$MICROSOFTBCM;MSSQL$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-12-12 642856]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-01-10 65536]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-07-08 606736]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-07-08 365072]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM; C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby alango1 » October 17th, 2009, 10:21 pm

Do I need to run hijackthis to remove the 14 infected regsitry keys. I see that ad-aware keeps returning?

thanks
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby alango1 » October 18th, 2009, 12:12 am

Hello,

I ran another full scan using mcafee after I deleted the artemis..tizupd.bin file. This time no infected files or processes were identified.
alango1
Regular Member
 
Posts: 45
Joined: September 23rd, 2009, 5:21 pm

Re: browser hijacker and other problems

Unread postby Dakeyras » October 18th, 2009, 11:21 am

Hi. :)

Do I need to run hijackthis to remove the 14 infected regsitry keys. I see that ad-aware keeps returning?

thanks
No need we will address this shortly.

I notice you have recently installed new software, this is not a wise move and the computer is now re-infected all over again. Please refrain from making any other changes unless I advice so thank you.

Also if anyone else has access to the computer, please ask them to stay of it during the malware removal process. Otherwise this is just going to further compound matters.

Viewpoint Software Advice:

This is just to make you aware of the nature of the aforementioned applications. Though not exactly classed as malware they do have some undersirible characteristics. However there is not point uninstalling any of them, as the AIM/AOL applications you have installed, next time used will download/install the aforementioned again with out your knowledge. Isn't that nice of AOL and their applications :banghead:

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

ooVoo Toolbar
ooVoo(video chat)

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please navigate to Start >> All Programs >> ERUNT >> ERUNT.

  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
  • System registry
  • Current user registry
  • Next click on OK
  • When the Question pop-up appears click on Yes
  • After a short duration the Registry backup is complete! popup will appear
  • Now click on OK. A backup has been created.

Note: If you have uninstalled ERUNT since we last used it, please inform myself before proceeding any further.

Next:

  • Double-click OTM to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
Code: Select all
:Processes

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
[-HKEY_CLASSES_ROOT\CLSID\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"=-
[-HKEY_CLASSES_ROOT\CLSID\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
[HKEY_USERS\S-1-5-21-1242254589-3928601052-1316946525-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FRAG TICK"=-
"Woibldvj"=-
"Cacascde"=-
"Cdunih"=-
"Hwkznvx"=-
"Qhpghzoo"=-
"Kqdy"=-
"Lbcq"=-
"McAfee Update"=-
"Sen"=-
"Hofyaxz"=-
"oovoo.exe"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

:Files
C:\WINDOWS\F?nts
C:\Program Files\?asks
C:\Program Files\oovootb
C:\Program Files\ooVoo
C:\Program Files\?ppPatch
C:\Program Files\Common Files\s?stem
C:\DOCUME~1\Andrew\MYDOCU~1\RACLE~1
C:\Documents and Settings\Andrew\My Documents\?ppPatch
C:\Documents and Settings\Andrew\Application Data\?dobe
C:\Documents and Settings\Andrew\Application Data\W?nSxS
C:\Documents and Settings\Andrew\My Documents\?racle
C:\Documents and Settings\Andrew\Application Data\Acid Body Poll

:Commands
[Purity]
[EmptyTemp]
[ResetHosts]
[Start Explorer]
[Reboot]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.

Note: The log can also be found here:-

My Computer >> Local Disk C:\ >> _OTM >> MovedFiles >> xxxxxxxx_xxxxxx.txt <-- The X's denote date/time of creation.

Next:

Please download Lop S&D and save it to your desktop.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of Lop S&D.

  • Double-click Lop S&D.exe
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.

Note: Copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt.

When completed the above, please post back the following:

  • How is you computer performing now? Any problems encountered and or any further symptoms?
  • OTM Log.
  • Lop S&D Log.
  • A new RSIT Log.

Note: Post all requested logs separately if it makes it easier to do so.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 297 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware