Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Redirect Virus? [CLOSED]

Started by smdolan , Feb 25 2008 12:06 AM

  • This topic is locked This topic is locked

#1
smdolan
Posted 25 February 2008 - 12:06 AM

smdolan

    New Member

  • Member
  • Pip
  • 4 posts
When searching in Google I am continually redirected to unwanted sites. It's getting worse. I've never had a virus before and am clueless as to how to handle this.
Thank you in advance for your time.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:11 AM, on 2/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shellysbuttonsandmore.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] "C:\WINDOWS\p_981116.exe" /Q:A
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: zip - {1df480b6-4474-4d96-a632-c7822be83de1} - C:\WINDOWS\Installer\{1df480b6-4474-4d96-a632-c7822be83de1}\zip.dll
O22 - SharedTaskScheduler: ShellService - {8FB2D6CA-E258-48CF-9DAB-EEFB735E225C} - C:\WINDOWS\system32\config\atww\ShellService.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://gfx1.hotmail....slide.hm.li.gif

--
End of file - 7116 bytes
  • 0

Advertisements

#2
sage5
Posted 25 February 2008 - 01:52 AM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi smdolan,

Welcome to Geeks to Go!
My name is sage5, and I will be helping you with this problem.

Please download the following & save to your Desktop:
Malwarebytes' Anti-Malware from Here or Here
Deckard's System Scanner

Run Malwarebytes' Anti-Malware:
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Run Deckard's System Scanner:
  • Close all other windows before proceeding.
  • Double click on the dss.exe file on your Desktop and follow the prompts.
  • Scans will run, and 2 text files will open in Notepad.
  • Close both of the text files.
These files are C:\Deckard\System Scanner\main.txt & extra.txt. I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply. Also please paste the text from the MBAM log



The text from these files may exceed the maximum post length for this forum, and may need to be sent over 2 or more posts. Please ensure all text is posted.

Cheers,

sage5
  • 0

#3
smdolan
Posted 25 February 2008 - 05:14 PM

smdolan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thank you so much for helping me with this. Here is my MBAM log:

Malwarebytes' Anti-Malware 1.05
Database version: 405

Scan type: Quick Scan
Objects scanned: 45146
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\Installer\{1df480b6-4474-4d96-a632-c7822be83de1}\zip.dll (Trojan.Alphabet) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{1df480b6-4474-4d96-a632-c7822be83de1} (Trojan.Alphabet) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\zip (Trojan.Alphabet) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\Installer\{1df480b6-4474-4d96-a632-c7822be83de1} (Trojan.Alphabet) -> Delete on reboot.
C:\Program Files\XP Antivirus (Rogue.XPAntivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Installer\{1df480b6-4474-4d96-a632-c7822be83de1}\zip.dll (Trojan.Alphabet) -> Delete on reboot.
C:\Documents and Settings\Macy Dolan\Local Settings\Temp\~DF5FB6.tmp (Malware.trace) -> Quarantined and deleted successfully.
C:\Program Files\XP Antivirus\xpa.exe.tmp (Rogue.XPAntivirus) -> Quarantined and deleted successfully.
  • 0

#4
smdolan
Posted 25 February 2008 - 05:16 PM

smdolan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
main.text

Deckard's System Scanner v20071014.68
Run by Macy Dolan on 2008-02-25 18:00:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-02-25 23:00:47 UTC - RP547 - Deckard's System Scanner Restore Point
1: 2008-02-25 05:51:26 UTC - RP546 - feb25


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Macy Dolan.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:18 PM, on 2/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Documents and Settings\Macy Dolan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Macy Dolan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shellysbuttonsandmore.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] "C:\WINDOWS\p_981116.exe" /Q:A
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: ShellService - {8FB2D6CA-E258-48CF-9DAB-EEFB735E225C} - C:\WINDOWS\system32\config\atww\ShellService.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://gfx1.hotmail....slide.hm.li.gif

--
End of file - 6949 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080225-001759-563 O4 - Startup: PowerReg Scheduler V3.exe
backup-20080225-002856-440 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 DgiVecp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; Samsung Electronics Co., Ltd.; Samsung Electronics Co., Ltd. VECP for Windows 2000, XP>
R2 filesvc - c:\windows\system32\config\atww\filesvc.sys
R2 procdrv - c:\windows\system32\config\atww\procdrv.sys
R2 regfil - c:\windows\system32\config\atww\regfil.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-25 03:00:00 506 --a------ C:\WINDOWS\Tasks\SpywareStop Scheduled Scan.job


-- Files created between 2008-01-25 and 2008-02-25 -----------------------------

2008-02-25 17:47:11 0 d-------- C:\Documents and Settings\Macy Dolan\Application Data\Malwarebytes
2008-02-25 17:47:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-25 17:46:59 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-25 00:58:25 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-02-25 00:58:25 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-02-25 00:58:25 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-02-25 00:58:25 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-02-25 00:58:25 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-02-25 00:58:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2008-02-25 00:58:25 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-02-25 00:58:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-02-25 00:58:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-02-25 00:58:25 0 d--h----- C:\Documents and Settings\Administrator\Application Data\Gtek
2008-02-25 00:58:24 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-02-25 00:58:24 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-02-25 00:58:24 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-02-25 00:58:24 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-02-25 00:58:24 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-02-25 00:58:24 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-02-25 00:58:24 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-02-25 00:58:24 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-02-24 23:01:15 0 d-------- C:\HJT
2008-02-24 20:11:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-24 19:53:47 0 d-------- C:\Documents and Settings\Macy Dolan\Application Data\SpywareStop
2008-02-24 18:57:42 0 d-------- C:\Program Files\Trend Micro
2008-02-19 09:56:16 0 d-------- C:\WINDOWS\network diagnostic
2008-02-19 09:48:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-02-17 01:15:41 0 d-------- C:\WINDOWS\Cache
2008-02-17 01:15:40 0 d-------- C:\Program Files\Coupons


-- Find3M Report ---------------------------------------------------------------

2008-02-25 17:52:45 0 d-------- C:\Program Files\Common Files
2008-02-20 09:22:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-20 09:19:45 0 d-------- C:\Program Files\Barbie™
2008-02-19 10:09:56 0 d-------- C:\Program Files\Disney Interactive
2008-02-19 09:02:56 0 d-------- C:\Program Files\Scholastic
2008-01-25 16:11:43 0 d-------- C:\Program Files\Pet Vet 2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 06:48 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [06/30/2004 02:33 PM]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [04/11/2004 09:15 PM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [11/17/2004 10:17 PM]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [08/08/2003 07:02 PM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 06:29 PM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [01/11/2006 12:05 PM]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [04/19/2004 03:45 PM]
"MMTray"="C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [04/19/2004 03:45 PM]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [08/17/2003 10:50 PM]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [11/30/1998 06:04 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [02/13/2005 02:11 PM]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe" [02/14/2006 04:32 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 08:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 08:32 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [09/20/2005 08:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [07/19/2004 08:51 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\Macy Dolan\Start Menu\Programs\Startup\
DESKTOP.INI [8/10/2004 2:04:12 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [11/17/2004 10:17:21 PM]
DESKTOP.INI [8/10/2004 2:04:12 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/17/2004 10:15:52 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8FB2D6CA-E258-48CF-9DAB-EEFB735E225C}"= C:\WINDOWS\system32\config\atww\ShellService.dll [10/15/2007 02:45 PM 90240]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,




-- End of Deckard's System Scanner: finished at 2008-02-25 18:05:02 ------------

extra txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.40GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 509.98 MiB / 227.13 MiB
Pagefile Memory (total/avail): 1247.59 MiB / 1013.15 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.34 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 33.7 GiB total, 21.89 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD400BB-75FJA1 - 37.25 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 33.7 GiB - C:
\PARTITION2 - Unknown - 3.5 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"="C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Macy Dolan\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MACY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Macy Dolan
LOGONSERVER=\\MACY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MACYDO~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MACYDO~1\LOCALS~1\Temp
USERDOMAIN=MACY
USERNAME=Macy Dolan
USERPROFILE=C:\Documents and Settings\Macy Dolan
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Macy Dolan (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20030807.3) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
Aurelio --> "C:\Program Files\AurelioDemo\unins000.exe"
Banctec Service Agreement --> MsiExec.exe /X{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}
Barbie Magic Hair Styler --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Barbie\Barbie Magic Hair Styler\Uninst.isu"
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Support 5.0.0 (630) --> rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Dreamship Tales --> C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Dreamship Tales\Uninstall.xml"
EarthLink Setup Files --> MsiExec.exe /X{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Hello Kitty Dream Carnival --> MsiExec.exe /I{900B84AB-6A80-49EE-B236-67F211190597}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Math Success Elementary --> MsiExec.exe /X{4C975420-4971-41B0-9F07-65516105DE71}
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee VirusScan --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=1 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
Microsoft ActiMates Software Sampler --> C:\Program Files\Microsoft ActiMates\Demos\Sampler\uninstal.exe
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Mighty Math Zoo Zillions (Remove only) --> C:\WINDOWS\edmkuni2.exe "C:\Program Files\Edmark\Mighty Math Zoo Zillions "
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe
My Fantasy Wedding --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3AC8DD1-A754-46D6-A777-6155D627D196}\Setup.exe" -l0x9
Nancy Drew: The Haunted Carousel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Nancy Drew\The Haunted Carousel\Setup.exe" -l0x9
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NoAdware v5.0 --> "C:\Program Files\NoAdware5.0\unins000.exe"
Operation --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Hasbro Interactive\Operation\DeIsL1.isu"
Personalized Learning Center --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Personalized Learning Center\Uninst.isu"
Pet Vet 2 --> "C:\Program Files\Pet Vet 2\unins000.exe"
Phonics and Reading --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9867C795-5BCD-4F48-A4DC-67985D370435}\setup.exe" -l0x9 -removeonly
Princess Magical Dress-Up --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77E6AE74-357C-4B33-8324-FDDC9997B4D1}\setup.exe" -l0x9 Princess Magical Dress-Up
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Reader Rabbit Kindergarten --> C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\The Learning Company\Reader Rabbit Kindergarten\Uninstall.xml"
Reader Rabbit Personalized Preschool --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Reader Rabbit Personalized Preschool\Uninst.isu"
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RollerCoaster Tycoon 2 Triple Thrill Pack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C5D15D2-5351-4F05-A96E-56C20554F977}\Setup.exe" -l0x9
Samsung ML-2510 Series --> C:\Program Files\Samsung\Samsung ML-2510 Series\Install\Setup.exe /R
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SimCity 4 Deluxe --> C:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
Social Studies and Science --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6EFB596-CEA5-42A7-8BA6-AB5D3CE7A151}\setup.exe" -l0x9 -removeonly
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
Zoo Tycoon 2 --> "C:\Program Files\Microsoft Games\Zoo Tycoon 2\UNINSTAL.EXE" /runtemp /uninstall
Zoo Tycoon: Complete Collection --> "C:\Program Files\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremove


-- Application Event Log -------------------------------------------------------

Event Record #/Type3634 / Error
Event Submitted/Written: 02/25/2008 05:11:29 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module shell32.dll, version 6.0.2900.3241, fault address 0x0003523f.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type3618 / Error
Event Submitted/Written: 02/24/2008 09:30:29 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application DRWTSN32.EXE, version 5.1.2600.0, faulting module DBGHELP.DLL, version 5.1.2600.2180, fault address 0x0001295d.
Processing media-specific event for [DRWTSN32.EXE!ws!]

Event Record #/Type3617 / Error
Event Submitted/Written: 02/24/2008 09:30:21 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00011e58.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type3577 / Error
Event Submitted/Written: 02/21/2008 05:19:17 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x0002ae22.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type3576 / Error
Event Submitted/Written: 02/21/2008 09:51:33 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type11579 / Warning
Event Submitted/Written: 02/25/2008 02:42:23 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type11558 / Error
Event Submitted/Written: 02/25/2008 01:02:02 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type11557 / Error
Event Submitted/Written: 02/25/2008 01:00:40 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type11556 / Error
Event Submitted/Written: 02/25/2008 01:00:24 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type11555 / Error
Event Submitted/Written: 02/25/2008 00:59:51 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip



-- End of Deckard's System Scanner: finished at 2008-02-25 18:05:02 ------------
  • 0

#5
sage5
Posted 26 February 2008 - 04:35 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi smdolan,

Please download the following & save to your Desktop:
OTMoveIt2 by OldTimer.

Spy-Bot's TeaTimer is a good tool for the prevention of spyware, but it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now. It can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 3.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.


Run HijackThis.
  • Click the Do a system scan only button.
  • Check the boxes for the all the entries listed below:
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
O22 - SharedTaskScheduler: ShellService - {8FB2D6CA-E258-48CF-9DAB-EEFB735E225C} - C:\WINDOWS\system32\config\atww\ShellService.dll
  • Now close all windows other than HijackThis and click Fix Checked.
  • Close HijackThis.


Delete bad services
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat Please save it on your desktop.

@echo off
sc stop filesvc
sc stop procdrv
sc stop regfil
sc delete filesvc
sc delete procdrv
sc delete regfil
exit



Remove Programs:
  • Please go to Start > Control Panel > Add/Remove Programs and remove the following, (if present):
    Viewpoint Media Player
    Please take note of any other programs that you don't recognise in that list, and include them in your next response

Run OTMoveIt2:
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    c:\windows\system32\config\atww
C:\Program Files\Viewpoint
  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Open Notepad
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy).
  • Paste the text into the Notepad file, click in the window and press Ctrl + V.
  • Click "Exit" to close OTMoveIt.
  • Save the text file as C:\otmove.txt
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)


Shut down & Reboot normally:

Run HijackThis again:
  • Select the Run a system scan and save a logfile button. The logfile will open in Notepad.
  • Start your Web Browser and navigate back to this thread.
  • Click the Add Reply button
  • Copy and Paste the text into the Reply window.
  • Please include the text from C:\otmove.txt in your Reply as well.
Please include a note to tell me how your PC is running now.

Cheers,

sage5
  • 0

#6
smdolan
Posted 27 February 2008 - 12:52 PM

smdolan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
My system seems to be running better. After following your instructions yesterday I didn't have a redirect problem, however I've experienced that in the past and in a short span of hours it usually comes back. I'm careful not to open any attachments, however I've noticed when I open a link in google after searching for something I continue to see the words 'add tracking' before I reach my desired page. Not sure if that means anything??

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:14 PM, on 2/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shellysbuttonsandmore.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [mmtask] "c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] "C:\WINDOWS\p_981116.exe" /Q:A
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://gfx1.hotmail....slide.hm.li.gif

--
End of file - 6484 bytes

c:\windows\system32\config\atww moved successfully.
File/Folder C:\Program Files\Viewpoint not found.

OTMoveIt2 v1.0.20 log created on 02272008_133738
  • 0

#7
sage5
Posted 27 February 2008 - 04:28 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi smdolan,

How about we run another couple of scans just to double check that your PC is now clean.

Please download the following & save to your Desktop:
ComboFix

Run ComboFix:
  • Double click combofix.exe and follow the prompts.
  • When finished, it will produce a log for you. Post that log and the TotalScan log, from below, in your next reply.
Log file will be C:\Combofix.txt

Note: Do not mouseclick combofix's window while its running. That may cause it to stall


Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report


Cheers,

sage5

Edited by sage5, 27 February 2008 - 04:29 PM.

  • 0

#8
sage5
Posted 20 March 2008 - 11:25 PM

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP