Jump to content

Search engine hijacking, something buried


Recommended Posts

I would appreciate any help.

Wife's laptop started acting funny month or so ago. I ran Spybot and it cleared out some stuff. Problems with Search engine (Yahoo or Google) being re-directed to junk. Ran Malware remover. It got rid of Antispyware but problem with Hijacked searches still occuring. Ran a Microsoft fixer but it said no bad files found. Ran Hijack this and got this analysis. See below. Any help much appreciated.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:43:20 PM, on 5/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\palmOne\Hotsync.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe

C:\DOCUME~1\Timothy\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll

O2 - BHO: (no name) - rsion - (no file)

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {9E91EBFD-A710-4E6E-893A-B9B1262F751E} - C:\WINDOWS\system32\CI.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: WLANKEEPER - Intel

Link to post
Share on other sites

  • 2 weeks later...

I guess your typical malware problem. Ran MBAM anf it got rid of a bunch of stuff. But problem still persists of clicking on any search engine result end of being redirected to some useless or unwatnted webpage. THANKS in advance

Here is the latest MBAM log:

Malwarebytes' Anti-Malware 1.12

Database version: 743

Scan type: Full Scan (C:\|)

Objects scanned: 137881

Time elapsed: 34 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

The latest PandaScan: A few suspicious....

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-05-21 17:19:03

PROTECTIONS: 0

MALWARE: 86

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00049499 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Timothy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-15a5a956-40454f76.zip[Dummy.class]

00098897 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Timothy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-15a5a956-40454f76.zip[insecureClassLoader.class]

00098898 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Timothy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-15a5a956-40454f76.zip[installer.class]

00098899 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Timothy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-15a5a956-40454f76.zip[GetAccess.class]

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@trafficmp[2].txt

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@trafficmp[2].txt

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@trafficmp[1].txt

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@casalemedia[1].txt

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@casalemedia[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@doubleclick[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Local Settings\Temp\Cookies\robin@doubleclick[2].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@atdmt[2].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Local Settings\Temp\Cookies\robin@atdmt[1].txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@tradedoubler[1].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@247realmedia[2].txt

00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@247realmedia[2].txt

00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@bfast[2].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@fastclick[2].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@fastclick[2].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@fastclick[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@tribalfusion[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@tribalfusion[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@tribalfusion[2].txt

00145732 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@as-eu.falkag[2].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@mediaplex[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@mediaplex[2].txt

00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@centrport[1].txt

00145770 Cookie/CentrPort TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@centrport[1].txt

00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@linksynergy[2].txt

00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@anm.co[1].txt

00147796 Cookie/Entrepreneur TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@entrepreneur[1].txt

00147806 Cookie/7search TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@7search[1].txt

00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@clickbank[2].txt

00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@maxserving[1].txt

00149064 Cookie/Maxserving TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@maxserving[1].txt

00149104 Cookie/Date TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@date[3].txt

00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@belnk[1].txt

00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@belnk[1].txt

00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@revenue[2].txt

00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@revenue[2].txt

00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@findwhat[2].txt

00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@dist.belnk[2].txt

00162730 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@dist.belnk[2].txt

00167430 Cookie/myaffiliateprogram TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@www.myaffiliateprogram[2].txt

00167450 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Timothy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4686f087-4564367b.zip[VerifierBug.class]

00167451 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Timothy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4686f087-4564367b.zip[Dummy.class]

00167452 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Timothy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4686f087-4564367b.zip[blackBox.class]

00167453 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\Timothy\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4686f087-4564367b.zip[beyond.class]

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@com[2].txt

00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@stats1.clicktracks[2].txt

00167670 Cookie/Seeq TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@seeq[1].txt

00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@landing.domainsponsor[1].txt

00167677 Cookie/WebPower TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@webpower[2].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@xiti[1].txt

00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@tickle[1].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@azjmp[2].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@statcounter[1].txt

00167763 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@counter1.sextracker[2].txt

00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@perf.overture[1].txt

00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@perf.overture[1].txt

00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@perf.overture[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@ad.yieldmanager[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@ad.yieldmanager[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@ad.yieldmanager[2].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@apmebf[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@apmebf[2].txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@burstnet[2].txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@burstnet[2].txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@burstnet[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@serving-sys[2].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@serving-sys[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@bs.serving-sys[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@bs.serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@bs.serving-sys[2].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@www.burstbeacon[2].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@www.burstbeacon[1].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@www.burstbeacon[1].txt

00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@as-us.falkag[2].txt

00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@as1.falkag[2].txt

00168108 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@web.tickle[2].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@adtech[1].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@adtech[2].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@server.iad.liveperson[1].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@server.iad.liveperson[1].txt

00168111 Cookie/Servlet TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@servlet[2].txt

00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@stat.onestat[2].txt

00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@stat.onestat[1].txt

00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@stat.onestat[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@advertising[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@advertising[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Local Settings\Temp\Cookies\robin@advertising[2].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@advertising[1].txt

00169286 Cookie/Sextracker TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@sextracker[1].txt

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@adrevolver[1].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@statse.webtrendslive[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@ads.pointroll[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@ads.pointroll[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@ads.pointroll[3].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@ads.pointroll[1].txt

00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@hc2.humanclick[2].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@overture[2].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@overture[1].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@overture[2].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@realmedia[2].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@realmedia[2].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@realmedia[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@questionmarket[2].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@questionmarket[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@questionmarket[2].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@zedo[1].txt

00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@zedo[1].txt

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@bluestreak[1].txt

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@bluestreak[1].txt

00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@phg.hitbox[1].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@adrevolver[1].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@adrevolver[2].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@adrevolver[2].txt

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@adultfriendfinder[2].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@go[1].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@go[2].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@go[1].txt

00199981 Cookie/Seeq TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@www48.seeq[1].txt

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@searchportal.information[1].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@target[2].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@target[2].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@target[1].txt

00207712 Cookie/360i TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@ct.360i[2].txt

00207712 Cookie/360i TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@ct.360i[1].txt

00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@did-it[1].txt

00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@did-it[1].txt

00216065 Cookie/Screensavers TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@i.screensavers[1].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@atwola[1].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@atwola[2].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@atwola[1].txt

00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@ehg-dig.hitbox[2].txt

00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@ehg-dig.hitbox[2].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@ads.addynamix[2].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@ads.addynamix[2].txt

00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@citi.bridgetrack[1].txt

00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@citi.bridgetrack[1].txt

00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@citi.bridgetrack[1].txt

01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Timothy\Cookies\timothy@enhance[2].txt

01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@enhance[2].txt

01692698 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Robin\Application Data\Macromedia\Shockwave Player\xtras\download\TheGrooveAlliance\3DGrooveXtrav181\Groove.x32

01692698 Generic Malware Virus/Trojan No 0 Yes No C:\Documents and Settings\Hannah\Application Data\Macromedia\Shockwave Player\xtras\download\TheGrooveAlliance\3DGrooveXtrav181\Groove.x32

02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@advancedcleaner[2].txt

02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@advancedcleaner[2].txt

02887534 Cookie/PrivacyGuard TrackingCookie No 0 Yes No C:\Documents and Settings\Robin\Cookies\robin@yourprivacyguard[2].txt

02887534 Cookie/PrivacyGuard TrackingCookie No 0 Yes No C:\Documents and Settings\Hannah\Cookies\hannah@yourprivacyguard[1].txt

02923687 Generic Trojan Virus/Trojan Yes 0 Yes No C:\WINDOWS\SYSTEM32\CI.DLL

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location ]

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description ]

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

And the HtJ log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:11:50 PM, on 5/21/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\WINDOWS\system32\lexpps.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\palmOne\Hotsync.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Apoint\Apntex.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\DOCUME~1\Timothy\LOCALS~1\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll

O2 - BHO: (no name) - rsion - (no file)

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O2 - BHO: (no name) - {9E91EBFD-A710-4E6E-893A-B9B1262F751E} - C:\WINDOWS\system32\CI.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKUS\S-1-5-21-650557291-1198000470-3087451324-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Robin')

O4 - HKUS\S-1-5-21-650557291-1198000470-3087451324-1008\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Robin')

O4 - HKUS\S-1-5-21-650557291-1198000470-3087451324-1008\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe (User 'Robin')

O4 - HKUS\S-1-5-21-650557291-1198000470-3087451324-1008\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Robin')

O4 - HKUS\S-1-5-21-650557291-1198000470-3087451324-1008\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (User 'Robin')

O4 - HKUS\S-1-5-21-650557291-1198000470-3087451324-1008\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User 'Robin')

O4 - HKUS\S-1-5-21-650557291-1198000470-3087451324-1008\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Robin')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: WLANKEEPER - Intel

Link to post
Share on other sites

  • Root Admin

Follow these instructions carefully.

  • Download ATF-Cleaner from
    Snapfiles.com
    to remove un-needed temporary files from your computer that may contain malware.
  • You can also download it from
    Majorgeeks.com

  • When you run ATF-Cleaner, check the items as shown below for Main.

  • For FireFox, be sure to click on the FireFox tab on top and check the items as shown below for FireFox

  • NOTE:
    If you don't have FireFox or Opera installed then they will be grayed out and can be ignored

  • Then click on "Empty Selected".

atf-cleaner01.gif

.
atf-cleaner02.gif

According to the logs and entries you did not install, update, and scan with Spybot Search & Destroy as requested in the Pre-HJT forum.

Please download Spybot Search & Destroy then update it and do a scan with it and report back what it found.

Make sure you disable the Tea Timer.

Disable Spybot Search & Destroys' TEA TIMER:


    1. Run Spybot-S&D in Advanced Mode.
    2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
    3. On the left hand side, Click on Tools
    4. Then click on the Resident Icon in the List
    5. Uncheck "Resident TeaTimer" and OK any prompts.
    6. Restart your computer.

Go into your
Control Panel - Add/Remove
and uninstall the following applications - you can get updates later on.

All Java versions, All Flash versions, All Shockwave versions, All QuickTime versions, Adobe Acrobat READER

Many of these programs have been recently updated to correct holes that have been found in the programs which help

facilitate Malware being installed onto your system. Updating to the most recent versions will help to eleviate this method of entry.

Then reboot your computer and continue the scan and clean process.

Start HiJackThis and do a Scan Only and place a check mark in the following items

  • O2 - BHO: (no name) - rsion - (no file)

  • R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    http://www.dell4me.com/myway

  • O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

  • O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

  • O2 - BHO: (no name) - {9E91EBFD-A710-4E6E-893A-B9B1262F751E} - C:\WINDOWS\system32\CI.dll

  • O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

  • O4 - HKUS\S-1-5-21-650557291-1198000470-3087451324-1008\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe (User 'Robin')

  • O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

  • O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html

  • O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

  • O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

  • O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
    http://www.nick.com/common/groove/gx/GrooveAX27.cab

Then click on "Fix selected"

Download
Deckard's System Scanner (DSS)
to your
Desktop
.

Note: You must be logged onto an account with administrator privileges.

  1. Close
    all applications and windows.
  2. Double-click
    on
    dss.exe
    to run it, and follow the prompts.

  3. When the scan is complete, two text files will open -
    main.txt
    <- this one will be maximized
    and
    extra.txt
    <-this one will be minimized

  4. Copy
    (Ctrl+A then Ctrl+C)
    and paste
    (Ctrl+V)
    the contents of
    main.txt
    and the extra.txt to your post in your reply

What DSS will do:

  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.

  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Notes:

The first time that the Deckard scanner is run, the extra.txt is generated in a minimized window. The second time you will not obtain the extra.txt. You must go to
Start
=>
Run
and copy the following
"%userprofile%\desktop\dss.exe" /config
in the line and click OK You will receive a pop-up box with options to check for the Main log and Extra Log and Options.

.

Link to post
Share on other sites

Thanks for the advice.

I did have Spybot so I ran it. It deleted some stuff.

I ran the ATF cleaner. 700 + MB removed?. Okay.

Deleted all the extra files. I did not see a Google toolbar in program tree.

Ran a scan of the new HiJack version. Fixed those entries that were present as suggested in earlier thread.

Ran the DSS. Below is the two reports. Thanks again

Main Text from DSS

Deckard's System Scanner v20071014.68

Run by Timothy on 2008-05-26 18:44:43

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- HijackThis (run as Timothy.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:44:45 PM, on 5/26/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\SiteAdvisor\6261\SAService.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\SiteAdvisor\6261\SiteAdv.exe

C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\palmOne\Hotsync.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Documents and Settings\Timothy\Desktop\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Timothy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: (no name) - {9E91EBFD-A710-4E6E-893A-B9B1262F751E} - C:\WINDOWS\system32\CI.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: WLANKEEPER - Intel

Link to post
Share on other sites

  • Root Admin

Hi Tim,

It looks like you should run a disk check on your system.

Click on START-RUN and type in CMD /K CHKDSK C: /F then press the ENTER KEY notice the space after each item

Then restart you computer and it should run a disk check - if it does not run the disk check let me know.

Please go into your Control Panel - Add/Remove and try to locate and remove the Myway search and remove it.

Launch Spybot Search & Destroy and place a check mark on the following items.

Then click on "Fix selected"

Then start your Malwarebytes program and click on the Update tab and update the program. Then perform a Quick Scan and report back that log.

How is the computer currently running?

Link to post
Share on other sites

Thanks very much.

To summarize. There was the problem of the Hijacked websearches. That seems to have been rectifed after the first series of fixes. Also, some Malaware kept popping up an ad for an antivirus program. That persisted even after several scans by Spyderbot and MBAM. Those scans would delete the offending program but it kpet coming back. It was the Vario Antivirus.

Following the notes above.

Ran system check. I am old enough to have used DOS so no problem there. Screen flashed quickly but not much to report. I know Hard drive has some bad sectors on it. Its a Dell laptop that is ~6 years old, 2 GHz Pentium with 1 Gig RAM.

The Spyderbot found and "fixed" the Vario Antivirus again.

Use HJT to fix the myway.dell4me.myway line. It deleted it. Had to reset the IE program to get IE to launch. Seems okay now.

Ran Spider bot and the MBAM again. All clean. Nothing found.

No pop-ups today so it might be cleared.

This computer is basically used by my wife and daughter. It does seem slow. Fairly long boot-up till all is loaded. Couple functions like "Search" are excruciatingly slow. Yet IE launches quickly. I recently added a new McAfee Security Center to hopefully block this sort of stuff from re-occuring. Perhaps its a drain on resources.

Any other thoughts would be appreciated.

Link to post
Share on other sites

  • Root Admin

Yes McAfee and Norton are both very huge drains on resources. Using one like Avira, Avast, or NOD32 are much less resource intensive.

How is the computer doing? Does it still appear to be free of Malware?

If you want some general help with potential speed up items not related to Malware then please post in the General PC forum and I'll be glad to go over some things to help speed it up some if we can.

If the system appears to be free from Malware now let me know so that we can go over some of the things that you should do to try to keep it that way.

.

Link to post
Share on other sites

Yes McAfee and Norton are both very huge drains on resources. Using one like Avira, Avast, or NOD32 are much less resource intensive.

How is the computer doing? Does it still appear to be free of Malware?

If you want some general help with potential speed up items not related to Malware then please post in the General PC forum and I'll be glad to go over some things to help speed it up some if we can.

If the system appears to be free from Malware now let me know so that we can go over some of the things that you should do to try to keep it that way.

.

Yes, there have been no noticeable problems. I ran a complete MBAM scan as well as the Spyderbot. Other than a couple cookies, nothing found.

I noticed that with the new McAfee Security Center, that it would launch a warning dialog box when a suspect website was reached. (i.e. the Vario antivirus). I hope that will help some with preventing junk ending up on the computer.

My daughter only uses the laptop for Nickolodeon. My wife mainly uses it for Yahoo email and messenger.

Any tips for keeping it clean would be much appreciated.

Again thanks very much for the help.

Link to post
Share on other sites

  • Root Admin

You're quite welcome for the help.

Good, glad to hear it is working well and that you appear to be clean now.

Please take a look at the following:
hpHosts
What is hpHosts?

hpHosts is a community managed and maintained hosts file that allows an additional layer of protection against access to ad, tracking and malicious websites.
  • Keep all your Security applications up to date and do scans at least once a week
  • There is no single application out there that can scan and locate everything, so use at least a couple of anti-malware scanners as well as your anti-virus product to ensure your system is clean.

    Look at using the following software which will help to protect you
  • WinPatrol

  • Spywareblaster

  • FireFox

  • NoScript

  • Adblock Plus

  • Enable Microsoft Automatic Updates to perform the critical updates for Microsoft products for you.

  • Your McAfee product should be providing you with inbound and outbound Firewall protection already, ensure you do use it.

Best of luck and let me know if you have any questions and don't forget to tell your friends and also

don't forget we also offer Free PC support in the
PC Help
forum.

If you have any questions about the above products let me know. I'll keep this post open a couple more days and then close it.

.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.