mattclem Posted September 6, 2008 Report Share Posted September 6, 2008 HI There Best Techies,Not sure how we got infected, my kids do a bunch of on-line flash games for what that's worth.As my title suggests only Internet Explorer is affected. Google searches work fine, but when I select one of the items that Google find I am re-directed to something other than what I wanted. Firefox still works just fine (for now).Thanks for your help...Matt...............Here is my HiJack THis Log...Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:27:58 PM, on 9/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\family\matt\tech\Kerio\Personal Firewall 4\kpf4ss.exeC:\family\matt\tech\Kerio\Personal Firewall 4\kpf4gui.exeC:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\applications\Photodex\ProShow-\ScsiAccess.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Canon\CAL\CALMAIN.exec:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\WINDOWS\Explorer.EXEC:\family\matt\tech\Kerio\Personal Firewall 4\kpf4gui.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\StartupMonitor.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exeC:\applications\Audible\Bin\AudibleDownloadHelper.exeC:\Program Files\WiFiConnector\NintendoWFCReg.exeC:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exeC:\Program Files\iPod\bin\iPodService.exeC:\Documents and Settings\Clementi\My Documents\My Music\HiJackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clementiweb.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dllR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\CLEMENTI\Application Data\Mozilla\Profiles\default\hold\prefs.js)N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CApplications%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\CLEMENTI\Application Data\Mozilla\Profiles\default\hold\prefs.js)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: XBTP06261 Class - {2EAA261D-6F4E-42fe-B898-CDC160FD2463} - C:\PROGRA~1\EMUSIC~1\EMUSIC~1.DLL (file missing)O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\APPLIC~1\SPYBOT~1\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: eMusic Toolbar - {F8CC9B08-C14F-4A5C-B73B-518AFECC067A} - C:\Program Files\eMusic Toolbar\emusicToolbar.dll (file missing)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeO4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exeO4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsersO4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [LanguageShortcut] E:\Applications\CyberLink\PowerDVD\Language\Language.exeO4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exeO4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exeO4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdizk.exe] C:\WINDOWS\system32\kdizk.exeO4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Audible Download Manager.lnk = C:\applications\Audible\Bin\AudibleDownloadHelper.exeO4 - Global Startup: Microsoft Office.lnk = C:\applications\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exeO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CABO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cabO16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cabO16 - DPF: {55703908-B184-11D3-94E8-005004603E9E} (AVICtrl Class) - http://desktop.ilearning.com/desktop/CaliberWebAVI.dllO16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader2.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128775543484O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CABO16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.18.18/ttinst.cabO16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/to.../npseatools.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AdobeVersionCue - Adobe Sytems - C:\applications\Adobe\Adobe Version Cue\service\VersionCue.exeO23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exeO23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\family\matt\tech\Kerio\Personal Firewall 4\kpf4ss.exeO23 - Service: Intel NCS NetService (NetSvc) - IntelĀ® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: ScsiAccess - Unknown owner - C:\applications\Photodex\ProShow-\ScsiAccess.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO24 - Desktop Component 0: (no name) - http://i171.photobucket.com/albums/u283/fc...outs/MSlyt2.jpg--End of file - 15367 bytes Quote Link to post Share on other sites
sarahw Posted September 7, 2008 Report Share Posted September 7, 2008 Hi,Welcome to the siteI will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.I want you to show hidden files. There are instructions HERE to help you do this.You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time. Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.These instructions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat. Quote Link to post Share on other sites
sarahw Posted September 7, 2008 Report Share Posted September 7, 2008 1.Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below: R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dllO2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis2.Please download the OTMoveIt2 by OldTimer. Save it to your desktop. Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):C:\PROGRA~1\MYWEBS~1C:\Program Files\MyWaySA Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.Click the red Moveit! button.A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.Close OTMoveIt2If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.3.Updating Java and Clearing CacheGo to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.It will say "Java Plug-in" under the icon. Please find the update button or tab in the Java Control Panel. Update your Java then reboot.If you are unable to update you can manually update by going here:http://www.java.com/en/download/manual.jsp[*]After the reboot, go back into the Control Panel and double-click the Java Icon.[*]Under Temporary Internet Files, click the Delete Files button.[*]There are three options in the window to clear the cache - Leave ALL 3 CheckedDownloaded AppletsDownloaded ApplicationsOther Files[*]Click OK on Delete Temporary Files WindowNote: This deletes ALL the Downloaded Applications and Applets from the CACHE.[*]Click OK to leave the Java Control Panel.4.Please download Malwarebytes' Anti-Malware to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select Perform full scan (Full scan is optional. According to the program's creator Quick Scan will do just fine.).Click Scan.When the scan is complete, click OK, then Show Results to view the results.If Malware is found...Be sure that everything is checked, and click Remove Selected.When completed, a log will open in Notepad. Please save it to your desktop.NOTE: Logs can be retrieved at a later date from the Malwarebytes' Anti-Malware main screen:Launch Malwarebytes' Anti-Malware.Click the Logs tab.Double-click log-mm.dd.yyyy [xxxxxx].txt.In your next reply post the Malwarebytes' Anti-Malware log. Quote Link to post Share on other sites
mattclem Posted September 8, 2008 Author Report Share Posted September 8, 2008 Hi Sarahw,OK, Here We go................................................................The MoveIt log...File/Folder C:\PROGRA~1\MYWEBS~1 not found.C:\Program Files\MyWaySA\SrchAsDe\1.bin moved successfully.C:\Program Files\MyWaySA\SrchAsDe moved successfully.C:\Program Files\MyWaySA moved successfully.OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09072008_234206...........................................................The Anti-Malware log...Malwarebytes' Anti-Malware 1.26Database version: 1127Windows 5.1.2600 Service Pack 29/8/2008 12:34:14 AMmbam-log-2008-09-08 (00-34-14).txtScan type: Quick ScanObjects scanned: 78819Time elapsed: 27 minute(s), 59 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 10Registry Values Infected: 3Registry Data Items Infected: 1Folders Infected: 12Files Infected: 15Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcp2pj0e7bv (Rogue.Multiple) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zangotoolbar 4.8.3 (Adware.Zango) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdizk.exe -> Quarantined and deleted successfully.Folders Infected:C:\Program Files\rhcp2pj0e7bv (Rogue.Multiple) -> Delete on reboot.C:\Documents and Settings\Clementi\Application Data\rhcp2pj0e7bv (Rogue.Multiple) -> Delete on reboot.C:\Documents and Settings\Clementi\Application Data\rhcp2pj0e7bv\Quarantine (Rogue.Multiple) -> Delete on reboot.C:\Documents and Settings\Clementi\Application Data\rhcp2pj0e7bv\Quarantine\Autorun (Rogue.Multiple) -> Delete on reboot.C:\Documents and Settings\Clementi\Application Data\rhcp2pj0e7bv\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Documents and Settings\Clementi\Application Data\rhcp2pj0e7bv\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Documents and Settings\Clementi\Application Data\rhcp2pj0e7bv\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Documents and Settings\Clementi\Application Data\rhcp2pj0e7bv\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Documents and Settings\Clementi\Application Data\rhcp2pj0e7bv\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Documents and Settings\Clementi\Application Data\rhcp2pj0e7bv\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Documents and Settings\Clementi\Application Data\rhcp2pj0e7bv\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Documents and Settings\Clementi\Application Data\rhcp2pj0e7bv\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.Files Infected:C:\WINDOWS\system32\kdizk.exe (Rootkit.DNSChanger.H) -> Delete on reboot.C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.C:\Documents and Settings\Julia\Local Settings\Temp\GLKF.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.C:\Program Files\rhcp2pj0e7bv\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Program Files\rhcp2pj0e7bv\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Program Files\rhcp2pj0e7bv\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Program Files\rhcp2pj0e7bv\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Program Files\rhcp2pj0e7bv\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Program Files\rhcp2pj0e7bv\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Program Files\rhcp2pj0e7bv\rhcp2pj0e7bv.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Program Files\rhcp2pj0e7bv\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.C:\Documents and Settings\Clementi\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.C:\WINDOWS\SYSTEM32\DRIVERS\svchost.VIR (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully...............................................................Thanks for your help...Matt Quote Link to post Share on other sites
sarahw Posted September 8, 2008 Report Share Posted September 8, 2008 Please open the OTMoveIt2 by OldTimer. Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):C:\Program Files\rhcp2pj0e7bvC:\Documents and Settings\Clementi\Application Data\rhcp2pj0e7bvC:\WINDOWS\system32\kdizk.exe Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.Click the red Moveit! button.A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.Close OTMoveIt2If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.Post a Hijack This log with the OTMoveIt2 log in your reply. Quote Link to post Share on other sites
mattclem Posted September 9, 2008 Author Report Share Posted September 9, 2008 HI again,Thanks...Matt....................................................Here is the log file from OTMoveit........................................................File/Folder C:\Program Files\rhcp2pj0e7bv not found.File/Folder C:\Documents and Settings\Clementi\Application Data\rhcp2pj0e7bv not found.File/Folder C:\WINDOWS\system32\kdizk.exe not found.OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09082008_190308.......................................................Here is the Log from HiJack This:....................................................Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:07:24 PM, on 9/8/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AntiVir PersonalEdition Classic\sched.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AntiVir PersonalEdition Classic\avguard.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\family\matt\tech\Kerio\Personal Firewall 4\kpf4ss.exeC:\family\matt\tech\Kerio\Personal Firewall 4\kpf4gui.exeC:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\applications\Photodex\ProShow-\ScsiAccess.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Canon\CAL\CALMAIN.exec:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeC:\Program Files\Dell\Media Experience\PCMService.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\AntiVir PersonalEdition Classic\avgnt.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\StartupMonitor.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exeC:\applications\Audible\Bin\AudibleDownloadHelper.exeC:\Program Files\WiFiConnector\NintendoWFCReg.exeC:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\System32\svchost.exeC:\family\matt\tech\Kerio\Personal Firewall 4\kpf4gui.exeC:\Program Files\Outlook Express\msimn.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Clementi\My Documents\My Music\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clementiweb.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\CLEMENTI\Application Data\Mozilla\Profiles\default\hold\prefs.js)N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CApplications%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\CLEMENTI\Application Data\Mozilla\Profiles\default\hold\prefs.js)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: XBTP06261 Class - {2EAA261D-6F4E-42fe-B898-CDC160FD2463} - C:\PROGRA~1\EMUSIC~1\EMUSIC~1.DLL (file missing)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\APPLIC~1\SPYBOT~1\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: eMusic Toolbar - {F8CC9B08-C14F-4A5C-B73B-518AFECC067A} - C:\Program Files\eMusic Toolbar\emusicToolbar.dll (file missing)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exeO4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exeO4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exeO4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsersO4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /minO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [LanguageShortcut] E:\Applications\CyberLink\PowerDVD\Language\Language.exeO4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exeO4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exeO4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdizk.exe] C:\WINDOWS\system32\kdizk.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Audible Download Manager.lnk = C:\applications\Audible\Bin\AudibleDownloadHelper.exeO4 - Global Startup: Microsoft Office.lnk = C:\applications\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exeO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CABO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cabO16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-36.cabO16 - DPF: {55703908-B184-11D3-94E8-005004603E9E} (AVICtrl Class) - http://desktop.ilearning.com/desktop/CaliberWebAVI.dllO16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader2.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128775543484O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CABO16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.18.18/ttinst.cabO16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - http://www.seagate.com/support/disc/asp/to.../npseatools.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AdobeVersionCue - Adobe Sytems - C:\applications\Adobe\Adobe Version Cue\service\VersionCue.exeO23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exeO23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exeO23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\family\matt\tech\Kerio\Personal Firewall 4\kpf4ss.exeO23 - Service: Intel NCS NetService (NetSvc) - IntelĀ® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: ScsiAccess - Unknown owner - C:\applications\Photodex\ProShow-\ScsiAccess.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO24 - Desktop Component 0: (no name) - http://i171.photobucket.com/albums/u283/fc...outs/MSlyt2.jpg--End of file - 15190 bytes Quote Link to post Share on other sites
sarahw Posted September 9, 2008 Report Share Posted September 9, 2008 Click HERE and run an online scan with Kaspersky WebScannerClick on Kaspersky Online ScannerYou will be promted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXTNow click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)Scan Options:Scan ArchivesScan Mail Bases[*]Click OK[*]Now under select a target to scan:Select My Computer[*]This will program will start and scan your system.[*]The scan will take a while so be patient and let it run.[*]Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:[*]Save the file to your desktop.[*]Copy and paste that information into your next post. Quote Link to post Share on other sites
mattclem Posted September 16, 2008 Author Report Share Posted September 16, 2008 Hi,I have tried to run the on-line scan and I was not able to run it all the way thru the first time... Since then, when I try to run it, the scan seems to hang at the "update" stage. See attached screen print...Thanks for your help...Mattkasp_prtscr.pdf Quote Link to post Share on other sites
sarahw Posted September 17, 2008 Report Share Posted September 17, 2008 Hi,Click HERE and run the F-Secure Online ScannerNote: This Scanner is for Internet Explorer Only!Follow the Instruction HERE for installation.Accept the License Agreement.Once the ActiveX installs,Click Full System ScanOnce the download completes,the scan will begin automatically.The scan will take some time to finish,so please be patient.When the scan completes, click the Automatic cleaning (recommended) button.Click the Show Report button and Copy&Paste the entire report in your next reply. Quote Link to post Share on other sites
sarahw Posted September 21, 2008 Report Share Posted September 21, 2008 Reopened at OP's request. Quote Link to post Share on other sites
mattclem Posted September 21, 2008 Author Report Share Posted September 21, 2008 Thanks for re-opening...I ran the F-Secure and I have attached the report.Thanks,Mattf_secure_report.pdf Quote Link to post Share on other sites
sarahw Posted September 23, 2008 Report Share Posted September 23, 2008 Hi,Can you post another Hijack This log in a reply.Thanks. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.