Facebook   Twitter   Google+   YouTube Get FREE Online Help Free Download IObit Products  

Go Back   IObit.Com Forums > IObit Security Software > Spyware-Malware Removal Help!
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Spyware-Malware Removal Help! A separate area dedicated to virus, spyware, rootkit and all other forms of malware removal.

Reply
 
Thread Tools Display Modes
  #1  
Old May. 16th, 2011, 19:25
dustindc dustindc is offline
Junior Member
 
Join Date: 16 May 2011
Posts: 17
Default Search Results Hijacker and Automatic Updates problem

Hi

I have run IOBit Free, Malwarebyte, and AdAware. All found malware and removed it. However, I still have a search results hijacker that redirects my search results links and my Windows Automatic Updates will not turn on leaving me to believe there is still some problems lurking. Please help.

Thank you,

Dustin
Reply With Quote
  #2  
Old May. 16th, 2011, 19:28
dustindc dustindc is offline
Junior Member
 
Join Date: 16 May 2011
Posts: 17
Default dds log

.
DDS (Ver_11-03-05.01) - NTFSx86 MINIMAL
Run by Administrator at 14:00:55.71 on Mon 05/16/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.582 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Dustin\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=5061003
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = localhost
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101108134013.dl l
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\s wg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
dRun: [CY08W456F0] c:\windows\temp\Ojh.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dig ita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1169680657281
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\docume~1\dustin\locals~1\temp\32131kou.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 184.95.59.203 www.google.com
Hosts: 184.95.59.204 search.yahoo.com
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-5-14 64512]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-29 2146496]
S0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-16 386840]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-16 84072]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-23 135664]
S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2011-5-14 312152]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-1 88176]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-16 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-16 271480]
S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-16 271480]
S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-16 171168]
S2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-16 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-16 141792]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-5-10 24652]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-16 55840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-23 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-4-29 15232]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-16 152960]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-16 52104]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-16 313288]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-16 88544]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\ mfendisk.sys [2010-8-16 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-16 84264]
S3 StumbleUponUpdateService;StumbleUponUpdateService; c:\program files\stumbleupon\StumbleUponUpdateService.exe [2009-12-8 120232]
.
=============== Created Last 30 ================
.
2011-05-15 10:25:46 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-05-15 03:58:12 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-15 02:18:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit
2011-05-15 02:18:47 -------- d-----w- c:\program files\IObit
2011-05-15 02:15:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-05-15 02:15:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-14 23:13:43 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-05-14 23:13:26 -------- d-----w- c:\program files\Lavasoft
2011-05-14 22:29:10 81920 ------w- c:\windows\system32\ieencode.dll
2011-05-08 06:45:53 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2011-05-08 06:45:07 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
.
==================== Find3M ====================
.
2011-04-10 17:26:37 0 ----a-w- c:\windows\Tjifubovisidu.bin
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2007-08-18 09:06:50 774144 -c--a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 14:01:51.70 ===============
Reply With Quote
  #3  
Old May. 16th, 2011, 19:29
dustindc dustindc is offline
Junior Member
 
Join Date: 16 May 2011
Posts: 17
Default attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/22/2010 8:05:54 PM
System Uptime: 5/16/2011 12:51:02 PM (2 hours ago)
.
Motherboard: Dell Inc | | 0UT226
Processor: AMD Athlon(tm) 64 Processor 3200+ | Socket M2 | 2004/1000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 18.611 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP118: 2/15/2011 8:28:33 PM - System Checkpoint
RP119: 2/17/2011 2:34:29 AM - System Checkpoint
RP120: 2/18/2011 1:37:24 PM - System Checkpoint
RP121: 2/19/2011 1:53:45 PM - System Checkpoint
RP122: 2/21/2011 7:34:44 PM - System Checkpoint
RP123: 2/26/2011 6:39:52 AM - System Checkpoint
RP124: 2/27/2011 6:53:45 AM - System Checkpoint
RP125: 3/1/2011 5:13:30 PM - System Checkpoint
RP126: 3/4/2011 7:36:28 PM - System Checkpoint
RP127: 3/5/2011 8:52:34 PM - System Checkpoint
RP128: 3/6/2011 9:53:01 PM - System Checkpoint
RP129: 3/7/2011 10:22:04 PM - System Checkpoint
RP130: 3/9/2011 3:00:28 AM - Software Distribution Service 3.0
RP131: 3/10/2011 3:56:01 AM - System Checkpoint
RP132: 3/14/2011 10:20:15 PM - System Checkpoint
RP133: 3/16/2011 5:41:48 PM - System Checkpoint
RP134: 3/18/2011 3:00:26 AM - Software Distribution Service 3.0
RP135: 3/21/2011 10:22:38 PM - Configured Microsoft Office Home and Student 2007
RP136: 3/24/2011 2:55:21 AM - System Checkpoint
RP137: 3/24/2011 3:00:24 AM - Software Distribution Service 3.0
RP138: 3/25/2011 11:29:21 AM - System Checkpoint
RP139: 3/26/2011 12:17:02 PM - System Checkpoint
RP140: 3/27/2011 12:49:32 PM - System Checkpoint
RP141: 3/28/2011 1:11:34 PM - System Checkpoint
RP142: 3/29/2011 8:13:07 PM - System Checkpoint
RP143: 4/9/2011 9:02:52 PM - System Checkpoint
RP144: 4/10/2011 12:59:24 PM - Restore Operation
RP145: 4/10/2011 3:10:23 PM - Software Distribution Service 3.0
RP146: 4/12/2011 6:27:04 AM - System Checkpoint
RP147: 4/13/2011 6:39:48 AM - System Checkpoint
RP148: 4/14/2011 11:43:43 AM - System Checkpoint
RP149: 4/15/2011 12:05:18 PM - System Checkpoint
RP150: 4/16/2011 3:00:17 AM - Software Distribution Service 3.0
RP151: 4/19/2011 2:13:45 AM - System Checkpoint
RP152: 4/20/2011 2:41:29 AM - System Checkpoint
RP153: 4/21/2011 3:31:53 AM - System Checkpoint
RP154: 4/22/2011 4:19:09 AM - System Checkpoint
RP155: 4/23/2011 4:46:26 AM - System Checkpoint
RP156: 4/25/2011 4:34:35 AM - System Checkpoint
RP157: 4/26/2011 7:16:26 AM - System Checkpoint
RP158: 4/26/2011 3:05:58 PM - Configured Microsoft Office Home and Student 2007
RP159: 4/26/2011 3:06:51 PM - Configured Microsoft Office Home and Student 2007
RP160: 4/27/2011 3:00:17 AM - Software Distribution Service 3.0
RP161: 4/28/2011 3:21:08 AM - System Checkpoint
RP162: 4/29/2011 4:07:06 AM - System Checkpoint
RP163: 4/30/2011 4:17:12 AM - System Checkpoint
RP164: 5/1/2011 5:07:02 AM - System Checkpoint
RP165: 5/2/2011 12:33:16 AM - Restore Operation
RP166: 5/4/2011 8:36:52 PM - System Checkpoint
RP167: 5/5/2011 8:37:43 PM - System Checkpoint
RP168: 5/7/2011 12:16:43 AM - System Checkpoint
RP169: 5/8/2011 12:25:42 AM - System Checkpoint
RP170: 5/8/2011 1:40:57 AM - Restore Operation
RP171: 5/8/2011 1:45:11 AM - Restore Operation
RP172: 5/9/2011 6:55:34 PM - System Checkpoint
RP173: 5/10/2011 9:39:50 PM - System Checkpoint
RP174: 5/11/2011 10:00:16 PM - System Checkpoint
RP175: 5/12/2011 10:26:02 PM - System Checkpoint
RP176: 5/14/2011 3:34:23 PM - System Checkpoint
RP177: 5/14/2011 4:49:52 PM - Installed %1 %2.
RP178: 5/14/2011 5:03:59 PM - Installed Microsoft Fix it 50362
RP179: 5/14/2011 5:27:41 PM - Installed Windows XP Service Pack 3.
RP180: 5/14/2011 5:33:33 PM - Installed Windows XP KB946648.
RP181: 5/14/2011 5:34:40 PM - Installed Windows XP KB950762.
RP182: 5/14/2011 5:35:32 PM - Installed Windows XP KB950974.
RP183: 5/14/2011 5:36:20 PM - Installed Windows XP KB951066.
RP184: 5/14/2011 6:13:02 PM - Installed Ad-Aware
RP185: 5/14/2011 6:13:24 PM - Installed Ad-Aware
RP186: 5/15/2011 9:28:49 PM - System Checkpoint
.
==== Installed Programs ======================
.
1310
1310_Help
1310Tour
1310Trb
2007 Microsoft Office Suite Service Pack 1 (SP1)
AAC Decoder
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Adobe Shockwave Player 11
AIM 6
AiO_Scan
AiOSoftware
Amazon MP3 Downloader 1.0.3
Andrea VoiceCenter
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AutoUpdate
Bonjour
Broadcom Management Programs
BufferChm
Camera Access Library
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
CCleaner
Conexant D850 56K V.9x DFVc Modem
Copy
Creative Audio Pack
Creative MediaSource 5
CreativeProjects
CreativeProjectsTemplates
CueTour
Dell CinePlayer
Dell Digital Jukebox Driver
Dell DJ Explorer
Dell Game Console
Dell Support 3.2
Dell System Restore
Destinations
Digital Content Portal
Digital Line Detect
Director
DivX Converter
DivX Version Checker
DocProc
Documentation & Support Launcher
DocumentViewer
EducateU
ELIcon
Fax
Games, Music, & Photos Launcher
getPlus(R) for Adobe
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
HP Diagnostic Assistant
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
HPSystemDiagnostics
InstantShare
IObit Security 360
iTunes
IZArc 3.81
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 23
Learn2 Player (Uninstall Only)
Logitech Desktop Messenger
Logitech MouseWare 9.70
Malwarebytes' Anti-Malware
McAfee Total Protection
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher 2007
Microsoft Office Publisher 2007 Trial
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows XP Video Decoder Checkup Utility
Microsoft Works
MKV Splitter
Modem Diagnostic Tool
MovieEdit Task
Mozilla Firefox 4.0.1 (x86 en-US)
MP3Resizer 1.9.1
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
Mysteryville 2
Netflix Movie Viewer
NetWaiting
NVIDIA Drivers
Overland
PhotoGallery
PhotoStitch
PowerDVD 5.7
PrintScreen
ProductContext
QFolder
QuickProjects
QuickTime
RAW Image Task 2.2
Readme
Rhapsody Player Engine
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scan
Secure Game Player
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Office 2007 (KB934062)
Security Update for Publisher 2007 (KB936646)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SkinsHP1
Sonic Activation Module
Sonic Advanced Decoder
Sonic Update Manager
Sony Ericsson Media Manager 1.2
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Spelling Dictionaries Support For Adobe Reader 9
StumbleUpon IE Toolbar
SUPERAntiSpyware
TBS WMP Plug-in
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB971029)
VC80CRTRedist - 8.0.50727.762
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
Zuma’s Revenge!™ - Adventure
.
==== Event Viewer Messages From Past Week ========
.
5/16/2011 12:42:38 PM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
5/16/2011 12:42:38 PM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/16/2011 12:40:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/15/2011 9:13:13 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
5/14/2011 9:26:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
5/14/2011 9:24:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
5/14/2011 9:24:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/14/2011 9:24:07 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Fips IPSec mfehidk mfetdi2k MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip WS2IFSL
5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/14/2011 9:24:07 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/13/2011 8:08:30 AM, error: Service Control Manager [7000] - The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified.
5/13/2011 8:08:30 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================
Reply With Quote
  #4  
Old May. 16th, 2011, 22:32
dustindc dustindc is offline
Junior Member
 
Join Date: 16 May 2011
Posts: 17
Default

I ran a Super AntiSpyware scan here is the log from that. Any help is greatly appreciated.

Thanks

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/16/2011 at 05:15 PM

Application Version : 4.52.1000

Core Rules Database Version : 7067
Trace Rules Database Version: 4879

Scan type : Complete Scan
Total Scan Time : 02:12:08

Memory items scanned : 593
Memory threats detected : 0
Registry items scanned : 8302
Registry threats detected : 0
File items scanned : 112385
File threats detected : 4

Adware.Tracking Cookie
C:\Documents and Settings\Dustin\Cookies\dustin@content.yieldmanage r[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@interchangecorporat ion.122.2o7[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@doubleclick[1].txt
C:\Documents and Settings\Dustin\Cookies\dustin@ad.yieldmanager[1].txt
Reply With Quote
  #5  
Old May. 16th, 2011, 23:13
Melvin_Deal's Avatar
Melvin_Deal Melvin_Deal is offline
Malware Advisor Moderator
 
Join Date: 06 Jul 2009
Posts: 2,937
Default Hi!

How long have you been running the lavasoft and McAfee simultaneously? This is a little to think about: Hosts: 184.95.59.203 www.google.com
Hosts: 184.95.59.204 search.yahoo.com. You appear to be online with two different providers simultaneously

You have much running in your machine that doesn't need to be running all the time.

I don't believe your machine is infected... only confused.

Please run a Hijack this scan and post the log here... without making any fixes. Or you can use the tool in Iobit ASC or Iobit 360 to run a log and copy/post it.


Thanks!

-Mel
__________________


Reply With Quote
  #6  
Old May. 16th, 2011, 23:21
dustindc dustindc is offline
Junior Member
 
Join Date: 16 May 2011
Posts: 17
Default

Hi,

Thank you for the reply. I downloaded AdAware only two days ago trying to find the google redirect and automatic update problem which I assuming is the lavasoft firewall. I have been running McAfee since I got the computer. Here is the Hijack scan from IOBit

Logfile of IObit HijackScan v1.0.2.0
Scan saved at 18:17:19, on 2011-5-16

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\DOCUME~1\Dustin\LOCALS~1\Temp\clclean.0001
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\McAfee\MSM\McSmtFwk.exe
C:\Program Files\COMMON~1\McAfee\MSC\McUICnt.exe
c:\Program Files\mcafee.com\agent\McUpdate.exe
c:\Program Files\mcafee\msc\mcupdmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101108134013.dl l
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\s wg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Ru n\: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Ru n\: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Ru n\: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Ru n\: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Ru n\: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Ru n\: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Ru n\: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Ru n\: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Ru n\: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Ru n\: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Ru n\: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Ru n\: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Ru n\: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Ru n\: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Ru n\: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183 CA64F05FDD98.dll/cmsidewiki.html
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Research - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}LegitCheckControl.LegitCheck.1 - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}SoftwareDistribution.MicrosoftUpdateW ebControl.1 - http://update.microsoft.com/microsof...?1169680657281
O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Labs Licensing Service (Creative Labs Licensing Service) - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access (Creative Service for CDROM Access) - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service (Lavasoft Ad-Aware Service) - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee SiteAdvisor Service (McAfee SiteAdvisor Service) - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 (Pml Driver HPZ12) - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StumbleUponUpdateService (StumbleUponUpdateService) - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
O23 - Service: Viewpoint Manager Service (Viewpoint Manager Service) - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Reply With Quote
  #7  
Old May. 17th, 2011, 00:06
Superdave's Avatar
Superdave Superdave is offline
Malware Fighter
 
Join Date: 07 Mar 2010
Posts: 808
Default

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
************************************************** *******

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
************************************************** ****
The log shows you have two anti-virus programs on your computer; Lavasoft Ad-Watch Live! Anti-Virus and McAfee Anti-Virus and Anti-Spyware. One will have to be disabled or uninstalled.

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology
************************************************** ****
Please read here for more information about WildTangent. Your choice if you want to remove it or not.

If you choose to follow my advice, please follow these instructions.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

WildTangent Web Driveror anything related to WildTangent.
************************************************** *******
Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:
:OTL
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
dRun: [CY08W456F0] c:\windows\temp\Ojh.exe
Trusted Zone: musicmatch.com\online
 
:Filesc:\windows\temp\Ojh.exe
:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]
* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
************************************************** *******
Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix
Reply With Quote
  #8  
Old May. 17th, 2011, 01:08
Melvin_Deal's Avatar
Melvin_Deal Melvin_Deal is offline
Malware Advisor Moderator
 
Join Date: 06 Jul 2009
Posts: 2,937
Default Hi just in DC

Please follow SuperDaves instructions, and post here to the conclusion!!!! Lots of waiting for downloads, running programs,.. posting results.... etc. Just know that if you quit doing/posting... then nobody here can help!

Chin up!!!

-Mel
__________________


Reply With Quote
  #9  
Old May. 17th, 2011, 02:08
dustindc dustindc is offline
Junior Member
 
Join Date: 16 May 2011
Posts: 17
Default

Hi Super Dave,

Thank you so much for the help. Currently, I have uninstalled AdAware and should only be running McAfee.

I removed all Viewpoint programs and WildTangent.

I made sure Malwarebytes was updated and ran a full scan below is the log.

I will continue with your instructions and post the appropriate logs as soon as they are available.

Again thank you and thank you Mel I appreciate the help!

Dustin


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6594

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/16/2011 8:55:26 PM
mbam-log-2011-05-16 (20-55-26).txt

Scan type: Full scan (C:\|)
Objects scanned: 308411
Time elapsed: 1 hour(s), 23 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP186\A0031723.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
Reply With Quote
  #10  
Old May. 17th, 2011, 02:15
dustindc dustindc is offline
Junior Member
 
Join Date: 16 May 2011
Posts: 17
Default

Ran OTL here is the report

All processes killed
========== OTL ==========
Error: Unable to interpret <:Filesc:\windows\temp\Ojh.exe> in the

current context!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 59995 bytes
->Temporary Internet Files folder emptied: 184978 bytes
->FireFox cache emptied: 7079839 bytes

User: All Users

User: Application Data

User: Cassie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dustin
->Temp folder emptied: 3113773 bytes
->Temporary Internet Files folder emptied: 8664881 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42409728 bytes
->Google Chrome cache emptied: 6294836 bytes
->Flash cache emptied: 1554 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Owner

User: Visitor
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp

folder emptied: 12437 bytes
%systemroot%\system32\config\systemprofile\Local

Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2796 bytes

Total Files Cleaned = 65.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on

05162011_211108

Files\Folders moved on Reboot...
C:\Documents and Settings\Dustin\Local

Settings\Temp\clclean.0001.dir.0000\~df394b.tmp moved

successfully.
C:\Documents and Settings\Dustin\Local

Settings\Temp\clclean.0001.dir.0000\~efe2.tmp moved successfully.

Registry entries deleted on Reboot...
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Get FREE Online Help



Free Download IObit Products




Forum Jump


All times are GMT +0. The time now is 07:38.


Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.