Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Host file being redirected


  • Please log in to reply
20 replies to this topic

#1 danasince1979

danasince1979

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 18 March 2010 - 12:22 PM

have tried editing and deleting host file but the redirected file keeps returning any help would be very much appreciated....



hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:45 AM, on 3/16/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\LDIScn32.EXE
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 67.215.245.21 www.google-analytics.com
O1 - Hosts: 95.211.99.110 google.ae
O1 - Hosts: 95.211.99.110 google.as
O1 - Hosts: 95.211.99.110 google.at
O1 - Hosts: 95.211.99.110 google.az
O1 - Hosts: 95.211.99.110 google.ba
O1 - Hosts: 95.211.99.110 google.be
O1 - Hosts: 95.211.99.110 google.bg
O1 - Hosts: 95.211.99.110 google.bs
O1 - Hosts: 95.211.99.110 google.ca
O1 - Hosts: 95.211.99.110 google.cd
O1 - Hosts: 95.211.99.110 google.com.gh
O1 - Hosts: 95.211.99.110 google.com.hk
O1 - Hosts: 95.211.99.110 google.com.jm
O1 - Hosts: 95.211.99.110 google.com.mx
O1 - Hosts: 95.211.99.110 google.com.my
O1 - Hosts: 95.211.99.110 google.com.na
O1 - Hosts: 95.211.99.110 google.com.nf
O1 - Hosts: 95.211.99.110 google.com.ng
O1 - Hosts: 95.211.99.110 google.ch
O1 - Hosts: 95.211.99.110 google.com.np
O1 - Hosts: 95.211.99.110 google.com.pr
O1 - Hosts: 95.211.99.110 google.com.qa
O1 - Hosts: 95.211.99.110 google.com.sg
O1 - Hosts: 95.211.99.110 google.com.tj
O1 - Hosts: 95.211.99.110 google.com.tw
O1 - Hosts: 95.211.99.110 google.dj
O1 - Hosts: 95.211.99.110 google.de
O1 - Hosts: 95.211.99.110 google.dk
O1 - Hosts: 95.211.99.110 google.dm
O1 - Hosts: 95.211.99.110 google.ee
O1 - Hosts: 95.211.99.110 google.fi
O1 - Hosts: 95.211.99.110 google.fm
O1 - Hosts: 95.211.99.110 google.fr
O1 - Hosts: 95.211.99.110 google.ge
O1 - Hosts: 95.211.99.110 google.gg
O1 - Hosts: 95.211.99.110 google.gm
O1 - Hosts: 95.211.99.110 google.gr
O1 - Hosts: 95.211.99.110 google.ht
O1 - Hosts: 95.211.99.110 google.ie
O1 - Hosts: 95.211.99.110 google.im
O1 - Hosts: 95.211.99.110 google.in
O1 - Hosts: 95.211.99.110 google.it
O1 - Hosts: 95.211.99.110 google.ki
O1 - Hosts: 95.211.99.110 google.la
O1 - Hosts: 95.211.99.110 google.li
O1 - Hosts: 95.211.99.110 google.lv
O1 - Hosts: 95.211.99.110 google.ma
O1 - Hosts: 95.211.99.110 google.ms
O1 - Hosts: 95.211.99.110 google.mu
O1 - Hosts: 95.211.99.110 google.mw
O1 - Hosts: 95.211.99.110 google.nl
O1 - Hosts: 95.211.99.110 google.no
O1 - Hosts: 95.211.99.110 google.nr
O1 - Hosts: 95.211.99.110 google.nu
O1 - Hosts: 95.211.99.110 google.pl
O1 - Hosts: 95.211.99.110 google.pn
O1 - Hosts: 95.211.99.110 google.pt
O1 - Hosts: 95.211.99.110 google.ro
O1 - Hosts: 95.211.99.110 google.ru
O1 - Hosts: 95.211.99.110 google.rw
O1 - Hosts: 95.211.99.110 google.sc
O1 - Hosts: 95.211.99.110 google.se
O1 - Hosts: 95.211.99.110 google.sh
O1 - Hosts: 95.211.99.110 google.si
O1 - Hosts: 95.211.99.110 google.sm
O1 - Hosts: 95.211.99.110 google.sn
O1 - Hosts: 95.211.99.110 google.st
O1 - Hosts: 95.211.99.110 google.tl
O1 - Hosts: 95.211.99.110 google.tm
O1 - Hosts: 95.211.99.110 google.tt
O1 - Hosts: 95.211.99.110 google.us
O1 - Hosts: 95.211.99.110 google.vu
O1 - Hosts: 95.211.99.110 google.ws
O1 - Hosts: 95.211.99.110 google.co.ck
O1 - Hosts: 95.211.99.110 google.co.id
O1 - Hosts: 95.211.99.110 google.co.il
O1 - Hosts: 95.211.99.110 google.co.in
O1 - Hosts: 95.211.99.110 google.co.jp
O1 - Hosts: 95.211.99.110 google.co.kr
O1 - Hosts: 95.211.99.110 google.co.ls
O1 - Hosts: 95.211.99.110 google.co.ma
O1 - Hosts: 95.211.99.110 google.co.nz
O1 - Hosts: 95.211.99.110 google.co.tz
O1 - Hosts: 95.211.99.110 google.co.ug
O1 - Hosts: 95.211.99.110 google.co.uk
O1 - Hosts: 95.211.99.110 google.co.za
O1 - Hosts: 95.211.99.110 google.co.zm
O1 - Hosts: 95.211.99.110 google.com
O1 - Hosts: 95.211.99.110 google.com.af
O1 - Hosts: 95.211.99.110 google.com.ag
O1 - Hosts: 95.211.99.110 google.com.ar
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F12220-A79F-4D14-B488-78A0C5B7AC6C} - http://www.formsrus.com/53/setup.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {689C2262-8786-44F0-B89A-ED3E0396DEB6} - http://www.formsrus.com/53updater/setup.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152815137031
O16 - DPF: {9CFF20B9-6B72-4D3C-A28E-56F265C5D7B2} - http://www.formsrus.com/53/setup.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SIRNY.NE.NRT
O17 - HKLM\Software\..\Telephony: DomainName = SIRNY.NE.NRT
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SIRNY.NE.NRT
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14080 bytes




dds log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by bret.borshell at 8:23:10.21 on Tue 03/16/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.224 [GMT -6:00]

AV: Additional Guard *On-access scanning enabled* (Updated) {A34C2404-C0BF-4067-8727-C5A4EDCB3910}
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: Additional Guard *enabled* {923E4F16-03A5-4818-8304-FF6A4F724AEF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\LDIScn32.EXE
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Documents and Settings\bret.borshell\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.lycos.com/
mStart Page = hxxp://www.dell.com
mSearchAssistant = hxxp://www.google.com/ie
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [JobHisInit] c:\program files\rmclient\JobHisInit.exe
mRun: [MplSetUp] c:\program files\rmclient\MplSetUp.exe
mRun: [IntelAPMClient] "c:\program files\landesk\ldclient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SDClientMonitor] "c:\program files\landesk\ldclient\webportal\sdclientmonitor.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
dRunOnce: [RunNarrator] Narrator.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {03F12220-A79F-4D14-B488-78A0C5B7AC6C} - hxxp://www.formsrus.com/53/setup.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {689C2262-8786-44F0-B89A-ED3E0396DEB6} - hxxp://www.formsrus.com/53updater/setup.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152815137031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9CFF20B9-6B72-4D3C-A28E-56F265C5D7B2} - hxxp://www.formsrus.com/53/setup.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
IFEO: image file execution options - svchost.exe
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-3-16 161672]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-15 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-16 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-16 28424]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-16 356616]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-16 285392]
R2 CBA8;LANDesk® Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2007-1-9 122880]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-15 236368]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-5-11 104000]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\landesk\ldclient\SoftMon.exe [2007-7-25 266240]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2005-11-30 80384]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2007-7-25 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2007-7-25 3328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-15 19160]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-3-15 38224]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2007-7-25 3712]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-1 135664]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

=============== Created Last 30 ================

2010-03-16 06:54:51 0 d-----w- c:\docume~1\bret~1.bor\applic~1\AVG9
2010-03-16 06:27:49 0 d-----w- c:\program files\Trend Micro
2010-03-16 06:23:46 0 d--h--w- C:\$AVG
2010-03-16 06:23:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-16 06:23:17 161672 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-16 06:23:14 356616 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-16 06:23:09 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-16 06:22:48 0 d-----w- c:\windows\system32\drivers\Avg
2010-03-16 06:21:52 0 d-----w- c:\program files\AVG
2010-03-16 05:46:18 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-16 04:51:41 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-03-16 04:50:47 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-16 04:50:21 0 d-----w- c:\program files\Lavasoft
2010-03-16 03:01:51 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-03-16 02:36:53 0 d-----w- c:\docume~1\bret~1.bor\applic~1\Malwarebytes
2010-03-16 02:36:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-16 02:36:47 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-16 02:36:47 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-16 02:36:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-16 02:29:29 0 d-----w- c:\program files\CCleaner
2010-03-02 04:48:43 0 d-----w- c:\windows\SxsCaPendDel
2010-03-01 23:36:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

==================== Find3M ====================

2010-03-16 02:13:22 461 ----a-w- c:\program files\Shortcut to McAfee.lnk

============= FINISH: 8:23:38.43 ===============





dds attach and gmer ark logs are attached




thank you ....

Attached Files



BC AdBot (Login to Remove)

 


#2 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:35 PM

Posted 18 March 2010 - 12:30 PM

Hi there,

If you already have a copy of ComboFix, please delete it.

Please download ComboFix to your desktop from one of these locations. You must rename it before saving it. Save it to your desktop.
Link 1
Link 2
Link 3





IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on Combo-Fix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please advise.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#3 danasince1979

danasince1979
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 18 March 2010 - 01:01 PM

thanks for the ultra quick response i ll run combofix now and post back with the log.

does that log need to be copy/pasted or attched? thanks.

#4 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:35 PM

Posted 18 March 2010 - 01:09 PM

Copy/paste is fine, unless it is too long (in which case you can attach it).
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#5 danasince1979

danasince1979
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 18 March 2010 - 03:58 PM

here is that combofix log:

ComboFix 10-03-17.07 - bret.borshell 03/18/2010 14:35:19.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.404 [GMT -6:00]
Running from: c:\documents and settings\bret.borshell\Desktop\Combo-Fix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\temp\fse
c:\windows\system32\drivers\fad.sys
c:\windows\system32\winpfz32.sys

.
((((((((((((((((((((((((( Files Created from 2010-02-18 to 2010-03-18 )))))))))))))))))))))))))))))))
.

2010-03-16 15:12 . 2010-03-16 15:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-16 06:54 . 2010-03-16 06:54 -------- d-----w- c:\documents and settings\bret.borshell\Application Data\AVG9
2010-03-16 06:27 . 2010-03-16 06:27 -------- d-----w- c:\program files\Trend Micro
2010-03-16 06:23 . 2010-03-17 01:26 -------- d-----w- C:\$AVG
2010-03-16 06:23 . 2010-03-16 15:12 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-16 06:23 . 2010-03-16 15:12 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-16 06:23 . 2010-03-16 15:12 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-16 06:23 . 2010-03-16 15:12 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-16 06:22 . 2010-03-16 12:24 -------- d-----w- c:\windows\system32\drivers\Avg
2010-03-16 06:21 . 2010-03-16 06:21 -------- d-----w- c:\program files\AVG
2010-03-16 05:46 . 2010-03-16 05:03 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-16 05:02 . 2010-03-16 05:02 1229232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-03-16 04:51 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-03-16 04:50 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-03-16 04:50 . 2010-03-16 04:50 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-16 04:50 . 2010-03-16 04:50 -------- d-----w- c:\program files\Lavasoft
2010-03-16 03:01 . 2010-03-16 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-16 02:36 . 2010-03-16 02:36 -------- d-----w- c:\documents and settings\bret.borshell\Application Data\Malwarebytes
2010-03-16 02:36 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-16 02:36 . 2010-03-16 02:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-16 02:36 . 2010-03-16 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-16 02:36 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-16 02:29 . 2010-03-16 02:29 -------- d-----w- c:\program files\CCleaner
2010-03-02 05:39 . 2010-03-02 05:39 -------- d-----w- c:\documents and settings\bret.borshell\Local Settings\Application Data\Threat Expert
2010-03-02 04:59 . 2010-03-16 02:03 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-02 04:48 . 2010-03-16 02:08 -------- d-----w- c:\windows\SxsCaPendDel
2010-03-01 23:36 . 2010-03-01 23:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-01 23:36 . 2010-03-01 23:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-03-01 23:31 . 2010-03-01 23:36 -------- d-----w- c:\documents and settings\bret.borshell\Local Settings\Application Data\Temp
2010-03-01 23:31 . 2010-03-01 23:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-03-01 23:30 . 2010-03-16 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 19:02 . 2007-07-25 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\vulScan
2010-03-16 05:32 . 2006-04-14 19:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-16 02:45 . 2009-12-20 23:39 -------- d-sh--w- c:\documents and settings\All Users\Application Data\17f004b
2010-03-16 02:35 . 2005-12-14 23:37 -------- d-----w- c:\program files\Google
2010-03-16 02:13 . 2005-12-01 01:28 -------- d-----w- c:\program files\Microsoft.NET
2010-03-16 02:13 . 2010-03-16 02:13 461 ----a-w- c:\program files\Shortcut to McAfee.lnk
2010-03-16 02:03 . 2007-05-11 17:03 -------- d-----w- c:\program files\McAfee
2010-03-16 02:03 . 2007-05-11 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-01 23:00 . 2007-02-26 21:54 -------- d-----w- c:\program files\Canon
2010-02-11 09:06 . 2007-07-24 18:46 -------- d-----w- c:\documents and settings\bret.borshell\Application Data\Canon
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"JobHisInit"="c:\program files\RMClient\JobHisInit.exe" [2004-03-18 151552]
"MplSetUp"="c:\program files\RMClient\MplSetUp.exe" [2000-11-04 40960]
"IntelAPMClient"="c:\program files\LANDesk\LDClient\amclient.exe" [2007-03-30 327680]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"SDClientMonitor"="c:\program files\LANDesk\LDClient\webportal\sdclientmonitor.exe" [2006-11-01 258048]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 15:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 11:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-12-06 07:05 127035 ----a-w- c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [3/16/2010 12:23 AM 52872]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/15/2010 10:51 PM 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/16/2010 12:23 AM 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/16/2010 12:23 AM 242696]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [3/1/2010 5:36 PM 95024]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 9:12 AM 308064]
R2 CBA8;LANDesk® Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [1/9/2007 11:03 AM 122880]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/15/2010 8:36 PM 236368]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\LANDesk\LDClient\SoftMon.exe [7/25/2007 1:53 PM 266240]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [11/30/2005 7:06 PM 80384]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [7/25/2007 1:53 PM 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [7/25/2007 1:53 PM 3328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/15/2010 8:36 PM 19160]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [7/25/2007 1:53 PM 3712]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 9:52 AM 1229232]
S3 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/1/2010 5:31 PM 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 23:31]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 23:31]

2010-03-18 c:\windows\Tasks\Malwarebytes' Scheduled Scan for bret.borshell.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-16 22:07]

2010-03-18 c:\windows\Tasks\Malwarebytes' Scheduled Update for bret.borshell.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-03-16 22:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.lycos.com/
mStart Page = hxxp://www.dell.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {03F12220-A79F-4D14-B488-78A0C5B7AC6C} - hxxp://www.formsrus.com/53/setup.cab
DPF: {689C2262-8786-44F0-B89A-ED3E0396DEB6} - hxxp://www.formsrus.com/53updater/setup.cab
DPF: {9CFF20B9-6B72-4D3C-A28E-56F265C5D7B2} - hxxp://www.formsrus.com/53/setup.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - d:\software\HijackThis v2.0.2\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-18 14:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1020)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2010-03-18 14:44:27
ComboFix-quarantined-files.txt 2010-03-18 20:44

Pre-Run: 49,012,887,552 bytes free
Post-Run: 49,194,512,384 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 735DB494BF67999E4B7E80FC9B1ABA30


#6 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:35 PM

Posted 18 March 2010 - 04:08 PM

That looks pretty good. Are you running AVG and LavaSoft AntiVirus? You should never run more than one AntiVirus programs, since they can conflict with each other and bog your system down. I suggest you pick one and remove the other.

It looks like ComboFix has got the main culprits, how are things running now? I would like to run another general scan, to make sure there is nothing left.

Eset online scannner

You can use either Internet Explorer or Mozilla FireFox for this scan.
  • Please go here then click on:
    QUOTE
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on:
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#7 danasince1979

danasince1979
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 18 March 2010 - 04:43 PM

the host file is still being redirected :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:16:39 PM, on 3/18/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\LDIScn32.EXE
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\internet explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 67.215.245.21 www.google-analytics.com
O1 - Hosts: 95.211.99.110 google.ae
O1 - Hosts: 95.211.99.110 google.as
O1 - Hosts: 95.211.99.110 google.at
O1 - Hosts: 95.211.99.110 google.az
O1 - Hosts: 95.211.99.110 google.ba
O1 - Hosts: 95.211.99.110 google.be
O1 - Hosts: 95.211.99.110 google.bg
O1 - Hosts: 95.211.99.110 google.bs
O1 - Hosts: 95.211.99.110 google.ca
O1 - Hosts: 95.211.99.110 google.cd
O1 - Hosts: 95.211.99.110 google.com.gh
O1 - Hosts: 95.211.99.110 google.com.hk
O1 - Hosts: 95.211.99.110 google.com.jm
O1 - Hosts: 95.211.99.110 google.com.mx
O1 - Hosts: 95.211.99.110 google.com.my
O1 - Hosts: 95.211.99.110 google.com.na
O1 - Hosts: 95.211.99.110 google.com.nf
O1 - Hosts: 95.211.99.110 google.com.ng
O1 - Hosts: 95.211.99.110 google.ch
O1 - Hosts: 95.211.99.110 google.com.np
O1 - Hosts: 95.211.99.110 google.com.pr
O1 - Hosts: 95.211.99.110 google.com.qa
O1 - Hosts: 95.211.99.110 google.com.sg
O1 - Hosts: 95.211.99.110 google.com.tj
O1 - Hosts: 95.211.99.110 google.com.tw
O1 - Hosts: 95.211.99.110 google.dj
O1 - Hosts: 95.211.99.110 google.de
O1 - Hosts: 95.211.99.110 google.dk
O1 - Hosts: 95.211.99.110 google.dm
O1 - Hosts: 95.211.99.110 google.ee
O1 - Hosts: 95.211.99.110 google.fi
O1 - Hosts: 95.211.99.110 google.fm
O1 - Hosts: 95.211.99.110 google.fr
O1 - Hosts: 95.211.99.110 google.ge
O1 - Hosts: 95.211.99.110 google.gg
O1 - Hosts: 95.211.99.110 google.gm
O1 - Hosts: 95.211.99.110 google.gr
O1 - Hosts: 95.211.99.110 google.ht
O1 - Hosts: 95.211.99.110 google.ie
O1 - Hosts: 95.211.99.110 google.im
O1 - Hosts: 95.211.99.110 google.in
O1 - Hosts: 95.211.99.110 google.it
O1 - Hosts: 95.211.99.110 google.ki
O1 - Hosts: 95.211.99.110 google.la
O1 - Hosts: 95.211.99.110 google.li
O1 - Hosts: 95.211.99.110 google.lv
O1 - Hosts: 95.211.99.110 google.ma
O1 - Hosts: 95.211.99.110 google.ms
O1 - Hosts: 95.211.99.110 google.mu
O1 - Hosts: 95.211.99.110 google.mw
O1 - Hosts: 95.211.99.110 google.nl
O1 - Hosts: 95.211.99.110 google.no
O1 - Hosts: 95.211.99.110 google.nr
O1 - Hosts: 95.211.99.110 google.nu
O1 - Hosts: 95.211.99.110 google.pl
O1 - Hosts: 95.211.99.110 google.pn
O1 - Hosts: 95.211.99.110 google.pt
O1 - Hosts: 95.211.99.110 google.ro
O1 - Hosts: 95.211.99.110 google.ru
O1 - Hosts: 95.211.99.110 google.rw
O1 - Hosts: 95.211.99.110 google.sc
O1 - Hosts: 95.211.99.110 google.se
O1 - Hosts: 95.211.99.110 google.sh
O1 - Hosts: 95.211.99.110 google.si
O1 - Hosts: 95.211.99.110 google.sm
O1 - Hosts: 95.211.99.110 google.sn
O1 - Hosts: 95.211.99.110 google.st
O1 - Hosts: 95.211.99.110 google.tl
O1 - Hosts: 95.211.99.110 google.tm
O1 - Hosts: 95.211.99.110 google.tt
O1 - Hosts: 95.211.99.110 google.us
O1 - Hosts: 95.211.99.110 google.vu
O1 - Hosts: 95.211.99.110 google.ws
O1 - Hosts: 95.211.99.110 google.co.ck
O1 - Hosts: 95.211.99.110 google.co.id
O1 - Hosts: 95.211.99.110 google.co.il
O1 - Hosts: 95.211.99.110 google.co.in
O1 - Hosts: 95.211.99.110 google.co.jp
O1 - Hosts: 95.211.99.110 google.co.kr
O1 - Hosts: 95.211.99.110 google.co.ls
O1 - Hosts: 95.211.99.110 google.co.ma
O1 - Hosts: 95.211.99.110 google.co.nz
O1 - Hosts: 95.211.99.110 google.co.tz
O1 - Hosts: 95.211.99.110 google.co.ug
O1 - Hosts: 95.211.99.110 google.co.uk
O1 - Hosts: 95.211.99.110 google.co.za
O1 - Hosts: 95.211.99.110 google.co.zm
O1 - Hosts: 95.211.99.110 google.com
O1 - Hosts: 95.211.99.110 google.com.af
O1 - Hosts: 95.211.99.110 google.com.ag
O1 - Hosts: 95.211.99.110 google.com.ar
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F12220-A79F-4D14-B488-78A0C5B7AC6C} - http://www.formsrus.com/53/setup.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {689C2262-8786-44F0-B89A-ED3E0396DEB6} - http://www.formsrus.com/53updater/setup.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152815137031
O16 - DPF: {9CFF20B9-6B72-4D3C-A28E-56F265C5D7B2} - http://www.formsrus.com/53/setup.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SIRNY.NE.NRT
O17 - HKLM\Software\..\Telephony: DomainName = SIRNY.NE.NRT
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SIRNY.NE.NRT
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13599 bytes


i typically don t have ad-aware running only installed as a alternative scanner and i don t use the anti virus just the anti spyware

#8 danasince1979

danasince1979
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 18 March 2010 - 04:44 PM

i am running the eset online scanner now though

i am running the eset online scanner now though

#9 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:35 PM

Posted 18 March 2010 - 04:48 PM

QUOTE
i typically don t have ad-aware running only installed as a alternative scanner and i don t use the anti virus just the anti spyware
That's fine then thumbup2.gif

Perhaps the ESET scan will show where this hosts business is coming from, otherwise we always have more tricks to pull.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#10 danasince1979

danasince1979
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 18 March 2010 - 04:54 PM

all right i ll post back with that log as soon as it s ready

thanks for all the help by the way!

#11 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:35 PM

Posted 18 March 2010 - 04:54 PM

No probs thumbup2.gif
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#12 danasince1979

danasince1979
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 18 March 2010 - 06:36 PM

hmmm eset found nothing huh.gif

#13 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:35 PM

Posted 18 March 2010 - 06:45 PM

Please download HostsXpert

* Unzip HostsXpert to it's own folder a convenient place such as C:\HostsXpert
* Run HostsXpert.exe
* Click: Make Writable? in the upper left corner.
* Click: Restore MVPs Hosts
* Click: Replace
* Click: OK
* Click: Make ReadOnly
* Close HostsXpert.

Note: If a custom Hosts file was in place, you will have to run those programs again to reset detections.
If needed Tutorial

Let me know if that does the trick.


You have some traces of McAfee running. If you want to get rid of McAfee completely, use the McAfee Removal Tool.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#14 danasince1979

danasince1979
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 18 March 2010 - 07:50 PM

make writeable doesn't do anything

doesn't give me the option to restore mvps

#15 danasince1979

danasince1979
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 18 March 2010 - 07:56 PM



i did get the mcafee parts off my system i had tried the removal tool before and it didn t work still didn t but i finally looked it up and fpound a run command that removed it

hostsxpert tells me the host file is marked system file and cannot be manipulated press ok to remove attribute so i press ok

then host file is marked as hidden and cannot be manipulated press ok to remove attribute so i press ok

then it will not let me click make writeable clicking that button does not do anything

so i m not sure what to do now ....

Edited by danasince1979, 18 March 2010 - 09:45 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users