Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Microsoft Visual C++ Runtime Library Buf ...
Go to first new post Family Cyber Removal
Go to first new post System Check problem
Go to first new post hijack this log ......
Go to first new post Trojan virus
Go to first new post "svchost application error 0x6fe217 ...
Go to first new post Cannot access any google sites - youtube ...
Go to first new post My computer is slowly dying
Go to first new post Trojan Hider
Go to first new post We Got System Checked :-(
Go to first new post Extremely unresponsive, massive hang-ups ...
Go to first new post Incredibar Removal - Support Pls!
Go to first new post need help regarding malware/spyware
Go to first new post Somethings Amiss....
Tag Cloud
access acer asus bios bsod computer crash drive driver drivers error ethernet excel freeze gaming graphics hard drive hardware hdmi internet laptop malware memory monitor motherboard network printer problem ram random registry router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless xbox
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Hijacked browser - greatfeedmill/thefeedwater (In Progress)

Page 1 of 2 1 2
Reply  
Thread Tools
ParkerBarrow's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Nov 2009
Experience: Beginner
04-Nov-2009, 11:31 PM #1
Hijacked browser - greatfeedmill/thefeedwater
My PC has been infected by malware which has hijacked my browser. I primarily use Firefox 3.5.4, but sometimes need to run IE8. My issues occur in both browsers. I am getting frequent popups and any link I click on redirects me to some bogus website via thefeedwater.com or greatfeedmill.com.

I'd greatly appreciate some assistance diagnosing and fixing the problem.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:03 PM, on 11/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\FastNetSrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jeremy Lusk\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mydesk.morganstanley.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [moguhatih] Rundll32.exe "c:\windows\system32\yitidena.dll",a
O4 - HKLM\..\Run: [calc] rundll32.exe C:\WINDOWS\system32\calc.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [calc] rundll32.exe C:\DOCUME~1\LOCALS~1\ntuser.dll,_IWMPEvents@0
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {B1647320-9EC8-4B0F-BF53-93D4A43FA614} (TerminalSvcsTCSX Control) - https://mydesk-pi01.morganstanley.co...nalSvcsTCS.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5E141D8-AAC5-43B5-87E7-88A2E6D91C63}: NameServer = 77.74.48.113
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: jokapovu.dll c:\windows\system32\yitidena.dll c:\windows\system32\vemayuva.dll
O21 - SSODL: sewotijaf - {ddf84062-742f-496d-b3a5-d8465bbdecf7} - c:\windows\system32\yitidena.dll
O22 - SharedTaskScheduler: mujuzedij - {ddf84062-742f-496d-b3a5-d8465bbdecf7} - c:\windows\system32\yitidena.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 8716 bytes
Register for free to hide this ad!
sjpritch25's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 9,113 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
08-Nov-2009, 05:32 PM #2
Welcome to TSG

Download Combofix from this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
__________________
Microsoft Valuable Professional Consumer--Security 2007-2010
Please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here
ParkerBarrow's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Nov 2009
Experience: Beginner
09-Nov-2009, 02:20 AM #3
Thanks for helping me with this. I really appreciate it. Here are the logs.

ComboFix 09-11-08.03 - Jeremy Lusk 11/09/2009 0:44.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1553 [GMT -5:00]
Running from: c:\documents and settings\Jeremy Lusk\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Start Menu\Programs\AntiVirus Plus
c:\documents and settings\All Users\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk
c:\documents and settings\All Users\Start Menu\Programs\AntiVirus Plus\EULA.url
c:\documents and settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk
c:\documents and settings\Jeremy Lusk\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk
c:\documents and settings\Jeremy Lusk\Local Settings\Application Data\{0DEB0ABE-6857-4C41-8E72-57D7135B100B}
c:\documents and settings\Jeremy Lusk\Local Settings\Application Data\{0DEB0ABE-6857-4C41-8E72-57D7135B100B}\chrome.manifest
c:\documents and settings\Jeremy Lusk\Local Settings\Application Data\{0DEB0ABE-6857-4C41-8E72-57D7135B100B}\chrome\content\_cfg.js
c:\documents and settings\Jeremy Lusk\Local Settings\Application Data\{0DEB0ABE-6857-4C41-8E72-57D7135B100B}\chrome\content\overlay.xul
c:\documents and settings\Jeremy Lusk\Local Settings\Application Data\{0DEB0ABE-6857-4C41-8E72-57D7135B100B}\install.rdf
c:\documents and settings\Jeremy Lusk\ntuser.dll
c:\documents and settings\Jeremy Lusk\Start Menu\Programs\AntiVirus Plus
c:\documents and settings\Jeremy Lusk\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk
c:\documents and settings\Jeremy Lusk\Start Menu\Programs\AntiVirus Plus\EULA.url
c:\documents and settings\Jeremy Lusk\Start Menu\Programs\Startup\AntiVirus Plus.lnk
c:\documents and settings\Jeremy Lusk\Start Menu\Programs\Startup\scandisk.dll
c:\documents and settings\Jeremy Lusk\Start Menu\Programs\Startup\scandisk.lnk
c:\windows\system32\_000021_.tmp.dll
c:\windows\system32\_000022_.tmp.dll
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\bebuviza.dll
c:\windows\system32\birokone.dll
c:\windows\system32\certstore.dat
c:\windows\system32\config\systemprofile\Desktop\AntiVirus Plus.lnk
c:\windows\system32\drivers\fad.sys
c:\windows\system32\FInstall.sys
c:\windows\system32\fuzopido.exe
c:\windows\system32\hesudobu.dll
c:\windows\system32\heturolu.exe
c:\windows\system32\huduzitu.dll
c:\windows\system32\Install.txt
c:\windows\system32\isapeep.sys
c:\windows\system32\jadelamo.dll
c:\windows\system32\jipanidi.dll
c:\windows\system32\jokapovu.dll
c:\windows\system32\jumusida.dll
c:\windows\system32\keleteli.dll
c:\windows\system32\mcenspc.dll
c:\windows\system32\meyehusi.dll
c:\windows\system32\moduzota.exe
c:\windows\system32\ripunubi.exe
c:\windows\system32\rogavove.dll
c:\windows\system32\sojowiko.dll
c:\windows\system32\tibugizu.dll
c:\windows\system32\tuzaheha.exe
c:\windows\system32\vahiheka.exe
c:\windows\system32\vemayuva.dll
c:\windows\system32\vumiwegu.dll
c:\windows\system32\yasunave.exe
c:\windows\system32\zijoriri.dll
c:\windows\Tasks\oidvttju.job
c:\windows\TEMP\mta13187.dll

----- BITS: Possible infected sites -----

hxxp://77.74.48.111
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4
-------\Legacy_isapeep
-------\Service_isapeep


((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
.

2009-11-09 05:17 . 2009-11-09 05:16 2455552 ----a-w- c:\documents and settings\Jeremy Lusk\Application Data\AntiVirus Plus\AntiVirus Plus.70367.dll
2009-11-09 05:16 . 2009-11-09 05:17 -------- d-----w- c:\documents and settings\Jeremy Lusk\Application Data\AntiVirus Plus
2009-11-09 03:59 . 2009-11-09 03:59 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-11-09 03:59 . 2009-11-09 03:59 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2009-11-07 04:00 . 2009-11-07 04:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-11-06 01:23 . 2009-11-06 01:23 274 ----a-w- c:\documents and settings\All Users\Application Data\73058831\73058831.bat
2009-11-06 01:23 . 2009-11-06 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\73058831
2009-10-31 12:32 . 2009-10-31 12:32 0 ----a-w- c:\windows\Llinafawinaqaf.bin
2009-10-31 12:32 . 2009-10-31 12:32 120 ----a-w- c:\windows\Orequk.dat
2009-10-31 03:14 . 2009-10-31 03:14 53248 ----a-w- C:\oqbkddrr.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-09 04:36 . 2009-04-01 01:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-05 05:02 . 2009-04-01 01:51 -------- d-----w- c:\program files\Spyware Doctor
2009-11-01 02:50 . 2008-08-26 04:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 22:39 . 2008-08-29 00:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-22 09:19 . 2009-11-05 04:03 5939712 ----a-w- c:\windows\system32\SET11.tmp
2009-10-22 04:11 . 2008-06-05 07:29 -------- d-----w- c:\program files\McAfee
2009-09-21 22:50 . 2009-09-21 02:55 -------- d-----w- c:\documents and settings\Jeremy Lusk\Application Data\CVS
2009-09-18 22:44 . 2009-02-11 00:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-16 14:22 . 2008-06-05 07:30 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2008-06-05 07:30 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2008-06-05 07:30 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2008-06-05 07:30 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2008-06-05 07:30 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18 . 2004-08-11 22:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 13:23 . 2009-09-11 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-11 13:23 . 2009-09-11 13:23 -------- d-----w- c:\program files\NOS
2009-09-10 18:54 . 2008-08-26 04:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-08-26 04:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 22:26 . 2009-04-01 01:51 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-03 15:53 . 2009-09-11 13:23 30912 ----a-w- c:\documents and settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-09-03 15:53 . 2009-09-11 13:23 22848 ----a-w- c:\documents and settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-09-03 15:53 . 2009-09-11 13:23 19792 ----a-w- c:\documents and settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-08-29 08:08 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-11 22:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-24 02:02 . 2008-09-30 02:08 116944 ----a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-23 19:29 . 2005-04-30 05:01 116944 ----a-w- c:\documents and settings\Jeremy Lusk\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 01:22 . 2009-08-06 01:22 844800 --sha-w- c:\windows\system32\hasabasi.exe
2009-08-09 05:16 . 2009-08-09 05:16 107008 --sha-w- c:\windows\system32\zekuboli.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2B5AAB8-2183-4be7-81A6-F11493C45872}]
2009-11-09 05:16 2455552 ----a-w- c:\documents and settings\Jeremy Lusk\Application Data\AntiVirus Plus\AntiVirus Plus.70367.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-11 344064]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-07-09 5134864]
"Prigog"="c:\windows\opamajapimogud.dll" [2008-04-14 173568]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AntiVirus Plus"="c:\documents and settings\Jeremy Lusk\Application Data\AntiVirus Plus\AntiVirus Plus.70367.dll" [2009-11-09 2455552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli cpcwipht.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll mcenspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscs vc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/31/2009 8:51 PM 206256]
R2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [8/11/2004 5:00 PM 14336]
R2 fastnetsrv;fastnetsrv Service;c:\windows\system32\FastNetSrv.exe [8/4/2004 5:00 AM 46592]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/28/2008 6:45 PM 206096]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [4/24/2005 9:38 PM 80384]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\DRIVERS\ADSFilter.sys --> c:\windows\system32\DRIVERS\ADSFilter.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [8/11/2004 5:00 PM 14336]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 11:30 AM 124608]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/31/2009 7:49 AM 348752]
S3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVgaMini.sys [12/20/2005 11:21 PM 231040]
S3 xVGAUSB;USB2.0 VGA DEVICE(USB);c:\windows\system32\drivers\xvgausb.sys [12/20/2005 11:21 PM 22016]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
BtwSrv
.
Contents of the 'Scheduled Tasks' folder

2009-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-02-16 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-05 16:22]

2009-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-05 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = https://mydesk.morganstanley.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: turbotax.com
TCP: {E5E141D8-AAC5-43B5-87E7-88A2E6D91C63} = 77.74.48.113
FF - ProfilePath - c:\documents and settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/
FF - prefs.js: network.proxy.http - localhost:8080
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\extensions\moveplayer@movene tworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

BHO-{6b6cb589-c5c2-405e-99fc-fe44f74e7a01} - delutaha.dll
HKLM-Run-moguhatih - c:\windows\system32\zijoriri.dll
HKLM-Run-lezireyafi - tibugizu.dll
SharedTaskScheduler-{75899e94-ab3e-498f-9a52-96a69f9b882a} - c:\windows\system32\zijoriri.dll
SharedTaskScheduler-{5796a851-bda6-4767-b0ae-aeb9b155c269} - c:\windows\system32\zijoriri.dll
SSODL-posoyopud-{75899e94-ab3e-498f-9a52-96a69f9b882a} - c:\windows\system32\zijoriri.dll
SSODL-getiwusoj-{5796a851-bda6-4767-b0ae-aeb9b155c269} - c:\windows\system32\zijoriri.dll
SafeBoot-WinDefend



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 00:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\KB976749-IE8.log 513 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,38,68,5e,b0,d0,70,27,47,ad,52,72, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,38,68,5e,b0,d0,70,27,47,ad,52,72, \
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'lsass.exe'(784)
c:\windows\cpcwipht.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1864)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\cpcwipht.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\opamajapimogud.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\brss01a.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\basfipm.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\windows\system32\fxssvc.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2009-11-09 1:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-09 06:09

Pre-Run: 10,483,523,584 bytes free
Post-Run: 10,743,222,272 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 65551F310D6305B52FDBB9151791F7D9




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:39 AM, on 11/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\FastNetSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jeremy Lusk\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mydesk.morganstanley.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Antivirus Plus BHO - {C2B5AAB8-2183-4be7-81A6-F11493C45872} - C:\Documents and Settings\Jeremy Lusk\Application Data\AntiVirus Plus\AntiVirus Plus.70367.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [Prigog] rundll32.exe "C:\WINDOWS\opamajapimogud.dll",Startup
O4 - HKUS\S-1-5-18\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Jeremy Lusk\Application Data\AntiVirus Plus\AntiVirus Plus.70367.dll", start 70367 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Jeremy Lusk\Application Data\AntiVirus Plus\AntiVirus Plus.70367.dll", start 70367 (User 'Default user')
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {B1647320-9EC8-4B0F-BF53-93D4A43FA614} (TerminalSvcsTCSX Control) - https://mydesk-pi01.morganstanley.co...nalSvcsTCS.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5E141D8-AAC5-43B5-87E7-88A2E6D91C63}: NameServer = 77.74.48.113
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 8094 bytes
sjpritch25's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 9,113 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
09-Nov-2009, 08:25 AM #4
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Code:
File::
c:\windows\Llinafawinaqaf.bin
c:\windows\Orequk.dat
C:\oqbkddrr.exe
c:\windows\system32\hasabasi.exe
c:\windows\system32\zekuboli.exe
c:\windows\opamajapimogud.dll
c:\windows\cpcwipht.dll
c:\documents and settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
c:\documents and settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
c:\documents and settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
Folder::
c:\documents and settings\Jeremy Lusk\Application Data\AntiVirus Plus
c:\documents and settings\All Users\Application Data\73058831
c:\program files\NOS
c:\documents and settings\All Users\Application Data\NOS
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2B5AAB8-2183-4be7-81A6-F11493C45872}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Prigog"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AntiVirus Plus"=-
[HKEY_LOCAL_MACHINE\System\CurrentControlset\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=-
"%windir%\\system32\\drivers\\svchost.exe"=-
Driver::
BtwSrv
getPlusHelper
Save this as CFScript.txt, in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
__________________
Microsoft Valuable Professional Consumer--Security 2007-2010
Please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here
ParkerBarrow's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Nov 2009
Experience: Beginner
09-Nov-2009, 10:09 AM #5
Ok, here's the latest. Thanks again for helping me with this!


ComboFix 09-11-08.03 - Jeremy Lusk 11/09/2009 8:23.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1477 [GMT -5:00]
Running from: c:\documents and settings\Jeremy Lusk\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jeremy Lusk\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\documents and settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe"
"c:\documents and settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe"
"c:\documents and settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll"
"C:\oqbkddrr.exe"
"c:\windows\cpcwipht.dll"
"c:\windows\Llinafawinaqaf.bin"
"c:\windows\opamajapimogud.dll"
"c:\windows\Orequk.dat"
"c:\windows\system32\hasabasi.exe"
"c:\windows\system32\zekuboli.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\73058831
c:\documents and settings\All Users\Application Data\73058831\73058831.bat
c:\documents and settings\All Users\Application Data\NOS
c:\documents and settings\All Users\Application Data\NOS\getUninst_Adobe.dat
c:\documents and settings\Jeremy Lusk\Application Data\AntiVirus Plus
c:\documents and settings\Jeremy Lusk\Application Data\AntiVirus Plus\AntiVirus Plus.70367.dll
c:\documents and settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
c:\documents and settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
c:\documents and settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
C:\oqbkddrr.exe
c:\program files\NOS
c:\program files\NOS\bin\getPlus_Helper.dll
c:\program files\NOS\bin\getPlusPlus_Adobe.exe
c:\program files\NOS\bin\gp.ocx
c:\windows\cpcwipht.dll
c:\windows\Llinafawinaqaf.bin
c:\windows\opamajapimogud.dll
c:\windows\Orequk.dat
c:\windows\system32\hasabasi.exe
c:\windows\system32\zekuboli.exe
c:\windows\TEMP\mta13187.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_BTWSRV
-------\Legacy_GETPLUSHELPER
-------\Service_BtwSrv
-------\Service_getPlusHelper


((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
.

2009-11-09 13:25 . 2009-11-09 13:25 -------- d-----w- c:\documents and settings\Jeremy Lusk\Local Settings\Application Data\{A31EFA4E-F134-4D36-9E07-E690F5B5DE83}
2009-11-09 03:59 . 2009-11-09 03:59 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-11-09 03:59 . 2009-11-09 03:59 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2009-11-07 04:00 . 2009-11-07 04:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-09 04:36 . 2009-04-01 01:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-05 05:02 . 2009-04-01 01:51 -------- d-----w- c:\program files\Spyware Doctor
2009-11-01 02:50 . 2008-08-26 04:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 22:39 . 2008-08-29 00:17 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-22 04:11 . 2008-06-05 07:29 -------- d-----w- c:\program files\McAfee
2009-09-21 22:50 . 2009-09-21 02:55 -------- d-----w- c:\documents and settings\Jeremy Lusk\Application Data\CVS
2009-09-18 22:44 . 2009-02-11 00:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-16 14:22 . 2008-06-05 07:30 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 14:22 . 2008-06-05 07:30 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 14:22 . 2008-06-05 07:30 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 14:22 . 2008-06-05 07:30 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 14:22 . 2008-06-05 07:30 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 14:18 . 2004-08-11 22:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 18:54 . 2008-08-26 04:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2008-08-26 04:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 22:26 . 2009-04-01 01:51 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-29 08:08 . 2004-08-11 22:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-11 22:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-24 02:02 . 2008-09-30 02:08 116944 ----a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-23 19:29 . 2005-04-30 05:01 116944 ----a-w- c:\documents and settings\Jeremy Lusk\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-11-09_05.56.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-09 13:33 . 2009-11-09 13:33 16384 c:\windows\Temp\Perflib_Perfdata_69c.dat
+ 2009-11-09 13:33 . 2009-11-09 13:33 16384 c:\windows\Temp\Perflib_Perfdata_11c.dat
- 2005-04-30 04:51 . 2009-11-09 05:55 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-04-30 04:51 . 2009-11-09 13:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-04-30 04:51 . 2009-11-09 05:55 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-04-30 04:51 . 2009-11-09 13:14 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-11-09 06:02 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB976749-IE8\spuninst\updspapi.dll
+ 2009-11-09 06:02 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB976749-IE8\spuninst\spuninst.exe
+ 2004-08-11 22:00 . 2009-10-22 09:19 5939712 c:\windows\system32\mshtml.dll
+ 2009-11-09 06:02 . 2009-08-29 08:08 5940224 c:\windows\ie8updates\KB976749-IE8\mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-11 344064]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscs vc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/31/2009 8:51 PM 206256]
R2 fastnetsrv;fastnetsrv Service;c:\windows\system32\FastNetSrv.exe [8/4/2004 5:00 AM 46592]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/28/2008 6:45 PM 206096]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [4/24/2005 9:38 PM 80384]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\DRIVERS\ADSFilter.sys --> c:\windows\system32\DRIVERS\ADSFilter.sys [?]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 11:30 AM 124608]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/31/2009 7:49 AM 348752]
S3 xVGAMINI;xVGAMINI;c:\windows\system32\drivers\xVgaMini.sys [12/20/2005 11:21 PM 231040]
S3 xVGAUSB;USB2.0 VGA DEVICE(USB);c:\windows\system32\drivers\xvgausb.sys [12/20/2005 11:21 PM 22016]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

2009-02-16 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-05 16:22]

2009-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-05 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = https://mydesk.morganstanley.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: turbotax.com
TCP: {E5E141D8-AAC5-43B5-87E7-88A2E6D91C63} = 77.74.48.113
FF - ProfilePath - c:\documents and settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.hotmail.com/
FF - prefs.js: network.proxy.http - localhost:8080
FF - prefs.js: network.proxy.type - 1
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\extensions\moveplayer@movene tworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {A31EFA4E-F134-4D36-9E07-E690F5B5DE83} - c:\documents and settings\Jeremy Lusk\Local Settings\Application Data\{A31EFA4E-F134-4D36-9E07-E690F5B5DE83}\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files\NOS\bin\getPlus_Helper.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 08:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,38,68,5e,b0,d0,70,27,47,ad,52,72, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,38,68,5e,b0,d0,70,27,47,ad,52,72, \
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(3004)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\brss01a.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\basfipm.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\windows\system32\fxssvc.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-09 8:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-09 13:47
ComboFix2.txt 2009-11-09 06:09

Pre-Run: 10,736,185,344 bytes free
Post-Run: 10,692,427,776 bytes free

- - End Of File - - FEABEE63B31CE4BE13C0DE07E9B6C431
sjpritch25's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 9,113 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
09-Nov-2009, 02:11 PM #6
how is everything running???
sjpritch25's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 9,113 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
09-Nov-2009, 08:20 PM #7
can you post this log for me please thanks

C:\Qoobox\ComboFix-quarantined-files.txt.
ParkerBarrow's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Nov 2009
Experience: Beginner
09-Nov-2009, 11:07 PM #8
I'm no longer being redirected to the bogus websites, and so far no popups. Here's the log.



2009-11-09 13:47:02 . 2009-11-09 13:47:02 1,388 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7}.reg.dat
2009-11-09 13:30:00 . 2009-11-09 13:30:00 3,564 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_getPlusHelper.reg.dat
2009-11-09 13:30:00 . 2009-11-09 13:30:00 6,056 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_BtwSrv.reg.dat
2009-11-09 13:30:00 . 2009-11-09 13:30:00 854 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_GETPLUSHELPER.reg.dat
2009-11-09 13:30:00 . 2009-11-09 13:30:00 1,014 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_BTWSRV.reg.dat
2009-11-09 13:23:37 . 2009-11-09 13:23:40 1,052,561 ----a-w- C:\Qoobox\Quarantine\[4]-Submit_2009-11-09_08.23.20.zip
2009-11-09 06:25:50 . 2009-08-29 08:08:21 1,208,832 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Temp\mta13187.dll.vir
2009-11-09 06:08:11 . 2009-11-09 06:08:11 550 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WinDefend.reg.dat
2009-11-09 06:07:49 . 2009-11-09 06:07:49 373 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SSODL-getiwusoj-{5796a851-bda6-4767-b0ae-aeb9b155c269}.reg.dat
2009-11-09 06:07:49 . 2009-11-09 06:07:49 373 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SSODL-posoyopud-{75899e94-ab3e-498f-9a52-96a69f9b882a}.reg.dat
2009-11-09 06:07:47 . 2009-11-09 06:07:47 374 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SharedTaskScheduler-{5796a851-bda6-4767-b0ae-aeb9b155c269}.reg.dat
2009-11-09 06:07:46 . 2009-11-09 06:07:47 374 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SharedTaskScheduler-{75899e94-ab3e-498f-9a52-96a69f9b882a}.reg.dat
2009-11-09 06:07:35 . 2009-11-09 06:07:35 129 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-lezireyafi.reg.dat
2009-11-09 06:07:35 . 2009-11-09 06:07:35 150 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-moguhatih.reg.dat
2009-11-09 06:07:27 . 2009-11-09 06:07:27 351 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{6b6cb589-c5c2-405e-99fc-fe44f74e7a01}.reg.dat
2009-11-09 05:50:46 . 2009-11-09 05:50:46 2,534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_isapeep.reg.dat
2009-11-09 05:50:46 . 2009-11-09 05:50:46 1,208 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_isapeep.reg.dat
2009-11-09 05:49:49 . 2009-11-09 05:49:49 4,028 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_6to4.reg.dat
2009-11-09 05:49:49 . 2009-11-09 13:29:59 774 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_6TO4.reg.dat
2009-11-09 05:49:27 . 2009-11-09 13:29:36 6,056 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-11-09 05:17:28 . 2009-11-09 05:17:28 1,750 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jeremy Lusk\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk.vir
2009-11-09 05:17:28 . 2009-11-09 05:17:28 1,698 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\Desktop\AntiVi rus Plus.lnk.vir
2009-11-09 05:17:28 . 2009-11-09 05:17:28 1,744 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk.vir
2009-11-09 05:17:28 . 2009-11-09 05:17:28 55 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\AntiVirus Plus\EULA.url.vir
2009-11-09 05:17:27 . 2009-11-09 05:17:28 55 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jeremy Lusk\Start Menu\Programs\AntiVirus Plus\EULA.url.vir
2009-11-09 05:17:27 . 2009-11-09 05:17:27 1,744 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jeremy Lusk\Start Menu\Programs\AntiVirus Plus\AntiVirus Plus.lnk.vir
2009-11-09 05:17:27 . 2009-11-09 05:17:27 1,814 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk.vir
2009-11-09 05:17:27 . 2009-11-09 05:17:27 1,814 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jeremy Lusk\Start Menu\Programs\Startup\AntiVirus Plus.lnk.vir
2009-11-09 05:17:00 . 2009-11-09 05:16:57 2,455,552 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jeremy Lusk\Application Data\AntiVirus Plus\AntiVirus Plus.70367.dll.vir
2009-11-09 05:16:46 . 2009-11-09 05:16:47 296 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Tasks\oidvttju.job.vir
2009-11-09 05:12:48 . 2009-11-09 13:21:17 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-11-08 13:58:06 . 2009-11-08 13:58:06 2,713 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ripunubi.exe.vir
2009-11-07 23:00:13 . 2009-11-07 23:00:13 2,713 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\moduzota.exe.vir
2009-11-07 18:47:27 . 2009-11-07 18:47:27 2,713 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\vahiheka.exe.vir
2009-11-07 15:19:42 . 2009-11-07 15:19:42 2,713 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\fuzopido.exe.vir
2009-11-07 11:04:14 . 2009-11-07 11:04:14 2,713 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tuzaheha.exe.vir
2009-11-07 07:40:34 . 2009-11-07 07:40:34 2,713 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\heturolu.exe.vir
2009-11-06 18:21:37 . 2009-11-06 18:21:37 2,713 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\yasunave.exe.vir
2009-11-06 01:23:11 . 2009-11-06 01:23:11 274 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\73058831\73058831.bat.vir
2009-10-31 12:32:59 . 2009-11-09 05:59:27 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Llinafawinaqaf.bin.vir
2009-10-31 12:32:57 . 2009-11-09 05:59:20 120 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Orequk.dat.vir
2009-10-31 12:32:55 . 2009-10-31 12:32:55 7,716 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jeremy Lusk\Local Settings\Application Data\{0DEB0ABE-6857-4C41-8E72-57D7135B100B}\chrome\content\overlay.xul.vir
2009-10-31 12:32:55 . 2009-10-31 12:32:55 2,014 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jeremy Lusk\Local Settings\Application Data\{0DEB0ABE-6857-4C41-8E72-57D7135B100B}\chrome\content\_cfg.js.vir
2009-10-31 12:32:54 . 2009-10-31 12:32:55 764 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jeremy Lusk\Local Settings\Application Data\{0DEB0ABE-6857-4C41-8E72-57D7135B100B}\install.rdf.vir
2009-10-31 12:32:54 . 2009-10-31 12:32:54 122 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jeremy Lusk\Local Settings\Application Data\{0DEB0ABE-6857-4C41-8E72-57D7135B100B}\chrome.manifest.vir
2009-10-31 03:14:24 . 2009-10-31 03:14:25 53,248 ----a-w- C:\Qoobox\Quarantine\C\oqbkddrr.exe.vir
2009-09-11 13:23:53 . 2009-09-03 15:53:00 268,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\NOS\bin\getPlusPlus_Adobe.exe.vir
2009-09-11 13:23:51 . 2009-09-03 15:53:00 46,976 ----a-w- C:\Qoobox\Quarantine\C\Program Files\NOS\bin\gp.ocx.vir
2009-09-11 13:23:40 . 2009-09-03 15:53:00 48,368 ----a-w- C:\Qoobox\Quarantine\C\Program Files\NOS\bin\getPlus_Helper.dll.vir
2009-09-11 13:23:39 . 2009-09-11 13:23:59 892 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\NOS\getUninst_Adobe.dat.vir
2009-09-11 13:23:33 . 2009-09-03 15:53:00 22,848 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe.vir
2009-09-11 13:23:33 . 2009-09-03 15:53:00 30,912 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll.vir
2009-09-11 13:23:26 . 2009-09-03 15:53:00 19,792 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe.vir
2009-08-09 05:16:39 . 2009-08-09 05:16:39 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\bebuviza.dll.vir
2009-08-09 05:16:39 . 2009-08-09 05:16:39 92,672 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hesudobu.dll.vir
2009-08-09 05:16:39 . 2009-08-09 05:16:39 60,928 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\jadelamo.dll.vir
2009-08-09 05:16:39 . 2009-08-09 05:16:39 45,056 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\rogavove.dll.vir
2009-08-09 05:16:39 . 2009-08-09 05:16:39 107,008 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\zekuboli.exe.vir
2009-08-06 01:22:43 . 2009-08-06 01:22:43 92,160 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\zijoriri.dll.vir
2009-08-06 01:22:43 . 2009-08-06 01:22:43 45,056 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\keleteli.dll.vir
2009-08-06 01:22:43 . 2009-08-06 01:22:43 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\sojowiko.dll.vir
2009-08-06 01:22:42 . 2009-08-06 01:22:42 844,800 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\hasabasi.exe.vir
2009-08-05 01:49:15 . 2009-08-05 01:49:15 92,672 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\vemayuva.dll.vir
2009-08-05 01:49:15 . 2009-08-05 01:49:15 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\jumusida.dll.vir
2009-08-05 01:49:15 . 2009-08-05 01:49:15 45,056 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\meyehusi.dll.vir
2009-08-04 00:22:48 . 2009-08-04 00:22:48 91,648 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\birokone.dll.vir
2009-08-04 00:22:48 . 2009-08-04 00:22:48 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\jipanidi.dll.vir
2009-08-02 23:10:08 . 2009-08-02 23:10:08 39,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\huduzitu.dll.vir
2009-08-02 23:10:08 . 2009-08-02 23:10:08 91,648 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\vumiwegu.dll.vir
2009-08-02 01:19:43 . 2009-08-02 01:19:43 53,760 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\jokapovu.dll.vir
2009-08-02 01:19:43 . 2009-08-02 01:19:43 53,760 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\tibugizu.dll.vir
2009-03-31 13:44:28 . 2009-04-10 16:29:29 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\mcenspc.dll.vir
2005-04-25 03:23:17 . 2009-11-09 05:03:57 4,232 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat.vir
2005-04-25 03:23:17 . 2009-11-09 05:02:46 5,227 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat.vir
2004-08-11 22:00:36 . 2008-04-14 00:12:08 53,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\cpcwipht.dll.vir
2004-08-11 22:00:36 . 2008-04-14 00:12:08 173,568 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\opamajapimogud.dll.vir
2004-08-11 22:00:30 . 2008-04-14 00:12:34 108,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000021_.tmp.dll.vir
2004-08-11 22:00:25 . 2008-04-14 00:11:24 706,048 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000022_.tmp.dll.vir
2004-08-11 22:00:19 . 2008-04-14 00:11:56 48,934 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\certstore.dat.vir
2004-08-11 22:00:19 . 2008-04-14 00:11:56 2,304 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\isapeep.sys.vir
2004-08-11 22:00:18 . 2008-04-14 00:11:56 728,064 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000023_.tmp.dll.vir
2004-08-11 22:00:18 . 2009-03-21 14:06:58 23,552 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jeremy Lusk\ntuser.dll.vir
2004-08-11 22:00:18 . 2009-03-21 14:06:58 23,552 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jeremy Lusk\Start Menu\Programs\Startup\scandisk.dll.vir
2004-08-11 22:00:18 . 2009-11-06 15:00:22 655 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Jeremy Lusk\Start Menu\Programs\Startup\scandisk.lnk.vir
2004-08-04 10:00:00 . 2004-08-04 10:00:00 8 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\FInstall.sys.vir
2004-08-04 10:00:00 . 2004-08-04 10:00:00 234 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Install.txt.vir
2003-01-30 16:52:48 . 2003-01-30 16:52:48 12,073 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\FAD.sys.vir
sjpritch25's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 9,113 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
09-Nov-2009, 11:30 PM #9
Open notepad and copy/paste the text in the codebox below into it:
Code:
@echo off
for %%g in (
"C:\Qoobox\Quarantine\Registry_backups\Service_getPlusHelper.reg.dat"
"C:\Qoobox\Quarantine\Registry_backups\Legacy_GETPLUSHELPER.reg.dat"
"C:\Qoobox\Quarantine\C\WINDOWS\Temp\mta13187.dll.vir"
"C:\Qoobox\Quarantine\Registry_backups\Service_BtwSrv.reg.dat"
"C:\Qoobox\Quarantine\Registry_backups\Legacy_BTWSRV.reg.dat"
"C:\Qoobox\Quarantine\C\Program Files\NOS\bin\getPlusPlus_Adobe.exe.vir"
"C:\Qoobox\Quarantine\C\Program Files\NOS\bin\gp.ocx.vir"
"C:\Qoobox\Quarantine\C\Program Files\NOS\bin\getPlus_Helper.dll.vir"
"C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\NOS\getUninst_Adobe.dat.vir"
"C:\Qoobox\Quarantine\C\Documents and Settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe.vir"
"C:\Qoobox\Quarantine\C\Documents and Settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll.vir"
"C:\Qoobox\Quarantine\C\Documents and Settings\Jeremy Lusk\Application Data\Mozilla\Firefox\Profiles\ppqg7sks.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe.vir"
"C:\Qoobox\Quarantine\C\WINDOWS\opamajapimogud.dll.vir"
"C:\Qoobox\Quarantine\C\WINDOWS\cpcwipht.dll.vir"
) do zip Files_for_submission %%g
del %0
Save this as grab.bat
Choose to "Save type as - All Files"
Save it on your desktop.

It should look like this:
Double click on grab.bat & allow it to run

A file, Files_for_submission.zip will be created on your desktop.

Please upload that file here --> http://www.bleepingcomputer.com/subm...php?channel=70
__________________
Microsoft Valuable Professional Consumer--Security 2007-2010
Please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here
ParkerBarrow's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Nov 2009
Experience: Beginner
09-Nov-2009, 11:57 PM #10
Ok, I just did that and uploaded the file.

I realized that I spoke too soon in my post above. Something is still wrong even though I'm not being redirected. I was testing things out to see if the computer was working correctly and suddenly there was some random audio playing over my speakers. I closed firefox and didn't have any other programs running, but I could still hear the audio (it was two people talking about movies - it sounded like a radio show or something). It stopped about 5 seconds after I removed my ethernet cable.
ParkerBarrow's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Nov 2009
Experience: Beginner
10-Nov-2009, 12:00 AM #11
... it happened when I was watching a video on hulu.com. I tried watching again to see if it would happen and sure enough, after running the video for about 3 minutes the strange audio kicks in. Again, it continued to play after I closed firefox and stopped a few seconds after disconnecting from the internet.
sjpritch25's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 9,113 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
10-Nov-2009, 05:17 PM #12
can you give me the exact video you were viewing on hulu.
ParkerBarrow's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Nov 2009
Experience: Beginner
10-Nov-2009, 10:59 PM #13
Here's the link. I had on full screen. The weird audio started after about a minute or two.

http://www.hulu.com/watch/105832/the...ate#s-p1-so-i0
sjpritch25's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 9,113 posts.
  
Join Date: Sep 2005
Location: Florida
Experience: Advanced
12-Nov-2009, 04:15 PM #14
not really sure what that would be. Sorry
ParkerBarrow's Avatar
Computer Specs
Junior Member with 8 posts.
  
Join Date: Nov 2009
Experience: Beginner
12-Nov-2009, 10:36 PM #15
Ok, no problem. It hasn't happened since. So should my computer be clean now? It appears fine to me, but I know that doesn't always mean that everything is ok.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 2 1 2

Tags
greatfeedmill, malware, pop up ads

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 04:46 PM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.