Jump to content

Malwarebytes

Windows Update goes to MSN & cannot update and ViMax sexually explicit ads appear on every webpage accessed

- - - - -
Started by Fire926, Nov 29 2008 10:08 PM

4 replies to this topic

#1
Fire926
Posted 29 November 2008 - 10:08 PM

    New Member

  • Members
  • Pip
  • 5 posts
I have been unable to update my Windows using windows Update as I get routed to MSN.com and virtually every web page I open I get a sexually explicit ad for ViMax. HELP!!

MBAM Log

Malwarebytes' Anti-Malware 1.30
Database version: 1434
Windows 5.1.2600 Service Pack 3

11/29/2008 10:25:55 AM
mbam-log-2008-11-29 (10-25-55).txt

Scan type: Quick Scan
Objects scanned: 71619
Time elapsed: 9 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.146 85.255.112.19 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f515b4d4-df87-4744-a05d-59ecebf4ab6b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.146 85.255.112.19 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.146 85.255.112.19 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f515b4d4-df87-4744-a05d-59ecebf4ab6b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.146 85.255.112.19 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.146 85.255.112.19 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{f515b4d4-df87-4744-a05d-59ecebf4ab6b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.146 85.255.112.19 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Panda Scan Log

;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-11-29 16:41:32
PROTECTIONS: 1
MALWARE: 34
SUSPECTS: 7
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
CA Anti-Virus 9.0.0.174 No Yes
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent36.zip
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@trafficmp[1].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@casalemedia[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@casalemedia[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Scott\Cookies\scott@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Local Settings\Temp\Cookies\debbie@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Local Settings\Temp\Cookies\debbie@atdmt[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@fastclick[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@mediaplex[2].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Scott\Cookies\scott@statcounter[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Local Settings\Temp\Cookies\debbie@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@ad.yieldmanager[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@burstnet[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@bs.serving-sys[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@advertising[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Local Settings\Temp\Cookies\debbie@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@adrevolver[3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@ads.pointroll[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@questionmarket[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@zedo[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Local Settings\Temp\Cookies\debbie@zedo[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@bluestreak[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@adrevolver[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@adrevolver[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@adultfriendfinder[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Scott\Cookies\scott@go[1].txt
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@valueclick[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Debbie\Cookies\debbie@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@atwola[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Scott\Cookies\scott@atwola[1].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No L:\Debbie's Stuff\Debbie's stuf 9-5-07\Documents and Settings\Cookies\debbie@ads.addynamix[2].txt
00959234 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.1.0.037\npwthost.dll
01048936 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
01240432 Adware/MyWay Adware No 0 No No C:\WINDOWS\Downloaded Installations\{6936DB8E-F8FF-4007-B646-0CBD4AB654B1}\AquaSupreme.msi[unk_0064][myBarSp.exe]
01313177 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\WildTangent\Components\wtPropertyBag0200.dll
03982751 Generic Malware Virus/Trojan No 0 Yes No C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location `
;===============================================================================
================================================================================
=
===================
No C:\RECYCLER\S-1-5-21-1454471165-1364589140-1801674531-1004\Dc1\404Fix.exe `
No C:\RECYCLER\S-1-5-21-1454471165-1364589140-1801674531-1004\Dc1\IEDFix.C.exe `
No C:\RECYCLER\S-1-5-21-1454471165-1364589140-1801674531-1004\Dc1\VACFix.exe `
No C:\WINDOWS\system32\404Fix.exe `
No C:\WINDOWS\system32\IEDFix.C.exe `
No C:\WINDOWS\system32\o4Patch.exe `
No C:\WINDOWS\system32\VACFix.exe `
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description `
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================

Hi-Jack Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:58:21 PM, on 11/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\AOL\1137212081\ee\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1225646875484
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 7464 bytes

#2
Fire926
Posted 01 December 2008 - 09:55 PM

    New Member

  • Members
  • Pip
  • 5 posts
*~BUMP~* Need help still

#3
Lemain
Posted 07 December 2008 - 04:00 PM

    New Member

  • Members
  • Pip
  • 2 posts

View PostFire926, on Dec 1 2008, 10:55 PM, said:

*~BUMP~* Need help still
I've had the identical problem for over six weeks. Had a malware expert take my machine apart with every utility known to man and no malware found. If you Google on Vimax you will see that this problem is all over the Internet and NOBODY has yet posted a solution.

I can tell you that when I connect via my mobile phone GPRS/G3 connection I have no problem. So it seems that the problem is either in my router or the ISP's equipment. I use a wireless connection provided by my landlord and have no control over the ISP or router although landlord says he has asked the ISP to sort it. No change.

Save your time and frustration and don't bother to look for malware beyond running Malwarebytes. This particular problem seems to be upstream. If you have access to your adsl router, try resetting to factory defaults and set up again also update the firmware.

Before letting some clever dick waste days or weeks of your time (which is what happened to me) make sure that someone out there has found a solution!! I am surprised that Symantec or someone has not produced a data sheet on this, it is very common.

Good luck.

#4
Fire926
Posted 07 December 2008 - 05:58 PM

    New Member

  • Members
  • Pip
  • 5 posts
I have just got my system fixed. I downloaded CA Internet/AntiViris Suite 2009 and it found the malware and removed it yet my problem remained as far as the Windows update going to MSN. SO I paid $19.95 additional for CA Tech support and a tech named Martin logged into my system and found that indeed my router settings had been altered. Once those were corected I was back in business virus and malware free. :)


View PostLemain, on Dec 7 2008, 05:00 PM, said:

I've had the identical problem for over six weeks. Had a malware expert take my machine apart with every utility known to man and no malware found. If you Google on Vimax you will see that this problem is all over the Internet and NOBODY has yet posted a solution.

I can tell you that when I connect via my mobile phone GPRS/G3 connection I have no problem. So it seems that the problem is either in my router or the ISP's equipment. I use a wireless connection provided by my landlord and have no control over the ISP or router although landlord says he has asked the ISP to sort it. No change.

Save your time and frustration and don't bother to look for malware beyond running Malwarebytes. This particular problem seems to be upstream. If you have access to your adsl router, try resetting to factory defaults and set up again also update the firmware.

Before letting some clever dick waste days or weeks of your time (which is what happened to me) make sure that someone out there has found a solution!! I am surprised that Symantec or someone has not produced a data sheet on this, it is very common.

Good luck.

#5
Lemain
Posted 07 December 2008 - 06:32 PM

    New Member

  • Members
  • Pip
  • 2 posts

View PostFire926, on Dec 7 2008, 06:58 PM, said:

I have just got my system fixed. I downloaded CA Internet/AntiViris Suite 2009 and it found the malware and removed it yet my problem remained as far as the Windows update going to MSN. SO I paid $19.95 additional for CA Tech support and a tech named Martin logged into my system and found that indeed my router settings had been altered. Once those were corected I was back in business virus and malware free. :)
That figures. It is a router hijack. Trouble is my landlord can't reset his -- it is under the control of the ISP Italy Telecom and they can't be bothered. Sloppy lot. Thanks for sharing that...it confirms what I believed :)
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us