Sign in to follow this  
Followers 0
james49

Redirects of Browser to Infomash and Scour

3 posts in this topic

Over the last two weeks I have experienced redirects of my browser (IE7/Yahoo). Two different web addresses were the destination. The first was www.infomash.org. The second was www.scour.com. Both of these have a look of respectability, in that they say "You searched for..." and appear to be a search engine you can use. Of course, I never tried, but I blocked these web addresses with McAfee Total Protection. So now they get blocked from loading, but I can see address in the browser when I get redirected from normal webpage that I select from various searches. There is also a third apparent redirect address that McAfee blocks, although I did not specify: 66.230.188.67/click.php....(hundreds of additional characters).

Because of these issues, I visited a few forums (including this one) as well as a local computer shop, with the result that I have tried both Malwarebytes and HijackThis. I ran Malwarebytes Quick Scan, and it found a total of 9 registry issues. I removed them. This was the log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4451

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

8/20/2010 2:22:17 AM

mbam-log-2010-08-20 (02-22-17).txt

Scan type: Quick scan

Objects scanned: 177167

Time elapsed: 36 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 5

Registry Values Infected: 0

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04079851-5845-4dea-848c-3ecd647aa554} (Adware.MywaySearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWaySearchAssistant (Adware.MyWaySearch) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

END OF LOG

Then I used the computer for a few hours and decided to run a full scan. Two registry objects were found, and I removed them. This was the log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4451

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

8/22/2010 9:35:39 AM

mbam-log-2010-08-22 (09-35-39).txt

Scan type: Full scan (C:\|)

Objects scanned: 380674

Time elapsed: 3 hour(s), 6 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

END OF LOG

Finally I ran HijackThis, with the below log file for results. I can see it's a dangerous game to delete items logged, unless you are well-versed in Malware. I would greatly appreciate any assistance in assessing the condition of my system. I also just ran a McAfee complete scan with no problems found. Actually my system is quite usable, except that about every sixth search on internet attempts redirect to one of the three sites mentioned above, but McAfee blocks them all. Then I "go back", and the next time I select the intended search item I am properly directed to it. My concern is that this may develop into something more serious or maybe something serious is going on that I'm not aware of. Here is the current HijackThis log file:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:09:20 PM, on 8/22/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17080)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe

C:\Program Files\iolo\common\lib\ioloServiceManager.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\java.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\wwSecure.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\System32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\system32\wfxsnt40.exe

C:\WINDOWS\SM1BG.EXE

C:\WINDOWS\MXOALDR.EXE

C:\Program Files\Common Files\AOL\1152246426\ee\AOLSoftware.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe

C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Norton Ghost\Agent\VProTray.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://search.yahoo.com/search?fr=mcafee&p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar -

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -

c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: &Yahoo! Toolbar Helper -

{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no

file)

O2 - BHO: McAfee Phishing Filter -

{27B4851A-3207-45A2-B947-BE8AFE6163AB} -

c:\progra~1\mcafee\msk\mskapbho.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -

C:\Program Files\Common

Files\McAfee\SystemCore\ScriptSn.20100518132421.dll

O2 - BHO: McAfee SiteAdvisor BHO -

{B164E929-A1B6-4A06-B104-2CD0E90A88FF} -

c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: EpsonToolBandKicker Class -

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON

Web-To-Page\EPSON Web-To-Page.dll

O2 - BHO: SingleInstance Class -

{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program

Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} -

(no file)

O3 - Toolbar: EPSON Web-To-Page -

{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON

Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88}

- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar -

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -

c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON

Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common

Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m

"C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe

O4 - HKLM\..\Run: [sM1BG] C:\WINDOWS\SM1BG.EXE

O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common

Files\AOL\1152246426\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common

Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [stxTrayMenu] "C:\Program

Files\Seagate\SystemTray\StxMenuMgr.exe"

O4 - HKLM\..\Run: [MaxtorOneTouch]

C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common

Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [RealTray] C:\Program

Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI

Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton

Ghost\Agent\VProTray.exe"

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program

Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program

Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [mcui_exe] "C:\Program

Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [Ycolulizegosul] rundll32.exe

"C:\WINDOWS\ehugacudezenoco.dll",Startup

O4 - HKCU\..\Run: [EPSON Stylus Photo RX620 Series]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON

Stylus Photo RX620 Series" /M "Stylus Photo RX620" /EF "HKCU"

O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common

Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat

7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1

O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program

Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [symantec NetDriver Warning]

C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program

Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program

Files\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: forteManager.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}

- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -

http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} -

http://photo2.walgreens.com/WalgreensActivia.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj

Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)

-

http://update.microsoft.com/windowsupdate/.../en/x86/client/

wuweb_site.cab?1120101436671

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -

http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} -

https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} -

http://meetingroom22.app.ray.com/sametime/...Client/STJNILoa

der.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} -

http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content

Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab

O16 - DPF: {B82564F9-5F32-4A0E-9497-67275F840545} (InSPECS2_2 Control)

- http://www.cpuid.org/Brian/InSPECS2_2.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -

http://www.live365.com/players/play365.cab

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -

c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -

c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O22 - SharedTaskScheduler: Browseui preloader -

{438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon -

{8C7461EF-2B13-11d2-BE35-3078302C2030} -

C:\WINDOWS\System32\browseui.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis -

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis -

C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC -

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC -

(no file)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner -

C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -

C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) -

Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco

Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation

- C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown

owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner

- C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: LightScribeService Direct Disc Labeling Service

(LightScribeService) - Hewlett-Packard Company - C:\Program

Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner -

C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

O23 - Service: LiveUpdate - Symantec Corporation -

C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) -

Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program

Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee,

Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program

Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. -

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. -

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program

Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. -

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common

Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. -

C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) -

McAfee, Inc. - C:\Program Files\Common

Files\McAfee\SystemCore\mfevtps.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc.

- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program

Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program

Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton

Ghost\Shared\Drivers\SymSnapService.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) -

America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software,

Inc. - C:\WINDOWS\system32\wwSecure.exe

--

End of file - 16005 bytes

Again, any advice regarding the status of my system as indicated in the above log files would be greatly appreciated!

Share this post


Link to post
Share on other sites

Hello james49, ;)

First, please open notepad, click the "Format" menu and de-select (un-tick) "Word Wrap".

Then, as we don't work on Malware removal or diagnostics in this forum, please read carefully and follow the directions below so that a qualified expert helper will help you to clean those nasty malware for free at the malware removal forum -

  • If you have already submitted for assistance at one of the other support sites on the Internet, then you should not post a new topic here and stay working with the helper from that site until the issue is resolved.
  • Please print out, read, and follow the directions here, skipping any steps you are unable to complete.
  • Then post a NEW topic here, remember to describe your problem along with the necessary logs (MBAM ,DDS, GMER) in that topic. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
  • One of the expert helpers there will give you one-on-one assistance when one becomes available.
  • After posting your new topic, make sure under options (top right of your topic screen), you select Track this topic and choose one of the Email options (prefer Immediate Email Notification) so that you're alerted when someone has replied to your post.
  • Please be patient when waiting for an expert help as the expert helpers can get a bit busy.
  • Please try not to post back (bump) your topic within the first 48 hours. Expert helpers will find the topics which has a zero post count first. If you bump your topic, expert helpers may think the topic is replied and jump to other posts.
    If there is no reply from any experts after 48 hours, you can reply the topic for asking help again or send a Private Message to a Moderator asking for assistance.
  • Please do not alter the system (eg install or uninstall any software, conduct some fixes, use any removal/scanning tool) after posting unless it is told by the expert helper. Using these other tools often makes the cleanup task more difficult and time consuming.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or via here for a prioritized support. Please remember to quote your cleverbridge Reference Number from the confirmation e-mail when requesting assistance.

If you're a Corporate or Technician Licensed customer seeking assistance please send an email to corporate-support@malwarebytes.org. Please quote your order reference number when you send the request.

NOTE: If for some reason you're unable to run some of the tools in the first link, then skip that step and move on to the next one. If you can't even run any tools in safe mode, then just proceed and post a NEW topic as shown in the second link describing your issues and someone will assist you as soon as they can.

Thank You :)

PS

1. Please use the "ADDREPLY" t_reply.gif button at bottom of forum window instead of other ones when you start replying. It makes the whole topic easier to read. ;)

2. For other members who have similar issue and need someone to assist you, please click the button t_new.gif below and post your problem as a new topic. Thanks ;)

Share this post


Link to post
Share on other sites

I realise I'm replying to an old post, but just in case anyone's looking for a fix for the Scour.com Hijacker, after MANY attempts using my usual swag of tools I tried Hitman Pro and it worked.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.