Highlighted
sean2009
1 Nickel

Fake Anti-Virus Pop-Ups, among others

Hi,  I'm trying to fix a family members laptop.  When I attempt to click on a link to navigate the web I experience additional web pages opening up.  I have removed a couple of items found using mcaffee: remadm-vnc, and vnc view.  I found this using adaware: adware- media tickets.  after quarentining these, the browser still opens additional windows.  Mostly anti-virus and credit card sites.

 

Here is the hijack this log:

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:52:00 PM, on 1/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

 

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ISMModule2] "C:\Program Files\ISM\ISMModule2.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [A00F8954EB.exe] C:\DOCUME~1\STEVEB~1\LOCALS~1\Temp\_A00F8954EB.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://stwmls.MLXchange.com
O15 - Trusted Zone: http://*.realtytools.com
O15 - Trusted Zone: http://*.toolkitcma.com
O15 - Trusted Zone: http://*.toolkitcma2.com
O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} (Tkweb Control) - http://www.toolkitcma.com/tkweb/tkweb.cab
O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} (SISCtrl Class) - http://stwmls.mlxchange.com/Control/SISC.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://stwmls.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://stwmls.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://stwmls.mlxchange.com/4.2.04.18/Control/IRCSharc.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: __c001F44A - C:\WINDOWS\system32\__c001F44A.dat
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

--
End of file - 10398 bytes

 

any help would be greatly appreciated!

 

Thanks, 

Sean

0 Kudos
9 Replies
Bugbatter
6 Gallium

Re: Fake Anti-Virus Pop-Ups, among others

 

Welcome. Thank you for using Dell Community Forums.

I am reviewing your log. In the meantime, you can help me by addressing the following:

* Have you have posted this issue on another forum? If so, please provide a link to the topic.

* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.

* If you are using any cracked software, please remove it. Definition of cracked software HERE.

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.  The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a list HERE.    

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* Have you already fixed entries using HijackThis? If so, please restore all the backups and then post another log.

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

* During the course of our cleanup please do not do any online work or surfing until we have verified that your system is clean.

* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

* If your replies do not fit in one post while we are handling your issue, please reply to yourself until all text is submitted. It may take several posts.

I look forward to your reply so we can begin cleaning.

Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log at the top of this board to start a new forum topic.

 


Windows Insider MVP 2016 -

Microsoft MVP - Consumer Security 2006-2016

Social Media and Community Professional

0 Kudos
sean2009
1 Nickel

Re: Fake Anti-Virus Pop-Ups, among others

Hi Bugbatter, Thanks for your reply.

 

Have not posted to another fourm

 

Have not disable system restore

 

No cracked software

 

No P2P

 

I have authority 🙂

 

No fixed entries

 

NP,  Thanks for your help.

0 Kudos
Bugbatter
6 Gallium

Re: Fake Anti-Virus Pop-Ups, among others

  Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates,
  • manually download them from here
    and just double-click on mbam-rules.exe to install.
    Alternatively, you can update through MBAM's interface from a clean computer,
    copy the definitions (rules.ref) located in
    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes'
    Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top.
  • It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully.
  • Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report along with any other requested logs into your next reply and exit MBAM.

Note:-- If MBAM encounters a file that is difficult to remove,
you may be asked to reboot your computer so it can proceed with the disinfection process.
Regardless if prompted to restart the computer or not, please do so immediately.
Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

-- MBAM may make changes to your registry as part of its disinfection routine.
If you're using other security programs that detect registry changes (like Spybot's Teatimer),
they may interfere with the fix or alert you after scanning with MBAM.
Please disable such programs until disinfection is complete or permit them to allow the changes.


We need to see some additional information about what is happening in your machine after running MBAM.

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • Click Yes at the prompt for Optional Scan.
  • When done, DDS will open two (2) logs
  • 1. DDS.txt
    2. Attach.txt

  • Save both reports to your desktop.
  • Copy/paste both logs to your reply on the forum.
  • Close the program window, and delete the program from your desktop.
  • Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

    Don't forget to include the MBAM log. Thanks!

     


    Windows Insider MVP 2016 -

    Microsoft MVP - Consumer Security 2006-2016

    Social Media and Community Professional

    0 Kudos
    sean2009
    1 Nickel

    Re: Fake Anti-Virus Pop-Ups, among others

    Hi, as I was starting your instructions, Mcaffee found a file:  vundo (trojan)

     

    Here are the logs in the order you reqested:

     

    Malwarebytes' Anti-Malware 1.32
    Database version: 1648
    Windows 5.1.2600 Service Pack 3

    1/13/2009 9:39:33 AM
    mbam-log-2009-01-13 (09-39-33).txt

    Scan type: Quick Scan
    Objects scanned: 53380
    Time elapsed: 14 minute(s), 11 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 5
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\__c001F44A.dat (Trojan.Agent) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{231f6fab-eced-4975-9ef2-c0c7bc81927b} (Adware.AdSponsor) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c001f44a (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f8954eb.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Documents and Settings\steve brophy\Start Menu\Programs\Internet Speed Monitor (Adware.AdSponsor) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Documents and Settings\steve brophy\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\steve brophy\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\__c001F44A.dat (Trojan.Vundo) -> Delete on reboot.

     

    DDS (Ver_09-01-07.01) - NTFSx86 
    Run by steve brophy at 10:03:54.79 on Tue 01/13/2009
    Internet Explorer: 7.0.5730.11

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    mDefault_Page_URL = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [ISMModule2] "c:\program files\ism\ISMModule2.exe"
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
    mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
    mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
    mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [avp] c:\windows\avp.exe
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    Trusted Zone: MLXchange.com\stwmls
    Trusted Zone: realtytools.com
    Trusted Zone: toolkitcma.com
    Trusted Zone: toolkitcma2.com
    Trusted Zone: musicmatch.com\online
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============


    =============== Created Last 30 ================

    2009-01-13 09:19 <DIR> --d----- c:\docume~1\steveb~1\applic~1\Malwarebytes
    2009-01-13 09:18 15,504 a------- c:\windows\system32\drivers\mbam.sys
    2009-01-13 09:18 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-13 09:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-01-13 09:18 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2009-01-12 13:35 <DIR> --d----- c:\program files\Trend Micro
    2009-01-03 15:31 <DIR> --d----- c:\program files\Lavasoft
    2009-01-01 20:43 <DIR> --d----- c:\windows\system32\NtmsData

    ==================== Find3M  ====================

    2008-12-31 10:48 5,642 a--sh--- c:\windows\system32\KGyGaAvL.sys
    2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
    2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
    2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
    2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
    2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
    2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
    2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
    2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
    2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
    2008-10-16 08:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
    2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
    2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
    2006-12-19 17:00 88 ---shr-- c:\windows\system32\F532365A55.sys
    2008-08-04 15:41 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080420080805\index.dat

    ============= FINISH: 10:04:09.57 ===============

     


    ==== Installed Programs ======================

    Adobe Flash Player 9 ActiveX
    Adobe Flash Player ActiveX
    Adobe Reader 8.1.3
    AOLIcon
    Broadcom Management Programs
    Brother MFL-Pro Suite
    Conexant HDA D110 MDC V.92 Modem
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Game Console
    Dell Support Center (Support Software)
    Dell System Restore
    DellSupport
    Digital Content Portal
    Digital Line Detect
    Diner Dash
    Documentation & Support Launcher
    EducateU
    ELIcon
    Games, Music, & Photos Launcher
    Get High Speed Internet!
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Intel(R) Graphics Media Accelerator Driver for Mobile
    Intel(R) PROSet/Wireless Software
    Java 2 Runtime Environment, SE v1.4.2_03
    Learn2 Player (Uninstall Only)
    Malwarebytes' Anti-Malware
    McAfee SecurityCenter
    mCore
    MCU
    mDrWiFi
    mHlpDell
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    mIWA
    mIWCA
    mLogView
    mMHouse
    Modem Helper
    mPfMgr
    mPfWiz
    mProSafe
    MSN
    mSSO
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    mToolkit
    Musicmatch for Windows Media Player
    Musicmatch® Jukebox
    mWlsSafe
    mXML
    mZConfig
    NetWaiting
    NetZeroInstallers
    PaperPort
    PowerDVD 5.5
    QuickSet
    QuickTime
    RealPlayer Basic
    Search Assist
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Sonic DLA
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Synaptics Pointing Device Driver
    ToolkitCMA
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    URL Assistant
    Viewpoint Media Player
    Virtual Earth 3D (Beta)
    VisualTour Studio
    VT Remote Support
    WebCyberCoach 3.2 Dell
    WebFldrs XP
    WildTangent Web Driver
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows XP Service Pack 3
    WordPerfect Office 12

    ==== End Of File ===========================

     

    Thanks 🙂

    0 Kudos
    Bugbatter
    6 Gallium

    Re: Fake Anti-Virus Pop-Ups, among others

    So far, so  good.

    Run Disk Cleanup in each user's profile: Click "Start > Programs > Accessories > System Tools > Disk Cleanup" Please make sure only the following are checked:

    -- Downloaded Program Files

    -- Temporary Internet Files

    -- Recycle Bin

    -- Temporary Files

    Click "OK" and Disk Cleanup will delete those files for you.

    With your outdated Java, you are a magnet for malware, so let's take care of that. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version Java components and update.

    • Download the latest version of Java Runtime Environment (JRE) 6.
    • Scroll down to where it says Java SE Runtime Environment (JRE) 6 Update 11 .
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • NOTE: As always during installations, beware of any pre-checked option to install a toolbar. If you do not want it, UNcheck it.
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check Java 2 Runtime Environment, SE v1.4.2_03
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each of the Java versions.
      Close Add/Remove.

    • * In Windows Explorer, navigate to C:\Program Files\Java =this folder. Delete any subfolders.
      * Do NOT delete C:\Program Files\JavaVM =this folder, if found!
    • Reboot your computer once all Java components are removed.

    Please perform this follow-up online scan: F-Secure Online Scanner
    The online scanner is on the bottom right of the page.
    Direct link: http://support.f-secure.com/enu/home/ols.shtml

    Follow the directions on the F-Secure page for proper Installation.

    * You may receive an alert on the address bar at this point to install the ActiveX control.
    * Click on that alert and then click "Install ActiveX component".
    * Read the license agreement and click "Accept".
    * Click "Custom Scan" and be sure the following are checked:

    • Scan whole System

    • Scan all files
    • Scan whole system for rootkits
    • Scan whole system for spyware
    • Scan inside archives
    • Use advanced heuristics


    * When the scan completes, click the "I want to decide item by item" button.
    * For each item found, Select "Disinfect" and click "Next". * When done, click the "Show Report" button, then copy and paste the entire report into your next reply.
    Please include a fresh HijackThis log and let me know how things are running.


    Windows Insider MVP 2016 -

    Microsoft MVP - Consumer Security 2006-2016

    Social Media and Community Professional

    0 Kudos
    sean2009
    1 Nickel

    Re: Fake Anti-Virus Pop-Ups, among others

    Everything seems to be running OK.

    Here are the logs:

     

    Computer name: STEVE
    Scanning type: Scan system for malware, rootkits
    Target: C:\


    Result: 3 malware found

    TrackingCookie.Adbrite (spyware)

    • System

    TrackingCookie.Atdmt (spyware)

    • System

    TrackingCookie.Yieldmanager (spyware)

    • System

    Statistics

    Scanned:

    • Files: 154050
    • System: 3951
    • Not scanned: 63

    Actions:

    • Disinfected: 0
    • Renamed: 0
    • Deleted: 0
    • None: 3
    • Submitted: 0

    Files not scanned:

      x)��_info.gif
    • C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\3D6NVRBX\valert[1].ui\images/sidetable_bottom.gif
    • C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\3D6NVRBX\valert[1].ui\images/sidetable_bottom_red.gif
    • C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\3D6NVRBX\valert[1].ui\images/sidetable_top.gif
    • C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\3D6NVRBX\valert[1].ui\images/sidetable_top_red.gif
    • C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\3D6NVRBX\valert[1].ui\images/transpix.gif
    • C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\3D6NVRBX\valert[1].ui\images/watermark_mys_150x130.gif
    • C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\3D6NVRBX\valert[1].ui\oemcfg.vbs
    • C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\3D6NVRBX\valert[1].ui\OEMIds.vbs
    • C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\3D6NVRBX\valert[1].ui\valert.htm
    • C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\3D6NVRBX\valert[1].ui\valert_old.htm
    • C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\3D6NVRBX\valert[1].ui\hs~valert.htm
    • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
    • C:\WINDOWS\SYSTEM32\CONFIG\SAM
    • C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
    • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
    • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
    • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
    • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
    • C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
    • C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
    • C:\Program Files\VTStudio\oidutsvt.dat\license.xml
    • C:\Program Files\VTStudio\oldversion\oidutsvt.dat\license.xml
    • C:\Program Files\McAfee.com\Agent\uninst\screm.ui\agntcons.vbs
    • C:\Program Files\McAfee.com\Agent\uninst\screm.ui\agntlang.vbs
    • C:\Program Files\McAfee.com\Agent\uninst\screm.ui\comctl.lpk
    • C:\Program Files\McAfee.com\Agent\uninst\screm.ui\config.ini
    • C:\Program Files\McAfee.com\Agent\uninst\screm.ui\pbar.vbs
    • C:\Program Files\McAfee.com\Agent\uninst\screm.ui\UnInsStr.vbs
    • C:\Program Files\McAfee.com\Agent\uninst\screm.ui\uninst.vbs
    • C:\Program Files\McAfee.com\Agent\uninst\screm.ui\uninstall.htm
    • C:\DOCUMENTS AND SETTINGS\STEVE BROPHY\NTUSER.DAT
    • C:\DOCUMENTS AND SETTINGS\STEVE BROPHY\NTUSER.DAT.LOG
    • C:\DOCUMENTS AND SETTINGS\STEVE BROPHY\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\MNNQCWWP\RE_ FWD_ FW_ 41 A NOOSENECK HILL RD.
    • C:\DOCUMENTS AND SETTINGS\STEVE BROPHY\LOCAL SETTINGS\TEMP\TMP15B.TMP
    • C:\DOCUMENTS AND SETTINGS\STEVE BROPHY\LOCAL SETTINGS\TEMP\TMP15E.TMP
    • C:\DOCUMENTS AND SETTINGS\STEVE BROPHY\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
    • C:\DOCUMENTS AND SETTINGS\STEVE BROPHY\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
    • C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
    • C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT.LOG
    • Cszrmx)x)l.lpk
    • C:\Program Files\McAfee.com\Agent\uninst\screm.ui\config.ini
    • C:\Program Files\McAfee.com\Agent\uninst\screm.ui\pbar.vbs
    • C:\Program Files\McAfee.com\Agent\uninst\screm.ui\UnInsStr.vbs
    • C:\Program Files\McAfee.com\Agent\uninst\screm.ui\uninst.vbs
    • C:\Program Files\McAfee.com\Agent\uninINGS\NE�

    Options

    Scanning engines:

    • F-Secure USS: 2.40.0
    • F-Secure Hydra: 2.8.8110, 2009-01-13
    • F-Secure AVP: 7.0.171, 2009-01-13
    • F-Secure Pegasus: 1.20.0, 2008-11-17
    • F-Secure Blacklight: 0.0.0

    Scanning options:

    • Scan all files
    • Scan inside archives
    • Use Advanced heuristics

     

     

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:58:57 PM, on 1/13/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    c:\PROGRA~1\mcafee\msc\mcuimgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ISMModule2] "C:\Program Files\ISM\ISMModule2.exe"
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://stwmls.MLXchange.com
    O15 - Trusted Zone: http://*.realtytools.com
    O15 - Trusted Zone: http://*.toolkitcma.com
    O15 - Trusted Zone: http://*.toolkitcma2.com
    O16 - DPF: {2564B8E6-7D84-11D4-A689-30475BC10000} (Tkweb Control) - http://www.toolkitcma.com/tkweb/tkweb.cab
    O16 - DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} (SISCtrl Class) - http://stwmls.mlxchange.com/Control/SISC.cab
    O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://stwmls.mlxchange.com/Control/MultiSelectComboBox.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
    O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://stwmls.mlxchange.com/Control/MLXClientUtils.cab
    O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://stwmls.mlxchange.com/4.2.04.18/Control/IRCSharc.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 10510 bytes

     

    0 Kudos
    Bugbatter
    6 Gallium

    Re: Fake Anti-Virus Pop-Ups, among others

    That's good news.

    If everything is still running well....

    To flush the XP System Restore Points: (Using XP, you must be logged in as Administrator to do this.)

    Go to Start>Run and type msconfig Press enter.

    When msconfig opens, click the Launch System Restore Button.

    On the next page, click the System Restore Settings Link on the left.

    Check the box labeled Turn Off System Restore.

    Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.

    Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.

    If you have installed Malwarebytes' Anti-Malware as part of your cleaning procedures, keep it updated and use it to scan every so often for malware, or upgrade to the paid version for realtime scanning and auto updating.

    The following suggestions are general prevention and are not customized for your computer. You may have already taken some of these steps, and depending on your current security, you may not need to implement all of these:


    1. Visit Microsoft Update: Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS. Microsoft's widows Update: http://v4.windowsupdate.microsoft.com/en/default.asp

    2. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date. Note: Zone Alarm Firewall (by Checkpoint) has a free version http://www.zonelabs.com/store/content/company/products/trial_zaFamily/trial_zaFamily.jsp?lid=home_fr...

    3.You might consider installing Mozilla / Firefox.
    http://www.mozilla.com/en-US/

    4. Do not use file sharing. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

    5. Before using or purchasing any Spyware/Malware protection/removal program, always check the following Rogue/Suspect Spyware Lists. http://www.spywarewarrior.com/rogue_anti-spyware.htm http://www.malwarebytes.org/database.php

    6. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/ ** UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.

    7. Practice Safe Surfing with with TrendProtect by Trend Micro. This is not compatible with Firefox 3.0 yet. TrendProtect is a browser plugin that assigns a safety rating to domains listed in your search engine. TrendProtect also adds a new button to your browser's toolbar area. The icon and color of the button changes to indicate whether the page currently open is safe, unsafe, trusted, or unrated, or whether it contains unwanted content. The following color codes are used by TrendProtect to indicate the safety of each site.

    • Red for Warning
    • Yellow for Use Caution
    • Green for Safe
    • Grey for Unknown

     

    For Firefox, you can use Web Of Trust.  It uses colored alerts to warn about risky websites that try to scam visitors, deliver malware, or send spam.

     

    8. You might consider installing SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
    It will:
    Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
    Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
    Restrict the actions of potentially unwanted sites in Internet Explorer.
    Tutorial here:http://www.bleepingcomputer.com/forums/tutorial49.html
    Periodically check for updates

    9. Here are some helpful articles:
    "How did I get infected?"
    http://www.bleepingcomputer.com/forums/topic2520.html


    "I'm not pulling your leg, honest"
    by Sandi Hardmeier
    http://www.microsoft.com/windows/IE/community/columns/pulling.mspx



    If your issue has been resolved, please click all five stars in this post. Thank you and Safe Surfing.


    Windows Insider MVP 2016 -

    Microsoft MVP - Consumer Security 2006-2016

    Social Media and Community Professional

    0 Kudos
    sean2009
    1 Nickel

    Re: Fake Anti-Virus Pop-Ups, among others

    Thanks for your help! 🙂

    0 Kudos
    Bugbatter
    6 Gallium

    Re: Fake Anti-Virus Pop-Ups, among others

    You're most welcome!  emoticon.Smile.title


    Windows Insider MVP 2016 -

    Microsoft MVP - Consumer Security 2006-2016

    Social Media and Community Professional

    0 Kudos