Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Streaming Audio Virus/ Page Hijacker?  (Read 2913 times)

0 Members and 1 Guest are viewing this topic.

alterwind

    Topic Starter


    Rookie

    Streaming Audio Virus/ Page Hijacker?
    « on: May 16, 2009, 12:22:08 AM »
    For quite sometime I have been getting audio advertisements when I access some websites (including CNET Download even when accessed through the link on this site.)  I generally know  when it's going to happen because I hear the cursor clicking to change the page from the site I want to be on.  In the past I would think I got rid of it with AVG switched to AVAST and it still happens.  I followed the instructions for malware removal however when I went to the Computer Hope process tool and had it analyze my Hijack log I didnot feel like I knew what was safe to delete.  I have attached the requested logs.  Any assistance would be appreciated. Thank you folks for running this website!!

    [attachment deleted by admin]

    harry 48



      Egghead
    • lay back , relax and chill out
    • Thanked: 129
      • Yes
      • Yes
      • Yes
      • Dribbling Pensioner
    • Certifications: List
    • Computer: Specs
    • Experience: Familiar
    • OS: Windows 7
    Re: Streaming Audio Virus/ Page Hijacker?
    « Reply #1 on: May 16, 2009, 04:51:15 PM »
    can you not post the process results here , because they are in red doe's not mean they have to come out  , HARRY

    alterwind

      Topic Starter


      Rookie

      Re: Streaming Audio Virus/ Page Hijacker?
      « Reply #2 on: May 16, 2009, 05:07:30 PM »
      I'm sorry I don't know what you mean.  I thought I posted the 3 logs in the right place.  What did you mean about something in red?  Thanks

      I think I solved the problem! I manned up and followed the deletions as instructed!! Thanks for this great website!!
      « Last Edit: May 16, 2009, 05:56:55 PM by alterwind »

      evilfantasy

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Calm like a bomb
      • Thanked: 481
        • evilfantasy's blog
      • Experience: Beginner
      • OS: Windows 7
      Re: Streaming Audio Virus/ Page Hijacker?
      « Reply #3 on: May 16, 2009, 07:24:16 PM »
      Would you mind double checking? Better safe than sorry.

      Disable Ad-Aware as it may interfere with the HijackThis repairs

      • Click the Settings button, Auto Scans tab, and under Scan on Ad-Aware startup
      • Be sure both selections for No automated scan are checked (green).
      • Then click Save and close Ad-Aware.
      .
      ----------

      Open HijackThis and select Do a system scan only.

      Place a check mark next to the following entries: (if there)

      • R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
      • O1 - Hosts: 216.93.174.28 view.atdmt.com
      • O1 - Hosts: 216.93.174.28 ad.doubleclick.net
      • O2 - BHO: (no name) - {C323E25E-E56E-45C9-8D48-1F60D324C39E} - (no file) O3 - Toolbar: (no name) - {F1654F8F-1EE7-433D-AB43-E3031F766ACC} - (no file)
      • O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      • O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      .
      Important: Close all windows except for HijackThis and then click Fix checked.

      Exit HijackThis.

      ----------

      Download DDS by sUBs and save it to your desktop. Alternate DDS download link

      Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

      * XP users Double click on dds to run it.
      * If your antivirus or firewall try to block DDS then please allow it to run.
      * When finished DDS will open two (2) logs.

      1) DDS.txt
      2) Attach.txt

      * Save both logs to your desktop.
      * Please copy and paste the entire contents of both logs in your next reply.

      Note: DDS will instruct you to post the Attach.txt log as an attachment.
      Please just post it as you would any other log by copy and pasting it into the reply.

      alterwind

        Topic Starter


        Rookie

        Re: Streaming Audio Virus/ Page Hijacker?
        « Reply #4 on: May 17, 2009, 04:10:35 PM »
        Here are the requested logs (Thank you for your diligence!!):


        1) DDS.txt



        DDS (Ver_09-05-14.01) - NTFSx86 
        Run by Susan Brown at 17:55:06.70 on Sun 05/17/2009
        Internet Explorer: 6.0.2900.2180
        Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.510.268 [GMT -4:00]

        AV: avast! antivirus 4.8.1335 [VPS 090516-0] *On-access scanning enabled* (Updated)   {7591DB91-41F0-48A3-B128-1A293FD8233D}
        FW: ZoneAlarm Firewall *enabled*   {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

        ============== Running Processes ===============

        C:\WINDOWS\system32\svchost -k DcomLaunch
        svchost.exe
        C:\WINDOWS\System32\svchost.exe -k netsvcs
        svchost.exe
        svchost.exe
        C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\BCMSMMSG.exe
        C:\Program Files\Microsoft IntelliPoint\ipoint.exe
        C:\Program Files\Zone Labs\Zone Alarm2\ZoneAlarm\zlclient.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\PopupVanish\PopupVanish.exe
        C:\WINDOWS\system32\LEXBCES.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\LEXPPS.EXE
        C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\WINDOWS\system32\cisvc.exe
        C:\Program Files\Java\jre6\bin\jqs.exe
        C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
        C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
        C:\WINDOWS\wanmpsvc.exe
        C:\WINDOWS\System32\MsPMSPSv.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\WINDOWS\system32\fxssvc.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\WINDOWS\system32\wscntfy.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\Program Files\SUPERAntiSpyware\8f61df0f-557e-4056-8470-ecc7d24ea825.exe
        C:\WINDOWS\system32\cidaemon.exe
        C:\WINDOWS\system32\cidaemon.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Documents and Settings\Susan Brown\Desktop\dds.pif

        ============== Pseudo HJT Report ===============

        uStart Page = hxxp://www.google.com/webhp?hl=en&lr=&btnG=Search
        uDefault_Page_URL = hxxp://www.dellnet.com
        mStart Page = hxxp://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
        mSearch Bar = hxxp://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
        uInternet Connection Wizard,ShellNext = iexplore
        BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat

        7.0\activex\AcroIEHelper.dll
        BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
        BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

        files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
        TB: {F1654F8F-1EE7-433D-AB43-E3031F766ACC} - No File
        TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
        TB: {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No File
        EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
        EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
        EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
        EB: {EDC4193F-34AD-4D07-AA87-E3FDB89E3E76} - No File
        uRun: [PopupVanish] c:\program files\popupvanish\PopupVanish.exe
        mRun: [BCMSMMSG] BCMSMMSG.exe
        mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
        mRun: [ZoneAlarm Client] "c:\program files\zone labs\zone alarm2\zonealarm\zlclient.exe"
        mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
        mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
        dRunOnce: [RunNarrator] Narrator.exe
        IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
        IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
        IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
        IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
        Trusted Zone: microsoft.com \v4.windowsupdate
        Trusted Zone: microsoft.com      \*.windowsupdate
        Trusted Zone: windowsupdate.com \*.download
        DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
        DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
        DPF: Yahoo! Literati - hxxp://download.games.yahoo.com/games/clients/y/tt2_x.cab
        DPF: YExplorer1_8US.CAB - hxxp://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
        DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
        DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
        DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
        DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
        DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} -

        hxxp://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1069812730765
        DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} -

        hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
        DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
        DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst.cab
        DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
        DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
        DPF: {4B48D5DF-9021-45F7-A240-60304302A215} -

        hxxp://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab
        DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - hxxp://aol.ea.com/downloads/games/common/snoopy/iesnoopy.cab
        DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

        hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228837070640
        DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
        DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

        hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228837058281
        DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www3.ca.com/securityadvisor/virusinfo/webscan.cab
        DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
        DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
        DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

        hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
        DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxps://ostsweb.hhs.gov/tsweb/msrdp.cab
        DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -

        hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38792.9813194444
        DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
        DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
        DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
        DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5455/mcfscan.cab
        DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_1_3_0.cab
        Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
        Notify: igfxcui - igfxsrvc.dll
        Notify: PCANotify - PCANotify.dll
        SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
        SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

        ============= SERVICES / DRIVERS ===============

        R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-2 114768]
        R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2001-10-22 33496]
        R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2000-9-11 10816]
        R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-11-17 9968]
        R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-11-17 55024]
        R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-1-19 353680]
        R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
        R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-2 20560]
        R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-12-2 138680]
        R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-1-11 192160]
        R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-1-11 169632]
        R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-4-8 92008]
        R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service -->

        c:\windows\system32\zonelabs\vsmon.exe -service [?]
        R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-12-2 254040]
        R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-12-2 352920]
        R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-11-17 7408]
        S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2001-11-2 114749]
        S3 OlCamudp;OLYMPUS Digital Camera;c:\windows\system32\drivers\olcamudp.sys [2007-3-31 10379]
        S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-2-27 1123008]

        =============== Created Last 30 ================

        2009-05-16 00:09   <DIR>   --d-----   c:\docume~1\Susan~1\applic~1\Malwarebytes
        2009-05-16 00:09   15,504   a-------   c:\windows\system32\drivers\mbam.sys
        2009-05-16 00:09   38,496   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
        2009-05-16 00:09   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
        2009-05-16 00:09   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
        2009-05-03 19:21   <DIR>   --d-----   c:\program files\Viewpoint
        2009-04-21 20:47   <DIR>   --d-----   c:\program files\TomTom International B.V

        ==================== Find3M  ====================

        2009-04-05 14:54   410,984   a-------   c:\windows\system32\deploytk.dll

        ============= FINISH: 17:56:12.04 ===============



        2) Attach.txt



        UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
        IF REQUESTED, ZIP IT UP & ATTACH IT

        DDS (Ver_09-05-14.01)

        Microsoft Windows XP Home Edition
        Boot Device: \Device\HarddiskVolume2
        Install Date: 1/23/2003 4:22:43 PM
        System Uptime: 5/17/2009 2:25:13 AM (15 hours ago)

        Motherboard: Dell Computer Corporation |  | 07W080
        Processor:               Intel(R) Pentium(R) 4 CPU 1.80GHz | Socket 478 | 1794/400mhz

        ==== Disk Partitions =========================

        A: is Removable
        C: is FIXED (NTFS) - 56 GiB total, 35.815 GiB free.
        D: is CDROM ()
        E: is CDROM ()

        ==== Disabled Device Manager Items =============

        ==== System Restore Points ===================

        RP1130: 2/17/2009 9:12:42 AM - System Checkpoint
        RP1131: 2/19/2009 7:58:53 PM - System Checkpoint
        RP1132: 2/27/2009 12:47:06 AM - System Checkpoint
        RP1133: 3/3/2009 12:09:54 PM - System Checkpoint
        RP1134: 3/6/2009 1:27:19 PM - System Checkpoint
        RP1135: 3/7/2009 1:57:41 PM - System Checkpoint
        RP1136: 3/8/2009 8:15:33 PM - System Checkpoint
        RP1137: 3/16/2009 9:26:51 PM - Software Distribution Service 3.0
        RP1138: 3/18/2009 12:54:14 AM - System Checkpoint
        RP1139: 3/20/2009 9:45:28 AM - System Checkpoint
        RP1140: 3/21/2009 9:08:31 PM - System Checkpoint
        RP1141: 3/24/2009 1:51:05 PM - System Checkpoint
        RP1142: 3/25/2009 8:32:18 PM - System Checkpoint
        RP1143: 3/27/2009 11:15:33 AM - System Checkpoint
        RP1144: 3/28/2009 8:46:17 PM - System Checkpoint
        RP1145: 3/30/2009 3:47:02 AM - System Checkpoint
        RP1146: 3/31/2009 10:14:44 PM - System Checkpoint
        RP1147: 4/2/2009 2:33:12 AM - System Checkpoint
        RP1148: 4/3/2009 4:12:35 AM - System Checkpoint
        RP1149: 4/4/2009 4:16:59 AM - System Checkpoint
        RP1150: 4/5/2009 8:16:58 AM - System Checkpoint
        RP1151: 4/5/2009 10:46:20 AM - Software Distribution Service 3.0
        RP1152: 4/5/2009 11:55:30 AM - Removed Java(TM) 6 Update 2
        RP1153: 4/5/2009 2:54:02 PM - Installed Java(TM) 6 Update 13
        RP1154: 4/10/2009 9:20:09 AM - System Checkpoint
        RP1155: 4/20/2009 1:58:32 PM - System Checkpoint
        RP1156: 4/21/2009 2:27:40 PM - System Checkpoint
        RP1157: 4/22/2009 8:02:50 PM - System Checkpoint
        RP1158: 4/24/2009 1:18:30 PM - System Checkpoint
        RP1159: 4/25/2009 4:03:17 PM - System Checkpoint
        RP1160: 4/26/2009 6:06:07 PM - System Checkpoint
        RP1161: 4/28/2009 1:02:42 PM - System Checkpoint
        RP1162: 4/30/2009 7:59:22 AM - System Checkpoint
        RP1163: 5/1/2009 3:29:27 PM - System Checkpoint
        RP1164: 5/2/2009 3:53:46 PM - System Checkpoint
        RP1165: 5/4/2009 7:45:18 AM - System Checkpoint
        RP1166: 5/5/2009 11:29:35 AM - System Checkpoint
        RP1167: 5/8/2009 12:23:59 PM - System Checkpoint
        RP1168: 5/9/2009 3:42:01 PM - System Checkpoint
        RP1169: 5/10/2009 5:13:24 PM - System Checkpoint
        RP1170: 5/12/2009 3:23:01 PM - System Checkpoint
        RP1171: 5/14/2009 12:00:19 AM - System Checkpoint
        RP1172: 5/15/2009 8:24:41 AM - System Checkpoint
        RP1173: 5/16/2009 12:43:09 PM - System Checkpoint
        RP1174: 5/16/2009 6:49:07 PM - PreHijackDeletion Host files

        ==== Installed Programs ======================


        Ad-Aware
        Adobe Flash Player 10 ActiveX
        Adobe Reader 7.0.9
        AOL Coach Version 1.0(Build:20020929.1)
        AOL Coach Version 2.0(Build:20041026.5 en)
        AOL Connectivity Services
        AOL Uninstaller (Choose which Products to Remove)
        avast! Antivirus
        Avery Wizard 2.1 for Microsoft® Word 2000
        BACS
        BCM V.92 56K Modem
        Broadcom Advanced Control Suite
        ccCommon
        CCleaner (remove only)
        Classic PhoneTools
        Corel WordPerfect Suite 8
        Dell Modem-On-Hold
        Dell Picture Studio - Dell Image Expert
        Dell Solution Center
        Dell Support
        Digital Line Detect
        Docudesk GPL Ghostscript 8.15
        Easy CD Creator 5 Basic
        Gravity Well v4.0
        Help and Support Customization
        HijackThis 2.0.2
        Hotfix for Windows Media Format 11 SDK (KB929399)
        Hotfix for Windows XP (KB896344)
        Hotfix for Windows XP (KB909394)
        Hotfix for Windows XP (KB926239)
        Hotfix for Windows XP (KB952287)
        Intel RSX 3D
        Intel(R) Extreme Graphics Driver
        iTunes
        Java(TM) 6 Update 13
        Learn2 Player (Uninstall Only)
        LiveReg (Symantec Corporation)
        Malwarebytes' Anti-Malware
        Microsoft .NET Framework (English)
        Microsoft .NET Framework (English) v1.0.3705
        Microsoft .NET Framework 2.0
        Microsoft ActiveSync
        Microsoft Compression Client Pack 1.0 for Windows XP
        Microsoft Data Access Components KB870669
        Microsoft IntelliPoint 6.1
        Microsoft Office 2000 Small Business
        Microsoft Silverlight
        Modem Helper
        Move Networks Media Player for Internet Explorer
        Move Networks Player for Internet Explorer
        MSN Gaming Zone
        MSN Messenger 6.0
        MSXML 4.0 SP2 (KB925672)
        MSXML 4.0 SP2 (KB927978)
        MSXML 4.0 SP2 (KB936181)
        MSXML 4.0 SP2 (KB954430)
        MUSICMATCH® Jukebox
        Network Play System (Patching)
        Norton AntiVirus Parent MSI
        Norton AntiVirus SYMLT MSI
        Octoshape add-in for Adobe Flash Player
        OLYMPUS CAMEDIA Master 2.0
        PrimoPDF
        Pure Networks Port Magic
        Quicken 2002 New User Edition
        QuickTime
        RealOne Player
        Security Update for CAPICOM (KB931906)
        Security Update for Step By Step Interactive Training (KB898458)
        Security Update for Step By Step Interactive Training (KB923723)
        Security Update for Windows Media Player (KB911564)
        Security Update for Windows Media Player (KB952069)
        Security Update for Windows Media Player 10 (KB936782)
        Security Update for Windows Media Player 6.4 (KB925398)
        Security Update for Windows Media Player 9 (KB911565)
        Security Update for Windows Media Player 9 (KB917734)
        Security Update for Windows Media Player 9 (KB936782)
        Security Update for Windows XP (KB890046)
        Security Update for Windows XP (KB893756)
        Security Update for Windows XP (KB896358)
        Security Update for Windows XP (KB896422)
        Security Update for Windows XP (KB896423)
        Security Update for Windows XP (KB896424)
        Security Update for Windows XP (KB896428)
        Security Update for Windows XP (KB899587)
        Security Update for Windows XP (KB899591)
        Security Update for Windows XP (KB900725)
        Security Update for Windows XP (KB901017)
        Security Update for Windows XP (KB901214)
        Security Update for Windows XP (KB902400)
        Security Update for Windows XP (KB904706)
        Security Update for Windows XP (KB905414)
        Security Update for Windows XP (KB905749)
        Security Update for Windows XP (KB905915)
        Security Update for Windows XP (KB908519)
        Security Update for Windows XP (KB908531)
        Security Update for Windows XP (KB911280)
        Security Update for Windows XP (KB911562)
        Security Update for Windows XP (KB911567)
        Security Update for Windows XP (KB911927)
        Security Update for Windows XP (KB912812)
        Security Update for Windows XP (KB912919)
        Security Update for Windows XP (KB913446)
        Security Update for Windows XP (KB913580)
        Security Update for Windows XP (KB914388)
        Security Update for Windows XP (KB914389)
        Security Update for Windows XP (KB916281)
        Security Update for Windows XP (KB917159)
        Security Update for Windows XP (KB917344)
        Security Update for Windows XP (KB917422)
        Security Update for Windows XP (KB917953)
        Security Update for Windows XP (KB918118)
        Security Update for Windows XP (KB918439)
        Security Update for Windows XP (KB918899)
        Security Update for Windows XP (KB919007)
        Security Update for Windows XP (KB920213)
        Security Update for Windows XP (KB920214)
        Security Update for Windows XP (KB920670)
        Security Update for Windows XP (KB920683)
        Security Update for Windows XP (KB920685)
        Security Update for Windows XP (KB921398)
        Security Update for Windows XP (KB921503)
        Security Update for Windows XP (KB921883)
        Security Update for Windows XP (KB922616)
        Security Update for Windows XP (KB922760)
        Security Update for Windows XP (KB922819)
        Security Update for Windows XP (KB923191)
        Security Update for Windows XP (KB923414)
        Security Update for Windows XP (KB923689)
        Security Update for Windows XP (KB923694)
        Security Update for Windows XP (KB923980)
        Security Update for Windows XP (KB924191)
        Security Update for Windows XP (KB924270)
        Security Update for Windows XP (KB924496)
        Security Update for Windows XP (KB924667)
        Security Update for Windows XP (KB925454)
        Security Update for Windows XP (KB925486)
        Security Update for Windows XP (KB925902)
        Security Update for Windows XP (KB926255)
        Security Update for Windows XP (KB926436)
        Security Update for Windows XP (KB927779)
        Security Update for Windows XP (KB927802)
        Security Update for Windows XP (KB928090)
        Security Update for Windows XP (KB928255)
        Security Update for Windows XP (KB928843)
        Security Update for Windows XP (KB929123)
        Security Update for Windows XP (KB929969)
        Security Update for Windows XP (KB930178)
        Security Update for Windows XP (KB931261)
        Security Update for Windows XP (KB931768)
        Security Update for Windows XP (KB931784)
        Security Update for Windows XP (KB932168)
        Security Update for Windows XP (KB933729)
        Security Update for Windows XP (KB935839)
        Security Update for Windows XP (KB935840)
        Security Update for Windows XP (KB936021)
        Security Update for Windows XP (KB938127)
        Security Update for Windows XP (KB938464)
        Security Update for Windows XP (KB938829)
        Security Update for Windows XP (KB941202)
        Security Update for Windows XP (KB941568)
        Security Update for Windows XP (KB941569)
        Security Update for Windows XP (KB941644)
        Security Update for Windows XP (KB941693)
        Security Update for Windows XP (KB942615)
        Security Update for Windows XP (KB943055)
        Security Update for Windows XP (KB943460)
        Security Update for Windows XP (KB943485)
        Security Update for Windows XP (KB944338)
        Security Update for Windows XP (KB944533)
        Security Update for Windows XP (KB944653)
        Security Update for Windows XP (KB945553)
        Security Update for Windows XP (KB946026)
        Security Update for Windows XP (KB946648)
        Security Update for Windows XP (KB947864)
        Security Update for Windows XP (KB948590)
        Security Update for Windows XP (KB948881)
        Security Update for Windows XP (KB950749)
        Security Update for Windows XP (KB950759)
        Security Update for Windows XP (KB950760)
        Security Update for Windows XP (KB950762)
        Security Update for Windows XP (KB950974)
        Security Update for Windows XP (KB951066)
        Security Update for Windows XP (KB951376-v2)
        Security Update for Windows XP (KB951698)
        Security Update for Windows XP (KB951748)
        Security Update for Windows XP (KB952954)
        Security Update for Windows XP (KB953838)
        Security Update for Windows XP (KB953839)
        Security Update for Windows XP (KB954211)
        Security Update for Windows XP (KB954600)
        Security Update for Windows XP (KB955069)
        Security Update for Windows XP (KB956390)
        Security Update for Windows XP (KB956391)
        Security Update for Windows XP (KB956802)
        Security Update for Windows XP (KB956803)
        Security Update for Windows XP (KB956841)
        Security Update for Windows XP (KB957095)
        Security Update for Windows XP (KB957097)
        Security Update for Windows XP (KB958215)
        Security Update for Windows XP (KB958644)
        Security Update for Windows XP (KB958687)
        Security Update for Windows XP (KB958690)
        Security Update for Windows XP (KB960225)
        Security Update for Windows XP (KB960714)
        Security Update for Windows XP (KB960715)
        Shockwave
        Smart Defrag 1.11
        SPBBC
        SpywareBlaster 4.1
        SUPERAntiSpyware Free Edition
        Symantec
        Symantec pcAnywhere
        TomTom HOME 2.6.2.1586
        TomTom HOME Visual Studio Merge Modules
        Touch by HTC™ User Guide
        Update for Windows XP (KB894391)
        Update for Windows XP (KB898461)
        Update for Windows XP (KB900485)
        Update for Windows XP (KB910437)
        Update for Windows XP (KB916595)
        Update for Windows XP (KB920872)
        Update for Windows XP (KB922582)
        Update for Windows XP (KB927891)
        Update for Windows XP (KB929338)
        Update for Windows XP (KB930916)
        Update for Windows XP (KB931836)
        Update for Windows XP (KB936357)
        Update for Windows XP (KB938828)
        Update for Windows XP (KB942763)
        Update for Windows XP (KB942840)
        Update for Windows XP (KB946627)
        Update for Windows XP (KB951072-v2)
        Update for Windows XP (KB955839)
        Update for Windows XP (KB967715)
        VC 9.0 Runtime
        Viewpoint Media Player
        WebFldrs XP
        Windows Genuine Advantage Notifications (KB905474)
        Windows Genuine Advantage Validation Tool (KB892130)
        Windows Installer 3.1 (KB893803)
        Windows Media Format Runtime
        Windows Media Player 10
        Windows Media Player 9 Hotfix [See KB885492 for more information]
        Windows XP Hotfix - KB873339
        Windows XP Hotfix - KB885250
        Windows XP Hotfix - KB885835
        Windows XP Hotfix - KB885836
        Windows XP Hotfix - KB886185
        Windows XP Hotfix - KB887472
        Windows XP Hotfix - KB887742
        Windows XP Hotfix - KB888113
        Windows XP Hotfix - KB888302
        Windows XP Hotfix - KB890859
        Windows XP Hotfix - KB891781
        Windows XP Service Pack 2
        WinZip
        WordPerfect Office 2002
        ZoneAlarm

        ==== Event Viewer Messages From Past Week ========

        5/15/2009 6:18:00 AM, error: Service Control Manager [7034]  - The AOL TopSpeed

        Monitor service terminated unexpectedly.  It has done this 5 time(s).
        5/15/2009 6:09:58 AM, error: Service Control Manager [7031]  - The AOL TopSpeed

        Monitor service terminated unexpectedly.  It has done this 4 time(s).  The following

        corrective action will be taken in 1000 milliseconds: Restart the service.
        5/15/2009 6:01:55 AM, error: Service Control Manager [7031]  - The AOL TopSpeed

        Monitor service terminated unexpectedly.  It has done this 3 time(s).  The following

        corrective action will be taken in 1000 milliseconds: Restart the service.
        5/15/2009 5:53:53 AM, error: Service Control Manager [7031]  - The AOL TopSpeed

        Monitor service terminated unexpectedly.  It has done this 2 time(s).  The following

        corrective action will be taken in 1000 milliseconds: Restart the service.
        5/15/2009 5:46:50 AM, error: Service Control Manager [7031]  - The AOL TopSpeed

        Monitor service terminated unexpectedly.  It has done this 1 time(s).  The following

        corrective action will be taken in 1000 milliseconds: Restart the service.
        5/12/2009 9:49:04 PM, error: SideBySide [59]  - Resolve Partial Assembly failed for

        Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not

        installed on your system. .
        5/12/2009 9:49:04 PM, error: SideBySide [59]  - Generate Activation Context failed

        for

        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\

        MFC80U.DLL. Reference error message: The operation completed successfully. .
        5/12/2009 9:49:04 PM, error: SideBySide [32]  - Dependent Assembly

        Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly

        is not installed on your system.
        5/12/2009 9:48:56 PM, error: SideBySide [59]  - Generate Activation Context failed

        for

        C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\

        MFC80.DLL. Reference error message: The operation completed successfully. .

        ==== End Of File ===========================


        evilfantasy

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Calm like a bomb
        • Thanked: 481
          • evilfantasy's blog
        • Experience: Beginner
        • OS: Windows 7
        Re: Streaming Audio Virus/ Page Hijacker?
        « Reply #5 on: May 17, 2009, 04:41:37 PM »
        You need to get rid of Norton Antivirus. Running two antivirus is a big security risk.

        Go to Add or Remove Programs and uninstall:

        • Norton AntiVirus Parent MSI
        • Norton AntiVirus SYMLT MSI
        • Viewpoint Media Player
        .
        Download the Norton Removal Tool (SymNRT) to your Desktop. (This will not remove Symantec pcAnywhere)

        Once downloaded please close ALL open browsers, also save any work because this may require a restart.
        • Go to your desktop and double click on the removal tool and then click Setup.
        • Once open Click Next
        • Accept the license agreement and click Next
        • Type in the letters/numbers that you see into the text box then click Next.
        • Then click Next and the tool will start running.
        • Once finished restart the PC.
        • Delete Nortonremoval tool from your Desktop.
        .
        ----------

        Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

        Link #1
        Link #2

        **Note:  It is important that it is saved directly to your Desktop

        DO NOT run it yet!

        Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

        Delete these files/folders, as follows:

        1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
        It must be Notepad, not Wordpad.
        2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

        Code: [Select]
        KillAll::

        DDS::
        TB: {F1654F8F-1EE7-433D-AB43-E3031F766ACC} - No File
        TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
        TB: {F5735C15-1FB2-41FE-BA12-242757E69DDE} - No File
        EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
        EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
        EB: {EDC4193F-34AD-4D07-AA87-E3FDB89E3E76} - No File
        IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

        Folder::
        c:\program files\Viewpoint

        3. Go to the Notepad window and click Edit > Paste
        4. Then click File > Save
        5. Name the file CFScript.txt - Save the file to your Desktop
        6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



        ComboFix will begin to execute, just follow the prompts.
        After reboot (in case it asks to reboot), it will produce a log for you.
        Post that log (Combofix.txt) in your next reply.

        Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

        alterwind

          Topic Starter


          Rookie

          Re: Streaming Audio Virus/ Page Hijacker?
          « Reply #6 on: May 17, 2009, 06:01:05 PM »
          I do not have the following in my add/remove programs (or any other reference to Norton):
          Norton AntiVirus Parent MSI
          Norton AntiVirus SYMLT MSI

          I used to use Norton years ago but removed it I  believe through Add/Remove - However I do still have a Norton folder and files in my c:\program files.  Is it okay to just delete the folder?

          I removed the Viewpoint Media through Add/Remove, downloaded the Norton Removal Tool and when I tried to run it got the message:

          Manual Application Removal
          The following programs were found on this computer. These must be removed through "Add/Remove Programs" before Norton Removal Tool can proceed.
          Symantec pcAnywhere

          Please let me know what I should do or if I should just continue with the remainder of your instructions. Thank you for your continued help!


          evilfantasy

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Calm like a bomb
          • Thanked: 481
            • evilfantasy's blog
          • Experience: Beginner
          • OS: Windows 7
          Re: Streaming Audio Virus/ Page Hijacker?
          « Reply #7 on: May 17, 2009, 06:05:53 PM »
          You can just delete the Symantec folder. If you don't use Symantec pcAnywhere then use the removal tool.

          alterwind

            Topic Starter


            Rookie

            Re: Streaming Audio Virus/ Page Hijacker?
            « Reply #8 on: May 19, 2009, 05:03:28 PM »
            Here is the Combofix.txt log: Thank you :)

            ComboFix 09-05-19.04 - Susan Brown 05/19/2009 18:36.1 - NTFSx86
            Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.510.267 [GMT -4:00]
            Running from: c:\documents and settings\Susan Brown\Desktop\ComboFix.exe
            Command switches used :: c:\documents and settings\Susan Brown\Desktop\CFScript.txt
            AV: avast! antivirus 4.8.1335 [VPS 090518-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
            FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
            .

            (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            c:\program files\messenger\msmsgs.exe
            c:\windows\system32\drivers\fad.sys

            .
            (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
            .

            -------\Legacy_FAD


            (((((((((((((((((((((((((   Files Created from 2009-04-19 to 2009-05-19  )))))))))))))))))))))))))))))))
            .

            2009-05-16 04:09 . 2009-05-16 04:09   --------   d-----w   c:\documents and settings\Susan Brown\Application Data\Malwarebytes
            2009-05-16 04:09 . 2009-04-06 19:32   15504   ----a-w   c:\windows\system32\drivers\mbam.sys
            2009-05-16 04:09 . 2009-04-06 19:32   38496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
            2009-05-16 04:09 . 2009-05-16 04:09   --------   d-----w   c:\documents and settings\All Users\Application Data\Malwarebytes
            2009-05-16 04:09 . 2009-05-16 04:09   --------   d-----w   c:\program files\Malwarebytes' Anti-Malware
            2009-04-22 00:47 . 2009-04-22 00:47   --------   d-----w   c:\program files\TomTom International B.V

            .
            ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2009-05-16 21:05 . 2008-12-03 06:04   --------   d-----w   c:\program files\SUPERAntiSpyware
            2009-04-22 00:46 . 2009-02-20 12:19   --------   d-----w   c:\program files\TomTom HOME 2
            2009-04-05 20:06 . 2003-02-18 07:55   --------   d-----w   c:\program files\eFax Messenger Plus
            2009-04-05 20:06 . 2003-02-18 07:55   --------   d-----w   c:\program files\Common Files\efax
            2009-04-05 19:49 . 2008-08-12 13:32   --------   d-----w   c:\program files\Microsoft Silverlight
            2009-04-05 18:54 . 2009-04-05 18:54   410984   ----a-w   c:\windows\system32\deploytk.dll
            2009-04-05 18:54 . 2009-04-05 18:54   --------   d-----w   c:\program files\Java
            2009-04-05 16:42 . 2009-04-05 16:42   --------   d-----w   c:\program files\IObit
            2009-04-05 14:43 . 2009-04-05 14:43   --------   d-----w   c:\program files\CCleaner
            2009-03-29 23:18 . 2007-02-01 05:50   664   ----a-w   c:\windows\system32\d3d9caps.dat
            .

            (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            *Note* empty entries & legit default entries are not shown
            REGEDIT4

            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "PopupVanish"="c:\program files\PopupVanish\PopupVanish.exe" [2002-11-22 69632]
            "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
            "ZoneAlarm Client"="c:\program files\Zone Labs\Zone Alarm2\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
            "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
            "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
            "BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]

            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
            "RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2004-08-04 53760]

            [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
            "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
            2009-01-10 14:50   356352   ----a-w   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

            [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
            2002-02-15 18:51   24638   ----a-w   c:\windows\SYSTEM32\PCANotify.dll

            HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
            "wave"= serwvdrv.dll

            [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
            SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
            path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
            backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
            path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
            backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk.disabled]
            path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk.disabled
            backup=c:\windows\pss\America Online 9.0 Tray Icon.lnk.disabledCommon Startup

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online Tray Icon.lnk]
            path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online Tray Icon.lnk
            backup=c:\windows\pss\America Online Tray Icon.lnkCommon Startup

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
            path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
            backup=c:\windows\pss\AOL Companion.lnkCommon Startup

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
            path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
            backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
            path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
            backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
            path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
            backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

            [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
            path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
            backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
            "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
            "DwlClient"=c:\program files\Common Files\Dell\EUSW\Support.exe
            "PrinTray"=c:\windows\System32\spool\DRIVERS\W32X86\2\printray.exe
            "LXSUPMON"=c:\windows\System32\LXSUPMON.EXE RUN
            "absr"=c:\windows\mwsvm.exe
            "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

            [HKEY_LOCAL_MACHINE\software\microsoft\security center]
            "AntiVirusOverride"=dword:00000001

            [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
            "DisableMonitoring"=dword:00000001

            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
            "EnableFirewall"= 0 (0x0)

            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
            "c:\\Program Files\\America Online 9.0\\waol.exe"=
            "c:\\WINDOWS\\system32\\sessmgr.exe"=
            "c:\\Program Files\\iTunes\\iTunes.exe"=
            "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
            "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
            "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
            "c:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
            "c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=

            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
            "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

            R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [12/2/2008 6:05 PM 114768]
            R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/17/2008 4:11 PM 9968]
            R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 4:11 PM 55024]
            R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [12/2/2008 6:05 PM 20560]
            R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/8/2009 6:38 AM 92008]
            S3 OlCamudp;OLYMPUS Digital Camera;c:\windows\SYSTEM32\DRIVERS\olcamudp.sys [3/31/2007 9:43 AM 10379]
            S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 4:11 PM 7408]
            .
            Contents of the 'Scheduled Tasks' folder

            2007-09-16 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
            - c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 23:52]

            2009-05-19 c:\windows\Tasks\SmartDefrag.job
            - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-04-05 22:15]

            2009-05-19 c:\windows\Tasks\{B88E149F-7AD7-431A-8C5B-ABABF256A3A3}_SHARON_Susan Brown.job
            - c:\windows\system32\mobsync.exe [2002-08-29 04:56]
            .
            .
            ------- Supplementary Scan -------
            .
            uStart Page = hxxp://www.google.com/webhp?hl=en&lr=&btnG=Search
            mStart Page = hxxp://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
            mSearch Bar = hxxp://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
            uInternet Connection Wizard,ShellNext = iexplore
            Trusted Zone: microsoft.com \v4.windowsupdate
            Trusted Zone: microsoft.com      \*.windowsupdate
            Trusted Zone: windowsupdate.com \*.download
            DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
            DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
            .

            **************************************************************************

            catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
            Rootkit scan 2009-05-19 18:45
            Windows 5.1.2600 Service Pack 2 NTFS

            scanning hidden processes ... 

            scanning hidden autostart entries ...

            scanning hidden files ... 

            scan completed successfully
            hidden files: 0

            **************************************************************************
            .
            --------------------- LOCKED REGISTRY KEYS ---------------------

            [HKEY_USERS\S-1-5-21-3873776020-2489581424-1152295103-1006\Software\Microsoft\SystemCertificates\AddressBook*]
            @Allowed: (Read) (RestrictedCode)
            @Allowed: (Read) (RestrictedCode)
            .
            --------------------- DLLs Loaded Under Running Processes ---------------------

            - - - - - - - > 'winlogon.exe'(688)
            c:\program files\SUPERAntiSpyware\SASWINLO.DLL
            .
            ------------------------ Other Running Processes ------------------------
            .
            c:\program files\Lavasoft\Ad-Aware\aawservice.exe
            c:\program files\Alwil Software\Avast4\aswUpdSv.exe
            c:\program files\Alwil Software\Avast4\ashServ.exe
            c:\windows\SYSTEM32\LexBceS.exe
            c:\windows\SYSTEM32\Lexpps.exe
            c:\program files\Common Files\AOL\ACS\AOLacsd.exe
            c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
            c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
            c:\program files\Java\jre6\bin\jqs.exe
            c:\windows\SYSTEM32\wdfmgr.exe
            c:\progra~1\MICROS~4\rapimgr.exe
            c:\windows\wanmpsvc.exe
            c:\windows\SYSTEM32\MsPMSPSv.exe
            c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
            c:\windows\SYSTEM32\fxssvc.exe
            c:\windows\SYSTEM32\ZoneLabs\vsmon.exe
            c:\windows\SYSTEM32\wscntfy.exe
            c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
            .
            **************************************************************************
            .
            Completion time: 2009-05-19 18:51 - machine was rebooted
            ComboFix-quarantined-files.txt  2009-05-19 22:51

            Pre-Run: 38,294,376,448 bytes free
            Post-Run: 37,961,900,032 bytes free

            WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
            [boot loader]
            timeout=2
            default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
            [operating systems]
            c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
            multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

            197   --- E O F ---   2007-06-10 17:17

            evilfantasy

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Calm like a bomb
            • Thanked: 481
              • evilfantasy's blog
            • Experience: Beginner
            • OS: Windows 7
            Re: Streaming Audio Virus/ Page Hijacker?
            « Reply #9 on: May 19, 2009, 05:16:14 PM »
            Go to Start > Run and type notepad.exe then click OK

            Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

            Code: [Select]
            REGEDIT4

            [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
            "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

            Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

            Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

            Delete the fixme.reg from the Desktop.

            ----------

            How is the computer running now?

            alterwind

              Topic Starter


              Rookie

              Re: Streaming Audio Virus/ Page Hijacker?
              « Reply #10 on: May 19, 2009, 07:12:31 PM »
              I received a success message about adding the registry item!! Everything seems to be working smoothly - I haven't had any probs since getting rid of the hijacker - and now it seems like its even running a bit faster also!!

              Thank you so much 8) EFantasy!!!
               

              evilfantasy

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Calm like a bomb
              • Thanked: 481
                • evilfantasy's blog
              • Experience: Beginner
              • OS: Windows 7
              Re: Streaming Audio Virus/ Page Hijacker?
              « Reply #11 on: May 19, 2009, 07:20:58 PM »
              Sounds good.

              Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done.
              .
              • Click START then RUN
              • Now type Combofix /u in the runbox
              • Make sure there's a space between Combofix and /u
              • Then hit Enter.
              .
              .
              The above procedure will:
              • Delete: ComboFix and its associated files and folders.
              • Reset the clock settings.
              • Hide file extensions, if required.
              • Hide System/Hidden files, if required.
              • Set a new, clean Restore Point.
              .
              ----------

              Use the Secunia Software Inspector to check for out of date software.
              • Click Start Now
              • Check the box next to Enable thorough system inspection.
              • Click Start
              • Allow the scan to finish and scroll down to see if any updates are needed.
              • Update anything listed.
              .
              ----------

              Go to Microsoft Windows Update and get all critical updates.

              ----------

              I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

              SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
              * Using SpywareBlaster to protect your computer from Spyware and Malware
              * If you don't know what ActiveX controls are, see here

              Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

              Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.