Tech Support Forum - View Single Post - allsecurepages.com has hijacked my browser

nhoribe · 06-24-2007, 08:55 PM

I have completed the first 5 steps -
Deckard's System Scanner v20070611.50
Run by nobu on 2007-06-24 at 20:30:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as nobu.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:31:49 PM, on 6/24/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85M3G523\dss[1].exe
C:\PROGRA~1\HIJACK~1\nobu.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36ADA89D-2440-4DC4-820A-3A05E8630935} - C:\Program Files\Video ActiveX Access\iesplg.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\winnt\system32\cbtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NICSer_WPC54G - c:\program files\linksys\wireless-g notebook adapter\nicserv.exe

S3 PACSPTISVR - "c:\program files\common files\sony shared\avlib\pacsptisvr.exe" <Not Verified; ; PACSPTISVR Module>

-- Scheduled Tasks -------------------------------------------------------------

2007-04-01 01:00:09 350 --a------ C:\WINNT\Tasks\McQcTask.job

-- Files created between 2007-05-24 and 2007-06-24 -----------------------------

2007-06-24 20:01:17 0 d-------- C:\ie-spyad
2007-06-24 19:55:36 0 d-------- C:\Program Files\SpywareBlaster
2007-06-24 19:09:51 0 d-------- C:\WINNT\system32\ActiveScan
2007-06-23 17

04 0 d-------- C:\Program Files\Video ActiveX Access
2007-06-23 17:03:58 66048 --a------ C:\WINNT\system32\wmerrenu.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2007-06-23 17:03:58 270336 --a------ C:\WINNT\system32\pdbrowse.dll
2007-06-23 17:03:58 32768 --a------ C:\WINNT\system32\asferror.dll <Not Verified; Microsoft Corporation; Microsoft® NetShow>
2007-06-23 17:03:57 1290240 --a------ C:\WINNT\system32\wmploc.dll
2007-06-23 17:03:57 184320 --a------ C:\WINNT\system32\wmpcd.dll
2007-06-23 17:03:38 16384 --a------ C:\WINNT\system32\wmdmps.dll <Not Verified; Microsoft Corporation; Microsoft (R) DRM>
2007-06-23 17:03:38 24064 --a------ C:\WINNT\system32\wmdmlog.dll <Not Verified; Microsoft Corporation; Microsoft (R) DRM>
2007-06-23 17:03:38 159744 --a------ C:\WINNT\system32\mswmdm.dll <Not Verified; Microsoft Corporation; Microsoft (R) DRM>
2007-06-23 17:03:38 221184 --a------ C:\WINNT\system32\msscp.dll <Not Verified; Microsoft Corporation; Microsoft (R) DRM>
2007-06-23 17:03:38 53248 --a------ C:\WINNT\system32\mspmspsv.exe <Not Verified; Microsoft Corporation; Microsoft (R) DRM>
2007-06-23 17:03:38 188416 --a------ C:\WINNT\system32\mspmsp.dll <Not Verified; Microsoft Corporation; Microsoft (R) DRM>
2007-06-23 17:03:38 147456 --a------ C:\WINNT\system32\CEWMDM.dll
2007-06-23 17:03:35 446464 --a------ C:\WINNT\system32\wmvdmoe.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2007-06-23 17:03:35 466944 --a------ C:\WINNT\system32\wmv8dmoe.dll <Not Verified; Microsoft Corporation; Microsoft (R) NetShow>
2007-06-23 17:03:35 118784 --a------ C:\WINNT\system32\wmsdmoe.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2007-06-23 17:03:33 335360 --a------ C:\WINNT\system32\wmstream.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2007-06-23 17:03:31 241725 --a------ C:\WINNT\system32\msuni11.dll <Not Verified; Microsoft Corporation; Microsoft (R) Jet>
2007-06-23 17:03:31 368710 --a------ C:\WINNT\system32\msisam11.dll <Not Verified; Microsoft Corporation; Microsoft (R) Jet>
2007-06-23 17:03:31 163840 --a------ C:\WINNT\system32\mindex.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows Media Player>
2007-06-22 04:42:24 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2d8.dat
2007-06-22 04:39:02 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_540.dat
2007-06-20 14:59:25 0 d-------- C:\WINNT\system32\SoftwareDistribution
2007-06-20 14:58:31 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4fc.dat
2007-06-19 15:34:56 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_234.dat
2007-06-14 16:36:33 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4ec.dat
2007-06-13 05:25:04 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_4e4.dat
2007-06-11 14:57:17 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_50c.dat
2007-06-08 05:18:10 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_314.dat
2007-06-07 15:09:34 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_524.dat
2007-05-26 16:15:06 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_518.dat
2007-05-25 08:54:29 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2d4.dat

-- Find3M Report ---------------------------------------------------------------

2007-06-24 19:30:19 0 d-------- C:\Program Files\Microsoft IntelliPoint
2007-06-24 19:17:33 0 d-------- C:\Program Files\QuickTime
2007-06-24 04:38:34 1196974 ---h----- C:\WINNT\ShellIconCache
2007-06-23 17:04:07 8192 --a-s---- C:\WINNT\system32\afkvvy.dll
2007-06-22 04:36:02 0 d-------- C:\Program Files\McAfee
2007-06-13 18:02:16 12842 --a------ C:\WINNT\system32\nvModes.dat
2007-05-25 08:56:11 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-05-17 10:39:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterVideo <INTERV~1>
2007-05-13 12:10:23 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_520.dat
2007-05-12 08:41:23 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2b4.dat
2007-05-12 08:31:41 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_514.dat
2007-04-30 07:16:11 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_504.dat
2007-04-20 08

15 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_2cc.dat

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{36ADA89D-2440-4DC4-820A-3A05E8630935} C:\Program Files\Video ActiveX Access\iesplg.dll
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} c:\program files\mcafee\virusscan\scriptcl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINNT\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet"
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"user32.dll"="C:\\Program Files\\Video ActiveX Access\\iesmn.exe"
"rare"="C:\\Program Files\\Video ActiveX Access\\imsmain.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{4688f900-0d0c-4788-b297-59cc10e70ccc}"="bipinnatifid"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\0\0
wugroup REG_MULTI_SZ wuauserv\0\0
BITSgroup REG_MULTI_SZ BITS\0\0

-- End of Deckard's System Scanner: finished at 2007-06-24 at 20:32:47 ---------

I continue to get pop ups for security software and System Alert: