Vimax ads and downloads.mcafee.com blocked

[Mrs.Queen]

Thank you for being available to help me. I have two issues:

1) Vimax ads that appear all over on websites. I am using IE v.6 and Firefox v.3. I do not know where the Vimax ad files are stored. The redirect url on one of the ads contains: b8.adv.net. I am using a wireless router. I see on another thread that that Reid is working with darkmana right now (ongoing for the last week or so) on the Vimax ads.

2) downloads.mcafee.com blocked - this is in another recent thread - posted by Yesmaybe yesterday as "downloads.mcafee.com blocked" . Tetonbob is having him run combofix right now.

I plan to follow those threads but I won't run anything until advised.
I have also noticed overall slowless with loading web pages.
I updated my profile with PC info but ask me anything.
I am trying hard to respectfully follow your requests and I am 100% licensed and legal

Here is the DDS:

DDS (Version 1.0) - NTFSx86
Run by Ian Queen at 22:14:51.25 on Thu 12/04/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1460 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Ian Queen\Desktop\gmer\gmer.exe
C:\Documents and Settings\Ian Queen\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=6061025
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061025
uInternet Settings,ProxyOverride = *.local
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
TB: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: Add to EverNote - c:\program files\evernote\evernote\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - {2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program files\evernote\evernote\enbar.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: *.imageright.com
Trusted Zone: *.mcafee.com
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-11-25 201320]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\mcafee\siteadvisor\McSACore.exe" [2008-11-26 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-11-25 358224]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-11-25 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-11-25 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-11-25 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-11-25 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-11-25 40488]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-11-15 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-11-15 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-11-15 81288]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-11-25 33832]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-11-15 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-11-15 1079176]

=============== Created Last 30 ================

2008-12-04 22:10 250 a------- c:\windows\gmer.ini
2008-11-25 21:27 10,291 a------- c:\windows\system32\Config.MPF
2008-11-25 21:23 143,360 a------- c:\windows\system32\dunzip32.dll
2008-11-25 21:20 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
2008-11-25 21:20 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2008-11-25 21:20 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2008-11-25 21:20 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
2008-11-25 21:20 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2008-11-25 21:20 113,952 a------- c:\windows\system32\drivers\Mpfp.sys
2008-11-25 21:18 <DIR> --d----- c:\program files\McAfee.com
2008-11-25 21:18 <DIR> --d----- c:\program files\common files\McAfee
2008-11-25 20:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Citrix
2008-11-25 20:00 61,224 a------- c:\documents and settings\ian queen\GoToAssistDownloadHelper.exe
2008-11-15 19:25 <DIR> --d----- c:\windows\system32\appmgmt
2008-11-15 16:50 <DIR> --d----- c:\program files\Trend Micro
2008-11-15 16:22 1,152 a------- c:\windows\system32\windrv.sys
2008-11-15 16:21 <DIR> --d----- c:\program files\common files\Download Manager
2008-11-15 16:03 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2008-11-15 16:03 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2008-11-15 16:03 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2008-11-15 16:03 29,576 a------- c:\windows\system32\drivers\kcom.sys
2008-11-15 16:03 <DIR> --d----- c:\program files\Spyware Doctor
2008-11-15 16:03 <DIR> --d----- c:\docume~1\ianque~1\applic~1\PC Tools

==================== Find3M ====================

2008-12-03 21:10 <DIR> --d----- c:\program files\Doom 3
2008-12-03 21:09 <DIR> --d----- c:\program files\DivX
2008-11-27 09:24 <DIR> --d----- c:\program files\McAfee
2008-10-30 10:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Juniper Networks
2008-10-29 10:01 <DIR> --d----- c:\docume~1\ianque~1\applic~1\Juniper Networks
2008-10-29 09:08 <DIR> --d----- c:\program files\Neoteris
2008-10-24 06:10 453,632 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-15 11:57 332,800 a------- c:\windows\system32\dllcache\netapi32.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 06:57 1,846,016 a------- c:\windows\system32\win32k.sys
2008-09-15 06:57 1,846,016 -------- c:\windows\system32\dllcache\win32k.sys
2008-02-15 20:30 <DIR> --d----- c:\docume~1\ianque~1\applic~1\AdobeAUM
2008-02-15 19:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ZoomBrowser
2007-11-11 18:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Panasonic
2007-02-22 19:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee.com
2006-10-30 10:05 <DIR> --d----- c:\docume~1\ianque~1\applic~1\McAfee.com Personal Firewall
2006-10-25 05:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2006-10-25 05:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Corel
2004-08-11 17:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI

============= FINISH: 22:15:23.85 ===============


I am so grateful for your help!!

[Angelfire777]

Hi,

Quote:

I plan to follow those threads but I won't run anything until advised.

Very wise choice :)


I don't see any malware here.

Do you know how to reset your wireless router? There's usually a small reset button at the back which you can press using a paperclip.

If not, please let me know the exact brand and model of your router.


*I see you have Viewpoint installed...
Viewpoint related software are considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

• Viewpoint
• Viewpoint Manager
• Viewpoint Media Player

*Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 11.
• Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11".
• Click the "Download" button to the right.
• For Platform, select "Windows"
• For language, select your language
• Read the License agreement and then Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement".
• Click Continue
• Click on the link to download Windows Offline Installation and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  - Examples of older versions in Add or Remove Programs:
  • J2SE Runtime Environment 5.0 Update 6
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)

• On the General tab, under Temporary Internet Files, click the Settings button.
• Next, click on the Delete Files button
• There are two options in the window to clear the cache - Leave BOTH Checked
  • Applications and Applets
    Trace and Log Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Temporary Files Window
• Click OK to leave the Java Control Panel.

let me know how it goes.

[Mrs.Queen]

Freakin' sweet!
Thanks so much, Angelfire777. I apologize for the delay (after we reset the router we had trouble reconfiguring the connection and had to call the ISP). Vimax no more! I get a few redirects that IE can't find ad's websites, but Firefox does not seem to have that problem, so I will stick with that browser. I am also no longer blocked from McAfee updates and am back up to date.

Thanks especially for taking the time to make your extra notes on Viewpoint and Java. Really, that is above and beyond.

So, here are the steps I took since last night:

1. Removed Viewpoint software with no issues.
2. Reset the router and reconfigured the connection.
(Now places where ad banners usually are are blank or have errors. Ok by me...)
3. Uninstalled old Java and followed your instructions to download and install latest, then delete the old files. I will look into setting auto updates on Java.

My question is, do you know what causes these issues, and can we do anything to prevent them from recurring? Perhaps a PM that I might get with my TSF subscription? :)

Either way, once again, you saved the day.

Thank you, thank you, thank you! I am definitely donating!

[Angelfire777]

you're welcome :)

let's try cleaning your IE cache and see if that fixes the issue.

*Clean your Cache and Cookies in IE:

• Close all instances of Outlook Express and Internet Explorer
• Go to Control Panel > Internet Options > General tab
• Click the "Delete Cookies" button
• Next to it, Click the "Delete Files" button
• When prompted, place a check in: "Delete all offline content", click OK

* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

• Go to Tools > Options.
• Click Privacy in the menu on the left side of the Options window.
• Click the Clear button located to the right of each option (History, Cookies, Cache).
• Click OK to close the Options window
  Alternatively, you can clear all information stored while browsing by clicking Clear All.
  A confirmation dialog box will be shown before clearing the information.

* Clean other Temporary files + Recycle bin

• Go to start > run and type: cleanmgr and click ok.
• Let it scan your system for files to remove.
• Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
• Press OK to remove them.

Quote:

do you know what causes these issues, and can we do anything to prevent them from recurring?

*Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"

And miekiemoes' "How to Prevent Malware"

Happy safe surfing!

Note: Please reply to this thread one last time so I could mark it as resolved.

[Mrs.Queen]

Thank you so much. I apologize for not replying sooner.
Yes this is resolved and then some - you went above an beyond.
You are the best!