epsilon3
asked on
Can someone analyze this Hijack This log plese
I ran Malwarebytes and it cleanup a lot of stuff but the hijacker is still in the background someplace. Any help would be greatly appriciated.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:12 PM, on 7/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\Program Files\Peachtree Online Backup\AgentService.exe
C:\Program Files\Chronos Process Integration\Chronos eStockCard Services\eStockCardAlertSe rvice.exe
C:\Program Files\Chronos Process Integration\Chronos eStockCard Services\eStockCardSchedul erService. exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pogoplug\dokanmnt.ex e
C:\Program Files\IntelliTrack\License Service\LicenseService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McS vHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mf evtps.exe
C:\Program Files\MozyHome\mozybackup. exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\ sqlservr.e xe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\McAfee.com\Agent\mca gent.exe
C:\WINDOWS\system32\ctfmon .exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Pogoplug\ppfs.exe
C:\Program Files\MozyHome\mozystat.ex e
C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr .exe
C:\PROGRA~1\MICROS~4\rapim gr.exe
C:\WINDOWS\System32\nvsvc3 2.exe
C:\Program Files\Dantz\Retrospect\ret rorun.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter .exe
C:\WINDOWS\System32\svchos t.exe
C:\Program Files\Common Files\McAfee\SystemCore\mc shield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mf efire.exe
C:\Program Files\Invenology\WMSmart\W MSmartServ ices.exe
C:\WINDOWS\PCHealth\HelpCt r\Binaries \MSConfig. exe
C:\WINDOWS\system32\taskmg r.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi s.exe
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\In ternet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\In ternet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\In ternet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,SearchAssi stant =
R0 - HKLM\Software\Microsoft\In ternet Explorer\Search,CustomizeS earch =
R1 - HKCU\Software\Microsoft\In ternet Explorer\SearchURL,(Defaul t) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7 695ECA0567 0} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn0 \yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0 048AE11321 5} - C:\Program Files\SiteAdvisor\6261\Sit eAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-F A578C2EBDC 3} - C:\Program Files\Common Files\Adobe\Acrobat\Active X\AcroIEHe lperShim.d ll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A 0F997BA588 C} - C:\Program Files\Skype\Toolbars\Inter net Explorer\SkypeIEPlugin.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-B E8AFE6163A B} - c:\PROGRA~1\mcafee\msk\msk apbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2 FC0DE4A789 7} - C:\Program Files\Yahoo!\Common\yiesrv c.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D 4DAF1D92D4 3} - C:\Program Files\Java\jre1.6.0_07\bin \ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6 309F01C523 1} - C:\Program Files\Common Files\McAfee\SystemCore\Sc riptSn.201 0051721485 5.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C F10577473F 7} - c:\program files\google\googletoolbar 4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C E66B5AD205 D} - C:\Program Files\Google\GoogleToolbar Notifier\3 .1.807.174 6\swg.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-1 7FE6E806AA 0} - C:\Program Files\SiteAdvisor\6261\Sit eAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0 09027A5CD4 F} - c:\program files\google\googletoolbar 4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0 090271D4F8 8} - C:\Program Files\Yahoo!\Companion\Ins talls\cpn0 \yt.dll
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl. dll,NvStar tup
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mca gent.exe" /runkey
O4 - HKLM\..\Run: [Brenav] rundll32.exe "C:\WINDOWS\ebotidal.dll", Startup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCt r\Binaries \MSConfig. exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon .exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ppfs.exe] C:\Program Files\Pogoplug\ppfs.exe -s
O4 - HKCU\..\Run: [{3F487BEA-9710-C633-14E7- 43C892C20E F8}] "C:\Documents and Settings\Michael Ehrenreich\Application Data\Iqxy\ivesm.exe"
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.ex e
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr .exe
O16 - DPF: {01113300-3E00-11D2-8470-0 060089874E D} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-3 14DEE697D8 3} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-f a1d4f56a2a b} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsth elper.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-9 1670C3DD66 E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5 A1EDB1D8A2 1} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-A C9BF37916A 7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-F B9E207A39E 6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4866/mcfscan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1 830C7DD7F5 D} - C:\PROGRA~1\COMMON~1\Skype \SKYPE4~1. DLL
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\61 5\G2AWinLo gon.dll
O23 - Service: McAfee Application Installer Cleanup (0061391277175305) (0061391277175305mcinstcle anup) - Unknown owner - C:\WINDOWS\TEMP\006139~1.E XE (file missing)
O23 - Service: AgentService - Iron Mountain Incorporated - C:\Program Files\Peachtree Online Backup\AgentService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev iceService .exe
O23 - Service: DokanCEMounter - Cloud Engines - C:\Program Files\Pogoplug\dokanmnt.ex e
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-0610 08-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\61 5\g2aservi ce.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterServi ce.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver \1050\Inte l 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService .exe
O23 - Service: IntelliTrack License Service (ITLicenseSvc) - Unknown owner - C:\Program Files\IntelliTrack\License Service\LicenseService.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McS vHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS vHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS vHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS vHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mco ds.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS vHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\m cshield.ex e
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\m fefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mf evtps.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup. exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McS vHost.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3 2.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\ret rorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rth lpsvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksL icensing.e xe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex e
O23 - Service: WMSmart Agent - Invenology - C:\Program Files\Invenology\WMSmart\W MSmartServ ices.exe
--
End of file - 10894 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:12 PM, on 7/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\Program Files\Peachtree Online Backup\AgentService.exe
C:\Program Files\Chronos Process Integration\Chronos eStockCard Services\eStockCardAlertSe
C:\Program Files\Chronos Process Integration\Chronos eStockCard Services\eStockCardSchedul
C:\WINDOWS\Explorer.EXE
C:\Program Files\Pogoplug\dokanmnt.ex
C:\Program Files\IntelliTrack\License
C:\Program Files\Common Files\McAfee\McSvcHost\McS
C:\Program Files\Common Files\McAfee\SystemCore\mf
C:\Program Files\MozyHome\mozybackup.
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\McAfee.com\Agent\mca
C:\WINDOWS\system32\ctfmon
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Pogoplug\ppfs.exe
C:\Program Files\MozyHome\mozystat.ex
C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr
C:\PROGRA~1\MICROS~4\rapim
C:\WINDOWS\System32\nvsvc3
C:\Program Files\Dantz\Retrospect\ret
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter
C:\WINDOWS\System32\svchos
C:\Program Files\Common Files\McAfee\SystemCore\mc
C:\Program Files\Common Files\McAfee\SystemCore\mf
C:\Program Files\Invenology\WMSmart\W
C:\WINDOWS\PCHealth\HelpCt
C:\WINDOWS\system32\taskmg
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThi
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-F
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-B
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-C
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-C
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-1
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-0
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mca
O4 - HKLM\..\Run: [Brenav] rundll32.exe "C:\WINDOWS\ebotidal.dll",
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCt
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ppfs.exe] C:\Program Files\Pogoplug\ppfs.exe -s
O4 - HKCU\..\Run: [{3F487BEA-9710-C633-14E7-
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q (User 'Default user')
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.ex
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr
O16 - DPF: {01113300-3E00-11D2-8470-0
O16 - DPF: {0CCA191D-13A6-4E29-B746-3
O16 - DPF: {30528230-99f7-4bb4-88d8-f
O16 - DPF: {493ACF15-5CD9-4474-82A6-9
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5
O16 - DPF: {E2883E8F-472F-4FB0-9522-A
O16 - DPF: {EF791A6B-FC12-4C68-99EF-F
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1
O18 - Protocol: vskype - (no CLSID) - (no file)
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\61
O23 - Service: McAfee Application Installer Cleanup (0061391277175305) (0061391277175305mcinstcle
O23 - Service: AgentService - Iron Mountain Incorporated - C:\Program Files\Peachtree Online Backup\AgentService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDev
O23 - Service: DokanCEMounter - Cloud Engines - C:\Program Files\Pogoplug\dokanmnt.ex
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-0610
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\61
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService
O23 - Service: IntelliTrack License Service (ITLicenseSvc) - Unknown owner - C:\Program Files\IntelliTrack\License
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McS
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mco
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McS
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\m
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\m
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mf
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McS
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc3
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\ret
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rth
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksL
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.ex
O23 - Service: WMSmart Agent - Invenology - C:\Program Files\Invenology\WMSmart\W
--
End of file - 10894 bytes
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Oops, didn't refresh :/
C:\Program Files\Pogoplug <-- this program may have been purposely installed by the user. Use for sharing files online etc.
ASKER
OK guys, thanks for all your responsed. Here is a little extra info and what the outcome was. As part of the hijacker, a DNS trojan was also involved that disabled internet access.which prevented internet access. Malwarebyates did discover and eliminate the DNS trojan. Since we were now able to get to the internet, we contacted McAfee technical support for their assistance. 2 hours later, the hijacker was removed.
McAfee explained that the culprit was such a new entity that no one has written any virus definition files to be updated as of yet.
So there ya go. I am going to share the solution with everyone who responded. Again, thats to everyone.
McAfee explained that the culprit was such a new entity that no one has written any virus definition files to be updated as of yet.
So there ya go. I am going to share the solution with everyone who responded. Again, thats to everyone.
>>>"McAfee explained that the culprit was such a new entity that no one has written any virus definition files to be updated as of yet."<<<
yeah right, :)... that's their good excuse...
Which means that their heuristic detection method is not that good.
Sophisticated antivirus not only uses a signature-based (virus definitions) but also heuristic or behavioral method.
This method is use for catching unknown viruses/nasties, viruses that have not yet been identified with signatures, and yet to be added to the virus database.
With heuristics scanning, the AV examines the characteristic of a file, its size and how a file behaves i.e., looks like a virus, behaves like a virus etc.
Glad to know the issue is resolved.
Thank you for using Experts-Exchange!
Thanks for the feedback, glad you've resolved it.