BleepingComputer.com: Think it's Vundo, but have no clue really !

Hi. I'm having weird redirections every day. I had a vundo variant, but now Superantispyware, MalwareBytes, Avira, VundoFix, Combofix.. everything says i'm clean. But i'm not !

I'm getting the redirections in firefox 3.0.0.9

Here is my HJT log... next post. Thanks !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:08:40, on 2009-05-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir Desktopsched.exe
C:Program FilesFichiers communsAcronisSchedule2schedul2.exe
C:Program FilesAviraAntiVir Desktopavguard.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesVIARAIDvialogsv.exe
C:WINDOWSsystem32SearchIndexer.exe
C:WINDOWSsystem32wbemwmiapsrv.exe
C:WINDOWSExplorer.EXE
C:Program FilesVIARAIDraid_tool.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesJavajre6binjusched.exe
C:Program FilesAviraAntiVir Desktopavgnt.exe
C:Program FilesAcronisTrueImageEchoWorkstationTrueImageMonitor.exe
C:Program FilesAcronisTrueImageEchoWorkstationTimounterMonitor.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesMicrosoft ActiveSyncWcescomm.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:PROGRA~1MI3AA1~1rapimgr.exe
C:Program FilesWindows LiveContactswlcomm.exe
C:Program FilesMicrosoft ActiveSyncWCESMgr.exe
C:WINDOWSsystem32SearchProtocolHost.exe
C:WINDOWSsystem32SearchProtocolHost.exe
C:Documents and SettingsVincent.FUSIONINFOBureauHiJackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens
O4 - HKLM..Run: [VIARaidUtl] C:Program FilesVIARAIDraid_tool.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [avgnt] "C:Program FilesAviraAntiVir Desktopavgnt.exe" /min
O4 - HKLM..Run: [TrueImageMonitor.exe] C:Program FilesAcronisTrueImageEchoWorkstationTrueImageMonitor.exe
O4 - HKLM..Run: [AcronisTimounterMonitor] C:Program FilesAcronisTrueImageEchoWorkstationTimounterMonitor.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [H/PC Connection Agent] "C:Program FilesMicrosoft ActiveSyncWcescomm.exe"
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLMSystemCCSServicesTcpipParameters: Domain = fusioninfo.local
O17 - HKLMSoftware..Telephony: DomainName = fusioninfo.local
O17 - HKLMSystemCS1ServicesTcpipParameters: Domain = fusioninfo.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:PROGRA~1MICROS~2Office12GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:Program FilesFichiers communsAcronisSchedule2schedul2.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:Program FilesAviraAntiVir Desktopsched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:Program FilesAviraAntiVir Desktopavguard.exe
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:DOCUME~1VINCEN~1.FUSLOCALS~1TempAVSETUP_49f79564basicavupgsvc.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:Program FilesFichiers communsMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesFichiers communsInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 - Service: NMIndexingService - Nero AG - C:Program FilesFichiers communsAheadLibNMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: VRAID Log Service - Unknown owner - C:Program FilesVIARAIDvialogsv.exe

--
End of file - 6760 bytes

Merged posts. ~ OB

This post has been edited by Orange Blossom: 13 May 2009 - 07:47 PM

Ok, it seems i've narrowed it down...

I ran (GooredFix)and it found a firefox extension... ran option 2, it fixed the problem. Voila... for the record. Everything seemed clean, but wasn't..

Thanks to goored author.

This post has been edited by cheebster: 06 May 2009 - 03:06 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.