Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect WinNT/Alureon.C


  • Please log in to reply
5 replies to this topic

#1 DrewDisaster

DrewDisaster

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 19 May 2009 - 10:16 AM

I dont have the same problems as everyone else i can run mbam. it shows that there is nothing found. all that happens now is the search results on google re direct me to advertisements this only happens on firefox not ie8 but i have uninstalled and re installed firefox already.

DDS (Ver_09-05-14.01) - NTFSx86
Run by User at 10:09:21.21 on Tue 05/19/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.307 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
svchost.exe
e:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\windows\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\windows\System32\svchost.exe -k imgsvc
e:\PROGRA~2\AVG\AVG8\avgrsx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
e:\PROGRA~2\AVG\AVG8\avgnsx.exe
C:\windows\system32\ZuneBusEnum.exe
e:\PROGRA~2\AVG\AVG8\avgemc.exe
e:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\windows\Explorer.EXE
C:\WINDOWS\vVX6000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\!!!\elogger.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\ctfmon.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\wscntfy.exe
E:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - e:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ZuneIEPlugin.ZuneBHO: {a8533c62-9399-4640-b36b-d1dde91eb8b1} - mscoree.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\supertoolbar\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\supertoolbar\GenericAskToolbar.dll
TB: {00000000-0000-0000-0000-000000000000} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Orb] "e:\program files\orb networks\orb\bin\OrbTray.exe" /background
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [elogger] c:\windows\!!!\elogger.exe -s
mRun: [AGEIA PhysX SysTray] c:\program files\ageia technologies\TrayIcon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [AVG8_TRAY] e:\progra~2\avg\avg8\avgtray.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {00951C02-5731-44e9-B2F5-544EC2279417} - {00951C02-5731-44e9-B2F5-544EC2279417} - mscoree.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: gomyhit.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191599468718
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191599597890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - e:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - e:\program files\stardock\object desktop\iconpackager\iprepair.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\7lclxkkd.default\
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\7lclxkkd.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: e:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\7lclxkkd.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\7lclxkkd.default\extensions\justintvpublisher@justin.tv\platform\winnt_x86-msvc\plugins\npjustintvpublish.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npJoostPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-18 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-18 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-18 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;e:\progra~2\avg\avg8\avgemc.exe [2009-5-18 908568]
R2 avg8wd;AVG Free8 WatchDog;e:\progra~2\avg\avg8\avgwdsvc.exe [2009-5-18 298776]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2009-5-16 941784]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-27 24652]
R3 CamSpaceBus;CamSpace Virtual Joystick Bus device driver;c:\windows\system32\drivers\CamSpaceBus.sys [2008-8-24 14848]
R3 CamSpaceJoy;CamSpace Virtual Joystick device driver;c:\windows\system32\drivers\CamSpaceJoy.sys [2008-8-24 30464]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2009-5-15 40576]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\drivers\superwebcam.sys [2009-5-15 31872]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2006-6-29 2383152]
S0 lgkjwkyx;lgkjwkyx;c:\windows\system32\drivers\wcenxg.sys --> c:\windows\system32\drivers\wcenxg.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2008-10-13 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2008-10-13 3072]
S3 GoogleDesktopManager-051608-133132;Google Desktop Manager 5.7.805.16405;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-17 29744]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

=============== Created Last 30 ================

2009-05-19 02:30 232 a---h--- C:\sqmdata19.sqm
2009-05-19 02:29 244 a---h--- C:\sqmnoopt19.sqm
2009-05-19 02:04 <DIR> --dsh--- c:\documents and settings\user\PrivacIE
2009-05-19 01:01 <DIR> --dsh--- c:\documents and settings\user\IETldCache
2009-05-19 00:55 <DIR> --d----- c:\windows\ie8updates
2009-05-19 00:55 102,400 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-05-19 00:52 <DIR> -cd-h--- c:\windows\ie8
2009-05-19 00:46 <DIR> --d----- c:\windows\NV40043824.TMP
2009-05-18 23:31 <DIR> --d----- c:\windows\system32\scripting
2009-05-18 23:30 <DIR> --d----- c:\windows\system32\en
2009-05-18 22:17 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-05-18 22:03 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-18 22:03 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-18 22:02 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-18 22:02 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-05-18 22:02 <DIR> --d----- c:\program files\AVG
2009-05-18 22:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-05-18 18:44 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-05-18 16:14 <DIR> --d----- c:\windows\SxsCaPendDel
2009-05-18 10:25 530 a------- c:\windows\wininit.ini
2009-05-17 20:54 <DIR> a-dshr-- C:\cmdcons
2009-05-17 20:46 161,792 a------- c:\windows\SWREG.exe
2009-05-17 20:46 98,816 a------- c:\windows\sed.exe
2009-05-17 19:37 <DIR> --d----- c:\program files\Ask.com
2009-05-17 19:36 <DIR> --d----- c:\docume~1\user\applic~1\Trillian
2009-05-16 18:35 <DIR> --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-05-16 18:34 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-16 18:34 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 18:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-16 17:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WebcamMax
2009-05-16 17:01 <DIR> --d----- c:\docume~1\user\applic~1\Webcammax
2009-05-16 17:01 941,784 a------- c:\windows\system32\drivers\CAMTHWDM.sys
2009-05-15 15:23 <DIR> --d----- c:\docume~1\user\applic~1\ManyCam
2009-05-15 13:13 40,576 a------- c:\windows\system32\drivers\vrtaucbl.sys
2009-05-15 02:39 31,872 a------- c:\windows\system32\drivers\superwebcam.sys
2009-05-12 15:51 23 a------- c:\windows\BlendSettings.ini
2009-05-12 13:11 402,728 a------- c:\windows\system32\ImageDrive.cpl
2009-05-11 15:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2009-05-11 15:46 <DIR> --d----- c:\program files\New Folder
2009-05-11 02:02 34 a------- c:\documents and settings\user\jagex_runescape_preferences.dat
2009-05-11 00:31 <DIR> --d----- c:\program files\ViOrb
2009-05-11 00:31 <DIR> --d----- c:\program files\ViStart
2009-05-11 00:13 <DIR> --d----- c:\program files\ViSplore
2009-05-11 00:13 <DIR> --d----- c:\program files\TrueTransparency
2009-05-11 00:13 <DIR> --d----- c:\program files\WinFlip
2009-05-11 00:13 <DIR> --d----- c:\program files\VisualTooltip
2009-05-11 00:13 <DIR> --d----- c:\program files\ViStart(2)
2009-05-11 00:13 <DIR> --d----- c:\program files\ViOrb(2)
2009-05-11 00:11 <DIR> --d----- c:\program files\Styler
2009-05-11 00:11 <DIR> --d----- c:\program files\Vista Rainbar
2009-05-11 00:11 <DIR> --d----- c:\program files\LClock
2009-05-11 00:11 <DIR> --d----- c:\program files\Vista Drive Icon
2009-05-11 00:11 49,208 a------- c:\windows\system32\vistartup.bmp
2009-05-11 00:06 <DIR> --d----- C:\VTPFiles
2009-05-10 18:24 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-10 18:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blue_Orb,_Inc
2009-05-10 18:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blue_Orb
2009-05-09 10:41 <DIR> --d----- c:\docume~1\user\applic~1\GarageGames
2009-05-09 02:26 <DIR> --d----- c:\program files\Gadget Extractor
2009-05-09 02:07 <DIR> --d----- c:\windows\l2schemas
2009-05-09 01:57 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{B98A2B83-8BB0-42E7-AA1D-D6FA6E7C8F31}
2009-05-06 15:41 118 a------- c:\windows\system32\MRT.INI
2009-05-03 19:39 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-05-03 19:37 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-05-03 19:37 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-03 19:37 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe

==================== Find3M ====================

2009-05-18 23:35 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2006-05-03 04:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2007-02-21 05:47 31,232 ---shr-- c:\windows\system32\msfDX.dll

============= FINISH: 10:10:14.90 ===============

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:54 PM, on 5/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
e:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
e:\PROGRA~2\AVG\AVG8\avgrsx.exe
e:\PROGRA~2\AVG\AVG8\avgnsx.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe
C:\WINDOWS\system32\IoctlSvc.exe
e:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\windows\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\windows\system32\ZuneBusEnum.exe
e:\PROGRA~2\AVG\AVG8\avgemc.exe
e:\Program Files\AVG\AVG8\avgcsrvx.exe
e:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\windows\system32\wscntfy.exe
C:\windows\Explorer.EXE
C:\WINDOWS\vVX6000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\!!!\elogger.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\ctfmon.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\NOTEPAD.EXE
E:\Downloads\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - e:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: &ZuneIt - {A8533C62-9399-4640-B36B-D1DDE91EB8B1} - mscoree.dll (file missing)
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\Supertoolbar\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [elogger] C:\windows\!!!\elogger.exe -s
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] e:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "e:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: ZuneIt - {00951C02-5731-44e9-B2F5-544EC2279417} - mscoree.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\System32\shdocvw.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191599468718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191599597890
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - e:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\windows\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - e:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - e:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.7.805.16405 (GoogleDesktopManager-051608-133132) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - e:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: OrbMediaService - Orb Networks - C:\Program Files\Orb Networks\Orb\bin\OrbMediaService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - e:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\windows\system32\vmnat.exe

--
End of file - 9939 bytes

Attached Files


Edited by Buckeye_Sam, 20 May 2009 - 12:00 PM.
remove codebox


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:47 PM

Posted 20 May 2009 - 12:01 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 DrewDisaster

DrewDisaster
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 20 May 2009 - 12:59 PM

here ya go

GooredFix v1.92 by jpshortstuff
Log created at 12:58 on 20/05/2009 running Option #1 (User)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{8098F093-49E9-469D-BDAF-4882833A9C58}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="e:\Program Files\AVG\AVG8\Firefox"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:47 PM

Posted 20 May 2009 - 03:28 PM

Please double-click Goored.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt)


Let me know if you are still experiencing redirections.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 DrewDisaster

DrewDisaster
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 20 May 2009 - 03:49 PM

no more redirections but this website has a real simple html

GooredFix v1.92 by jpshortstuff
Log created at 15:40 on 20/05/2009 running Option #2 (User)
Firefox version 3.0.10 (en-US)

=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{8098F093-49E9-469D-BDAF-4882833A9C58}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="e:\Program Files\AVG\AVG8\Firefox"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:47 PM

Posted 20 May 2009 - 04:10 PM

Test it out for a while and see if you can recreate the issue that you were having before.

Let me know.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users