Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirecting Problem..


  • Please log in to reply
1 reply to this topic

#1 GwapZ

GwapZ

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 19 August 2009 - 05:27 AM

I also got a redirecting problem to certain unwanted sites such as couponmountain,plexfind,mynovelty and many others... mostly the redirection happens when im at Google and sometimes at yahoo.com; im new to this forums and i dont know what exact log files i should posts.. i got both avira and avast as my resident antivirus and i also got malwarebytes as backup if those fails..but the three of them havent found anything suspicious.


here is my HJT log..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:10, on 8/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
C:PROGRA~1COMMON~1StardockSDMCP.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe
C:Program FilesMicrosoft StudentMicrosoft Student with Encarta Premium 2009 DVDEDICT.EXE
C:WINDOWSsystem32ctfmon.exe
C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCommon FilesInterVideoDeviceServiceDevSvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCyberLinkShared filesRichVideo.exe
C:program filescommon filesSiemensS7IEPGs7oiehsx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32TUProgSt.exe
C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe
C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
C:Documents and SettingsPersonalLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsPersonalLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsPersonalLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsPersonalLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:HJTHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRA~1Yahoo!CompanionInstallscpnyt.dll
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 64.86.17.32 google.ae
O1 - Hosts: 64.86.17.32 google.as
O1 - Hosts: 64.86.17.32 google.at
O1 - Hosts: 64.86.17.32 google.az
O1 - Hosts: 64.86.17.32 google.ba
O1 - Hosts: 64.86.17.32 google.be
O1 - Hosts: 64.86.17.32 google.bg
O1 - Hosts: 64.86.17.32 google.bs
O1 - Hosts: 64.86.17.32 google.ca
O1 - Hosts: 64.86.17.32 google.cd
O1 - Hosts: 64.86.17.32 google.com.gh
O1 - Hosts: 64.86.17.32 google.com.hk
O1 - Hosts: 64.86.17.32 google.com.jm
O1 - Hosts: 64.86.17.32 google.com.mx
O1 - Hosts: 64.86.17.32 google.com.my
O1 - Hosts: 64.86.17.32 google.com.na
O1 - Hosts: 64.86.17.32 google.com.nf
O1 - Hosts: 64.86.17.32 google.com.ng
O1 - Hosts: 64.86.17.32 google.ch
O1 - Hosts: 64.86.17.32 google.com.np
O1 - Hosts: 64.86.17.32 google.com.pr
O1 - Hosts: 64.86.17.32 google.com.qa
O1 - Hosts: 64.86.17.32 google.com.sg
O1 - Hosts: 64.86.17.32 google.com.tj
O1 - Hosts: 64.86.17.32 google.com.tw
O1 - Hosts: 64.86.17.32 google.dj
O1 - Hosts: 64.86.17.32 google.de
O1 - Hosts: 64.86.17.32 google.dk
O1 - Hosts: 64.86.17.32 google.dm
O1 - Hosts: 64.86.17.32 google.ee
O1 - Hosts: 64.86.17.32 google.fi
O1 - Hosts: 64.86.17.32 google.fm
O1 - Hosts: 64.86.17.32 google.fr
O1 - Hosts: 64.86.17.32 google.ge
O1 - Hosts: 64.86.17.32 google.gg
O1 - Hosts: 64.86.17.32 google.gm
O1 - Hosts: 64.86.17.32 google.gr
O1 - Hosts: 64.86.17.32 google.ht
O1 - Hosts: 64.86.17.32 google.ie
O1 - Hosts: 64.86.17.32 google.im
O1 - Hosts: 64.86.17.32 google.in
O1 - Hosts: 64.86.17.32 google.it
O1 - Hosts: 64.86.17.32 google.ki
O1 - Hosts: 64.86.17.32 google.la
O1 - Hosts: 64.86.17.32 google.li
O1 - Hosts: 64.86.17.32 google.lv
O1 - Hosts: 64.86.17.32 google.ma
O1 - Hosts: 64.86.17.32 google.ms
O1 - Hosts: 64.86.17.32 google.mu
O1 - Hosts: 64.86.17.32 google.mw
O1 - Hosts: 64.86.17.32 google.nl
O1 - Hosts: 64.86.17.32 google.no
O1 - Hosts: 64.86.17.32 google.nr
O1 - Hosts: 64.86.17.32 google.nu
O1 - Hosts: 64.86.17.32 google.pl
O1 - Hosts: 64.86.17.32 google.pn
O1 - Hosts: 64.86.17.32 google.pt
O1 - Hosts: 64.86.17.32 google.ro
O1 - Hosts: 64.86.17.32 google.ru
O1 - Hosts: 64.86.17.32 google.rw
O1 - Hosts: 64.86.17.32 google.sc
O1 - Hosts: 64.86.17.32 google.se
O1 - Hosts: 64.86.17.32 google.sh
O1 - Hosts: 64.86.17.32 google.si
O1 - Hosts: 64.86.17.32 google.sm
O1 - Hosts: 64.86.17.32 google.sn
O1 - Hosts: 64.86.17.32 google.st
O1 - Hosts: 64.86.17.32 google.tl
O1 - Hosts: 64.86.17.32 google.tm
O1 - Hosts: 64.86.17.32 google.tt
O1 - Hosts: 64.86.17.32 google.us
O1 - Hosts: 64.86.17.32 google.vu
O1 - Hosts: 64.86.17.32 google.ws
O1 - Hosts: 64.86.17.32 google.co.ck
O1 - Hosts: 64.86.17.32 google.co.id
O1 - Hosts: 64.86.17.32 google.co.il
O1 - Hosts: 64.86.17.32 google.co.in
O1 - Hosts: 64.86.17.32 google.co.jp
O1 - Hosts: 64.86.17.32 google.co.kr
O1 - Hosts: 64.86.17.32 google.co.ls
O1 - Hosts: 64.86.17.32 google.co.ma
O1 - Hosts: 64.86.17.32 google.co.nz
O1 - Hosts: 64.86.17.32 google.co.tz
O1 - Hosts: 64.86.17.32 google.co.ug
O1 - Hosts: 64.86.17.32 google.co.uk
O1 - Hosts: 64.86.17.32 google.co.za
O1 - Hosts: 64.86.17.32 google.co.zm
O1 - Hosts: 64.86.17.32 google.com
O1 - Hosts: 64.86.17.32 google.com.af
O1 - Hosts: 64.86.17.32 google.com.ag
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:PROGRA~1Yahoo!CompanionInstallscpnyt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:Program FilesHPDigital ImagingSmart Web Printinghpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:Program FilesBitComettoolsBitCometBHO_1.3.3.2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:PROGRA~1Yahoo!CompanionInstallscpnYTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:Program FilesDAEMON Tools ToolbarDTToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRA~1Yahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [avgnt] "C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe" /min
O4 - HKCU..Run: [L09AXLRD_1173890] "C:Program FilesMicrosoft StudentMicrosoft Student with Encarta Premium 2009 DVDEDICT.EXE" -m
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-18..RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUSS-1-5-18..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS.DEFAULT..RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:Program FilesBitCometBitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:Program FilesBitCometBitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:Program FilesBitCometBitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~1OFFICE11EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~1OFFICE11REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:Program FilesCommon FilesMicrosoft SharedEncarta Search BarENCSBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:Program FilesBitComettoolsBitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:Program FilesCommon FilesInterVideoDeviceServiceDevSvc.exe
O23 - Service: CiSvc - Unknown owner - C:WINDOWSsystem32cisvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:WINDOWSsystem32GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared filesRichVideo.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:program filescommon filesSiemensS7IEPGs7oiehsx.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:WINDOWSSystem32TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:WINDOWSSystem32TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe
O23 - Service: User Time Control service (UserTimeControl) - Unknown owner - C:Program FilesWindows Security Officerutccsr.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe

--
End of file - 13246 bytes

and here is my DDS log file..


DDS (Ver_09-07-30.01) - NTFSx86
Run by Personal at 18:50:46.71 on Wed 08/19/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1502 [GMT 8:00]


============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe
C:PROGRA~1COMMON~1StardockSDMCP.exe
C:WINDOWSExplorer.EXE
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe
C:Program FilesMicrosoft StudentMicrosoft Student with Encarta Premium 2009 DVDEDICT.EXE
C:WINDOWSsystem32ctfmon.exe
C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCommon FilesInterVideoDeviceServiceDevSvc.exe
C:WINDOWSsystem32svchost.exe -k hpdevmgmt
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSSystem32svchost.exe -k HPZ12
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe -k HPZ12
C:Program FilesCyberLinkShared filesRichVideo.exe
C:program filescommon filesSiemensS7IEPGs7oiehsx.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:WINDOWSSystem32TUProgSt.exe
C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe
C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
svchost.exe
C:Documents and SettingsPersonalLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsPersonalLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsPersonalLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsPersonalLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Documents and SettingsPersonalDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:progra~1yahoo!companioninstallscpnyt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:progra~1yahoo!companioninstallscpnyt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:program fileshpdigital imagingsmart web printinghpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:program filesbitcomettoolsBitCometBHO_1.3.3.2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:progra~1yahoo!companioninstallscpnYTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:program fileshpdigital imagingsmart web printinghpswp_BHO.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:program filesdaemon tools toolbarDTToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:progra~1yahoo!companioninstallscpnyt.dll
uRun: [L09AXLRD_1173890] "c:program filesmicrosoft studentmicrosoft student with encarta premium 2009 dvdEDICT.EXE" -m
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
mRun: [avast!] c:progra~1alwils~1avast4ashDisp.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
mRun: [avgnt] "c:program filesaviraantivir personaledition classicavgnt.exe" /min
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: &D&ownload &with BitComet - c:program filesbitcometBitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:program filesbitcometBitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:program filesbitcometBitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:progra~1micros~1office11EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:program filesbitcomettoolsBitCometBHO_1.3.3.2.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~1office11REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:program filescommon filesmicrosoft sharedencarta search barENCSBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:program fileshpdigital imagingsmart web printinghpswp_BHO.dll
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSKYPE4~1.DLL
Notify: MCPClient - c:progra~1common~1stardockmcpstub.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:progra~1common~1stardockMCPCore.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:docume~1personalapplic~1mozillafirefoxprofilesiox0zsek.default
FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - component: c:documents and settingspersonalapplication datamozillafirefoxprofilesiox0zsek.defaultextensions{b042753d-f57e-4e8e-a01b-7379a6d4cefb}componentsIBitCometExtension.dll
FF - component: c:program filesdaemon tools toolbarfirefoxdttcomponentsDTToolbarFF.dll
FF - plugin: c:documents and settingspersonalapplication datamozillafirefoxprofilesiox0zsek.defaultextensionsfirefox@tvunetworks.compluginsnpTVUAx.dll
FF - plugin: c:program filesveetleplayernpvlc.dll
FF - plugin: c:program filesveetlepluginsnpVeetle.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefox 3 beta 5extensions{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefox 3 beta 5extensions{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true

============= SERVICES / DRIVERS ===============

R0 AFPAnsi;Alfa File Protector Ansi;c:windowssystem32driversAFPAnsi.sys [2009-3-27 39456]
R1 aswSP;avast! Self Protection;c:windowssystem32driversaswSP.sys [2009-3-5 114768]
R1 avgio;avgio;c:program filesaviraantivir personaledition classicavgio.sys [2009-3-6 11608]
R1 hwinterface;hwinterface;c:windowssystem32drivershwinterface.sys [2009-7-4 3026]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:program filesaviraantivir personaledition classicsched.exe [2009-3-6 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:program filesaviraantivir personaledition classicavguard.exe [2009-3-6 151297]
R2 aswFsBlk;aswFsBlk;c:windowssystem32driversaswFsBlk.sys [2009-3-5 20560]
R2 avast! Antivirus;avast! Antivirus;c:program filesalwil softwareavast4ashServ.exe [2009-3-5 138680]
R2 s7oiehsx;SIMATIC IEPG Help Service;c:program filescommon filessiemenss7iepgs7oiehsx.exe [2004-7-7 200769]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:windowssystem32TUProgSt.exe [2009-3-5 603904]
R2 YahooAUService;Yahoo! Updater;c:program filesyahoo!softwareupdateYahooAUService.exe [2008-11-10 602392]
R3 avast! Mail Scanner;avast! Mail Scanner;c:program filesalwil softwareavast4ashMaiSv.exe [2009-3-5 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:program filesalwil softwareavast4ashWebSv.exe [2009-3-5 352920]
R3 avgntflt;avgntflt;c:program filesaviraantivir personaledition classicavgntflt.sys [2009-3-6 52056]
R3 vmfilter303;vmfilter303;c:windowssystem32driversvmfilter303.sys [2009-3-5 428160]
S2 UserTimeControl;User Time Control service;c:program fileswindows security officerutccsr.exe --> c:program fileswindows security officerutccsr.exe [?]
S3 GarenaPEngine;GarenaPEngine;??c:docume~1personalimpost~1tempoje73.tmp --> c:docume~1personalimpost~1tempOJE73.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:windowssystem32gamemon.des -service --> c:windowssystem32GameMon.des -service [?]

=============== Created Last 30 ================

2009-08-19 18:14 <DIR> --d----- C:HJT
2009-08-19 18:04 <DIR> --ds---- C:ComboFix
2009-08-19 08:50 <DIR> --d----- c:windowssystem32xircom
2009-08-19 08:50 <DIR> --d----- c:windowssystem32wbemsnmp
2009-08-19 08:50 <DIR> --d----- c:windowssrchasst
2009-08-19 08:50 <DIR> --d----- c:program filesmsn gaming zone
2009-08-19 08:38 <DIR> --d----- c:windowssystem32dllcachecache
2009-08-19 08:34 <DIR> a-dshr-- C:cmdcons
2009-08-19 08:01 <DIR> --d----- c:program filesJava Launcher
2009-08-16 21:51 36,864 a------- c:windowssystem32LaunchUninstall.exe
2009-08-16 21:39 86,016 a------- c:windowssystem32custmon32.dll
2009-08-16 21:38 <DIR> --d----- c:program filesSmartDraw PDF Filter
2009-08-16 10:54 <DIR> --d----- c:program filesVS Revo Group
2009-08-16 07:56 <DIR> --d----- c:documents and settingspersonalSystem
2009-08-16 07:56 <DIR> --d----- c:docume~1personalapplic~1SmartDraw
2009-08-10 12:37 <DIR> --dsh--- c:docume~1alluse~1applic~14b24846
2009-08-06 22:31 0 a------- c:windowssystem32Ÿ9Ÿ9
2009-08-06 07:44 798,208 a------- c:windowssystem32NextControls.ocx
2009-08-05 09:22 5,760,054 a------- c:windowsPersonal.bmp
2009-08-05 08:13 <DIR> --d----- c:program filescommon filesstardock
2009-07-24 20:52 <DIR> --d----- c:docume~1alluse~1applic~1MSScanAppDataDir
2009-07-23 00:05 0 a--shr-- C:khq
2009-07-20 21:32 <DIR> --d----- c:program filesNCH Software
2009-07-20 21:32 <DIR> --d----- c:program filesNCH Swift Sound

==================== Find3M ====================

2009-08-18 00:43 1,599,984 a------- c:windowssystem32FNTCACHE.DAT
2009-08-16 10:58 411,368 a------- c:windowssystem32deploytk.dll
2009-08-03 13:36 38,160 a------- c:windowssystem32driversmbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:windowssystem32driversmbam.sys
2009-07-27 09:29 86,327 a------- c:windowspchealthhelpctrofflinecacheindex.dat
2009-07-04 10:20 3,026 a------- c:windowssystem32drivershwinterface.sys
2009-06-21 08:59 720,896 a------- c:windowsiun6002.exe
2009-03-31 12:11 16,384 a--sh--- c:windowssystem32configsystemprofilecookiesindex.dat
2009-03-31 12:11 32,768 a--sh--- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5index.dat
2009-03-05 22:09 32,768 a--sh--- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012009030520090306index.dat
2009-03-31 12:11 32,768 a--sh--- c:windowssystem32configsystemprofilelocal settingstemporary internet filescontent.ie5index.dat

============= FINISH: 18:51:05.54 ===============


and attached text is...


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: DeviceHarddiskVolume1
Install Date: 3/5/2009 22:07:56
System Uptime: 8/19/2009 18:01:15 (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5SD2-VM
Processor: Intel Pentium Dual CPU E2200 @ 2.20GHz | LGA 775 | 2199/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 35 GiB total, 10.89 GiB free.
D: is FIXED (NTFS) - 99 GiB total, 56.993 GiB free.
E: is FIXED (NTFS) - 99 GiB total, 75.937 GiB free.
F: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


32 Bit HP CIO Components Installer
A4 TECH PC Camera H
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.3
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advertising Center
Alky for Applications (Windows XP)
Apple Software Update
avast! Antivirus
Avira AntiVir Personal - Free Antivirus
BitComet 1.10
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
Chikka Messenger V4
Combined Community Codec Pack 2007-07-22
Copy
CorelDRAW Graphics Suite 12
DAEMON Tools Toolbar
Destination Component
Dev-C++ 5 beta 9 release (4.9.9.2)
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
DolbyFiles
eSupportQFolder
F4200
F4200_Help
Google Chrome
GPBaseService
HangARoo v2.05a
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB954550-v5)
HP Imaging Device Functions 11.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HPProductAssistant
ImTOO 3GP Video Converter
InterVideo DeviceService
Java™ 6 Update 15
Learning Essentials for Microsoft Office
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
MATLAB R2008a
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Math
Microsoft Office 2007 Recent Documents Gadget
Microsoft Office Professional Edition 2003
Microsoft Student 2007 for Learning Essentials
Microsoft Student with Encarta Premium 2009
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.13)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser
NCH Toolbox
Nero 9 HD
Nero ControlCenter
Nero Installer
Notesbrowser 1.8
NVIDIA Drivers
NVIDIA PhysX v8.09.04
PDF Settings
PhotoScape
PowerDVD
PSSWCORE
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.83
S7-200 Explorer V1.0.3.8
Scan
scilab-5.1
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows XP (KB941569)
SIMATIC Device Drivers
SIMATIC Industrial Ethernet PG
Skype™ 4.0
SmartDraw 2009
SmartDraw PDF Filter
SmartWebPrinting
SolutionCenter
Status
Super Text Twist
Toolbox
TrayApp
TuneUp Utilities 2009
TVUPlayer 2.4.5.3
Ulead VideoStudio 11
VBA (2627.01)
Veetle TV 0.9.14
VideoLAN VLC media player 0.8.6f
VideoStudio
VideoToolkit01
WebFldrs XP
WebReg
Winamp
Windows Movie Maker 2.0
Windows Presentation Foundation
Windows Security Officer 7.5.2.2
Windows Sidebar
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

8/19/2009 08:52:08, error: Service Control Manager [7000] - The wscsvc service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
8/19/2009 08:35:31, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
8/19/2009 07:01:39, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi avgio avipbb Fips hwinterface intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip
8/19/2009 07:01:39, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/19/2009 07:01:39, error: Service Control Manager [7001] - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/19/2009 07:01:09, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/19/2009 07:00:58, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/16/2009 10:23:44, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the path specified.
8/16/2009 09:51:52, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 3 time(s).
8/16/2009 09:51:47, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/16/2009 09:51:46, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
8/14/2009 17:52:05, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Mail Scanner service to connect.
8/14/2009 17:52:05, error: Service Control Manager [7000] - The avast! Mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/14/2009 17:51:41, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
8/14/2009 17:51:41, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/14/2009 17:51:41, error: Service Control Manager [7000] - The User Time Control service service failed to start due to the following error: The system cannot find the file specified.
8/14/2009 17:51:41, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The system cannot find the file specified.
8/14/2009 17:50:25, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/12/2009 10:58:20, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ImapiService with arguments "-Service" in order to run the server: {520CCA63-51A5-11D3-9144-00104BA11C5E}

==== End Of File ===========================

Edited by The weatherman, 19 August 2009 - 10:12 AM.
Merged posts, Tw


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:05 AM

Posted 21 August 2009 - 11:44 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users