Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

auto-redirect problem with firefox


  • This topic is locked This topic is locked
2 replies to this topic

#1 ovey

ovey

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 22 December 2009 - 02:13 PM

Hi, the problem is when I right-click to open a google link in a new tab, I'm re-directed to a seemingly random site. It doesn't usually happen if I just follow the link - mostly when I try to open it in a new tab. I'm not getting any hits with spysweeper or Avast. I don't use MSIE. I have pasted below my logs for DDS, DDS Attach, HijackThis, and GMER in that order. Am I infected with something? Thanks so much for your help, and Merry Christmas!

*****************************************************BEGIN DDS LOG*********************************************
DDS (Ver_09-12-01.01) - NTFSx86
Run by Dad at 11:05:05.14 on Mon 12/21/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.954 [GMT -8:00]

AV: avast! antivirus 4.8.1368 [VPS 091221-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Teslain KidLogger\MainWnd.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe
C:\Documents and Settings\Dad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [MS Shell Services] c:\program files\teslain kidlogger\MainWnd.exe -m
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunServices: [MS Shell Services] c:\program files\teslain kidlogger\MainWnd.exe -m
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dad\applic~1\mozilla\firefox\profiles\vq2iyn6x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\documents and settings\dad\application data\mozilla\firefox\profiles\vq2iyn6x.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\documents and settings\dad\application data\mozilla\firefox\profiles\vq2iyn6x.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\dad\application data\mozilla\firefox\profiles\vq2iyn6x.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\dad\application data\mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\sony online entertainment\npsoe.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-29 114768]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\astra32\astra32.sys [2007-2-22 30864]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-29 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-11-29 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-11-29 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-11-29 352920]
S2 gupdate1c9ee135a86d086;Google Update Service (gupdate1c9ee135a86d086);c:\program files\google\update\GoogleUpdate.exe [2009-6-15 133104]

=============== Created Last 30 ================


==================== Find3M ====================

2009-12-13 01:20:46 39 ----a-w- c:\documents and settings\dad\jagex_runescape_preferences.dat
2009-12-13 01:17:08 69 ----a-w- c:\documents and settings\dad\jagex_runescape_preferences2.dat
2009-11-06 18:53:52 267264 ----a-w- c:\windows\PEV.exe
2009-10-29 05:38:23 667136 ----a-w- c:\windows\system32\wininet.dll
2009-10-25 14:11:34 77312 ----a-w- c:\windows\MBR.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll

============= FINISH: 11:05:35.50 ===============
*****************************************************END DDS LOG*********************************************
***********************************************BEGIN DDS ATTACH LOG******************************************

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/8/2009 6:33:51 PM
System Uptime: 12/18/2009 8:37:52 PM (63 hours ago)

Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Athlon™ 64 Processor 3700+ | Socket 939 | 2188/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 932 GiB total, 224.519 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 186 GiB total, 40.09 GiB free.
I: is Removable
J: is Removable
K: is Removable
L: is Removable
M: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\AWY0001\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\AWY0001\2&DABA3FF&0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200C14F1&REV_00\4&1C88B56&0&48A4
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200C14F1&REV_00\4&1C88B56&0&48A4
Service:

==== System Restore Points ===================

RP124: 9/26/2009 11:02:06 AM - System Checkpoint
RP125: 9/27/2009 7:28:27 PM - System Checkpoint
RP126: 9/28/2009 7:30:44 PM - System Checkpoint
RP127: 9/29/2009 7:59:14 PM - System Checkpoint
RP128: 10/1/2009 5:45:26 PM - System Checkpoint
RP129: 10/3/2009 1:30:08 PM - System Checkpoint
RP130: 10/4/2009 8:45:12 PM - System Checkpoint
RP131: 10/6/2009 8:45:03 AM - System Checkpoint
RP132: 10/6/2009 9:01:10 AM - Avg8 Update
RP133: 10/6/2009 9:01:58 AM - Avg8 Update
RP134: 10/7/2009 9:01:25 AM - Avg8 Update
RP135: 10/8/2009 6:02:15 PM - System Checkpoint
RP136: 10/9/2009 7:37:03 PM - System Checkpoint
RP137: 10/10/2009 9:19:14 PM - System Checkpoint
RP138: 10/11/2009 10:41:25 PM - System Checkpoint
RP139: 10/15/2009 9:31:16 AM - System Checkpoint
RP140: 10/17/2009 8:54:43 AM - Avg8 Update
RP141: 10/19/2009 10:28:39 AM - System Checkpoint
RP142: 10/20/2009 1:11:24 PM - System Checkpoint
RP143: 10/21/2009 10:47:58 AM - Avg8 Update
RP144: 10/23/2009 9:23:47 AM - System Checkpoint
RP145: 10/24/2009 10:12:00 AM - System Checkpoint
RP146: 10/26/2009 2:10:29 PM - System Checkpoint
RP147: 10/27/2009 9:14:10 PM - System Checkpoint
RP148: 10/29/2009 12:11:11 PM - System Checkpoint
RP149: 10/30/2009 2:35:04 PM - System Checkpoint
RP150: 10/31/2009 2:48:46 PM - System Checkpoint
RP151: 11/1/2009 4:11:15 PM - System Checkpoint
RP152: 11/2/2009 4:39:33 PM - System Checkpoint
RP153: 11/2/2009 11:00:00 PM - Avg8 Update
RP154: 11/4/2009 7:34:22 AM - System Checkpoint
RP155: 11/5/2009 8:44:06 AM - System Checkpoint
RP156: 11/6/2009 11:13:50 AM - Avg8 Update
RP157: 11/7/2009 1:09:46 PM - System Checkpoint
RP158: 11/9/2009 1:03:16 PM - System Checkpoint
RP159: 11/10/2009 10:58:42 PM - System Checkpoint
RP160: 11/12/2009 8:46:11 AM - System Checkpoint
RP161: 11/13/2009 7:16:37 PM - System Checkpoint
RP162: 11/14/2009 2:34:16 PM - Software Distribution Service 3.0
RP163: 11/15/2009 8:44:47 PM - System Checkpoint
RP164: 11/16/2009 8:53:09 PM - System Checkpoint
RP165: 11/17/2009 9:07:34 PM - System Checkpoint
RP166: 11/18/2009 9:52:48 PM - System Checkpoint
RP167: 11/20/2009 7:58:42 AM - System Checkpoint
RP168: 11/21/2009 1:16:31 PM - System Checkpoint
RP169: 11/22/2009 2:34:18 PM - Installed USB2.0 VIDBOX NW03
RP170: 11/22/2009 3:03:05 PM - Removed USB2.0 VIDBOX NW03
RP171: 11/24/2009 8:28:20 AM - System Checkpoint
RP172: 11/25/2009 9:35:03 AM - Avg8 Update
RP173: 11/25/2009 11:27:38 PM - Software Distribution Service 3.0
RP174: 11/26/2009 11:39:43 PM - System Checkpoint
RP175: 11/28/2009 11:49:39 AM - System Checkpoint
RP176: 11/29/2009 1:46:32 PM - Removed AVG Free 8.5
RP177: 11/29/2009 1:48:18 PM - Installed AVG Free 8.5
RP178: 11/29/2009 3:08:26 PM - Uniblue RegistryBooster 2009
RP179: 11/30/2009 4:51:22 PM - System Checkpoint
RP180: 12/1/2009 8:24:39 PM - System Checkpoint
RP181: 12/3/2009 10:49:44 AM - System Checkpoint
RP182: 12/5/2009 11:05:18 AM - System Checkpoint
RP183: 12/6/2009 2:48:42 PM - System Checkpoint
RP184: 12/7/2009 4:41:56 PM - System Checkpoint
RP185: 12/8/2009 5:52:09 PM - System Checkpoint
RP186: 12/9/2009 6:22:02 PM - System Checkpoint
RP187: 12/10/2009 9:03:07 PM - System Checkpoint
RP188: 12/11/2009 10:23:19 PM - System Checkpoint
RP189: 12/13/2009 9:51:44 AM - System Checkpoint
RP190: 12/13/2009 10:50:25 PM - Software Distribution Service 3.0
RP191: 12/15/2009 11:35:28 AM - System Checkpoint
RP192: 12/16/2009 7:57:33 PM - System Checkpoint
RP193: 12/18/2009 1:15:31 PM - System Checkpoint
RP194: 12/19/2009 1:46:21 PM - System Checkpoint
RP195: 12/20/2009 6:21:54 PM - System Checkpoint

==== Installed Programs ======================

2350
2350_Help
2350Trb
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
AiO_Scan
AiOSoftware
ASTRA32 - Advanced System Information Tool 2.02
ATI Control Panel
ATI Display Driver
avast! Antivirus
Belarc Advisor 8.1
BitTorrent
Bonjour
BufferChm
CCleaner
CloneDVD2
Copy
CreativeProjects
CreativeProjectsTemplates
CueTour
Destinations
Director
DocProc
DocumentViewer
DVD Shrink 3.2
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.3.0
DVDFab Decrypter 2.9.7.5
Easy Video Splitter 1.28
Eusing Free Registry Cleaner
Fax
Firefox Optimizer
Free Extended Task Manager
Free Realms
Free Realms Installer
Google Chrome
Google Earth
Google Update Helper
HijackThis 1.99.1
honestech VHS to DVD 3.0 Deluxe
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Diagnostic Assistant
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
HPSystemDiagnostics
ImgBurn
InstantShare
iTunes
Java™ 6 Update 14
KidLogger 1.4
LimeWire 5.1.4
Mavis Beacon Teaches Typing 18
MFC RunTime files
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Office 2000 Professional
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.6)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NavFit98A
Nero 7 Demo
NTI CD & DVD-Maker
Overland
PartitionMagic
PhotoGallery
PowerQuest PartitionMagic 8.0 Demo
PrintScreen
ProductContext
QFolder
QuickProjects
QuickTime
Readme
Realtek AC'97 Audio
Scan
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
SkinsHP1
SmartSound Quicktracks Plugin
Spybot - Search & Destroy
TrayApp
Ulead VideoStudio 8.0
Uniblue RegistryBooster 2009
Unload
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
WebFldrs XP
WebReg
What's Running 2.2
Windows Driver Package - eMPIA Technology (USB28xxBGA) Media (06/22/2007 6.22.0116.0)
Windows Genuine Advantage Notifications (KB905474)
WinPatrol 2009
WinX DVD Ripper Platinum 5.1.1

==== Event Viewer Messages From Past Week ========

12/18/2009 12:48:37 PM, error: PSched [14103] - QoS [Adapter {7B06CA66-3122-41C6-A033-51524079EC7B}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.

==== End Of File ===========================
***********************************************END DDS ATTACH LOG******************************************
***********************************************BEGIN HIJACKTHIS LOG******************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:52 AM, on 12/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Teslain KidLogger\MainWnd.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\mspaint.exe
C:\Documents and Settings\Dad\My Documents\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MS Shell Services] C:\Program Files\Teslain KidLogger\MainWnd.exe -m
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunServices: [MS Shell Services] C:\Program Files\Teslain KidLogger\MainWnd.exe -m
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O20 - Winlogon Notify: 40646bf4691 - C:\WINDOWS\
O20 - Winlogon Notify: __c008127C - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9ee135a86d086) (gupdate1c9ee135a86d086) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5097 bytes
***********************************************END HIJACKTHIS LOG******************************************
***********************************************BEGIN GMER LOG******************************************
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-21 17:25:39
Windows 5.1.2600 Service Pack 3
Running: tuwxn6b9.exe; Driver: C:\DOCUME~1\Dad\LOCALS~1\Temp\kxldapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB5C1A6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB5C1A574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB5C1AA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB5C1A14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB5C1A64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB5C1A08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB5C1A0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB5C1A76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB5C1A72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB5C1A8AE]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[636] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[636] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----
***********************************************BEGIN GMER LOG******************************************

BC AdBot (Login to Remove)

 


#2 ovey

ovey
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 29 December 2009 - 05:22 PM

Nevermind. I ran Malware Bytes with the following results:

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c008127c (Trojan.Vundo) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\LocalService (Worm.Archive) -> Quarantined and deleted successfully.

I'm not having the re-direct issue anymore so I guess it's been resolved. I don't see how to remove this post so I'm replying with what worked for me. Thanks!

#3 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:05:58 PM

Posted 29 December 2009 - 08:15 PM

Topic closed per OP's request - MG
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users