Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ave.exe google results redirecting, windows update not working


  • This topic is locked This topic is locked
2 replies to this topic

#1 needserioushelpfast

needserioushelpfast

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 18 March 2010 - 10:13 AM

Hello, I got a malware. MBAM said it was rogue.av, and ave.exe, and it removed it. But my google results are still redirecting, I cannot access any microsoft website, I can't use windows update to install hotfixes, and I am still getting popups. Now, MBAM, Spyware S&D, ESET, are all saying I'm clean, but the aformentioned stuff is still happening. I even ran combofix scanner, and it did a bunch of things, but didn't fix my problems really, besides my internet is a little bit faster now (webpages were going very slow).

I need to get this fixed if I can without reformatting, I have important business stuff on my drive for my company, and it's not backed up, I do backups monthly but the one time I didn't do a backup this happens! Ugh.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:50 AM, on 3/18/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\WinACD\i386\acdmon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Users\nz\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\HiJackThis\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [WinACD Brightness Monitor] C:\Program Files\WinACD\i386\ACDMon.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [StartupDelayer] "C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SansaDispatch] C:\Users\nz\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\ColorVisionStartup\ColorVisionStartup.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
O23 - Service: WinACD Power Button Service (ACDPowerService) - Unknown owner - C:\Program Files\WinACD\\i386\acdpower.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QBCFMonitorService - Intuit - c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 4290 bytes











Edited by needserioushelpfast, 18 March 2010 - 10:13 AM.


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:03:47 AM

Posted 20 March 2010 - 06:41 PM

Hi needserioushelpfast, and welcome to Bleeping Computer.

No antivirus program installed??.. dry.gif

QUOTE
I can't use windows update to install hotfixes, and I am still getting popups. Now, MBAM, Spyware S&D, ESET, are all saying I'm clean, but the aformentioned stuff is still happening. I even ran combofix scanner, and it did a bunch of things, but didn't fix my problems really

If you ran such a powerful tool like ComboFix on your own, why don't you post a logfile generated!?!.. HijackThis log is insufficient - it won't show even 25% of the things I need to know to proceed!..

Follow the Preparation Guide and post the logs requested... Post the contents of c:\ComboFix.txt as well...
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:03:47 AM

Posted 02 April 2010 - 05:21 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users