Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Droppers Is How Android Malware Keeps Sneaking Into the Play Store

Featured Deal: Get 98% off the Ultimate Cisco Certification Bundle: Lifetime Access Deal

HijackThis Log: Please Help Diagnose (Chrome won't run + browser redirects)

Started by tuliphead , Jun 19 2010 06:14 PM

This topic is locked

2 replies to this topic

#1 tuliphead

Members
2 posts
OFFLINE

Local time:06:40 AM

Posted 19 June 2010 - 06:14 PM

Hi, I'm having some trouble characterized by Chrome suddenly not starting properly (on start, it spins endlessly, thumbnail bookmarks don't load, pages never load, kill window appears) and by Google search results getting redirected to spam sites in Firefox.

Here's my HJT log; thanks in advance for your help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:13:10 PM, on 6/19/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
E:\Windows\system32\taskhost.exe
E:\Windows\SYSTEM32\WISPTIS.EXE
E:\Windows\system32\Dwm.exe
E:\Windows\Explorer.EXE
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
E:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
E:\Program Files\Microsoft IntelliType Pro\itype.exe
E:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files\Windows Sidebar\sidebar.exe
E:\Program Files\DisplayFusion\DisplayFusion.exe
E:\Program Files\Pidgin\pidgin.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Notepad++\notepad++.exe
E:\Windows\system32\NOTEPAD.EXE
E:\Program Files\totalcmd\TOTALCMD.EXE
E:\Windows\explorer.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "E:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] E:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless 150 USB Adapter DWA-125] E:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
O4 - HKLM\..\Run: [nwiz] E:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [itype] "E:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [XboxStat] "E:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] E:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "E:\Users\Eclipse\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DisplayFusion] "E:\Program Files\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [Pidgin] E:\Program Files\Pidgin\pidgin.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] E:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - E:\Windows\system32\ANIWConnService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - E:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - e:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - E:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - E:\Windows\system32\nvvsvc.exe
O23 - Service: SqueezeMySQL - Unknown owner - E:\PROGRA~1\SQUEEZ~1\server\Bin\MSWIN3~1\mysqld.exe
O23 - Service: Steam Client Service - Valve Corporation - E:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5920 bytes

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 tuliphead

Topic Starter

Members
2 posts
OFFLINE

Local time:06:40 AM

Posted 20 June 2010 - 01:32 PM

Fixed this myself. First I used the tools mentioned in this thread:
http://www.bleepingcomputer.com/forums/t/305362/google-is-getting-redirected-and-google-chrome-wont-even-open-anymore/

This seemed to fix the redirect and self-spawned spam tabs in Firefox.

Then I used the tool mentioned here, tdsskiller.exe:
http://www.google.com/support/forum/p/Chro...5a937&hl=en

This did find one dll that had been rootkitted. It cleaned it out and rebooted and now all is well.

Best of luck to those of you with this problem..