Jump to content


Photo

IE Search Redirect


  • This topic is locked This topic is locked
7 replies to this topic

#1 StevetheClub

StevetheClub

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 21 July 2007 - 08:28 PM

Howdy,

When I perform a Google search in IE and then click on any of the results, most of the time I'm redirected to some other site. I have to go back and click on the result I want to go to three times before it stops redirecting. I've run almost any free anti-virus/spyware software I could find, including those this site recommends before posting, without success. Below is my HighjackThis log.

Thanks a bunch.

------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:15:33 PM, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Stephen Pugh\Desktop\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Stephen Pugh\Application Data\Mozilla\Firefox\Profiles\mafc3psu.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Stephen Pugh\Application Data\Mozilla\Firefox\Profiles/mafc3psu.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1162897203218
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{132B9A13-5C19-4429-880B-C844AE15F8A5}: NameServer = 85.255.113.118,85.255.112.100
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.118 85.255.112.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{132B9A13-5C19-4429-880B-C844AE15F8A5}: NameServer = 85.255.113.118,85.255.112.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.118 85.255.112.100
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

--
End of file - 7347 bytes

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 24 July 2007 - 06:30 AM

Welcome to SWI.We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 shaferintl

shaferintl

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,445 posts

Posted 25 July 2007 - 05:39 AM

StevetheClub,

Thanks for your patience. Our volunteers are extremely busy. Your log indicates malware on your system. Let's get started!

We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.sub.../Fixwareout.exe
http://www.bleepingc.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Please post the text that will open (report.txt) and a new HijackThis log in your next reply. Please also say how your computer is running now. :)

Edited by shaferintl, 25 July 2007 - 07:13 AM.

shaferintl

Links to Free Tools I Use:
AVG Antivirus ... Adaware ... Spybot S&D ...
Spyware Blaster ... Zone Alarm Firewall ...
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#4 StevetheClub

StevetheClub

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 27 July 2007 - 01:27 AM

Username "Stephen Pugh" - 2007-07-26 23:06:24 [Fixwareout edited 2007/07/05]

»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdnlo.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{30E6399C-1323-40BC-8513-10BCF46BD1AB}
"DhcpNameServer"="85.255.113.118,85.255.112.100" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
»»»»» Other
C:\WINDOWS\Temp\kdnlo.ren 66342 08/04/2004

»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:24:44 PM, on 7/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Stephen Pugh\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Stephen Pugh\Application Data\Mozilla\Firefox\Profiles\mafc3psu.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Stephen Pugh\Application Data\Mozilla\Firefox\Profiles/mafc3psu.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1162897203218
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{132B9A13-5C19-4429-880B-C844AE15F8A5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{132B9A13-5C19-4429-880B-C844AE15F8A5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

--
End of file - 7206 bytes



Everything is working okie dokie now. Thanks a bunch!

#5 shaferintl

shaferintl

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,445 posts

Posted 27 July 2007 - 11:47 AM

StevetheClub,

Thanks for the logs. We are making progress!

Open HijackThis, run a scan, and place a Check next to the following item(s):R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Then close all open windows/browsers and Click on Fix Checked.

Please run an online scan to be sure we've left nothing behind!

CLICK HERE to use the F-Secure Online Scanner:
  • Click the "Online Virus Scanner" link (near the bottom under "Tools").
  • Clock "Start Scanning".
  • When prompted, choose to install the software.
  • After the software has installed, click "Accept".
  • Click "Custom Scan" and check the option for "Scan inside archives", then click "Start".
  • The necessary scanner components and databases will then be downloaded, and the scan will then start automatically. Please be patient as this scan will take a while to complete.
  • If any infections are found then once the scan has finished the "Cleaning" screen will be displayed. Click the "Automatic cleaning (recommended)" button.
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • After cleaning has finished, then the "Finish" screen will be displayed. Click the "Show Report" button.
  • In order to post the report, press CTRL + A on your keyboard to highlight all the text. Then copy and paste that information into this thread.
Post a new HijackThis log and note any errors or problems encountered. Please also say how your computer is running now. :)
shaferintl

Links to Free Tools I Use:
AVG Antivirus ... Adaware ... Spybot S&D ...
Spyware Blaster ... Zone Alarm Firewall ...
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#6 StevetheClub

StevetheClub

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 28 July 2007 - 01:19 AM

Scanning Report
Friday, July 27, 2007 21:06:18 - 23:13:28

Computer name: STEPHEN
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 13 malware found
Tracking Cookie (spyware)

* System (Disinfected)
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System

Trojan-Downloader:Java/OpenConnection.AP (virus)

* C:\Documents and Settings\Stephen Pugh\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-4b9c0e39-57f58040.zip\OP.class
* C:\Documents and Settings\Stephen Pugh\Application Data\Sun\Java\Deployment\cache\6.0\41\529ea6e9-5806acb9\OP.class

Statistics
Scanned:

* Files: 226673
* System: 4839
* Not scanned: 100

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 12
* Submitted: 0

Files not scanned:

* x�x�ub2_rev655B87B8.mp3 monitors_menu_to_sub3ADF6D30A.mp3
* monitors_menu_to_sub3_rev3692156A.mp3
* monitors_menu_to_sub4A6A6A34F.mp3
* monitors_menu_to_sub4_rev66BB3741.mp3
* monitors_menu_to_sub5FF4818C9.mp3
* monitors_menu_to_sub5_revE7D6EE5F.mp3
* monitors_menu_to_sub6A8EC116B.mp3
* monitors_menu_to_sub6_revB9E33993.mp3
* monitors_title1A173BE42.mp3
* monitors_title1_revEAF3180E.mp3
* monitors_title2FBFCDF5F.mp3
* monitors_title2_rev5CE58BBF.mp3
* monitors_title3956795A3.mp3
* monitors_title3_rev2ED98395.mp3
* monitors_title49FD4EE1D.mp3
* monitors_title4_rev50CF2FA3.mp3
* monitors_title5E924CCCE.mp3
* monitors_title5_revC3985FF6.mp3
* monitors_title684754FA4.mp3
* monitors_title6_rev96631470.mp3
* Cube38C64AEC.mp3
* cube_intro378D2321.mp3
* cube_menu_to_menuE2E5E5AC.mp3
* cube_menu_to_menu_revC079FCAE.mp3
* cube_menu_to_sub10F0088D6.mp3
* cube_menu_to_sub1_rev8E88C734.mp3
* cube_menu_to_sub26D038BC9.mp3
* cube_menu_to_sub2_rev9D60E394.mp3
* cube_menu_to_sub32CC0C095.mp3
* cube_menu_to_sub3_rev0C1150CC.mp3
* cube_menu_to_sub43C65653A.mp3
* cube_menu_to_sub4_revBD9B1ECE.mp3
* cube_menu_to_sub58EC45C98.mp3
* cube_menu_to_sub5_revBFEE2D98.mp3
* cube_menu_to_sub6300B83DF.mp3
* cube_menu_to_sub6_rev010A8D4C.mp3
* cube_title1230C1BDF.mp3
* cube_title1_revA5FF3EB8.mp3
* cube_title277E5E5B8.mp3
* cube_title2_rev9ABD30FE.mp3
* cube_title31C881F6A.mp3
* cube_title3_revDF44830D.mp3
* cube_title4F2038BD5.mp3
* cube_title4_rev66A427E4.mp3
* cube_title53A485729.mp3
* cube_title5_rev4EDD1C95.mp3
* cube_title6B2656546.mp3
* cube_title6_rev86DF521E.mp3
* DmaD321EAF2.bin
* gaa87623F1A.bin
* LgcBD7C367B.bin
* Towers8704C9EE.mp3
* towers_intro01EA2427.mp3
* towers_menu_to_menu986D1F39.mp3
* towers_menu_to_menu_rev04E0B0D5.mp3
* towers_menu_to_sub12FA45406.mp3
* towers_menu_to_sub1_revF8C8F9CA.mp3
* towers_menu_to_sub28F3C7113.mp3
* towers_menu_to_sub2_revC5F1FB00.mp3
* towers_menu_to_sub3B9055881.mp3
* towers_menu_to_sub3_rev5B7AC697.mp3
* towers_menu_to_sub4BB3F1731.mp3
* towers_menu_to_sub4_revBA456A7F.mp3
* towers_menu_to_sub587AB9041.mp3
* towers_menu_to_sub5_revF261D7A8.mp3
* towers_menu_to_sub61B77F193.mp3
* towers_menu_to_sub6_revF3DD1D22.mp3
* towers_title170BA0419.mp3
* towers_title1_revDFB1DC8D.mp3
* towers_title2EC19B586.mp3
* towers_title2_revB7C17123.mp3
* towers_title331CA3F44.mp3
* towers_title3_rev6913D009.mp3
* towers_title44FCC8253.mp3
* towers_title4_revD3C51740.mp3
* towers_title5261EAEB3.mp3
* towers_title5_rev27B818C9.mp3
* towers_title6E6B29363.mp3
* towers_title6_rev430CF1A2.mp3
* C:\DOCUMENTS AND SETTINGS\STEPHEN PUGH\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MAFC3PSU.DEFAULT\CACHE\_CACHE_001_
* C:\DOCUMENTS AND SETTINGS\STEPHEN PUGH\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MAFC3PSU.DEFAULT\CACHE\_CACHE_002_
* C:\DOCUMENTS AND SETTINGS\STEPHEN PUGH\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MAFC3PSU.DEFAULT\CACHE\_CACHE_003_
* C:\DOCUMENTS AND SETTINGS\STEPHEN PUGH\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{E19A7479-DA0F-47A7-AB22-6BE106825CD6}
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & De5���
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* root.img
* MonitorsEDBD3D06.mp3
* monitors_introD56446F9.mp3
* monitors_menu_to_menu9594CC72.mp3
* monitors_menu_to_menu_revB5C41708.mp3
* monitors_menu_to_sub19D7DDF24.mp3
* monitors_menu_to_sub1_revD5178D4D.mp3
* monitors_menu_to_sub2F53997FC.mp3
* monitors_menu_to_sub2_rev655B87B8.mp3
* monitors_menu_to_sub3ADF6D30A.mp3
* monitors_menu_to_sub3_rev3692156A.mp3
* monitors_menu_to_sub4A6A6A34F.mp3
* monitors_menu_to_sub4_rev66BB3741.mp3
* monitors_menu_to_sub5FF4818C9.mp3
* monitors_menu_to_sub5_revE7D6EE5F.mp3
* monitors_menu_to_sub6A8EC116B.mp3
* monitors_menu_to_sub6_revB9E33993.mp3
* monitors_title1A173BE42� <x��99rs_title1_revEAF3180E.mp3
* monitors_title2FBFCDF5F.mp3
* monitors_title2_rev5CE58BBF.mp3
* monitors_title3956795A3.mp3
* monitors_title3_rev2ED98395.mp3
* monitors_title49FD4EE1D.mp3
* monitors_title4_rev50CF2FA3.mp3
* monitors_title5E924CCCE.mp3
* monitors_title5_revC3985FF6.mp3
* monitors_title684754FA4.mp3
* monitors_title6_rev96631470.mp3
* Cube38C64AEC.mp3
* cube_intro378D2321.mp3
* cube_menu_to_menuE2E5E5AC.mp3
* cube_menu_to_menu_revC079FCAE.mp3
* cube_menu_to_sub10F0088D6.mp3
* cube_menu_to_sub1_rev8E88C734.mp3
* cube_menu_to_sub26D038BC9.mp3
* cube_menu_to_sub2_rev9D60E394.mp3
* cube_menu_to_sub32CC0C095.mp3
* cube_menu_to_sub3_rev0C1150CC.mp3
* cube_menu_to_sub43C65653A.mp3
* cube_menu_to_sub4_revBD9B1ECE.mp3
* cube_menu_to_sub58EC45C98.mp3
* cube_menu_to_sub5_revBFEE2D98.mp3
* cube_menu_to_sub6300B83DF.mp3
* cube_menu_to_sub6_rev010A8D4C.mp3
* cube_title1230C1BDF.mp3
* cube_title1_revA5FF3EB8.mp3
* cube_title277E5E5B8.mp3
* cube_title2_rev9ABD30FE.mp3
* cube_title31C881F6A.mp3
* cube_title3_revDF44830D.mp3
* cube_title4F2038BD5.mp3
* cube_title4_rev66A427E4.mp3
* cube_title53A485729.mp3
* cube_title5_rev4EDD1C95.mp3
* cube_title6B2656546.mp3
* cube_title6_rev86DF521E.mp3
* DmaD321EAF2.bin
* gaa87623F1A.bin
* LgcBD7C367B.bin
* Towers8704C9EE.mp3
* towers_intro01EA2427.mp3
* towers_menu_to_menu986D1F39.mp3
* towers_menu_to_menu_rev04E0B0D5.mp3
* towers_menu_to_sub12FA45406.mp3
* towers_menu_to_sub1_revF8C8F9CA.mp3
* towers_menu_to_sub28F3C7113.mp3
* towers_menu_to_sub2_revC5F1FB00.mp3
* towers_menu_to_sub3B9055881.mp3
* towers_menu_to_sub3_rev5B7AC697.mp3
* towers_menu_to_sub4BB3F1731.mp3
* towers_menu_to_sub4_revBA456A7F.mp3
* towers_menu_to_sub587AB9041.mp3
* towers_menu_to_sub5_revF261D7A8.mp3
* towers_menu_to_sub61B77F193.mp3
* towers_menu_to_sub6_revF3DD1D22.mp3
* towers_title170BA0419.mp3
* towers_title1_revDFB1DC8D.mp3
* towers_title2EC19B586.mp3
* towers_title2_revB7C17123.mp3
* towers_title331CA3F44.mp3
* towers_title3_rev6913D009.mp3
* towers_title44FCC8253.mp3
* towers_title4_revD3C51740.mp3
* towers_title5261EAEB3.mp3
* towers_title5_rev27B818C9.mp3
* towers_title6E6B29363.mp3
* towers_title6_rev430CF1A2.mp3
* C:\DOCUMENTS AND SETTINGS\STEPHEN PUGH\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MAFC3PSU.DEFAULT\CACHE\_CACHE_001_
* C:\DOCUMENTS AND SETTINGS\STEPHEN PUGH\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MAFC3PSU.DEFAULT\CACHE\_CACHE_002_
* C:\DOCUMENTS AND SETTINGS\STEPHEN PUGH\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MAFC3PSU.DEFAULT\CACHE\_CACHE_003_
* C:\DOCUMENTS AND SETTINGS\STEPHEN PUGH\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{E19A7479-DA0F-47A7-AB22-6BE106825CD6}
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger.zip\sbRecovery.reg
* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Dest0�sbx�x�.mp3
* cube_menu_to_sub4_revBD9B1ECE.mp3
* cube_menu_to_sub58EC45C98.mp3
* cube_menu_to_sub5_revBFEE2D98.mp3
* cube_menu_to_sub6300B83DF.mp3
* cube_menu_to_sub6_rev010A8D4C.mp3
* cube_title1230C1BDF.mp3
* cube_title1_revA5FF3EB8.mp3
* cube_title277E5E5B8.mp3
* cube_title2_rev9ABD30FE.mp3
* cube_title31C881F6A.mp3
* cube_title3_revDF44830D.mp3
* cube_title4F2038BD5.mp3
* cube_title4_rev66A427E4.mp3
* cube_title53A485729.mp3
* cube_title5_rev4EDD1C95.mp3
* cube_title6B2656546.mp3
* cube_title6_rev86DF521E.mp3
* DmaD321EAF2.bin
* gaa87623F1A.bin
* LgcBD7C367B.bin
* Towers8704C9EE.mp3
* towers_intro01EA2427.mp3
* towers_menu_to_menu986D1F39.mp3
* towers_menu_to_menu_rev04E0B0D5.mp3
* towers_menu_to_sub12FA45406.mp3
* towers_menu_to_sub1_revF8C8F9CA.mp3
* towers_menu_to_sub28F3C7113.mp3
* towers_menu_to_sub2_revC5F1FB00.mp3
* towers_menu_to_sub3B9055881.mp3
* towers_menu_to_sub3_rev5B7AC697.mp3
* towers_menu_to_sub4BB3F1731.mp3
* towers_menu_to_sub4_revBA456A7F.mp3
* towers_menu_to_sub587AB9041.mp3
* towers_menu_to_sub5_revF261D7A8.mp3
* towers_menu_to_sub61B77F193.mp3
* towers_menu_to_sub6_revF3DD1D22.mp3
* towers_title170BA0419.mp3
* towers_title1_revDFB1DC8D.mp3
* towers_title2EC19B586.mp3
* towers_title2_revB7C17123.mp3
* towers_title331CA3F44.mp3
* towers_title3_rev6913D009.mp3
* towers_title44FCC8253.mp3
* towers_title4_revD3C51740.mp3
* towers_title5261EAEB3.mp3
* towers_title5_rev27B818C9.mp3
* towers_title6E6B29363.mp3
* towers_title6_rev430CF1A2.mp3
* C:\DOCUMENTS AND SETTINGS\STEPHEN PUGH\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MAFC3PSU.DEFAULT\CACHE\_CACHE_001_
* C:\DOCUMENTS AND SETTINGS\STEPHEN PUGH\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MAFC3PSU.DEFAULT\CACHE\_CACHE_002_
* C:\DOCUMENTS AND SETTINGS\STEPHEN PUGH\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MAFC3PSU.

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-07-27
* F-Secure AVP: 7.0.171, 2007-07-27
* F-Secure Orion: 1.2.37, 2007-07-27
* F-Secure Blacklight: 1.0.64
* F-Secure Draco: 1.0.35, 0260-23-12
* F-Secure Pegasus: 1.19.0, 2007-06-17

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
* Scan inside archives
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:12 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\Documents and Settings\Stephen Pugh\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Stephen Pugh\Application Data\Mozilla\Firefox\Profiles\mafc3psu.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Stephen Pugh\Application Data\Mozilla\Firefox\Profiles/mafc3psu.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1162897203218
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{132B9A13-5C19-4429-880B-C844AE15F8A5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{132B9A13-5C19-4429-880B-C844AE15F8A5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

--
End of file - 7194 bytes






Everything seems to be running good. Thanks again for your continued help.

#7 shaferintl

shaferintl

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,445 posts

Posted 28 July 2007 - 08:55 AM

StevetheClub,

Thanks for the posts. Your log appears to be clean! Congrats! :thumbsup: :thumbsup:

Everything seems to be running good. Thanks again for your continued help.

Excellent! My pleasure.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at SWI are to help you, for your sake we would rather not have repeat customers. :p

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

1) First and foremost, you should maintain a firewall. It is the primary way to keep out malware. Some good free firewalls are ZoneAlarm, Kerio, or Outpost A tutorial on understanding and using firewalls may be found here.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) I see you are using Mozilla's Firefox. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. I would recommend that you continue to use it.

4) Also make sure to run your antivirus software, perform scans regularly, and to keep it up-to-date.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck. :D
shaferintl

Links to Free Tools I Use:
AVG Antivirus ... Adaware ... Spybot S&D ...
Spyware Blaster ... Zone Alarm Firewall ...
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#8 shaferintl

shaferintl

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,445 posts

Posted 28 July 2007 - 06:08 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
shaferintl

Links to Free Tools I Use:
AVG Antivirus ... Adaware ... Spybot S&D ...
Spyware Blaster ... Zone Alarm Firewall ...
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button