• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
StevetheClub

IE Search Redirect

8 posts in this topic

Howdy,

 

When I perform a Google search in IE and then click on any of the results, most of the time I'm redirected to some other site. I have to go back and click on the result I want to go to three times before it stops redirecting. I've run almost any free anti-virus/spyware software I could find, including those this site recommends before posting, without success. Below is my HighjackThis log.

 

Thanks a bunch.

 

------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:15:33 PM, on 7/21/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\notepad.exe

C:\Documents and Settings\Stephen Pugh\Desktop\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Stephen Pugh\Application Data\Mozilla\Firefox\Profiles\mafc3psu.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Stephen Pugh\Application Data\Mozilla\Firefox\Profiles/mafc3psu.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162897203218

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{132B9A13-5C19-4429-880B-C844AE15F8A5}: NameServer = 85.255.113.118,85.255.112.100

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.118 85.255.112.100

O17 - HKLM\System\CS1\Services\Tcpip\..\{132B9A13-5C19-4429-880B-C844AE15F8A5}: NameServer = 85.255.113.118,85.255.112.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.118 85.255.112.100

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

 

--

End of file - 7347 bytes

Share this post


Link to post
Share on other sites

Welcome to SWI.We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

StevetheClub,

 

Thanks for your patience. Our volunteers are extremely busy. Your log indicates malware on your system. Let's get started!

 

We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

  • Open Windows Defender.
  • Click on Tools, General Settings.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.

After all of the fixes are complete it is very important that you enable Real-time Protection again.

 

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

 

Please download FixWareout from one of these sites:

http://downloads.subratam.org/Fixwareout.exe

http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

 

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.

The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

 

Please post the text that will open (report.txt) and a new HijackThis log in your next reply. Please also say how your computer is running now. :)

Edited by shaferintl

Share this post


Link to post
Share on other sites

Username "Stephen Pugh" - 2007-07-26 23:06:24 [Fixwareout edited 2007/07/05]

 

»»»»»Prerun check

HKLM\SOFTWARE\~\Winlogon\ "System"="kdnlo.exe"

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{30E6399C-1323-40BC-8513-10BCF46BD1AB}

"DhcpNameServer"="85.255.113.118,85.255.112.100" <Value cleared.

 

Successfully flushed the DNS Resolver Cache.

 

 

System was rebooted successfully.

 

»»»»» Postrun check

HKLM\SOFTWARE\~\Winlogon\ "system"=""

....

....

»»»»» Misc files.

....

»»»»» Checking for older varients.

....

»»»»» Other

C:\WINDOWS\Temp\kdnlo.ren 66342 08/04/2004

 

»»»»» Current runs (hklm hkcu "run" Keys Only)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"

"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"

"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"

"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"

"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""

"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\\Program Files\\Google\\Gmail Notifier\\gnotify.exe"

"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\jusched.exe\""

"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

....

Hosts file was reset, If you use a custom hosts file please replace it

»»»»» End report »»»»»

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:24:44 PM, on 7/26/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Stephen Pugh\Desktop\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Stephen Pugh\Application Data\Mozilla\Firefox\Profiles\mafc3psu.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Stephen Pugh\Application Data\Mozilla\Firefox\Profiles/mafc3psu.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162897203218

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{132B9A13-5C19-4429-880B-C844AE15F8A5}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\..\{132B9A13-5C19-4429-880B-C844AE15F8A5}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

 

--

End of file - 7206 bytes

 

 

 

Everything is working okie dokie now. Thanks a bunch!

Share this post


Link to post
Share on other sites

StevetheClub,

 

Thanks for the logs. We are making progress!

 

Open HijackThis, run a scan, and place a Check next to the following item(s):

  • R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Then close all open windows/browsers and Click on Fix Checked.

 

Please run an online scan to be sure we've left nothing behind!

 

CLICK HERE to use the F-Secure Online Scanner:

  • Click the "Online Virus Scanner" link (near the bottom under "Tools").
  • Clock "Start Scanning".
  • When prompted, choose to install the software.
  • After the software has installed, click "Accept".
  • Click "Custom Scan" and check the option for "Scan inside archives", then click "Start".
  • The necessary scanner components and databases will then be downloaded, and the scan will then start automatically. Please be patient as this scan will take a while to complete.
  • If any infections are found then once the scan has finished the "Cleaning" screen will be displayed. Click the "Automatic cleaning (recommended)" button.
  • It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
  • After cleaning has finished, then the "Finish" screen will be displayed. Click the "Show Report" button.
  • In order to post the report, press CTRL + A on your keyboard to highlight all the text. Then copy and paste that information into this thread.

Post a new HijackThis log and note any errors or problems encountered. Please also say how your computer is running now. :)

Share this post


Link to post
Share on other sites

Scanning Report

Friday, July 27, 2007 21:06:18 - 23:13:28

 

Computer name: STEPHEN

Scanning type: Scan system for viruses, rootkits, spyware

Target: C:\ D:\

Result: 13 malware found

Tracking Cookie (spyware)

 

* System (Disinfected)

* System

* System

* System

* System

* System

* System

* System

* System

* System

* System

 

Trojan-Downloader:Java/OpenConnection.AP (virus)

 

* C:\Documents and Settings\Stephen Pugh\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-4b9c0e39-57f58040.zip\OP.class

* C:\Documents and Settings\Stephen Pugh\Application Data\Sun\Java\Deployment\cache\6.0\41\529ea6e9-5806acb9\OP.class

 

Statistics

Scanned:

 

* Files: 226673

* System: 4839

* Not scanned: 100

 

Actions:

 

* Disinfected: 1

* Renamed: 0

* Deleted: 0

* None: 12

* Submitted: 0

 

Files not scanned:

 

* xxub2_rev655B87B8.mp3 monitors_menu_to_sub3ADF6D30A.mp3

* monitors_menu_to_sub3_rev3692156A.mp3

* monitors_menu_to_sub4A6A6A34F.mp3

* monitors_menu_to_sub4_rev66BB3741.mp3

* monitors_menu_to_sub5FF4818C9.mp3

* monitors_menu_to_sub5_revE7D6EE5F.mp3

* monitors_menu_to_sub6A8EC116B.mp3

* monitors_menu_to_sub6_revB9E33993.mp3

* monitors_title1A173BE42.mp3

* monitors_title1_revEAF3180E.mp3

* monitors_title2FBFCDF5F.mp3

* monitors_title2_rev5CE58BBF.mp3

* monitors_title3956795A3.mp3

* monitors_title3_rev2ED98395.mp3

* monitors_title49FD4EE1D.mp3

* monitors_title4_rev50CF2FA3.mp3

* monitors_title5E924CCCE.mp3

* monitors_title5_revC3985FF6.mp3

* monitors_title684754FA4.mp3

* monitors_title6_rev96631470.mp3

* Cube38C64AEC.mp3

* cube_intro378D2321.mp3

* cube_menu_to_menuE2E5E5AC.mp3

* cube_menu_to_menu_revC079FCAE.mp3

* cube_menu_to_sub10F0088D6.mp3

* cube_menu_to_sub1_rev8E88C734.mp3

* cube_menu_to_sub26D038BC9.mp3

* cube_menu_to_sub2_rev9D60E394.mp3

* cube_menu_to_sub32CC0C095.mp3

* cube_menu_to_sub3_rev0C1150CC.mp3

* cube_menu_to_sub43C65653A.mp3

* cube_menu_to_sub4_revBD9B1ECE.mp3

* cube_menu_to_sub58EC45C98.mp3

* cube_menu_to_sub5_revBFEE2D98.mp3

* cube_menu_to_sub6300B83DF.mp3

* cube_menu_to_sub6_rev010A8D4C.mp3

* cube_title1230C1BDF.mp3

* cube_title1_revA5FF3EB8.mp3

* cube_title277E5E5B8.mp3

* cube_title2_rev9ABD30FE.mp3

* cube_title31C881F6A.mp3

* cube_title3_revDF44830D.mp3

* cube_title4F2038BD5.mp3

* cube_title4_rev66A427E4.mp3

* cube_title53A485729.mp3

* cube_title5_rev4EDD1C95.mp3

* cube_title6B2656546.mp3

* cube_title6_rev86DF521E.mp3

* DmaD321EAF2.bin

* gaa87623F1A.bin

* LgcBD7C367B.bin

* Towers8704C9EE.mp3

* towers_intro01EA2427.mp3

* towers_menu_to_menu986D1F39.mp3

* towers_menu_to_menu_rev04E0B0D5.mp3

* towers_menu_to_sub12FA45406.mp3

* towers_menu_to_sub1_revF8C8F9CA.mp3

* towers_menu_to_sub28F3C7113.mp3

* towers_menu_to_sub2_revC5F1FB00.mp3

* towers_menu_to_sub3B9055881.mp3

* towers_menu_to_sub3_rev5B7AC697.mp3

* towers_menu_to_sub4BB3F1731.mp3

* towers_menu_to_sub4_revBA456A7F.mp3

* towers_menu_to_sub587AB9041.mp3

* towers_menu_to_sub5_revF261D7A8.mp3

* towers_menu_to_sub61B77F193.mp3

* towers_menu_to_sub6_revF3DD1D22.mp3

* towers_title170BA0419.mp3

* towers_title1_revDFB1DC8D.mp3

* towers_title2EC19B586.mp3

* towers_title2_revB7C17123.mp3

* towers_title331CA3F44.mp3

* towers_title3_rev6913D009.mp3

* towers_title44FCC8253.mp3

* towers_title4_revD3C51740.mp3

* towers_title5261EAEB3.mp3

* towers_title5_rev27B818C9.mp3

* towers_title6E6B29363.mp3

* towers_title6_rev430CF1A2.mp3

* C:\DOCUMENTS AND SETTINGS\STEPHEN PUGH\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MAFC3PSU.DEFAULT\CACHE\_CACHE_001_

* C:\DOCUMENTS AND SETTINGS\STEPHEN PUGH\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MAFC3PSU.DEFAULT\CACHE\_CACHE_002_

* C:\DOCUMENTS AND SETTINGS\STEPHEN PUGH\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MAFC3PSU.DEFAULT\CACHE\_CACHE_003_

* C:\DOCUMENTS AND SETTINGS\STEPHEN PUGH\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{E19A7479-DA0F-47A7-AB22-6BE106825CD6}

* C:\Documents and Settings\All Users\Application Data\Spybot - Search & De5

* C:\PAGEFILE.SYS

* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS

* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

* root.img

* MonitorsEDBD3D06.mp3

* monitors_introD56446F9.mp3

* monitors_menu_to_menu9594CC72.mp3

* monitors_menu_to_menu_revB5C41708.mp3

* monitors_menu_to_sub19D7DDF24.mp3

* monitors_menu_to_sub1_revD5178D4D.mp3

* monitors_menu_to_sub2F53997FC.mp3

* monitors_menu_to_sub2_rev655B87B8.mp3

* monitors_menu_to_sub3ADF6D30A.mp3

* monitors_menu_to_sub3_rev3692156A.mp3

* monitors_menu_to_sub4A6A6A34F.mp3

* monitors_menu_to_sub4_rev66BB3741.mp3

* monitors_menu_to_sub5FF4818C9.mp3

* monitors_menu_to_sub5_revE7D6EE5F.mp3

* monitors_menu_to_sub6A8EC116B.mp3

* monitors_menu_to_sub6_revB9E33993.mp3

* monitors_title1A173BE42 <x99rs_title1_revEAF3180E.mp3

* monitors_title2FBFCDF5F.mp3

* monitors_title2_rev5CE58BBF.mp3

* monitors_title3956795A3.mp3

* monitors_title3_rev2ED98395.mp3

* monitors_title49FD4EE1D.mp3

* monitors_title4_rev50CF2FA3.mp3

* monitors_title5E924CCCE.mp3

* monitors_title5_revC3985FF6.mp3

* monitors_title684754FA4.mp3

* monitors_title6_rev96631470.mp3

* Cube38C64AEC.mp3

* cube_intro378D2321.mp3

* cube_menu_to_menuE2E5E5AC.mp3

* cube_menu_to_menu_revC079FCAE.mp3

* cube_menu_to_sub10F0088D6.mp3

* cube_menu_to_sub1_rev8E88C734.mp3

* cube_menu_to_sub26D038BC9.mp3

* cube_menu_to_sub2_rev9D60E394.mp3

* cube_menu_to_sub32CC0C095.mp3

* cube_menu_to_sub3_rev0C1150CC.mp3

* cube_menu_to_sub43C65653A.mp3

* cube_menu_to_sub4_revBD9B1ECE.mp3

* cube_menu_to_sub58EC45C98.mp3

* cube_menu_to_sub5_revBFEE2D98.mp3

* cube_menu_to_sub6300B83DF.mp3

* cube_menu_to_sub6_rev010A8D4C.mp3

* cube_title1230C1BDF.mp3

* cube_title1_revA5FF3EB8.mp3

* cube_title277E5E5B8.mp3

* cube_title2_rev9ABD30FE.mp3

* cube_title31C881F6A.mp3

* cube_title3_revDF44830D.mp3

* cube_title4F2038BD5.mp3

* cube_title4_rev66A427E4.mp3

* cube_title53A485729.mp3

* cube_title5_rev4EDD1C95.mp3

* cube_title6B2656546.mp3

* cube_title6_rev86DF521E.mp3

* DmaD321EAF2.bin

* gaa87623F1A.bin

* LgcBD7C367B.bin

* Towers8704C9EE.mp3

* towers_intro01EA2427.mp3

* towers_menu_to_menu986D1F39.mp3

* towers_menu_to_menu_rev04E0B0D5.mp3

* towers_menu_to_sub12FA45406.mp3

* towers_menu_to_sub1_revF8C8F9CA.mp3

* towers_menu_to_sub28F3C7113.mp3

* towers_menu_to_sub2_revC5F1FB00.mp3

* towers_menu_to_sub3B9055881.mp3

* towers_menu_to_sub3_rev5B7AC697.mp3

* towers_menu_to_sub4BB3F1731.mp3

* towers_menu_to_sub4_revBA456A7F.mp3

* towers_menu_to_sub587AB9041.mp3

* towers_menu_to_sub5_revF261D7A8.mp3

* towers_menu_to_sub61B77F193.mp3

* towers_menu_to_sub6_revF3DD1D22.mp3

* towers_title170BA0419.mp3

* towers_title1_revDFB1DC8D.mp3

* towers_title2EC19B586.mp3

* towers_title2_revB7C17123.mp3

* towers_title331CA3F44.mp3

* towers_title3_rev6913D009.mp3

* towers_title44FCC8253.mp3

* towers_title4_revD3C51740.mp3

* towers_title5261EAEB3.mp3

* towers_title5_rev27B818C9.mp3

* towers_title6E6B29363.mp3

* towers_title6_rev430CF1A2.mp3

* C:\DOCUMENTS AND SETTINGS\STEPHEN PUGH\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MAFC3PSU.DEFAULT\CACHE\_CACHE_001_

* C:\DOCUMENTS AND SETTINGS\STEPHEN PUGH\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MAFC3PSU.DEFAULT\CACHE\_CACHE_002_

* C:\DOCUMENTS AND SETTINGS\STEPHEN PUGH\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MAFC3PSU.DEFAULT\CACHE\_CACHE_003_

* C:\DOCUMENTS AND SETTINGS\STEPHEN PUGH\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{E19A7479-DA0F-47A7-AB22-6BE106825CD6}

* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger.zip\sbRecovery.reg

* C:\Documents and Settings\All Users\Application Data\Spybot - Search & Dest0sbxx.mp3

* cube_menu_to_sub4_revBD9B1ECE.mp3

* cube_menu_to_sub58EC45C98.mp3

* cube_menu_to_sub5_revBFEE2D98.mp3

* cube_menu_to_sub6300B83DF.mp3

* cube_menu_to_sub6_rev010A8D4C.mp3

* cube_title1230C1BDF.mp3

* cube_title1_revA5FF3EB8.mp3

* cube_title277E5E5B8.mp3

* cube_title2_rev9ABD30FE.mp3

* cube_title31C881F6A.mp3

* cube_title3_revDF44830D.mp3

* cube_title4F2038BD5.mp3

* cube_title4_rev66A427E4.mp3

* cube_title53A485729.mp3

* cube_title5_rev4EDD1C95.mp3

* cube_title6B2656546.mp3

* cube_title6_rev86DF521E.mp3

* DmaD321EAF2.bin

* gaa87623F1A.bin

* LgcBD7C367B.bin

* Towers8704C9EE.mp3

* towers_intro01EA2427.mp3

* towers_menu_to_menu986D1F39.mp3

* towers_menu_to_menu_rev04E0B0D5.mp3

* towers_menu_to_sub12FA45406.mp3

* towers_menu_to_sub1_revF8C8F9CA.mp3

* towers_menu_to_sub28F3C7113.mp3

* towers_menu_to_sub2_revC5F1FB00.mp3

* towers_menu_to_sub3B9055881.mp3

* towers_menu_to_sub3_rev5B7AC697.mp3

* towers_menu_to_sub4BB3F1731.mp3

* towers_menu_to_sub4_revBA456A7F.mp3

* towers_menu_to_sub587AB9041.mp3

* towers_menu_to_sub5_revF261D7A8.mp3

* towers_menu_to_sub61B77F193.mp3

* towers_menu_to_sub6_revF3DD1D22.mp3

* towers_title170BA0419.mp3

* towers_title1_revDFB1DC8D.mp3

* towers_title2EC19B586.mp3

* towers_title2_revB7C17123.mp3

* towers_title331CA3F44.mp3

* towers_title3_rev6913D009.mp3

* towers_title44FCC8253.mp3

* towers_title4_revD3C51740.mp3

* towers_title5261EAEB3.mp3

* towers_title5_rev27B818C9.mp3

* towers_title6E6B29363.mp3

* towers_title6_rev430CF1A2.mp3

* C:\DOCUMENTS AND SETTINGS\STEPHEN PUGH\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MAFC3PSU.DEFAULT\CACHE\_CACHE_001_

* C:\DOCUMENTS AND SETTINGS\STEPHEN PUGH\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MAFC3PSU.DEFAULT\CACHE\_CACHE_002_

* C:\DOCUMENTS AND SETTINGS\STEPHEN PUGH\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MAFC3PSU.

 

Options

Scanning engines:

 

* F-Secure Libra: 2.4.2, 2007-07-27

* F-Secure AVP: 7.0.171, 2007-07-27

* F-Secure Orion: 1.2.37, 2007-07-27

* F-Secure Blacklight: 1.0.64

* F-Secure Draco: 1.0.35, 0260-23-12

* F-Secure Pegasus: 1.19.0, 2007-06-17

 

Scanning options:

 

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX

* Scan inside archives

* Use Advanced heuristics

 

Copyright © 1998-2006 Product support |Send virus sample to F-Secure

F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:16:12 PM, on 7/27/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe

C:\DOCUME~1\STEPHE~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe

C:\Documents and Settings\Stephen Pugh\Desktop\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Stephen Pugh\Application Data\Mozilla\Firefox\Profiles\mafc3psu.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Stephen Pugh\Application Data\Mozilla\Firefox\Profiles/mafc3psu.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1162897203218

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{132B9A13-5C19-4429-880B-C844AE15F8A5}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS1\Services\Tcpip\..\{132B9A13-5C19-4429-880B-C844AE15F8A5}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

 

--

End of file - 7194 bytes

 

 

 

 

 

 

Everything seems to be running good. Thanks again for your continued help.

Share this post


Link to post
Share on other sites

StevetheClub,

 

Thanks for the posts. Your log appears to be clean! Congrats! :thumbsup::thumbsup:

 

Everything seems to be running good. Thanks again for your continued help.
Excellent! My pleasure.

 

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at SWI are to help you, for your sake we would rather not have repeat customers. :p

 

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

 

1) First and foremost, you should maintain a firewall. It is the primary way to keep out malware. Some good free firewalls are ZoneAlarm, Kerio, or Outpost A tutorial on understanding and using firewalls may be found here.

 

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

 

SpywareBlaster

A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

 

SpywareGuard

A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

 

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

 

3) I see you are using Mozilla's Firefox. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. I would recommend that you continue to use it.

 

4) Also make sure to run your antivirus software, perform scans regularly, and to keep it up-to-date.

 

Please also read Tony Klein's excellent article: How I got Infected in the First Place

 

Hopefully this should take care of your problems! Good luck. :D

Share this post


Link to post
Share on other sites

Since this issue appears resolved ... this Topic is closed.

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0