There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
audio bios blue screen boot bsod computer connection crash dcom dell driver drivers email error excel firefox google hard drive hardware hijackthis internet laptop logon logs off macro malware microsoft motherboard network networking problem ram recovery router screen slow software sound trojan usb userinit.exe virus vista webcam wifi windows windows 7 windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
go.google redirect virus (New)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
 
Thread Tools
xathlin's Avatar
Computer Specs
Junior Member with 2 posts.
  
Join Date: Sep 2008
Experience: Beginner
04-Sep-2008, 10:49 AM #1
go.google redirect virus
Hello Techguy.org! this is my first post. in the past i've always tried fixing my own problems by searching online and mimicking virus elimination processes, but malware and their cures are becoming so much more complex that I knew i've got to resort to expert help eventually.

but i digress. Recently, (2 weeks) my desktop has been experiencing a host of viruses, ranging from brontoks to coolsearches. I've ran many virus removal programs like hitman pro, norton security, micro trend, and smifraudfix. I think I'm out of the thick of it, because I've at least regained control of my computer. my internet browser (and possibly connection) seems to be still affect by malware. whenever I search online in google or yahoo, i get redirected by this go.google.com thing to a commercial website. My internet connection is at a crawl and typing in internet addresses just results in road runner search as if the website doesn't exist. I've read a few solution on other threads but i didn't dare risk tampering with anything on combofix or HTJ without consulting an expert. so whith that said here is my HTJ log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:08 AM, on 9/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\SOUNDMAN.EXE
F:\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
F:\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\Iexplore.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3FDF0740-6196-4311-8152-68FE61082750} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {B82F29E4-8368-4B14-9C00-5138C0D94034} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] F:\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [mxtkqOJ0Xu] C:\Documents and Settings\All Users\Application Data\glydclez\uzoxoxav.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ljJCvSkh - ljJCvSkh.dll (file missing)
O21 - SSODL: qdnkewfa - {277A6F5F-EF99-4A8B-9C69-D631615452EC} - (no file)
O21 - SSODL: mgsvflkw - {B0A2BD41-7593-44A8-87CF-7645DB6AD7DD} - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

i did already delete/fix a couple that i knew were brontok viruses, but that is what remains. thankyou again for your help and i hope to be a contributor to this forum.
Register for free to hide this ad!
Cheeseball81's Avatar
Moderator with 74,473 posts.
  
Join Date: Mar 2004
Location: New York
04-Sep-2008, 12:32 PM #2
Hi and welcome

Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • ...
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
__________________
Microsoft MVP/Windows - Consumer Security
If we've helped you, please donate to TSG
xathlin's Avatar
Computer Specs
Junior Member with 2 posts.
  
Join Date: Sep 2008
Experience: Beginner
05-Sep-2008, 12:01 AM #3
hey, thanks for the reply. I ran the programs as suggested and it seems that my browser works fine now, and the connection is back to normal. problem solved! (i hope) here's the log for combofix and hijackthis:

ComboFix 08-09-04.08 - VMa 2008-09-04 23:41:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.665 [GMT -4:00]
Running from: C:\Documents and Settings\VMa\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\PC-Cleaner
C:\WINDOWS\cookies.ini
C:\WINDOWS\system\_sv_CMD_
C:\WINDOWS\system\_sv_CMD_\_U_.exe
C:\WINDOWS\system32\lmtpvkgk.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\tDfNonnn.ini
C:\WINDOWS\system32\tDfNonnn.ini2
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssservers.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Service_6to4

((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 )))))))))))))))))))))))))))))))
.
2008-09-04 10:02 . 2008-09-04 10:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-04 10:00 . 2008-09-04 10:00 <DIR> d-------- C:\!KillBox
2008-09-01 15:57 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-01 15:57 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-01 15:57 . 2008-04-12 17:34 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-01 15:57 . 2008-04-12 13:49 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-01 15:57 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-09-01 15:57 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-01 15:57 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-01 04:16 . 2008-09-01 04:16 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-01 04:11 . 2008-09-01 04:11 12,288 --a------ C:\WINDOWS\system32\tdssserf.dll
2008-08-27 01:34 . 2008-08-27 02:34 <DIR> d-------- C:\WINDOWS\ShellNew
2008-08-26 18:18 . 2008-08-26 18:19 <DIR> d-------- C:\Documents and Settings\Administrator
2008-08-25 15:10 . 2008-08-25 15:10 10 -r-hs---- C:\WINDOWS\system32\sistem.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 03:40 --------- d-----w C:\Documents and Settings\VMa\Application Data\Move Networks
2008-09-05 03:39 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-05 03:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-05 03:38 --------- d-----w C:\Documents and Settings\VMa\Application Data\Lavasoft
2008-09-04 03:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-04 02:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-04 02:30 --------- d-----w C:\Program Files\Norton Security Scan
2008-09-03 11:21 --------- d-----w C:\Program Files\Hitman Pro
2008-09-02 00:28 --------- d-----w C:\Documents and Settings\VMa\Application Data\Skype
2008-09-02 00:10 --------- d-----w C:\Documents and Settings\VMa\Application Data\skypePM
2008-08-01 14:27 --------- d-----w C:\Documents and Settings\VMa\Application Data\gtk-2.0
2008-07-26 23:32 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-14 05:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-11 19:14 --------- d-----w C:\Program Files\Skype
2008-07-11 19:14 --------- d-----w C:\Program Files\Common Files\Skype
2008-07-11 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-07-11 18:47 --------- d-----w C:\Program Files\Microsoft LifeCam
2008-07-09 04:04 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-07-08 22:23 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-07-08 22:17 --------- d-----w C:\Documents and Settings\VMa\Application Data\AVS4YOU
2008-07-08 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2004-08-04 07:56 1,392,671 --sh--r C:\WINDOWS\system32\msvbvm60.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2008-01-29 9442584]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2006-07-07 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 8491008]
"HP Software Update"="F:\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2007-04-10 709992]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 C:\WINDOWS\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - F:\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
NETGEAR WG311T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [2006-09-15 1503232]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\syst em]
"DisableCMD"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"F:\\Digital Imaging\\bin\\hpqtra08.exe"=
"F:\\Digital Imaging\\bin\\hpqste08.exe"=
"F:\\Digital Imaging\\bin\\hpofxm08.exe"=
"F:\\Digital Imaging\\bin\\hposfx08.exe"=
"F:\\Digital Imaging\\bin\\hposid01.exe"=
"F:\\Digital Imaging\\bin\\hpqscnvw.exe"=
"F:\\Digital Imaging\\bin\\hpqkygrp.exe"=
"F:\\Digital Imaging\\bin\\hpqCopy.exe"=
"F:\\Digital Imaging\\bin\\hpfccopy.exe"=
"F:\\Digital Imaging\\bin\\hpzwiz01.exe"=
"F:\\Digital Imaging\\bin\\hpoews01.exe"=
"F:\\Digital Imaging\\bin\\hpqnrs08.exe"=
"F:\\Fallout Tactics\\BOS.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"F:\\Steam\\Steam.exe"=
"F:\\Steam\\steamapps\\xathlin\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"F:\\Steam\\steamapps\\crnskimmilk@hotmail.com\\half-life\\hl.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"F:\\Steam\\steamapps\\xathlin\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Ares Ultra\\Ares Ultra.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"F:\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"F:\\Company of Heroes\\RelicCOH.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 13696]
R2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 ATIBTCAP;ATI TV Wonder Video Capture;C:\WINDOWS\system32\drivers\atibtcap.sys [2002-11-05 58240]
S2 ATIBTXBAR;ATI TV Wonder Video Crossbar;C:\WINDOWS\system32\drivers\atibtxbr.sys [2002-11-05 6912]
S2 ATIVTUTW;ATI TV Wonder TV Tuner;C:\WINDOWS\system32\drivers\ativtutw.sys [2002-11-05 17664]
S2 ATIVXSTW;ATI TV Wonder Audio Crossbar;C:\WINDOWS\system32\drivers\ativxstw.sys [2002-11-05 28416]
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\WG11TND5.sys [ ]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 17149]
S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);C:\WINDOWS\system32\DRIVERS\qcusbmdm.sys [2003-03-11 59632]
S3 qcusbser;Qualcomm Diagnostic Port 3197;C:\WINDOWS\system32\DRIVERS\qcusbser.sys [2003-03-11 59632]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\WINDOWS\system32\DRIVERS\wg111v3.sys [ ]
S3 WMP11;Instant Wireless PCI Card Driver;C:\WINDOWS\system32\DRIVERS\WMP11NDS.sys [2001-12-24 50688]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{e891cf17-a44f-11dc-aaed-00184ded6088}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Aim6 - (no file)
Notify-ljJCvSkh - ljJCvSkh.dll
Notify-WgaLogon - (no file)

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\VMa\Application Data\Mozilla\Firefox\Profiles\p7hyeuof.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-04 23:45:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\acs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wscntfy.exe
F:\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-09-04 23:49:27 - machine was rebooted [VMa]
ComboFix-quarantined-files.txt 2008-09-05 03:49:23
Pre-Run: 8,653,176,832 bytes free
Post-Run: 8,543,105,024 bytes free
182 --- E O F --- 2008-09-04 14:57:05

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:57 PM, on 9/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
F:\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\WINDOWS\System32\svchost.exe
F:\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HP Software Update] F:\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG311T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 5903 bytes

is my computer clear, for now at least? either way thanks again for your help. hopefully I won't have any more problems for a while. any more security/antivirus suggestions.
Cheeseball81's Avatar
Moderator with 74,473 posts.
  
Join Date: Mar 2004
Location: New York
05-Sep-2008, 03:44 PM #4
Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply with a new hijackthis log.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
__________________
Microsoft MVP/Windows - Consumer Security
If we've helped you, please donate to TSG
Closed Thread Bookmark and Share   techguy.org/746850

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!


« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 03:13 PM.
Copyright © 1996 - 2010 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2010, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.