1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browser Hijacked after google search!

Discussion in 'Virus & Other Malware Removal' started by gary33411, Dec 18, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. gary33411

    gary33411 Thread Starter

    Joined:
    Aug 30, 2009
    Messages:
    10
    Browser being hijacked after doing Google search and clicking on a search result! see attached log file

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:56:57 PM, on 12/18/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.7930.16406)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Nuance\PaperPort\pptd40nt.exe
    C:\Program Files\Nuance\PDFViewerPlus\pdfPro5Hook.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    C:\Windows\ALCXMNTR.EXE
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\NCH Swift Sound\IVM\ivm.exe
    C:\Program Files\NCH Swift Sound\Axon\axon.exe
    C:\Program Files\NCH Swift Sound\Talk\talk.exe
    C:\Program Files\NCH Swift Sound\VRS\vrs.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Realtek\Transcode Server\TranscodeServer.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\System32\rundll32.exe
    C:\Users\HP_Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Zecter\ZumoCast\ZumoCast.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Windows\ehome\ehmsas.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
    c:\windows\system\hpsysdrv.exe
    C:\Users\HP_Administrator\Documents\Downloads\HijackThis(3).exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?

    SearchSource=10&ctid=CT2790392
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

    http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

    http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {0ff9a677-542a-481d-a6d6-3fa32d8a806d} - (no file)
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program

    Files\BitTorrentBar\tbBitT.dll
    O1 - Hosts: ::1 localhost
    O1 - Hosts: Sat Oct 13 19:09:02 2007 - # Intermedia changes begin
    O1 - Hosts: 207.5.74.79 EXVMBX003-4
    O1 - Hosts: 207.5.74.79 EXVMBX003-4.exch003intermedia.net
    O1 - Hosts: 64.78.61.81 DC003.exch003intermedia.net
    O1 - Hosts: 64.78.20.20 DC003-1.exch003intermedia.net
    O1 - Hosts: Sat Oct 13 19:09:02 2007 - # Intermedia changes end
    O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

    Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-

    8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program

    Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

    C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program

    Files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program

    Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program

    Files\BitTorrentBar\tbBitT.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

    Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - (no file)
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1

    \Office14\URLREDIR.DLL
    O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program

    Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

    Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program

    Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll
    O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program

    Files\BitTorrentBar\tbBitT.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program

    Files\ConduitEngine\ConduitEngine.dll
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe"

    /run
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
    O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
    O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r

    "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
    O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDFViewerPlus\pdfpro5hook.exe
    O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program

    Files\Nuance\PDFViewerPlus\RegistryController.exe
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks

    Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection

    Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java

    Update\jusched.exe"
    O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe"

    /DelayServices
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -

    nosplash
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0

    \Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [IVM] "C:\Program Files\NCH Swift Sound\IVM\ivm.exe" -logon
    O4 - HKLM\..\Run: [Axon] "C:\Program Files\NCH Swift Sound\Axon\axon.exe" -logon
    O4 - HKLM\..\Run: [Talk] "C:\Program Files\NCH Swift Sound\Talk\talk.exe" -logon
    O4 - HKLM\..\Run: [VRS] "C:\Program Files\NCH Swift Sound\VRS\vrs.exe" -logon
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-

    Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common

    Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [TranscodeServer] C:\Program Files\Realtek\Transcode

    Server\TranscodeServer.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common

    Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ZumoCast] C:\Program Files\Zecter\ZumoCast\ZumoLauncher.lnk
    O4 - HKCU\..\Run: [DSCR] rundll32 "C:\Users\HP_Administrator\AppData\Roaming\gb23126.dll",tsig
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program

    Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32

    \Macromed\Flash\FlashUtil10a.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program

    Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32

    \Macromed\Flash\FlashUtil10a.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: AutorunsDisabled
    O4 - Startup: Dropbox.lnk = HP_Administrator\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft

    Office\Office12\ONENOTEM.EXE
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe
    O4 - Global Startup: AutorunsDisabled
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program

    Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program

    Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program

    Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Append the content of the link to existing PDF file -

    res://C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    O8 - Extra context menu item: Append the content of the selected links to existing PDF file -

    res://C:\Program Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
    O8 - Extra context menu item: Append to existing PDF file - res://C:\Program

    Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
    O8 - Extra context menu item: Create PDF file - res://C:\Program

    Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program

    Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
    O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program

    Files\Nuance\PDFViewerPlus\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12

    \EXCEL.EXE/3000
    O8 - Extra context menu item: Open with PDF Viewer Plus - res://C:\Program

    Files\Nuance\PDFViewerPlus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth

    Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
    O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} -

    C:\Program Files\Internet Radio\Radio.exe (file missing)
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1

    \MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

    C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-

    00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

    C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-

    9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -

    C:\Windows\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-

    0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1

    \Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\Windows\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\Windows\Network Diagnostic\xpnetdiag.exe
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} -

    http://www.viewpoint.co.kr/vet_install/MetaStream3.cab?

    url=http://www.samsungnv.com/3d_pop/3d_vr/NV10/NV10_Eng/show_room/3dvr_nv10.html
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

    http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2A8E48FA-6635-4906-A556-6C9E9BB2A4B7}: NameServer =

    4.2.2.1,4.2.2.2
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program

    Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program

    Files\AVG\AVG9\avgpp.dll
    O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll, avgrsstx.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-

    3078302C2030} - C:\Windows\system32\browseui.dll
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} -

    C:\Windows\System32\DreamScene.dll
    O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} -

    C:\Program Files\Stardock\ObjectDockPlus2\ODMenu.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common

    Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner -

    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems

    Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems -

    C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile

    Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32

    \Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program

    Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9

    \avgwdsvc.exe
    O23 - Service: Axon Virtual PBX (AxonService) - Unknown owner - C:\Program Files\NCH Swift

    Sound\Axon\axon.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL

    Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common

    Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program

    Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

    Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IVM Answering Attendant (IVMService) - Unknown owner - C:\Program Files\NCH Swift

    Sound\IVM\ivm.exe
    O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-

    Aware\AAWService.exe (file missing)
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-

    Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Unknown owner - C:\Program

    Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (file missing)
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program

    Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program

    Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common

    Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Realtek87B - Realtek - C:\Program Files\Realtek\RTL8187B Wireless LAN

    Utility\RtlService.exe
    O23 - Service: VRS Recording System (VRSService) - Unknown owner - C:\Program Files\NCH Swift

    Sound\VRS\vrs.exe

    --
    End of file - 18305 bytes
     
  2. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:


    Please download DDS from either of these links

    LINK 1
    LINK 2

    and save it to your desktop.
    • Disable any script blocking protection
    • Double click dds to run the tool.
    • When done, two DDS.txt's will open.
    • Save both reports to your desktop.
    ---------------------------------------------------
    Please include the contents of the following in your next reply:

    DDS.txt
    Attach.txt.


    NEXT


    Download GMER Rootkit Scanner from here to your desktop. It will be a randomly named executable.
    • Double click the exe file.
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.

      [​IMG]
      Click the image to enlarge it
    • In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop, and attach it in reply.

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
     
  3. gary33411

    gary33411 Thread Starter

    Joined:
    Aug 30, 2009
    Messages:
    10
    DDS Txt attached
     

    Attached Files:

    • DDS.txt
      File size:
      28.3 KB
      Views:
      1
  4. gary33411

    gary33411 Thread Starter

    Joined:
    Aug 30, 2009
    Messages:
    10
    Attach TXT Zip
     

    Attached Files:

  5. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    any luck with the GMER scan?
     
  6. gary33411

    gary33411 Thread Starter

    Joined:
    Aug 30, 2009
    Messages:
    10
    Begins scan and then gives error that it has stopped working. Any ideas?
    Gary
     
  7. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following

    Refer to the ComboFix User's Guide

    1. Download ComboFix from one of these locations:

      Link 1
      Link 2

      * IMPORTANT !!! Place ComboFix.exe on your Desktop
    2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


      You can get help on disabling your protection programs here
    3. Double click on ComboFix.exe & follow the prompts.
    4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
    5. When finished, it shall produce a log for you. Post that log in your next reply

      Note:
      Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


      ---------------------------------------------------------------------------------------------
    6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

      ---------------------------------------------------------------------------------------------
     
  8. gary33411

    gary33411 Thread Starter

    Joined:
    Aug 30, 2009
    Messages:
    10
    I disabled the resident shield in AVG 9 it is now telling to either use another removal tool or to uninstall AVG what do i do next?
    Gary
     
  9. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Please uninstall AVG, certain versions of AVG will attack the tool, so it will not be able to do it's job

    use Appremover

    Please download AppRemover and save it to your desktop.
    • Double click on AppRemover.exe to run it.
    • Uncheck "Enable anonymous usage statistics. No personal data will be recorded."
    • Click on the Next button.
    • Click on "Remove Security Application" or "Clean Up a Failed Uninstall" depending on what you want to do. (you want the failed uninstall)
    • Click on the Next button.
    • A scan begins, please wait. Once done, click on the Next button.
    • Now you should have a list of your installed programs, choose the one you want to remove and click on the Next button.
    • Follow the last step and reboot if asked to do so.


    Please don't reinstall it till your computer is completely clean
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Browser Hijacked google
  1. bj nick
    Replies:
    0
    Views:
    675
  2. Brigham
    Replies:
    1
    Views:
    590
  3. genubi
    Replies:
    0
    Views:
    303
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/969309

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice