Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Browser Hijacking

1K views 3 replies 2 participants last post by  Rorschach112 
#1 ·
There is some browser hijakcing going on my computer. I need to get this sorted!
Symptoms:
google chrome not working
keep getting redirected to untrustworthy sites

What I have done:
ran a hijackthis scan
downloaded malwarebytes and am currently running a quick scan (will do a full one if that doesn't work)
hijakthis result
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:27, on 2010-06-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programs\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programs\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programs\AVG\AVG8\avgwdsvc.exe
C:\Programs\AVG\AVG8\avgtray.exe
C:\Programs\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programs\CyberLink\PCM4Everio\EverioService.exe
C:\Programs\DivX\DivX Update\DivXUpdate.exe
C:\Programs\Everything\Everything.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programs\Bonjour\mDNSResponder.exe
C:\Programs\ViStart\ViStart.exe
C:\Programs\Taskbar Shuffle\taskbarshuffle.exe
C:\Programs\Innovative Solutions\DriverMax\devices.exe
C:\Users\Jamie\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Programs\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dlbccoms.exe
C:\Programs\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programs\TeamViewer\Version5\TeamViewer_Service.exe
C:\Programs\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Programs\AVG\AVG8\avgemc.exe
C:\Programs\TeamViewer\Version5\TeamViewer.exe
C:\Programs\AVG\AVG8\avgcsrvx.exe
C:\Programs\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programs\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programs\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Programs\Mozilla Firefox\firefox.exe
C:\Programs\AVG\AVG8\avgnsx.exe
D:\Documents\Downloads\prio.exe
C:\Temp\prio\prioinst.exe
C:\Programs\Malwarebytes' Anti-Malware\mbam.exe
C:\Programs\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thefreevpn.com/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programs\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programs\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programs\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programs\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Programs\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [BIH] C:\WINDOWS\system32\rundll32.exe bih.dll,InitGauge
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Programs\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programs\QT Lite\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programs\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programs\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EverioService] "C:\Programs\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programs\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Everything] "C:\Programs\Everything\Everything.exe" -startup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programs\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jamie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ViStart] C:\Programs\ViStart\ViStart.exe
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Programs\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [DriverMax] "C:\Programs\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Programs\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [{1EA16FE0-E842-5DD2-5236-A9A9660B493F}] "D:\Documents\Application Data\Efpew\ytoff.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Programs\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programs\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programs\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programs\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: WBSYS.DLL C:\PROGRAMS\GOOGLE\GOOGLE~1\GOEC62~1.DLL prio.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programs\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Programs\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Programs\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programs\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Programs\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: dlbc_device - - C:\WINDOWS\system32\dlbccoms.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Programs\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programs\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programs\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programs\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Programs\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Programs\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programs\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

What else can I do? What should I get rid of and how?
 
See less See more
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top