There is some browser hijakcing going on my computer. I need to get this sorted!
Symptoms:
google chrome not working
keep getting redirected to untrustworthy sites
What I have done:
ran a hijackthis scan
downloaded malwarebytes and am currently running a quick scan (will do a full one if that doesn't work)
hijakthis result
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:27, on 2010-06-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programs\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programs\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programs\AVG\AVG8\avgwdsvc.exe
C:\Programs\AVG\AVG8\avgtray.exe
C:\Programs\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programs\CyberLink\PCM4Everio\EverioService.exe
C:\Programs\DivX\DivX Update\DivXUpdate.exe
C:\Programs\Everything\Everything.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programs\Bonjour\mDNSResponder.exe
C:\Programs\ViStart\ViStart.exe
C:\Programs\Taskbar Shuffle\taskbarshuffle.exe
C:\Programs\Innovative Solutions\DriverMax\devices.exe
C:\Users\Jamie\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Programs\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dlbccoms.exe
C:\Programs\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programs\TeamViewer\Version5\TeamViewer_Service.exe
C:\Programs\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Programs\AVG\AVG8\avgemc.exe
C:\Programs\TeamViewer\Version5\TeamViewer.exe
C:\Programs\AVG\AVG8\avgcsrvx.exe
C:\Programs\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programs\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programs\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Programs\Mozilla Firefox\firefox.exe
C:\Programs\AVG\AVG8\avgnsx.exe
D:\Documents\Downloads\prio.exe
C:\Temp\prio\prioinst.exe
C:\Programs\Malwarebytes' Anti-Malware\mbam.exe
C:\Programs\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thefreevpn.com/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programs\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programs\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programs\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programs\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Programs\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [BIH] C:\WINDOWS\system32\rundll32.exe bih.dll,InitGauge
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Programs\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programs\QT Lite\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programs\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programs\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EverioService] "C:\Programs\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programs\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Everything] "C:\Programs\Everything\Everything.exe" -startup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programs\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jamie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ViStart] C:\Programs\ViStart\ViStart.exe
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Programs\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [DriverMax] "C:\Programs\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Programs\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [{1EA16FE0-E842-5DD2-5236-A9A9660B493F}] "D:\Documents\Application Data\Efpew\ytoff.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Programs\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programs\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programs\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programs\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: WBSYS.DLL C:\PROGRAMS\GOOGLE\GOOGLE~1\GOEC62~1.DLL prio.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programs\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Programs\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Programs\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programs\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Programs\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: dlbc_device - - C:\WINDOWS\system32\dlbccoms.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Programs\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programs\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programs\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programs\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Programs\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Programs\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programs\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
What else can I do? What should I get rid of and how?
Symptoms:
google chrome not working
keep getting redirected to untrustworthy sites
What I have done:
ran a hijackthis scan
downloaded malwarebytes and am currently running a quick scan (will do a full one if that doesn't work)
hijakthis result
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:50:27, on 2010-06-28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programs\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programs\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programs\AVG\AVG8\avgwdsvc.exe
C:\Programs\AVG\AVG8\avgtray.exe
C:\Programs\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programs\CyberLink\PCM4Everio\EverioService.exe
C:\Programs\DivX\DivX Update\DivXUpdate.exe
C:\Programs\Everything\Everything.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programs\Bonjour\mDNSResponder.exe
C:\Programs\ViStart\ViStart.exe
C:\Programs\Taskbar Shuffle\taskbarshuffle.exe
C:\Programs\Innovative Solutions\DriverMax\devices.exe
C:\Users\Jamie\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Programs\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dlbccoms.exe
C:\Programs\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programs\TeamViewer\Version5\TeamViewer_Service.exe
C:\Programs\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Programs\AVG\AVG8\avgemc.exe
C:\Programs\TeamViewer\Version5\TeamViewer.exe
C:\Programs\AVG\AVG8\avgcsrvx.exe
C:\Programs\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programs\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programs\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Programs\Mozilla Firefox\firefox.exe
C:\Programs\AVG\AVG8\avgnsx.exe
D:\Documents\Downloads\prio.exe
C:\Temp\prio\prioinst.exe
C:\Programs\Malwarebytes' Anti-Malware\mbam.exe
C:\Programs\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thefreevpn.com/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programs\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programs\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programs\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programs\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Programs\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [BIH] C:\WINDOWS\system32\rundll32.exe bih.dll,InitGauge
O4 - HKLM\..\Run: [AVG8_TRAY] C:\Programs\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programs\QT Lite\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programs\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programs\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [EverioService] "C:\Programs\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programs\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Everything] "C:\Programs\Everything\Everything.exe" -startup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programs\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jamie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ViStart] C:\Programs\ViStart\ViStart.exe
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Programs\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [DriverMax] "C:\Programs\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Programs\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [{1EA16FE0-E842-5DD2-5236-A9A9660B493F}] "D:\Documents\Application Data\Efpew\ytoff.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Programs\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programs\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programs\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programs\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: WBSYS.DLL C:\PROGRAMS\GOOGLE\GOOGLE~1\GOEC62~1.DLL prio.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programs\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Programs\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Programs\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programs\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Programs\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: dlbc_device - - C:\WINDOWS\system32\dlbccoms.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Programs\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programs\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Programs\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programs\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Programs\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Programs\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programs\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
What else can I do? What should I get rid of and how?