1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

google links being redirected in both Firefox and IE

Discussion in 'Virus & Other Malware Removal' started by djcomet, Nov 4, 2009.

Thread Status:
Not open for further replies.
  1. djcomet

    djcomet Thread Starter

    Joined:
    Sep 28, 2005
    Messages:
    14
    I have somekind of malware attack going on.

    Clicking on a google search result I am being redirected to other search directories/engines.

    I need assistance, please!

    DDS report
    RootRepeal report
    HJT all below.




    DDS (Ver_09-10-26.01) - NTFSx86
    Run by Dan at 23:20:36.59 on Tue 11/03/2009
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1338 [GMT -8:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\rundll32.exe
    svchost.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\MioNet\MioNetManager.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\MioNet\jvm\bin\MioNet.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\MioNet\jvm\bin\MioNet.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\SUPERAntiSpyware\superantispyware .exe
    C:\DOCUME~1\Dan\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\YP9SGY1E\dds[1].pif

    ============== Pseudo HJT Report ===============

    uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
    uStart Page = hxxp://www.google.com/webhp?hl=en
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: Thirty Day Challenge Toolbar: {7104ec46-5dfb-4609-84f0-915970e383d7} - c:\program files\thirty_day_challenge\tbThir.dll
    BHO: Thirty Day Challenge Toolbar: {7104ec46-5dfb-4609-84f0-915970e383d7} - c:\program files\thirty_day_challenge\tbThir.dll
    TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
    TB: Thirty Day Challenge Toolbar: {7104ec46-5dfb-4609-84f0-915970e383d7} - c:\program files\thirty_day_challenge\tbThir.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - No File
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [MioNet] c:\program files\mionet\MioNetLauncher.exe /p
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Cwujubemojoke] rundll32.exe "c:\windows\imaruvoz.dll",Startup
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Open with ScanSoft PDF Converter 4.2 - c:\program files\scansoft\pdf professional 4.0\cnvres_eng.dll /100
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Notification Packages = scecli xypsthcs.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\dan\applic~1\mozilla\firefox\profiles\z712uhs0.default\
    FF - prefs.js: browser.search.selectedEngine - Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - HiddenExtension: XULRunner: {1FEF9123-94FE-4C4E-A40D-B2BB9C65E193} - c:\documents and settings\dan\local settings\application data\{1FEF9123-94FE-4C4E-A40D-B2BB9C65E193}
    FF - HiddenExtension: XULRunner: {CDA44755-043F-47C1-9700-C3AA19E736EB} - c:\documents and settings\administrator.heidi\local settings\application data\{cda44755-043f-47c1-9700-c3aa19e736eb}\
    FF - HiddenExtension: Sotfone Tracker: No Registry Reference - c:\program files\mozilla firefox\extensions\[email protected]

    ============= SERVICES / DRIVERS ===============

    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
    R2 MioNet;MioNet;c:\program files\mionet\MioNetManager.exe [2008-6-10 139264]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
    S2 gupdate1c9cee09812a166;Google Update Service (gupdate1c9cee09812a166);c:\program files\google\update\GoogleUpdate.exe [2009-5-6 133104]
    S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys --> c:\windows\system32\drivers\klim5.sys [?]

    ============== File Associations ===============

    regfile=regedit.exe %1
    scrfile="%1" %*

    =============== Created Last 30 ================

    2009-10-27 05:41:51 90112 ----a-w- C:\lulu2.exe
    2009-10-21 23:40:42 54156 ---ha-w- c:\windows\QTFont.qfn
    2009-10-21 23:40:42 1409 ----a-w- c:\windows\QTFont.for
    2009-10-10 05:07:23 0 d-----w- C:\Inventory Apr 8 08
    2009-10-10 05:06:58 0 d-----w- C:\Inventory 07
    2009-10-10 05:04:38 0 d-----w- C:\MD Balla 2008
    2009-10-05 07:29:41 0 d-----w- c:\program files\Default Company Name

    ==================== Find3M ====================

    2009-09-05 17:01:22 143464 ----a-w- c:\docume~1\dan\applic~1\GDIPFONTCACHEV1.DAT
    2009-07-05 15:17:48 628 ----a-w- c:\program files\LuLu2.lnk
    2009-07-11 06:00:29 49152 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009071020090711\index.dat

    ============= FINISH: 23:22:00.79 ===============


    ROOTREPEAL (c) AD, 2007-2009
    ==================================================
    Scan Start Time: 2009/11/03 23:27
    Program Version: Version 1.3.5.0
    Windows Version: Windows XP SP3
    ==================================================

    Drivers
    -------------------
    Name: dump_atapi.sys
    Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
    Address: 0xB75DF000 Size: 98304 File Visible: No Signed: -
    Status: -

    Name: dump_WMILIB.SYS
    Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
    Address: 0xF79CB000 Size: 8192 File Visible: No Signed: -
    Status: -

    Name: rootrepeal.sys
    Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
    Address: 0xB5EAE000 Size: 49152 File Visible: No Signed: -
    Status: -

    Hidden/Locked Files
    -------------------
    Path: Volume C:\
    Status: MBR Rootkit Detected!

    Path: Volume C:\, Sector 1
    Status: Sector mismatch

    Path: Volume C:\, Sector 2
    Status: Sector mismatch

    Path: Volume C:\, Sector 3
    Status: Sector mismatch

    Path: Volume C:\, Sector 4
    Status: Sector mismatch

    Path: Volume C:\, Sector 5
    Status: Sector mismatch

    Path: Volume C:\, Sector 6
    Status: Sector mismatch

    Path: Volume C:\, Sector 11
    Status: Sector mismatch

    Path: Volume C:\, Sector 12
    Status: Sector mismatch

    Path: Volume C:\, Sector 13
    Status: Sector mismatch

    Path: Volume C:\, Sector 14
    Status: Sector mismatch

    Path: Volume C:\, Sector 15
    Status: Sector mismatch

    Path: Volume C:\, Sector 16
    Status: Sector mismatch

    Path: Volume C:\, Sector 17
    Status: Sector mismatch

    Path: Volume C:\, Sector 18
    Status: Sector mismatch

    Path: Volume C:\, Sector 19
    Status: Sector mismatch

    Path: Volume C:\, Sector 20
    Status: Sector mismatch

    Path: Volume C:\, Sector 21
    Status: Sector mismatch

    Path: Volume C:\, Sector 22
    Status: Sector mismatch

    Path: Volume C:\, Sector 23
    Status: Sector mismatch

    Path: Volume C:\, Sector 25
    Status: Sector mismatch

    Path: Volume C:\, Sector 26
    Status: Sector mismatch

    Path: Volume C:\, Sector 27
    Status: Sector mismatch

    Path: Volume C:\, Sector 28
    Status: Sector mismatch

    Path: Volume C:\, Sector 29
    Status: Sector mismatch

    Path: Volume C:\, Sector 30
    Status: Sector mismatch

    Path: Volume C:\, Sector 31
    Status: Sector mismatch

    Path: Volume C:\, Sector 32
    Status: Sector mismatch

    Path: Volume C:\, Sector 33
    Status: Sector mismatch

    Path: Volume C:\, Sector 34
    Status: Sector mismatch

    Path: Volume C:\, Sector 35
    Status: Sector mismatch

    Path: Volume C:\, Sector 36
    Status: Sector mismatch

    Path: Volume C:\, Sector 37
    Status: Sector mismatch

    Path: Volume C:\, Sector 38
    Status: Sector mismatch

    Path: Volume C:\, Sector 39
    Status: Sector mismatch

    Path: Volume C:\, Sector 40
    Status: Sector mismatch

    Path: Volume C:\, Sector 41
    Status: Sector mismatch

    Path: Volume C:\, Sector 42
    Status: Sector mismatch

    Path: Volume C:\, Sector 43
    Status: Sector mismatch

    Path: Volume C:\, Sector 44
    Status: Sector mismatch

    Path: Volume C:\, Sector 45
    Status: Sector mismatch

    Path: Volume C:\, Sector 46
    Status: Sector mismatch

    Path: Volume C:\, Sector 47
    Status: Sector mismatch

    Path: Volume C:\, Sector 49
    Status: Sector mismatch

    Path: Volume C:\, Sector 50
    Status: Sector mismatch

    Path: Volume C:\, Sector 51
    Status: Sector mismatch

    Path: Volume C:\, Sector 53
    Status: Sector mismatch

    Path: Volume C:\, Sector 55
    Status: Sector mismatch

    Path: Volume C:\, Sector 58
    Status: Sector mismatch

    Path: Volume C:\, Sector 59
    Status: Sector mismatch

    Path: Volume C:\, Sector 60
    Status: Sector mismatch

    Path: Volume C:\, Sector 61
    Status: Sector mismatch

    Path: Volume C:\, Sector 62
    Status: Sector mismatch

    Path: C:\WINDOWS\system32\gasfkydqjjdbot.dat
    Status: Invisible to the Windows API!

    Path: C:\WINDOWS\system32\gasfkyfdxarvpr.dll
    Status: Invisible to the Windows API!

    Path: C:\WINDOWS\system32\gasfkykmkmlmhx.dll
    Status: Invisible to the Windows API!

    Path: C:\WINDOWS\system32\gasfkyqnhlsvey.dat
    Status: Invisible to the Windows API!

    Path: C:\WINDOWS\system32\gasfkyviocfikt.dll
    Status: Invisible to the Windows API!

    Path: C:\WINDOWS\system32\gasfkyvvdykcjs.dll
    Status: Invisible to the Windows API!

    Path: C:\WINDOWS\system32\gasfkywgrhsary.dll
    Status: Invisible to the Windows API!

    Path: C:\WINDOWS\temp\gasfkymornpsetis.tmp
    Status: Invisible to the Windows API!

    Path: C:\WINDOWS\system32\drivers\gasfkyrmowkxnn.sys
    Status: Invisible to the Windows API!

    Path: c:\documents and settings\dan\local settings\temp\etilqs_pksk8b9ewltdzklcixkk
    Status: Allocation size mismatch (API: 16384, Raw: 0)

    SSDT
    -------------------
    #: 257 Function Name: NtTerminateProcess
    Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xb775cf20

    Stealth Objects
    -------------------
    Object: Hidden Module [Name: gasfkykmkmlmhx.dll]
    Process: svchost.exe (PID: 908) Address: 0x10000000 Size: 57344

    Hidden Services
    -------------------
    Service Name: gasfkybxvvkklf
    Image Path: C:\WINDOWS\system32\drivers\gasfkyrmowkxnn.sys

    ==EOF==

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:07:27 AM, on 11/4/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\MioNet\MioNetManager.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\MioNet\jvm\bin\MioNet.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MioNet\jvm\bin\MioNet.exe
    C:\Program Files\SUPERAntiSpyware\superantispyware .exe
    C:\DOCUME~1\Dan\LOCALS~1\Temp\RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\notepad.exe
    C:\HijackThis\HijackThis.exe

    R3 - URLSearchHook: Thirty Day Challenge Toolbar - {7104ec46-5dfb-4609-84f0-915970e383d7} - C:\Program Files\Thirty_Day_Challenge\tbThir.dll
    O2 - BHO: Thirty Day Challenge Toolbar - {7104ec46-5dfb-4609-84f0-915970e383d7} - C:\Program Files\Thirty_Day_Challenge\tbThir.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Thirty Day Challenge Toolbar - {7104ec46-5dfb-4609-84f0-915970e383d7} - C:\Program Files\Thirty_Day_Challenge\tbThir.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [MioNet] C:\Program Files\MioNet\MioNetLauncher.exe /p
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Cwujubemojoke] rundll32.exe "C:\WINDOWS\imaruvoz.dll",Startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.2 - res://C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: Google Update Service (gupdate1c9cee09812a166) (gupdate1c9cee09812a166) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MioNet - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
    O24 - Desktop Component 0: (no name) - (no file)

    --
    End of file - 3933 bytes
     
  2. djcomet

    djcomet Thread Starter

    Joined:
    Sep 28, 2005
    Messages:
    14
    Google links are being redirected when selected. This is occurring in both IE and Firefox.
    I have run Spybot Search & Destroy, Malwarebytes, Superantispyware, Avast, Avira Antivir

    In spite of all the various things they have found and corrected the problem persists with Google results being redirected when selected.

    In addition with all the clean up, my IE does not run anymore. It opens, starts then closed due to some error it encounters.

    Thanks in advance.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:51:12 PM, on 11/6/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Program Files\MioNet\MioNetManager.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\MioNet\jvm\bin\MioNet.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MioNet\jvm\bin\MioNet.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Thirty Day Challenge Toolbar - {7104ec46-5dfb-4609-84f0-915970e383d7} - C:\Program Files\Thirty_Day_Challenge\tbThir.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Thirty Day Challenge Toolbar - {7104ec46-5dfb-4609-84f0-915970e383d7} - C:\Program Files\Thirty_Day_Challenge\tbThir.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Thirty Day Challenge Toolbar - {7104ec46-5dfb-4609-84f0-915970e383d7} - C:\Program Files\Thirty_Day_Challenge\tbThir.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [MioNet] C:\Program Files\MioNet\MioNetLauncher.exe /p
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Open with ScanSoft PDF Converter 4.2 - res://C:\Program Files\ScanSoft\PDF Professional 4.0\cnvres_eng.dll /100
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: Google Update Service (gupdate1c9cee09812a166) (gupdate1c9cee09812a166) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MioNet - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\
    O24 - Desktop Component 0: (no name) - (no file)

    --
    End of file - 5320 bytes
     

    Attached Files:

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/875097

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice