1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

IE6 redireting to www2.diymov.com

Discussion in 'Virus & Other Malware Removal' started by Kesor, Nov 2, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Kesor

    Kesor Thread Starter

    Joined:
    Nov 2, 2007
    Messages:
    4
    Recently, my internet explorer 6 has been opening by its own to www2.diymov.com. And I dont know how to fix it. Any help would be good.
    Here is the hijack log. Thanks for your helping

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:38:01, on 2007-11-02
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\temp\lsass.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program\DAEMON Tools Pro\DTProAgent.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program\MSN Messenger\usnsvc.exe
    C:\Program\uTorrent\uTorrent.exe
    C:\Program\World of Warcraft\BackgroundDownloader.exe
    C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program\Internet Explorer\iexplore.exe
    C:\Program\Internet Explorer\iexplore.exe
    C:\Program\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Microsoft] C:\WINDOWS\temp\lsass.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKCU\..\Run: [Steam] "C:\Program\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program\Yahoo!\Common\yinsthelper.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 3440 bytes
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download ComboFix to your Desktop.

    • Double click combofix.exe and follow the prompts.
    • When finished, it will produce a log for you. Post that log and a new HijackThis log in your next reply
    Note: Do not mouseclick combofix's window while it's running as that may cause it to stall
     
  3. Kesor

    Kesor Thread Starter

    Joined:
    Nov 2, 2007
    Messages:
    4
    I did what you said, here is the logs.

    ComboFix 07-11-01.1 - Allmän 2007-11-03 1:13:56.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1053.18.1604 [GMT 1:00]
    Running from: C:\Documents and Settings\Allmän\Skrivbord\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2007-10-03 to 2007-11-03 )))))))))))))))))))))))))))))))
    .

    2007-11-03 01:13 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-03 00:05 <KAT> d-------- C:\Documents and Settings\Allmän\Application Data\Ace
    2007-11-02 18:48 <KAT> d-------- C:\WINDOWS\LastGood
    2007-11-02 18:46 <KAT> d-------- C:\Program\THQ
    2007-11-02 18:40 <KAT> d-------- C:\Program\Activision
    2007-11-02 18:39 <KAT> d--hs---- C:\WINDOWS\ftpcache
    2007-11-02 10:37 <KAT> d-------- C:\Program\Trend Micro
    2007-11-02 10:05 <KAT> d-------- C:\Program\SUPERAntiSpyware
    2007-11-02 10:05 <KAT> d-------- C:\Documents and Settings\Allmän\Application Data\SUPERAntiSpyware.com
    2007-11-02 10:05 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-02 04:14 <KAT> d-------- C:\Program\Yahoo!
    2007-11-02 04:14 <KAT> d-------- C:\Program\CCleaner
    2007-11-02 01:43 <KAT> d-------- C:\Documents and Settings\Allmän\Application Data\Ventrilo
    2007-11-02 01:42 <KAT> d-------- C:\Program\Ventrilo
    2007-11-02 01:42 <KAT> d-------- C:\Program\Delade filer\Wise Installation Wizard
    2007-11-02 01:36 <KAT> d-------- C:\Program\Steam
    2007-11-02 00:13 <KAT> d-------- C:\Program\EA GAMES
    2007-11-02 00:05 <KAT> d-------- C:\Program\Codemasters
    2007-11-01 23:17 <KAT> d-------- C:\Program\Sierra Entertainment
    2007-11-01 23:16 <KAT> d--h----- C:\Program\InstallShield Installation Information
    2007-11-01 22:37 <KAT> d-------- C:\Program\DAEMON Tools Pro
    2007-11-01 22:17 <KAT> d---s---- C:\Documents and Settings\Allmän\UserData
    2007-11-01 22:17 <KAT> d---s---- C:\Documents and Settings\Allmän\UserData
    2007-11-01 21:44 <KAT> d-------- C:\Documents and Settings\Allmän\Application Data\DAEMON Tools Pro
    2007-11-01 21:42 <KAT> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
    2007-11-01 21:42 90,112 --a------ C:\Progr_.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-02 17:43 --------- d-----w C:\Documents and Settings\Allmän\Application Data\uTorrent
    2007-11-02 03:01 --------- d-----w C:\Program\World of Warcraft
    2007-11-01 19:41 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-11-01 18:49 --------- d-----w C:\Documents and Settings\Allmän\Application Data\Sports Interactive
    2007-11-01 18:46 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-11-01 18:46 --------- d--h--w C:\Program\Zero G Registry
    2007-11-01 18:46 --------- d--h--r C:\Documents and Settings\Allmän\Application Data\SecuROM
    2007-11-01 18:44 --------- d-----w C:\Program\Sports Interactive
    2007-11-01 18:24 --------- d-----w C:\Program\Delade filer\SpeechEngines
    2007-11-01 18:24 --------- d-----w C:\Program\Delade filer\ODBC
    2007-11-01 18:07 --------- d-----w C:\Program\VideoLAN
    2007-11-01 18:07 --------- d-----w C:\Documents and Settings\Allmän\Application Data\vlc
    2007-11-01 18:06 --------- d-----w C:\Program\uTorrent
    2007-11-01 18:02 --------- d-----w C:\Program\Delade filer\Blizzard Entertainment
    2007-11-01 17:57 --------- d-----w C:\Program\MSN Messenger
    2007-11-01 17:40 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2007-11-01 17:40 --------- d-----w C:\Program\Delade filer\InstallShield
    2007-11-01 17:39 --------- d-----w C:\Program\DIFX
    2007-11-01 17:39 --------- d-----w C:\Documents and Settings\Allmän\Application Data\InstallShield
    2007-11-01 17:34 --------- d-----w C:\Program\microsoft frontpage
    2007-11-01 17:33 --------- d-----w C:\Program\Onlinetjänster
    2007-11-01 17:33 --------- d-----w C:\Program\Delade filer\MSSoap
    2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
    2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
    2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
    2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
    2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
    2007-09-17 00:07 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
    2007-09-17 00:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
    2007-09-17 00:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
    2007-09-17 00:07 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
    2007-09-17 00:07 6,853,088 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
    2007-09-17 00:07 6,746,112 ----a-w C:\WINDOWS\system32\nvoglnt.dll
    2007-09-17 00:07 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
    2007-09-17 00:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll
    2007-09-17 00:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
    2007-09-17 00:07 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
    2007-09-17 00:07 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
    2007-09-17 00:07 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
    2007-09-17 00:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
    2007-09-17 00:07 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
    2007-09-17 00:07 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
    2007-09-17 00:07 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
    2007-09-17 00:07 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
    2007-09-17 00:07 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
    2007-09-17 00:07 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
    2007-09-17 00:07 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
    2007-09-17 00:07 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
    2007-09-17 00:07 2,371,584 ----a-w C:\WINDOWS\system32\nvwss.dll
    2007-09-17 00:07 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
    2007-09-17 00:07 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
    2007-09-17 00:07 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
    2007-09-17 00:07 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
    2007-09-17 00:07 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
    2007-09-17 00:07 1,478,656 ----a-w C:\WINDOWS\system32\nview.dll
    2007-09-17 00:07 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
    2007-09-17 00:07 1,150,976 ----a-w C:\WINDOWS\system32\nvmobls.dll
    2007-09-17 00:07 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
    2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2007-05-10 11:08 C:\WINDOWS\RTHDCPL.EXE]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07]
    "nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:34]
    "MsnMsgr"="C:\Program\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
    "DAEMON Tools Pro Agent"="C:\Program\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 13:45]
    "Steam"="c:\program\steam\steam.exe" [2007-11-02 01:36]
    "SUPERAntiSpyware"="C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program\SUPERAntiSpyware\SASWINLO.dll


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{639e42ab-88aa-11dc-82ea-0019dbd0b933}]
    \Shell\AutoRun\command - E:\autorun.exe

    *Newly Created Service* - CATCHME
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-03 01:14:34
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-03 1:14:48
    .
    --- E O F ---

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:15:26, on 2007-11-03
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program\MSN Messenger\MsnMsgr.Exe
    C:\Program\DAEMON Tools Pro\DTProAgent.exe
    C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program\Internet Explorer\iexplore.exe
    C:\Program\MSN Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKCU\..\Run: [Steam] "c:\program\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 2892 bytes
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply.
     
  5. Kesor

    Kesor Thread Starter

    Joined:
    Nov 2, 2007
    Messages:
    4
    Here is the log file

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\nbxudytk

    *******************

    Script file located at: \??\C:\Documents and Settings\tmrldmow.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:



    File C:\WINDOWS\temp\lsass.exe not found!
    Deletion of file C:\WINDOWS\temp\lsass.exe failed!

    Could not process line:
    C:\WINDOWS\temp\lsass.exe
    Status: 0xc0000034


    Completed script processing.

    *******************

    Finished! Terminate.
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Are you still getting redirected?
     
  7. Kesor

    Kesor Thread Starter

    Joined:
    Nov 2, 2007
    Messages:
    4
    No, I dont think so. Thanks for the fast help!
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You're welcome :)

    Now turn off System Restore:

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Restart your computer.

    Turn System Restore back on and create a restore point.

    To create a restore point:

    Single-click Start and point to All Programs.
    Mouse over Accessories, then System Tools, and select System Restore.
    In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
    Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

    You can mark your thread "Solved" from the Thread Tools drop down menu.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - redireting www2 diymov
  1. bj nick
    Replies:
    3
    Views:
    706
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/646742

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice