1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Keep Getting Redirected from Google

Discussion in 'Virus & Other Malware Removal' started by elmateo, Jul 29, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. elmateo

    elmateo Thread Starter

    Joined:
    Jul 29, 2007
    Messages:
    3
    Recently every time I click a link in google I get redirected to an outside page or search engine. It is soo annoying so would be grateful for some help.

    Here is the log file
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 15:29:03, on 29/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe
    C:\Program Files\Belkin\Belkin 54Mbps Wireless Utility\TOOL\OpenXpAuto.exe
    C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\ASHAMPOO\ASHAMP~1\bin\DEFRAG~3.EXE
    C:\PROGRA~1\ASHAMPOO\ASHAMP~1\bin\defragActivityMonitor.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
    C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\JZ9U7GY2\HiJackThis_v2[1].exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    F2 - REG:system.ini: Shell=
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [XpDis0Conf] C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70011799 /d
    O4 - HKLM\..\Run: [XpOpenAuto] "C:\Program Files\Belkin\Belkin 54Mbps Wireless Utility\TOOL\OpenXpAuto.exe" VEN_14E4&DEV_4320&SUBSYS_70011799
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\RunOnce: [RunCanonMsetUp] C:\DOCUME~1\Matt\LOCALS~1\Temp\MasterReboot\CANON_IJ\MCDCHK2.EXE
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: AutorunsDisabled
    O4 - Global Startup: AutorunsDisabled
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigital.com/HMV.Digi...ages/System/Secure/HMV.Digital.Downloader.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129286014281
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {AC1B32E1-9638-434D-8F6C-65CBBE444C1A} (ISVFlashIE Control) - http://download.isvinternet.com/public/htmlwrapper/assemblysoft.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.telewest.co.uk/motive/files/MotivePreQual.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{008A55E6-98A0-4459-8761-152B0C71A13C}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{03752D13-FD92-4CDE-BAB3-5240CE4498AC}: NameServer = 85.255.116.170,85.255.112.213
    O17 - HKLM\System\CCS\Services\Tcpip\..\{16E5AEFA-69DC-49A7-9004-304A290B7F4D}: NameServer = 85.255.116.170,85.255.112.213
    O17 - HKLM\System\CCS\Services\Tcpip\..\{28D2C5E4-FA63-40ED-B37C-B8A397FC8273}: NameServer = 85.255.116.170,85.255.112.213
    O17 - HKLM\System\CCS\Services\Tcpip\..\{29F4BA90-1D1A-41DB-9DC5-2F96318B6620}: NameServer = 85.255.116.170,85.255.112.213
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2D6414F7-00AF-4203-82D8-8A06EADA453F}: NameServer = 85.255.116.170,85.255.112.213
    O17 - HKLM\System\CCS\Services\Tcpip\..\{357D6C5B-407E-4149-9022-8939A06E6BFC}: NameServer = 85.255.116.170,85.255.112.213
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3779BA7B-C3DD-4371-ACD8-CDA781EFB94E}: NameServer = 85.255.116.170,85.255.112.213
    O17 - HKLM\System\CCS\Services\Tcpip\..\{44EDD17D-E7E5-4FEB-8BC8-70E7242CACC3}: NameServer = 85.255.116.170,85.255.112.213
    O17 - HKLM\System\CCS\Services\Tcpip\..\{458C8358-AB2A-4110-9B8B-6289B369B3D2}: NameServer = 85.255.116.170,85.255.112.213
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4E6B6C0D-4A60-4B90-9DBC-1669A59C3494}: NameServer = 85.255.116.170,85.255.112.213
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5F92BF80-8518-42FB-92BB-0C9DBD1C9855}: NameServer = 85.255.116.170,85.255.112.213
    O17 - HKLM\System\CCS\Services\Tcpip\..\{620535DF-6D64-4212-9722-5A6D6625087D}: NameServer = 85.255.116.170,85.255.112.213
    O17 - HKLM\System\CCS\Services\Tcpip\..\{783C5883-1559-4C7D-9A8B-3D2D21633645}: NameServer = 85.255.116.170,85.255.112.213
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7F547665-16A9-4343-8350-BE2FC95225D2}: NameServer = 85.255.116.170,85.255.112.213
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9C9E30BA-3303-4F30-8ECE-83766B48C2A2}: NameServer = 85.255.116.170,85.255.112.213
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9CEB180C-DAFA-4EAB-B3BD-C221FC27F7DC}: NameServer = 85.255.116.170,85.255.112.213
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D7231D5B-08D5-43BD-8586-E408A1633F77}: NameServer = 85.255.116.170,85.255.112.213
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DB356490-EB73-48DA-B137-6B0BAC62359A}: NameServer = 85.255.116.170,85.255.112.213
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DC6A166A-5D63-417D-8EF7-9471A23A3828}: NameServer = 85.255.116.170,85.255.112.213
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FFAE18F7-6398-4AD1-BCC9-BFA40B6DA7BE}: NameServer = 85.255.116.170,85.255.112.213
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\..\{008A55E6-98A0-4459-8761-152B0C71A13C}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\..\{008A55E6-98A0-4459-8761-152B0C71A13C}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 15651 bytes
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Please download FixWareout from one of these mirrors:
    http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
    http://downloads.subratam.org/Fixwareout.exe

    Note: You must have an active Internet connection when running this fix, in order to download the Brute Force Uninstaller (BFU).

    Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
    The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
    Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
    Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.

    ==================
    Download Superantispyware (SAS) free home version

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.

    This will take some time!!!!!!!!
     
  3. elmateo

    elmateo Thread Starter

    Joined:
    Jul 29, 2007
    Messages:
    3
    HERE ARE THE FIXWAREOUT REPORT AND THE NEW HIJACKTHIS REPORT AS REQUESTED. THE SUPER ANTISPYWARE REEPORT IS IN THE REPLY UNDERNEATH
    THANKS FOR YOUR HELP



    Username "Matt" - 2007-08-01 18:53:47 [Fixwareout edited 2007/07/05]

    »»»»»Prerun check
    HKLM\SOFTWARE\~\Winlogon\ "System"="kdwob.exe"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{03752D13-FD92-4CDE-BAB3-5240CE4498AC}
    "nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{16E5AEFA-69DC-49A7-9004-304A290B7F4D}
    "nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{28D2C5E4-FA63-40ED-B37C-B8A397FC8273}
    "nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{29F4BA90-1D1A-41DB-9DC5-2F96318B6620}
    "nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2D6414F7-00AF-4203-82D8-8A06EADA453F}
    "nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{357D6C5B-407E-4149-9022-8939A06E6BFC}
    "nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{3779BA7B-C3DD-4371-ACD8-CDA781EFB94E}
    "nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{44EDD17D-E7E5-4FEB-8BC8-70E7242CACC3}
    "nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{458C8358-AB2A-4110-9B8B-6289B369B3D2}
    "nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4E6B6C0D-4A60-4B90-9DBC-1669A59C3494}
    "nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5F92BF80-8518-42FB-92BB-0C9DBD1C9855}
    "nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{620535DF-6D64-4212-9722-5A6D6625087D}
    "nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{783C5883-1559-4C7D-9A8B-3D2D21633645}
    "nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7F547665-16A9-4343-8350-BE2FC95225D2}
    "nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9C9E30BA-3303-4F30-8ECE-83766B48C2A2}
    "nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9CEB180C-DAFA-4EAB-B3BD-C221FC27F7DC}
    "nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D7231D5B-08D5-43BD-8586-E408A1633F77}
    "nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DB356490-EB73-48DA-B137-6B0BAC62359A}
    "nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DC6A166A-5D63-417D-8EF7-9471A23A3828}
    "nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{FFAE18F7-6398-4AD1-BCC9-BFA40B6DA7BE}
    "nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{008A55E6-98A0-4459-8761-152B0C71A13C}
    "DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{03752D13-FD92-4CDE-BAB3-5240CE4498AC}
    "DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{16E5AEFA-69DC-49A7-9004-304A290B7F4D}
    "DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{28D2C5E4-FA63-40ED-B37C-B8A397FC8273}
    "DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{29F4BA90-1D1A-41DB-9DC5-2F96318B6620}
    "DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2D6414F7-00AF-4203-82D8-8A06EADA453F}
    "DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{357D6C5B-407E-4149-9022-8939A06E6BFC}
    "DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{3779BA7B-C3DD-4371-ACD8-CDA781EFB94E}
    "DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{44EDD17D-E7E5-4FEB-8BC8-70E7242CACC3}
    "DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{458C8358-AB2A-4110-9B8B-6289B369B3D2}
    "DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4E6B6C0D-4A60-4B90-9DBC-1669A59C3494}
    "DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5F92BF80-8518-42FB-92BB-0C9DBD1C9855}
    "DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{620535DF-6D64-4212-9722-5A6D6625087D}
    "DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{783C5883-1559-4C7D-9A8B-3D2D21633645}
    "DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7F547665-16A9-4343-8350-BE2FC95225D2}
    "DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{8F909023-E7DE-4452-9FEE-C666949FC1B0}
    "DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9C9E30BA-3303-4F30-8ECE-83766B48C2A2}
    "DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9CEB180C-DAFA-4EAB-B3BD-C221FC27F7DC}
    "DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D7231D5B-08D5-43BD-8586-E408A1633F77}
    "DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DC6A166A-5D63-417D-8EF7-9471A23A3828}
    "DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.

    Successfully flushed the DNS Resolver Cache.


    System was rebooted successfully.

    »»»»» Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "system"=""
    ....
    ....
    »»»»» Misc files.
    ....
    »»»»» Checking for older varients.
    ....
    »»»»» Other
    C:\WINDOWS\TEMP\kdwob.ren 63436 04/08/2004

    »»»»» Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "XpDis0Conf"="C:\\PROGRA~1\\Belkin\\BELKIN~1\\Tool\\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70011799 /d"
    "XpOpenAuto"="\"C:\\Program Files\\Belkin\\Belkin 54Mbps Wireless Utility\\TOOL\\OpenXpAuto.exe\" VEN_14E4&DEV_4320&SUBSYS_70011799"
    "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
    "DefragTaskBar"="\"C:\\Program Files\\Ashampoo\\Ashampoo Magical Defrag 2\\bin\\defragTaskBar.exe\""
    "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "SoundMan"="SOUNDMAN.EXE"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
    "SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
    "OpwareSE4"="\"C:\\Program Files\\ScanSoft\\OmniPageSE4.0\\OpwareSE4.exe\""
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
    "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "WService"="WService.EXE"
    "LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
    "LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
    "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "nwiz"="nwiz.exe /install"
    "PCguardadvisor.exe"="\"C:\\Program Files\\blueyonder\\PCguard advisor\\PCguardadvisor.exe\""
    "XpDis0Conf"="C:\\PROGRA~1\\Belkin\\BELKIN~1\\Tool\\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70011799 /d"
    "XpOpenAuto"="\"C:\\Program Files\\Belkin\\Belkin 54Mbps Wireless Utility\\TOOL\\OpenXpAuto.exe\" VEN_14E4&DEV_4320&SUBSYS_70011799"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
    "BTCLiveUpdate"="\"C:\\Program Files\\LiveUpdate\\LiveUpdate.exe\" /autostart"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
    "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it
    »»»»» End report »»»»»



    (y)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:09:22, on 02/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe
    C:\Program Files\Belkin\Belkin 54Mbps Wireless Utility\TOOL\OpenXpAuto.exe
    C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
    C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\FJVYCY33\HiJackThis[1].exe
    C:\Program Files\Messenger\msmsgs.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    F2 - REG:system.ini: Shell=
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [XpDis0Conf] C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70011799 /d
    O4 - HKLM\..\Run: [XpOpenAuto] "C:\Program Files\Belkin\Belkin 54Mbps Wireless Utility\TOOL\OpenXpAuto.exe" VEN_14E4&DEV_4320&SUBSYS_70011799
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: AutorunsDisabled
    O4 - Global Startup: AutorunsDisabled
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigital.com/HMV.Digi...ages/System/Secure/HMV.Digital.Downloader.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
    O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129286014281
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {AC1B32E1-9638-434D-8F6C-65CBBE444C1A} (ISVFlashIE Control) - http://download.isvinternet.com/public/htmlwrapper/assemblysoft.cab
    O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.telewest.co.uk/motive/files/MotivePreQual.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{008A55E6-98A0-4459-8761-152B0C71A13C}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\..\{008A55E6-98A0-4459-8761-152B0C71A13C}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS2\Services\Tcpip\..\{008A55E6-98A0-4459-8761-152B0C71A13C}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    --
    End of file - 12889 bytes



    (y)
     
  4. elmateo

    elmateo Thread Starter

    Joined:
    Jul 29, 2007
    Messages:
    3
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 08/02/2007 at 07:33 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3276
    Trace Rules Database Version: 1287

    Scan type : Custom Scan
    Total Scan Time : 02:44:36

    Memory items scanned : 374
    Memory threats detected : 0
    Registry items scanned : 7332
    Registry threats detected : 2
    File items scanned : 127355
    File threats detected : 151

    Adware.MyWay
    HKU\S-1-5-21-4269025734-3394474572-595836222-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{014DA6C9-189F-421A-88CD-07CFE51CFF10}

    Adware.Tracking Cookie
    C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
    C:\Documents and Settings\Matt\Cookies\matt@web-stat[2].txt
    C:\Documents and Settings\Matt\Cookies\matt@easy-hit-counters[1].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
    C:\Documents and Settings\Matt\Cookies\matt@maleflixxx[2].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
    C:\Documents and Settings\Matt\Cookies\matt@burstnet[2].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][3].txt
    C:\Documents and Settings\Matt\Cookies\matt@xiti[1].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][3].txt
    C:\Documents and Settings\Matt\Cookies\matt@cpvfeed[2].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
    C:\Documents and Settings\Matt\Cookies\matt@porndownloadreview[2].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
    C:\Documents and Settings\Matt\Cookies\matt@virginmedia[1].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
    C:\Documents and Settings\Matt\Cookies\matt@interclick[1].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
    C:\Documents and Settings\Matt\Cookies\matt@xxxdump[1].txt
    C:\Documents and Settings\Matt\Cookies\matt@yadro[1].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
    C:\Documents and Settings\Matt\Cookies\matt@tripod[2].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
    C:\Documents and Settings\Matt\Cookies\matt@revsci[2].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][3].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\james@imrworldwide[2].txt
    C:\Documents and Settings\James\Cookies\[email protected][2].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\james@toplist[1].txt
    C:\Documents and Settings\James\Cookies\james@trackitdown[2].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\james@burstnet[2].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\james@warezfiend[1].txt
    C:\Documents and Settings\James\Cookies\james@easywarez[1].txt
    C:\Documents and Settings\James\Cookies\[email protected][2].txt
    C:\Documents and Settings\James\Cookies\[email protected][2].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\[email protected][2].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\james@hitbox[2].txt
    C:\Documents and Settings\James\Cookies\[email protected][2].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\[email protected][3].txt
    C:\Documents and Settings\James\Cookies\[email protected][4].txt
    C:\Documents and Settings\James\Cookies\[email protected][5].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\james@yadro[1].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\james@xiti[1].txt
    C:\Documents and Settings\James\Cookies\[email protected][2].txt
    C:\Documents and Settings\James\Cookies\james@yadro[2].txt
    C:\Documents and Settings\James\Cookies\james@sexsearchcom[1].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\james@2o7[2].txt
    C:\Documents and Settings\James\Cookies\james@usenext[2].txt
    C:\Documents and Settings\James\Cookies\[email protected][3].txt
    C:\Documents and Settings\James\Cookies\[email protected][2].txt
    C:\Documents and Settings\James\Cookies\james@sensexion[1].txt
    C:\Documents and Settings\James\Cookies\james@adrevolver[1].txt
    C:\Documents and Settings\James\Cookies\james@sexy-photos[2].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\james@iqcounter[1].txt
    C:\Documents and Settings\James\Cookies\[email protected][2].txt
    C:\Documents and Settings\James\Cookies\james@yourpornpal[1].txt
    C:\Documents and Settings\James\Cookies\[email protected][2].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\[email protected][2].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\[email protected][3].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\[email protected][2].txt
    C:\Documents and Settings\James\Cookies\[email protected][2].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\james@mediaplex[1].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\[email protected][2].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\[email protected][2].txt
    C:\Documents and Settings\James\Cookies\[email protected][3].txt
    C:\Documents and Settings\James\Cookies\[email protected][2].txt
    C:\Documents and Settings\James\Cookies\[email protected][2].txt
    C:\Documents and Settings\James\Cookies\james@prototeen[2].txt
    C:\Documents and Settings\James\Cookies\james@ideal-teens[2].txt
    C:\Documents and Settings\James\Cookies\james@rawteenthumbs[1].txt
    C:\Documents and Settings\James\Cookies\[email protected][2].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\james@sexlist[2].txt
    C:\Documents and Settings\James\Cookies\[email protected][2].txt
    C:\Documents and Settings\James\Cookies\james@sexintheuk[1].txt
    C:\Documents and Settings\James\Cookies\[email protected][8].txt
    C:\Documents and Settings\James\Cookies\james@adultdate365[2].txt
    C:\Documents and Settings\James\Cookies\[email protected][2].txt
    C:\Documents and Settings\James\Cookies\james@atdmt[2].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\james@doubleclick[2].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\james@advertising[1].txt
    C:\Documents and Settings\James\Cookies\[email protected][1].txt
    C:\Documents and Settings\James\Cookies\[email protected][2].txt
    C:\Documents and Settings\David\Cookies\[email protected][2].txt
    C:\Documents and Settings\David\Cookies\[email protected][1].txt
    C:\Documents and Settings\David\Cookies\[email protected][2].txt
    C:\Documents and Settings\David\Cookies\[email protected][1].txt
    C:\Documents and Settings\David\Cookies\david@atwola[3].txt
    C:\Documents and Settings\David\Cookies\[email protected][2].txt
    C:\Documents and Settings\David\Cookies\[email protected][3].txt
    C:\Documents and Settings\David\Cookies\[email protected][2].txt
    C:\Documents and Settings\David\Cookies\david@atwola[2].txt
    C:\Documents and Settings\David\Cookies\david@imrworldwide[2].txt
    C:\Documents and Settings\David\Cookies\[email protected][1].txt
    C:\Documents and Settings\David\Cookies\david@sitestats[2].txt
    C:\Documents and Settings\David\Cookies\[email protected][2].txt
    C:\Documents and Settings\David\Cookies\[email protected][1].txt
    C:\Documents and Settings\David\Cookies\david@atwola[1].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
    C:\Documents and Settings\Matt\Cookies\matt@virginmedia[2].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
    C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
    C:\Documents and Settings\Matt\Cookies\matt@server.iad.liveperson[2].txt

    Trojan.Media-Codec
    HKU\S-1-5-21-4269025734-3394474572-595836222-1009\Software\Internet Security

    Trojan.Downloader-Fake/Codec
    C:\WINDOWS\TEMP\KDWOB.REN
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{782AFE99-786B-4EB6-9DFC-A79B34D4AD95}\RP1777\A0364015.EXE
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Sorry - HiJackThis is runing from a temp directory and must be moved to run correctly

    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.



    How are thing snow, we have to clean up a little but need to know if things are OK
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/602148