1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Please help.

Discussion in 'Virus & Other Malware Removal' started by hamthis, Jan 25, 2011.

Thread Status:
Not open for further replies.
  1. hamthis

    hamthis Thread Starter

    Joined:
    Jan 8, 2011
    Messages:
    12
    Browser is hijacked and proxy changes when I restart. I have gone through and tried and tried to get everything off I could but it keeps coming back. Each time as something different.
    and something is blocking just the google chrome browser. firefox is ok and safari is ok/??


    I have already run malwarebytes, ccleaner ,adware, spybot and tdsskiller .i ran these over that last week sometimes with results sometimes without. I ran tdskiller today it fixed one thing. Here are the reports for today.

    Here is my infected info

    Thanks for the help!


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:17:25 AM, on 1/25/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17093)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\netdde.exe
    C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Research In Motion\Auto

    Update\RIMAutoUpdate.exe
    C:\Program Files\Common Files\Research In

    Motion\RIMDeviceManager\RIMDeviceManager.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Program Files\Intuit\IDN\Common\TinyWeb\TINY.EXE
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\Common

    Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Common Files\Sage\ServiceHost\Sage.ServiceHost.Host.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Mozilla Firefox 4.0 Beta 9\firefox.exe
    C:\Program Files\Mozilla Firefox 4.0 Beta 9\plugin-container.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page =

    http://go.microsoft.com/fwlink/?LinkId=54843
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyServer = http=127.0.0.1:8592
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Adobe PDF Reader Link Helper -

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

    7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper -

    {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat

    7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -

    C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper -

    {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

    Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

    C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

    Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common

    Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program

    Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program

    Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat

    7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common

    Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common

    Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio

    Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common

    Files\Intuit\Sync\IntuitSyncManager.exe startup
    O4 - HKCU\..\Run: [RIMDeviceManager] "C:\Program Files\Common Files\Research

    In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft

    ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-18\..\Run: [JP595IR86O] C:\WINDOWS\TEMP\Zmv.exe (User

    'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [NtWqIVLZEWZU] C:\WINDOWS\TEMP\Zm1.exe (User

    'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [JP595IR86O] C:\WINDOWS\TEMP\Zmv.exe (User

    'Default user')
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: HotSync Manager.lnk = C:\Program

    Files\palmOne\Hotsync.exe
    O4 - Global Startup: OSR_TinyWeb.lnk = C:\Program

    Files\Intuit\IDN\Common\TinyWeb\TINY.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common

    Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: QuickBooks Web Connector.lnk = C:\Program Files\Common

    Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver -

    res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote -

    res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

    C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote -

    {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft

    Office\Office14\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite -

    {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

    C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -

    {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: OneNote Lin&ked Notes -

    {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft

    Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes -

    {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft

    Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

    http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuw

    eb_site.cab?1192146733468
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

    http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = HamonOHD.local
    O17 - HKLM\Software\..\Telephony: DomainName = HamonOHD.local
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{C41BFD5B-0E7B-4EE1-97B1-AE0B225DF93B}:

    NameServer = 192.168.0.102
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = HamonOHD.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = HamonOHD.local
    O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} -

    C:\Program Files\Intuit\QuickBooks Enterprise Solutions

    8.0\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} -

    C:\Program Files\Intuit\QuickBooks Enterprise Solutions

    10.0\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll

    (file missing)
    O22 - SharedTaskScheduler: Browseui preloader -

    {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon -

    {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common

    Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec

    Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. -

    C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. -

    C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program

    Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

    Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel

    32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

    Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation -

    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common

    Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program

    Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner

    - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program

    Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program

    Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions -

    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common

    Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions -

    C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Sage Service Host (Sage.ServiceHost.Host) - Sage Software,

    Inc. - C:\Program Files\Common

    Files\Sage\ServiceHost\Sage.ServiceHost.Host.exe
    O24 - Desktop Component 0: (no name) -

    file:///C:/DOCUME~1/MARJOR~1.HAM/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

    --
    End of file - 11518 bytes






    DDS LOG information:




    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Marjorie at 11:14:57.83 on Tue 01/25/2011
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.455 [GMT

    -8:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\system32\netdde.exe
    C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Research In Motion\Auto

    Update\RIMAutoUpdate.exe
    C:\Program Files\Common Files\Research In

    Motion\RIMDeviceManager\RIMDeviceManager.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Program Files\Intuit\IDN\Common\TinyWeb\TINY.EXE
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\Common

    Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Common Files\Sage\ServiceHost\Sage.ServiceHost.Host.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Mozilla Firefox 4.0 Beta 9\firefox.exe
    C:\Program Files\Mozilla Firefox 4.0 Beta 9\plugin-container.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Marjorie.HAMONOHD\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL =

    hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:e

    n-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyServer = http=127.0.0.1:8592
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} -

    c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Adobe PDF Conversion Toolbar Helper:

    {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat

    7.0\acrobat\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} -

    c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} -

    c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} -

    c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program

    files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    uRun: [RIMDeviceManager] "c:\program files\common files\research in

    motion\rimdevicemanager\RIMDeviceManager.exe" -RunServer
    uRun: [H/PC Connection Agent] "c:\program files\microsoft

    activesync\wcescomm.exe"
    mRun: [VTTimer] VTTimer.exe
    mRun: [VTTrayp] VTtrayp.exe
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [LanguageShortcut] "c:\program

    files\cyberlink\powerdvd\language\Language.exe"
    mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat

    7.0\distillr\Acrotray.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java

    update\jusched.exe"
    mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in

    motion\auto update\RIMAutoUpdate.exe /background
    mRun: [RoxWatchTray] "c:\program files\common files\roxio

    shared\9.0\sharedcom\RoxWatchTray9.exe"
    mRun: [Intuit SyncManager] c:\program files\common

    files\intuit\sync\IntuitSyncManager.exe startup
    dRun: [JP595IR86O] c:\windows\temp\Zmv.exe
    dRun: [NtWqIVLZEWZU] c:\windows\temp\Zm1.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk -

    c:\windows\installer\{ac76ba86-1033-0000-ba7e-000000000002}\SC_Acrobat.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk -

    c:\program files\palmone\Hotsync.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\osr_ti~1.lnk -

    c:\program files\intuit\idn\common\tinyweb\TINY.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk -

    c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk -

    c:\program files\common

    files\intuit\quickbooks\qbwebconnector\QBWebConnector.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

    Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

    files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} -

    {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft

    office\office14\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -

    {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

    {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -

    {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft

    office\office14\ONBttnIELinkedNotes.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

    c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

    hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuw

    eb_site.cab?1192146733468
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

    hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: {C41BFD5B-0E7B-4EE1-97B1-AE0B225DF93B} = 192.168.0.102
    Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program

    files\intuit\quickbooks enterprise solutions

    8.0\HelpAsyncPluggableProtocol.dll
    Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program

    files\intuit\quickbooks enterprise solutions

    10.0\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -

    c:\windows\system32\mscoree.dll
    Notify: PCANotify - PCANotify.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

    c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath -

    c:\docume~1\marjor~1.ham\applic~1\mozilla\firefox\profiles\scytijum.default\
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
    FF - plugin: c:\program files\common files\research in

    motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll

    ============= SERVICES / DRIVERS ===============

    R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys

    [2007-8-7 17920]
    R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2005-11-21

    11008]
    R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-11-17

    11165]
    R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2007-8-7 13696]
    R2 awhost32;Symantec pcAnywhere Host Service;c:\program

    files\symantec\pcanywhere\awhost32.exe [2006-2-14 106496]
    R2 Sage.ServiceHost.Host;Sage Service Host;c:\program files\common

    files\sage\servicehost\Sage.ServiceHost.Host.exe [2007-5-30 86016]
    S2 gupdate;Google Update Service (gupdate);c:\program

    files\google\update\GoogleUpdate.exe [2010-1-4 135664]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common

    files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9

    4640000]

    =============== Created Last 30 ================

    2011-01-25 18:37:55 388096 ----a-r-

    c:\docume~1\marjor~1.ham\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a

    4-12fcba4883d7}\HiJackThis.exe
    2011-01-25 18:37:55 -------- d-----w- c:\program

    files\Trend Micro
    2011-01-25 00:29:19 -------- d-----w-

    c:\docume~1\marjor~1.ham\locals~1\applic~1\Apple Computer
    2011-01-25 00:23:20 -------- d-----w-

    c:\docume~1\marjor~1.ham\locals~1\applic~1\Apple
    2011-01-21 19:42:17 472808 ----a-w-

    c:\windows\system32\deployJava1.dll
    2011-01-21 19:31:20 -------- d-----w- c:\program

    files\Mozilla Firefox 4.0 Beta 9
    2011-01-14 22:28:26 -------- d-----w-

    c:\docume~1\alluse~1\applic~1\ZoomBrowser
    2011-01-14 22:25:55 -------- d-----w- c:\program

    files\common files\Canon
    2011-01-13 01:13:45 98392 ----a-w-

    c:\windows\system32\drivers\SBREDrv.sys
    2011-01-13 01:05:30 -------- d-----w-

    c:\docume~1\marjor~1.ham\locals~1\applic~1\Sunbelt Software
    2011-01-12 23:11:26 -------- d-----w-

    c:\docume~1\marjor~1.ham\applic~1\Malwarebytes
    2011-01-12 23:11:20 38224 ----a-w-

    c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-12 23:11:20 -------- d-----w-

    c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-01-12 23:11:17 20952 ----a-w-

    c:\windows\system32\drivers\mbam.sys
    2011-01-12 23:11:17 -------- d-----w- c:\program

    files\Malwarebytes' Anti-Malware
    2011-01-12 18:57:42 -------- d-----w- c:\program

    files\Spybot - Search & Destroy
    2011-01-12 18:57:42 -------- d-----w-

    c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2011-01-12 18:55:29 -------- dc----w-

    c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    2011-01-12 18:32:39 -------- d-----w- c:\program

    files\CCleaner
    2011-01-12 17:36:43 122880 --sha-r-

    c:\windows\system32\cidaemonl.dll
    2011-01-12 00:25:45 -------- d-----w-

    c:\docume~1\alluse~1\applic~1\boost_interprocess

    ==================== Find3M ====================

    2011-01-25 18:57:29 256 ----a-w- c:\documents and

    settings\marjorie.hamonohd\pool.bin
    2011-01-21 19:42:02 73728 ----a-w-

    c:\windows\system32\javacpl.cpl
    2010-12-02 03:35:18 4280320 ----a-w-

    c:\windows\system32\GPhotos.scr
    2010-11-18 18:12:44 81920 ----a-w-

    c:\windows\system32\isign32.dll
    2010-11-06 00:34:12 832512 ----a-w-

    c:\windows\system32\wininet.dll
    2010-11-06 00:34:11 78336 ----a-w-

    c:\windows\system32\ieencode.dll
    2010-11-06 00:34:11 1830912 ------w-

    c:\windows\system32\inetcpl.cpl
    2010-11-06 00:34:11 17408 ------w-

    c:\windows\system32\corpol.dll
    2010-11-03 12:25:53 389120 ----a-w- c:\windows\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

    ============= FINISH: 11:16:00.96 ===============


    ARK text

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-25 15:02:32
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 ->

    \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JD-22MSA1 rev.10.01E01
    Running: gdfo5o80.exe; Driver:

    C:\DOCUME~1\MARJOR~1.HAM\LOCALS~1\Temp\kftyqfow.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    ? C:\DOCUME~1\MARJOR~1.HAM\LOCALS~1\Temp\mbr.sys

    The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\palmOne\Hotsync.exe[2068] [email protected]@Z

    77C29CC5 5 Bytes JMP 0A93C080 C:\Program

    Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill

    Software Publishing, Inc.)
    .text C:\Program Files\palmOne\Hotsync.exe[2068] [email protected]@Z

    77C29CDD 5 Bytes JMP 0A93C0E0 C:\Program

    Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill

    Software Publishing, Inc.)
    .text C:\Program Files\palmOne\Hotsync.exe[2068]

    [email protected]@[email protected] 77C29D9F 5 Bytes JMP 0A93C110

    C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for

    Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\palmOne\Hotsync.exe[2068]

    msvcrt.dll!_aligned_offset_malloc 77C29DAF 5 Bytes JMP 0A93BFE0

    C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for

    Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\palmOne\Hotsync.exe[2068] msvcrt.dll!_aligned_free

    77C29E33 5 Bytes JMP 0A93C0E0 C:\Program

    Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill

    Software Publishing, Inc.)
    .text C:\Program Files\palmOne\Hotsync.exe[2068] msvcrt.dll!_aligned_malloc

    77C29E52 5 Bytes JMP 0A93BFC0 C:\Program

    Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill

    Software Publishing, Inc.)
    .text C:\Program Files\palmOne\Hotsync.exe[2068]

    msvcrt.dll!_aligned_offset_realloc 77C29E6E 5 Bytes JMP 0A93C020

    C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for

    Win32/MicroQuill Software Publishing, Inc.)
    .text C:\Program Files\palmOne\Hotsync.exe[2068] msvcrt.dll!_aligned_realloc

    77C29FC6 5 Bytes JMP 0A93C000 C:\Program

    Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill

    Software Publishing, Inc.)
    .text C:\Program Files\palmOne\Hotsync.exe[2068] msvcrt.dll!_expand

    77C29FE5 5 Bytes JMP 0A93BFA0 C:\Program

    Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill

    Software Publishing, Inc.)
    .text C:\Program Files\palmOne\Hotsync.exe[2068] msvcrt.dll!_heapadd

    77C2BC9F 5 Bytes JMP 0A93C160 C:\Program

    Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill

    Software Publishing, Inc.)
    .text C:\Program Files\palmOne\Hotsync.exe[2068] msvcrt.dll!_heapchk

    77C2BCB3 5 Bytes JMP 0A93C170 C:\Program

    Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill

    Software Publishing, Inc.)
    .text C:\Program Files\palmOne\Hotsync.exe[2068] msvcrt.dll!_heapset + 1

    77C2BD83 4 Bytes JMP 0A93C191 C:\Program

    Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill

    Software Publishing, Inc.)
    .text C:\Program Files\palmOne\Hotsync.exe[2068] msvcrt.dll!_heapmin

    77C2BD8C 5 Bytes JMP 0A93C260 C:\Program

    Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill

    Software Publishing, Inc.)
    .text C:\Program Files\palmOne\Hotsync.exe[2068] msvcrt.dll!_heapused

    77C2BE3A 5 Bytes JMP 0A93C230 C:\Program

    Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill

    Software Publishing, Inc.)
    .text C:\Program Files\palmOne\Hotsync.exe[2068] msvcrt.dll!_heapwalk

    77C2BE4D 5 Bytes JMP 0A93C1A0 C:\Program

    Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill

    Software Publishing, Inc.)
    .text C:\Program Files\palmOne\Hotsync.exe[2068] msvcrt.dll!_msize

    77C2BF6C 5 Bytes JMP 0A93BEB0 C:\Program

    Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill

    Software Publishing, Inc.)
    .text C:\Program Files\palmOne\Hotsync.exe[2068] msvcrt.dll!calloc

    77C2C0C3 5 Bytes JMP 0A93BE50 C:\Program

    Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill

    Software Publishing, Inc.)
    .text C:\Program Files\palmOne\Hotsync.exe[2068] msvcrt.dll!free

    77C2C21B 5 Bytes JMP 0A93C0E0 C:\Program

    Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill

    Software Publishing, Inc.)
    .text C:\Program Files\palmOne\Hotsync.exe[2068] msvcrt.dll!malloc

    77C2C407 5 Bytes JMP 0A93BE10 C:\Program

    Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill

    Software Publishing, Inc.)
    .text C:\Program Files\palmOne\Hotsync.exe[2068] msvcrt.dll!realloc

    77C2C437 5 Bytes JMP 0A93BE90 C:\Program

    Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill

    Software Publishing, Inc.)

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. hamthis

    hamthis Thread Starter

    Joined:
    Jan 8, 2011
    Messages:
    12
    I picked a bad title for my post I know it is just to simple.

    Browser Hijack. would have been better.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/976976

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice