1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

redirects, pop ups

Discussion in 'Virus & Other Malware Removal' started by bigbird42, Jan 10, 2011.

Thread Status:
Not open for further replies.
  1. bigbird42

    bigbird42 Thread Starter

    Jan 10, 2011
    Tech Support Guy System Info Utility version
    OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
    Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz, x86 Family 15 Model 2 Stepping 9
    Processor Count: 1
    RAM: 991 Mb
    Graphics Card: SiS 650_651_M650_M652_740, 32 Mb
    Hard Drives: C: Total - 305234 MB, Free - 252779 MB;
    Motherboard: ASUSTeK Computer INC., P4S533MX, REV 1.xx, xxxxxxxxxxx
    Antivirus: AVG Internet Security 2011, Updated: Yes, On-Demand Scanner: Enabled
    i get pop ups every so often- on both mozilla-firefox and internet
    explorer. i get redirected even when that site hase no relation to the site i may be veiwing also when i attempt to access a site upon start up or change when on another site
  2. bigbird42

    bigbird42 Thread Starter

    Jan 10, 2011
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:38:53 PM, on 1/4/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Program Files\AVG\AVG10\avgfws.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    C:\Program Files\Real\RealPlayer\update\realsched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\avgam.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
    O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1284135395265
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

    End of file - 8078 bytes


    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/15/2010 1:00:54 PM
    System Uptime: 1/12/2011 4:00:33 PM (0 hours ago)

    Motherboard: ASUSTeK Computer INC. | | P4S533MX
    Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | PGA 478 | 2394/133mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 298 GiB total, 246.774 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Photosmart 2600 series
    Manufacturer: HP
    Name: Photosmart 2600 series

    ==== System Restore Points ===================

    RP72: 11/4/2010 1:57:09 PM - System Checkpoint
    RP73: 11/5/2010 2:22:01 PM - System Checkpoint
    RP74: 11/6/2010 2:59:51 PM - System Checkpoint
    RP75: 11/7/2010 2:04:30 PM - System Checkpoint
    RP76: 11/8/2010 4:59:29 PM - System Checkpoint
    RP77: 11/9/2010 5:58:54 PM - System Checkpoint
    RP78: 11/10/2010 6:50:06 PM - System Checkpoint
    RP79: 11/11/2010 3:02:07 AM - Software Distribution Service 3.0
    RP80: 11/12/2010 3:58:10 AM - System Checkpoint
    RP81: 11/13/2010 11:55:53 AM - System Checkpoint
    RP82: 11/14/2010 6:20:41 PM - System Checkpoint
    RP83: 11/16/2010 8:13:07 PM - System Checkpoint
    RP84: 11/18/2010 12:42:56 AM - System Checkpoint
    RP85: 11/19/2010 4:38:27 PM - System Checkpoint
    RP86: 11/22/2010 3:03:22 PM - System Checkpoint
    RP87: 11/23/2010 6:42:09 PM - System Checkpoint
    RP88: 11/24/2010 7:15:48 PM - System Checkpoint
    RP89: 11/26/2010 12:25:04 PM - System Checkpoint
    RP90: 11/27/2010 1:03:22 PM - System Checkpoint
    RP91: 11/28/2010 3:26:16 PM - Installed SUPERAntiSpyware Professional
    RP92: 11/28/2010 5:06:04 PM - Removed SUPERAntiSpyware Professional
    RP93: 12/1/2010 8:39:52 AM - System Checkpoint
    RP94: 12/5/2010 6:43:26 PM - System Checkpoint
    RP95: 12/8/2010 9:04:10 AM - System Checkpoint
    RP96: 12/9/2010 6:48:39 PM - System Checkpoint
    RP97: 12/10/2010 2:12:06 PM - Removed Windows 7 Upgrade Advisor
    RP98: 12/12/2010 3:28:13 PM - System Checkpoint
    RP99: 12/14/2010 4:00:32 PM - System Checkpoint
    RP100: 12/15/2010 5:47:00 PM - System Checkpoint
    RP101: 12/17/2010 2:22:25 PM - System Checkpoint
    RP102: 12/19/2010 2:06:40 PM - Installed Windows Media Player 11
    RP103: 12/19/2010 2:09:06 PM - Installed Windows XP MSCompPackV1.
    RP104: 12/19/2010 2:16:53 PM - Installed Windows Media Player 11
    RP105: 12/19/2010 2:35:08 PM - Installed Windows XP KB2440591.
    RP106: 12/19/2010 2:40:42 PM - Installed Windows Defender
    RP107: 12/20/2010 7:12:44 PM - System Checkpoint
    RP108: 12/21/2010 8:22:35 PM - System Checkpoint
    RP109: 12/22/2010 10:48:25 PM - System Checkpoint
    RP110: 12/24/2010 12:57:45 PM - System Checkpoint
    RP111: 12/25/2010 7:09:05 PM - System Checkpoint
    RP112: 12/26/2010 10:27:57 PM - System Checkpoint
    RP113: 12/27/2010 10:57:27 PM - System Checkpoint
    RP114: 12/29/2010 9:31:07 PM - System Checkpoint
    RP115: 12/30/2010 9:53:09 PM - System Checkpoint
    RP116: 1/1/2011 6:56:09 PM - System Checkpoint
    RP117: 1/4/2011 5:11:59 PM - Installed HiJackThis
    RP118: 1/5/2011 8:17:12 PM - System Checkpoint
    RP119: 1/6/2011 8:47:19 PM - System Checkpoint
    RP120: 1/8/2011 10:07:55 AM - System Checkpoint
    RP121: 1/9/2011 10:21:18 AM - System Checkpoint
    RP122: 1/9/2011 11:22:40 PM - Installed EmoDio
    RP123: 1/10/2011 11:47:17 PM - System Checkpoint
    RP124: 1/12/2011 2:57:09 PM - System Checkpoint

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop Album 2.0
    Adobe Photoshop Elements 2.0
    Adobe Reader 9.4.1
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Software Update
    AVG 2011
    ContentSAFER for Wizmax
    DAO 3.5
    Destination Component
    DivX Setup
    Google Chrome
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 12.0
    HP Imaging Device Functions 12.0
    HP Photo Printing Software
    HP Photosmart C309a All-In-One Driver Software 12.0 Rel .5
    HP Photosmart Essential 3.5
    hp psc 900 series
    HP Share-to-Web
    HP Smart Web Printing
    HP Solution Center 13.0
    HP Update
    Java Auto Updater
    Java(TM) 6 Update 16
    Java(TM) 6 Update 18
    Malwarebytes' Anti-Malware
    MapSource - Americas BlueChart v6
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Excel 97
    Microsoft Silverlight
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Word 97
    Microsoft XML Parser
    Mozilla Firefox (3.6.13)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    OCR Software by I.R.I.S. 12.0
    PCI Soft Voice SoftRing Modem with SmartCP
    Quicken Deluxe 99
    RealNetworks - Microsoft Visual C++ 2005 Runtime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealUpgrade 1.0
    Screen Shot 2.0
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB923789)
    SiS 650_651_M650_M652_740
    SiS 900 PCI Fast Ethernet Adapter Driver
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    VC80CRTRedist - 8.0.50727.4053
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    Windows Defender
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11

    ==== Event Viewer Messages From Past Week ========

    1/7/2011 12:55:30 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde sisperf
    1/7/2011 10:39:39 AM, error: Dhcp [1002] - The IP address lease for the Network Card with network address 000C6ECC4AC5 has been denied by the DHCP server (The DHCP Server sent a DHCPNACK message).
    1/12/2011 12:35:26 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    1/12/2011 12:32:31 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

    ==== End Of File ===========================
    i have ran this three times, once successful and twice not successful.

    on the gmer program twice dialog box pop up says program has encountered a problem and needs to close. twice i was able to run the program upon completion statement; gmer has found system modification caused by rootkit activity. the program then freezes up the computer. only able to use by shutting down and re-starting.then i lost everything i had in previous message. sorry for the problems. computer ran ok prior to starting this thanks bigbird 42
  3. CatByte

    CatByte Malware Specialist

    Feb 24, 2009

    Please do the following:

    Download ComboFix from one of the following locations:
    Link 1
    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    • Double click on ComboFix.exe & follow the prompts.
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    • Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/973829

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice