1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Jump redirect

Discussion in 'Virus & Other Malware Removal' started by dezlorelle, Oct 14, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. dezlorelle

    dezlorelle Thread Starter

    Joined:
    Oct 14, 2008
    Messages:
    11
    My computer just started having issues with internet explorer. When I do a google search and click on any of the results, I am redirected to other unrelated sites. I am only able to get to the site I want by copying and pasting the link. I ran adaware, and it did not fix the problem. I ran the hijack thing, and below are my results. I am constantly receiving a windows "your computer is infected" notice as well. Any help would be IMMENSELY appreciated. Thanks!

    Username "Destiny" - 10/14/2008 21:06:55 [Fixwareout edited 9/01/2007]
    ~~~~~ Prerun check
    Successfully flushed the DNS Resolver Cache.

    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "System"=""
    ....
    ....
    ~~~~~ Misc files.
    C:\Documents and Settings\Destiny\Application Data\Install.dat Deleted
    ....
    ~~~~~ Checking for older varients.
    ....
    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
    "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
    "IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
    "IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
    "SigmatelSysTrayApp"="stsystra.exe"
    "Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
    "ShowLOMControl"=dword:00000001
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
    "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
    "ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
    "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
    "MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
    "HostManager"="C:\\Program Files\\Common Files\\AOL\\1148019653\\ee\\AOLSoftware.exe"
    "BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
    "bikini"="bikini.exe"
    "Lotus iNotes Sync Manager"="C:\\PROGRA~1\\LOTUSI~1\\nDOLMgr.exe -minimize"
    "KAVPersonal50"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe\" /minimize"
    "DellSupportCenter"="\"C:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe\" /P DellSupportCenter"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "AppleSyncNotifier"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
    "brastk"="brastk.exe"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ModemOnHold"="C:\\Program Files\\NetWaiting\\netWaiting.exe"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
    "Aim6"=""
    "DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"
    "DellSupportCenter"="\"C:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe\" /P DellSupportCenter"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it...
    ~~~~~ End report ~~~~~
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!


    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
     
  3. dezlorelle

    dezlorelle Thread Starter

    Joined:
    Oct 14, 2008
    Messages:
    11
    I can't run HiJackThis once it downloads. It will not open automatically, and it will not open manually either. I've tried downloading it several times, and cannot get it to run once the icon is on my desktop. Any tips?
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    What operating system are you using?
     
  5. dezlorelle

    dezlorelle Thread Starter

    Joined:
    Oct 14, 2008
    Messages:
    11
    Windows XP.
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download SDFix and save it to your Desktop.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.

    Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    • Open the c:\SDFix folder and double click RunThis.cmd to start the script.
    • Type Y to begin the script.
    • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • Your system will take longer that normal to restart as the fixtool will be running and removing files.
    • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
    • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back to the thread with a new HijackThis log.
     
  7. dezlorelle

    dezlorelle Thread Starter

    Joined:
    Oct 14, 2008
    Messages:
    11
    Ok. I'm not sure I let it run completely. I restarted before it may have been finished. But this is the report that I got.

    Rebooting

    Checking Files :
    Trojan Files Found:

    Could Not Remove C:\WINDOWS\system32\twain_32\local.ds
    Could Not Remove C:\WINDOWS\system32\twain_32\user.ds
    Could Not Remove C:\WINDOWS\system32\twext.exe
    Folder C:\Documents and Settings\LocalService\Application Data\twain_32 - Removed
    Folder C:\Documents and Settings\NetworkService\Application Data\twain_32 - Removed
    Folder C:\Program Files\PC Clean Pro - Removed

    Removing Temp Files
    ADS Check :


    Final Check :
    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-16 19:32:31
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden services & system hive ...
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0016415ba584]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016415ba584]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016415ba584]
    scanning hidden registry entries ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Remaining Services :


    Authorized Application Key Export:
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Disabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Disabled:AOL"
    "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Disabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
    "C:\\Program Files\\Common Files\\AOL\\1148019653\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1148019653\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
    "C:\\Program Files\\Common Files\\AOL\\1148019653\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1148019653\\ee\\aim6.exe:*:Enabled:AIM"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
    "C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
    "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    Remaining Files :
    C:\WINDOWS\system32\twain_32\local.ds Found
    C:\WINDOWS\system32\twain_32\user.ds Found
    C:\WINDOWS\system32\twext.exe Found
    File Backups: - C:\SDFix\backups\backups.zip
    Files with Hidden Attributes :
    Wed 13 Oct 2004 1,694,208 A.SH. --- "C:\Program Files\Messenger\msmsgs.exe"
    Thu 23 Jun 2005 73,728 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
    Fri 1 Sep 2006 56 ..SHR --- "C:\WINDOWS\system32\0E309807DE.sys"
    Tue 29 Jan 2008 56 ..SHR --- "C:\WINDOWS\system32\D7F6B90036.sys"
    Mon 22 Sep 2008 4,808 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
    Thu 18 May 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"
    Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\Destiny\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
    Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\Destiny\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
    Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\Destiny\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
    Thu 19 Apr 2007 8 A..H. --- "C:\Documents and Settings\Destiny\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
    Tue 7 Aug 2007 8 A..H. --- "C:\Documents and Settings\Destiny\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp"
    Finished!
     
  8. dezlorelle

    dezlorelle Thread Starter

    Joined:
    Oct 14, 2008
    Messages:
    11
    I believe I ran it completely this time and got the following report.

    SDFix: Version 1.236
    Run by Destiny on Thu 10/16/2008 at 08:54 PM
    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix
    Checking Services :

    Restoring Default Security Values
    Restoring Default Hosts File
    Rebooting

    Infected beep.sys Found!
    beep.sys File Locations:
    "C:\WINDOWS\system32\dllcache\beep.sys" 28160 10/13/2008 08:02 PM
    "C:\WINDOWS\system32\drivers\beep.sys" 28160 10/13/2008 08:02 PM
    "C:\WINDOWS\system32\dllcache\beep.sys" 4224 08/07/2008 04:27 PM
    "C:\WINDOWS\system32\drivers\beep.sys" 4224 08/07/2008 04:27 PM
    Infected File Listed Below:
    C:\WINDOWS\system32\dllcache\beep.sys
    C:\WINDOWS\system32\drivers\beep.sys
    File copied to Backups Folder
    Attempting to replace beep.sys with original version

    Original beep.sys Restored
    "C:\WINDOWS\system32\dllcache\beep.sys" 4224 08/07/2008 04:27 PM
    "C:\WINDOWS\system32\drivers\beep.sys" 4224 08/07/2008 04:27 PM

    Checking Files :
    No Trojan Files Found



    Removing Temp Files
    ADS Check :

    Rebooting

    Infected beep.sys Found!
    beep.sys File Locations:
    "C:\WINDOWS\system32\dllcache\beep.sys" 28160 10/13/2008 08:02 PM
    "C:\WINDOWS\system32\drivers\beep.sys" 28160 10/13/2008 08:02 PM
    "C:\WINDOWS\system32\dllcache\beep.sys" 4224 08/07/2008 04:27 PM
    "C:\WINDOWS\system32\drivers\beep.sys" 4224 08/07/2008 04:27 PM
    Infected File Listed Below:
    C:\WINDOWS\system32\dllcache\beep.sys
    C:\WINDOWS\system32\drivers\beep.sys
    File copied to Backups Folder
    Attempting to replace beep.sys with original version

    Original beep.sys Restored
    "C:\WINDOWS\system32\dllcache\beep.sys" 4224 08/07/2008 04:27 PM
    "C:\WINDOWS\system32\drivers\beep.sys" 4224 08/07/2008 04:27 PM

    Original beep.sys Restored
    "C:\WINDOWS\system32\dllcache\beep.sys" 4224 08/07/2008 04:27 PM
    "C:\WINDOWS\system32\drivers\beep.sys" 4224 08/07/2008 04:27 PM

    Checking Files :
    No Trojan Files Found



    Removing Temp Files
    ADS Check :


    Final Check :
    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-16 21:28:08
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden services & system hive ...
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0016415ba584]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016415ba584]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016415ba584]
    scanning hidden registry entries ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Remaining Services :


    Authorized Application Key Export:
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Disabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Disabled:AOL"
    "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Disabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
    "C:\\Program Files\\Common Files\\AOL\\1148019653\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1148019653\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
    "C:\\Program Files\\Common Files\\AOL\\1148019653\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1148019653\\ee\\aim6.exe:*:Enabled:AIM"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
    "C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
    "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    Remaining Files :

    File Backups: - C:\SDFix\backups\backups.zip
    Files with Hidden Attributes :
    Wed 13 Oct 2004 1,694,208 A.SH. --- "C:\Program Files\Messenger\msmsgs.exe"
    Thu 23 Jun 2005 73,728 A.SH. --- "C:\Program Files\Windows Media Player\wmplayer.exe"
    Fri 1 Sep 2006 56 ..SHR --- "C:\WINDOWS\system32\0E309807DE.sys"
    Tue 29 Jan 2008 56 ..SHR --- "C:\WINDOWS\system32\D7F6B90036.sys"
    Mon 22 Sep 2008 4,808 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
    Thu 18 May 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"
    Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\Destiny\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
    Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\Destiny\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
    Thu 12 Apr 2007 8 A..H. --- "C:\Documents and Settings\Destiny\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
    Thu 19 Apr 2007 8 A..H. --- "C:\Documents and Settings\Destiny\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"
    Tue 7 Aug 2007 8 A..H. --- "C:\Documents and Settings\Destiny\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch_u5\lock.tmp"
    Finished!
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Can you post a hijackthis log now?
     
  10. dezlorelle

    dezlorelle Thread Starter

    Joined:
    Oct 14, 2008
    Messages:
    11
    I will try to run and post after 6pm tonight. Thanks!
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Ok, great! (y)
     
  12. dezlorelle

    dezlorelle Thread Starter

    Joined:
    Oct 14, 2008
    Messages:
    11
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:33:02 PM, on 10/20/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\AOL\1148019653\ee\AOLSoftware.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
    C:\WINDOWS\system32\wuauclt.exe
    c:\program files\common files\installshield\updateservice\isuspm.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Destiny\Desktop\HiJackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [ShowLOMControl] 
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148019653\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Lotus iNotes Sync Manager] C:\PROGRA~1\LOTUSI~1\nDOLMgr.exe -minimize
    O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab
    O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.com/photo/loaders/SAXFile.cab
    O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://mail.nwairlink.com/iNotes6W.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - http://mail.nwairlink.com/download/dolcontrol.cab
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O21 - SSODL: DbGenMon - {6CBE6773-29CD-822D-B6A9-00849A5C8149} - C:\Program Files\qiqdfnf\DbGenMon.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    --
    End of file - 9177 bytes
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab

    Close all applications and browser windows before you click "fix checked".



    Please go to this web site: http://virusscan.jotti.org/
    and in the File to upload & scan box copy and paste
    C:\Program Files\qiqdfnf\DbGenMon.dll

    Copy/paste the results back here in your next reply.
     
  14. dezlorelle

    dezlorelle Thread Starter

    Joined:
    Oct 14, 2008
    Messages:
    11
    Scan taken on 20 Oct 2008 23:43:23 (GMT) A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found Win32:pureMorph
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    G DATA Found Win32:pureMorph
    Ikarus Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Sophos Antivirus Found Mal/EncPk-DG
    VirusBuster Found nothing
    VBA32 Found nothing
     
  15. dezlorelle

    dezlorelle Thread Starter

    Joined:
    Oct 14, 2008
    Messages:
    11
    Service
    Service load: 0% 100% File: DbGenMon.dll Status: INFECTED/MALWARE
    MD5: 51cb3e9f59255aaca78b08af1391ca22 Packers detected: PE_PATCH
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/759278

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice