Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

gomyhi & rtna redirecting urls into various porn websites

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

gomyhi & rtna redirecting urls into various porn websites

Unread postby pesta1958 » August 26th, 2008, 5:04 pm

ComboFix 08-08-24.03 - raymond 2008-08-25 18:27:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.275 [GMT -7:00]
Running from: C:\Documents and Settings\Raymond Pestalozzi\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Raymond Pestalozzi\Application Data\inst.exe
C:\Documents and Settings\Raymond Pestalozzi\Application Data\macromedia\Flash Player\#SharedObjects\LSVWLLD2\interclick.com
C:\Documents and Settings\Raymond Pestalozzi\Application Data\macromedia\Flash Player\#SharedObjects\LSVWLLD2\interclick.com\ud.sol
C:\Documents and Settings\Raymond Pestalozzi\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Raymond Pestalozzi\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\BMf34f0eac.txt
C:\WINDOWS\BMf34f0eac.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aaxoiati.dll
C:\WINDOWS\system32\afqgvu.dll
C:\WINDOWS\system32\bknhtpuf.dll
C:\WINDOWS\system32\ceLlnnpo.ini
C:\WINDOWS\system32\ceLlnnpo.ini2
C:\WINDOWS\system32\ceobtfwm.dll
C:\WINDOWS\system32\cfotjfgc.ini
C:\WINDOWS\system32\cfuesnde.dll
C:\WINDOWS\system32\cgfjtofc.dll
C:\WINDOWS\system32\cigwixff.ini
C:\WINDOWS\system32\cqxscjsi.dll
C:\WINDOWS\system32\cwnguu.dll
C:\WINDOWS\system32\dfmxve.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\ecjtxymw.dll
C:\WINDOWS\system32\ednseufc.ini
C:\WINDOWS\system32\ewqigh.dll
C:\WINDOWS\system32\ffygagck.dll
C:\WINDOWS\system32\fhgccput.dll
C:\WINDOWS\system32\hhOUFfhk.ini
C:\WINDOWS\system32\hhOUFfhk.ini2
C:\WINDOWS\system32\ihevyo.dll
C:\WINDOWS\system32\ishgirgr.dll
C:\WINDOWS\system32\jmyqjoov.ini
C:\WINDOWS\system32\jwjjgfve.ini
C:\WINDOWS\system32\jymloxpp.dll
C:\WINDOWS\system32\lmemmhjj.ini
C:\WINDOWS\system32\maelbttg.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\odhlfcxy.ini
C:\WINDOWS\system32\oskcembw.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pdocdpay.ini
C:\WINDOWS\system32\pgnjjffq.ini
C:\WINDOWS\system32\pXIRYJjl.ini
C:\WINDOWS\system32\pXIRYJjl.ini2
C:\WINDOWS\system32\qsYaHRqr.ini
C:\WINDOWS\system32\qsYaHRqr.ini2
C:\WINDOWS\system32\rnvdonsk.dll
C:\WINDOWS\system32\SAaayGgh.ini
C:\WINDOWS\system32\SAaayGgh.ini2
C:\WINDOWS\system32\sdrymiqn.dll
C:\WINDOWS\system32\tpbsfmdi.ini
C:\WINDOWS\system32\tupccghf.ini
C:\WINDOWS\system32\ukhmtraw.dll
C:\WINDOWS\system32\voojqymj.dll
C:\WINDOWS\system32\wfcprhiq.dll
C:\WINDOWS\system32\wiudxrhi.dll
C:\WINDOWS\system32\wmyxtjce.ini
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\xksbplxk.dll
C:\WINDOWS\system32\ycpavyrm.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.

2008-08-23 01:35 . 2008-08-23 01:35 <DIR> d-------- C:\Documents and Settings\Raymond Pestalozzi\Application Data\SUPERAntiSpyware.com
2008-08-23 01:35 . 2008-08-23 01:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-23 01:12 . 2008-08-23 01:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-22 19:04 . 2006-11-17 03:06 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig
2008-08-22 19:03 . 2008-05-12 15:30 174,952 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-08-22 19:03 . 2008-05-12 15:30 72,936 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-08-22 19:03 . 2008-05-12 15:30 64,232 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2008-08-22 19:03 . 2008-05-12 15:30 52,104 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2008-08-22 19:03 . 2008-05-12 15:30 33,960 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-08-22 19:01 . 2008-08-22 19:04 <DIR> d-------- C:\Program Files\McAfee
2008-08-22 19:01 . 2008-08-22 19:01 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-08-22 15:47 . 2008-08-22 15:47 102,916 --a------ C:\WINDOWS\system32\msxml71.dll
2008-08-21 12:53 . 2008-08-21 12:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-08-21 12:45 . 2008-08-22 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-08-15 15:37 . 2008-08-15 15:37 <DIR> d-------- C:\Program Files\Sophos
2008-08-15 15:34 . 2007-11-20 12:26 <DIR> d-------- C:\sav_install
2008-08-14 20:18 . 2008-08-14 20:18 <DIR> d-------- C:\Documents and Settings\Raymond Pestalozzi\Application Data\Research In Motion
2008-08-14 20:18 . 2008-08-22 19:03 256 --a------ C:\WINDOWS\system32\pool.bin
2008-08-14 20:17 . 2007-01-18 10:24 26,496 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys
2008-08-14 20:15 . 2008-08-14 20:15 <DIR> d-------- C:\Program Files\Common Files\Research In Motion
2008-08-14 20:15 . 2008-08-14 20:19 <DIR> d-------- C:\Documents and Settings\Raymond Pestalozzi\Application Data\Blackberry Desktop
2008-08-14 20:14 . 2008-08-14 20:14 <DIR> d-------- C:\Program Files\Research In Motion
2008-08-14 18:32 . 2008-08-14 18:32 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-08-14 12:15 . 2008-08-15 09:28 121 --a------ C:\WINDOWS\bdagent.INI
2008-08-14 11:59 . 2008-08-15 09:28 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-08-14 11:54 . 2008-08-14 11:55 <DIR> d-------- C:\Program Files\BitDefender
2008-08-14 11:47 . 2008-08-14 11:54 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-08-14 09:37 . 2008-04-14 05:42 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-08-14 09:37 . 2008-04-14 05:42 1,306,624 --------- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-08-14 09:37 . 2008-04-13 22:57 79,872 --------- C:\WINDOWS\system32\msxml6r.dll
2008-08-14 09:37 . 2008-04-13 22:57 79,872 --------- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-08-14 09:35 . 2008-08-14 09:35 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-14 09:35 . 2008-08-14 09:35 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-14 09:23 . 2008-04-13 22:06 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-08-14 09:23 . 2008-04-14 00:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-08-14 09:20 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\005722_.tmp
2008-08-07 14:49 . 2008-08-07 14:49 <DIR> d-------- C:\Program Files\Investintech.com Inc
2008-08-07 10:59 . 2008-08-07 11:00 <DIR> d-------- C:\Program Files\Samsung
2008-08-07 10:59 . 2005-08-17 08:46 93,872 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-08-07 10:59 . 2005-08-17 08:45 58,352 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-08-07 10:59 . 2005-08-17 08:46 8,272 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-08-07 10:59 . 2005-08-17 08:47 6,176 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-08-07 10:59 . 2005-08-17 08:47 6,176 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-08-07 10:59 . 2005-08-17 08:44 5,840 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-08-07 10:59 . 2005-08-17 08:44 5,840 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-07-27 17:41 . 2008-07-27 17:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-27 17:41 . 2008-07-27 17:41 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 00:43 --------- d-----w C:\Program Files\mIRC
2008-08-26 00:28 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-08-25 18:50 --------- d-----w C:\Documents and Settings\Raymond Pestalozzi\Application Data\Skype
2008-08-25 17:31 --------- d-----w C:\Documents and Settings\Raymond Pestalozzi\Application Data\skypePM
2008-08-23 08:23 --------- d-----w C:\Documents and Settings\Raymond Pestalozzi\Application Data\uTorrent
2008-08-23 02:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-21 23:36 --------- d-----w C:\Program Files\TightVNC
2008-08-19 16:58 --------- d-----w C:\Program Files\Total Video Converter
2008-08-15 15:50 --------- d-----w C:\Documents and Settings\Raymond Pestalozzi\Application Data\VanDyke
2008-08-07 18:22 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-07 18:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-26 02:05 --------- d-----w C:\Program Files\Passcape
2008-07-25 18:50 --------- d-----w C:\Program Files\CHEMIX School3_00
2008-07-24 22:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-24 19:47 --------- d-----w C:\Documents and Settings\Raymond Pestalozzi\Application Data\AdobeUM
2008-07-24 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-17 17:24 --------- d-----w C:\Program Files\SWiSH Max2
2008-07-17 01:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-15 21:16 --------- d-----w C:\Program Files\SWiSHmax
2008-07-15 04:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-02 02:04 --------- d-----w C:\Program Files\Moyea
2008-07-02 01:53 --------- d-----w C:\Program Files\FLVPlay
2008-07-02 01:53 --------- d-----w C:\Program Files\Any FLV Player
2008-07-02 01:39 --------- d-----w C:\Documents and Settings\Raymond Pestalozzi\Application Data\Moyea
2008-07-02 00:40 --------- d-----w C:\Program Files\Common Files\SourceTec
2008-07-01 23:14 --------- d-----w C:\Program Files\MagicDisc
2008-06-28 00:09 --------- d-----w C:\Program Files\PowerISO
2008-06-28 00:05 --------- d-----w C:\Documents and Settings\Raymond Pestalozzi\Application Data\InstallShield
2008-06-27 19:19 --------- d-----w C:\Documents and Settings\Raymond Pestalozzi\Application Data\Thinstall
2008-01-22 22:47 47,360 ----a-w C:\Documents and Settings\Raymond Pestalozzi\Application Data\pcouffin.sys
2008-01-14 20:59 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
1999-12-02 21:54 1,844 ----a-w C:\Program Files\license.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"%ProtectMyPC"="C:\Program Files\Internet Explorer\iexplore.exe" [2008-08-18 10:10 93184]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-25 17:28 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-05-12 15:30 111952]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
PGPtray.exe.lnk - C:\WINDOWS\Installer\{65CEDFCC-9449-4E14-828D-959F77411F01}\Icon6560581611.exe [2006-08-25 14:28:58 55296]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "C:\Program Files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 15:57 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-08-25 17:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk
backup=C:\WINDOWS\pss\SnagIt 8.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Raymond Pestalozzi^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Raymond Pestalozzi\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Raymond Pestalozzi^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Raymond Pestalozzi\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-10-30 20:07 140568 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 2007-10-30 20:11 909208 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMGAG]
--a------ 2002-06-28 02:30 64000 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMONIT.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
--a------ 2006-11-17 13:39 136768 C:\Program Files\McAfee\Common Framework\UdaterUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-14 05:42 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 10:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-06-16 01:52 167936 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QCTRAY]
--a------ 2002-07-15 03:20 491520 C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QCWLICON]
--a------ 2002-07-15 03:20 49152 C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-04-23 17:45 22058792 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPTRAY]
--a------ 2002-06-28 02:30 48640 C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2007-10-30 20:06 2595616 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
--a------ 2007-08-01 12:07 540672 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SUService"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PGPwded;PGPwded Storage Filter Service;C:\WINDOWS\system32\drivers\PGPwded.sys [2006-04-05 11:36]
R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-03-14 00:26]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2002-07-15 03:20]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2002-06-28 02:30]
R2 PGPdisk;PGPdisk;C:\WINDOWS\system32\drivers\PGPdisk.sys [2006-04-05 11:39]
R2 PGPsdkDriver;PGPsdkDriver;C:\WINDOWS\system32\Drivers\PGPsdk.sys [2006-04-05 11:35]
R3 vdiskbus;Virtual Disk Bus;C:\WINDOWS\system32\DRIVERS\vdiskbus.sys [2005-01-13 10:06]
S3 ADPTEHCD;Adaptec USB 2.0 Enhanced Host Controller Driver;C:\WINDOWS\system32\DRIVERS\aehcd.sys [2004-04-21 03:21]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys []
S3 AUSBD_FilterService;Adaptec USB 2.0 Port Enumeration Driver;C:\WINDOWS\system32\DRIVERS\ausbd.sys [2004-04-21 03:21]
S3 CSNPD50;CSNPD50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\CSNPD50.sys []
S3 CSTDIDRV;CSTDIDRV;C:\WINDOWS\system32\Drivers\CSTDI50.sys []
S3 IMWEB51;High Rate Wireless LAN Mini-PCI LAN Driver;C:\WINDOWS\system32\DRIVERS\IMWEBN51.sys [2002-06-06 14:33]
S3 RayLink;Raytheon RayLink WireLess PCMCIA LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\wlandrv2.sys [2001-08-17 12:12]
S4 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-30 20:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad7c2bd6-1df7-11dd-ba78-00096b13af8b}]
\Shell\AutoRun\command - D:\ONSPCLCK.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-26 C:\WINDOWS\Tasks\BMMTask.job
- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2002-06-28 02:30]
.
- - - - ORPHANS REMOVED - - - -

BHO-{ca6d0b66-38ed-484c-b997-3386f9e4714c} - C:\WINDOWS\system32\danizu.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-%AntiMalware - C:\WINDOWS\system32\Service.exe
MSConfigStartUp-%AWinUpdate - C:\WINDOWS\wuauclt.vbs
MSConfigStartUp-Acrobat Assistant 7 - C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
MSConfigStartUp-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
MSConfigStartUp-BMf34f0eac - C:\WINDOWS\system32\bknhtpuf.dll
MSConfigStartUp-f07c3d30 - C:\WINDOWS\system32\ecjtxymw.dll
MSConfigStartUp-PicoZip - C:\Program Files\PicoZip\PicoZipTray.exe
MSConfigStartUp-Share-to-Web Namespace Daemon - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
MSConfigStartUp-Somefox - C:\DOCUME~1\RAYMON~1\LOCALS~1\Temp\C0.tmp.exe
MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
MSConfigStartUp-WinUpdate - C:\WINDOWS\wuauclt.vbs
MSConfigStartUp-Applications Driver - spc0.62.exe
MSConfigStartUp-Microsoft Updates - svshost.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Raymond Pestalozzi\Application Data\Mozilla\Firefox\Profiles\2vkrkzse.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 18:51:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
.
**************************************************************************
.
Completion time: 2008-08-25 18:58:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-26 01:57:59

Pre-Run: 15,081,947,136 bytes free
Post-Run: 14,952,992,768 bytes free

349
pesta1958
Active Member
 
Posts: 1
Joined: August 26th, 2008, 4:49 pm
Advertisement
Register to Remove

Re: gomyhi & rtna redirecting urls into various porn websites

Unread postby chryssi2001 » September 5th, 2008, 2:29 am

Hello pesta1958,

I will be assisting you with your malware issues.
Please be patient as I need some time to review your Hijackthis log and i will post back recommendations for repairs.

  • Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • Continue to respond to this thread until I give you the All Clean! If you have any question or you're stuck in there please reply it to me. I will try my best to help you!
  • Please bookmark or favourite this page. In case you need it as reference or etc.
----------------------------------------------
I apologise for the delay, the forum is busy.

If you still need help, please post a HijackThis log.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: gomyhi & rtna redirecting urls into various porn websites

Unread postby Gary R » September 10th, 2008, 2:36 pm

Due to lack of response this topic is now closed.

If you still need help open a new thread in the Malware Removal forum and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware