Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Website Re-direction

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Website Re-direction

Unread postby PCCLEAN » July 8th, 2009, 12:57 pm

Many of the times I click on a website in my google search, I am being redirected to a random website through http://101.123bounce.com.
I am looking to see if there is a way to get rid of this adware. Thanks.

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:04, on 08/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{37F946FC-0529-470E-B40D-E08486FACAE9}: NameServer = 85.255.112.131,85.255.112.74
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1341C41-D300-414D-8D90-C4326F538ECD}: NameServer = 85.255.112.131,85.255.112.74
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.131,85.255.112.74
O17 - HKLM\System\CS1\Services\Tcpip\..\{37F946FC-0529-470E-B40D-E08486FACAE9}: NameServer = 85.255.112.131,85.255.112.74
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.131,85.255.112.74
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9b7fb7c544d86) (gupdate1c9b7fb7c544d86) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6352 bytes
PCCLEAN
Active Member
 
Posts: 6
Joined: July 8th, 2009, 12:49 pm
Advertisement
Register to Remove

Re: Website Re-direction

Unread postby muppy03 » July 12th, 2009, 4:11 am

Hello and welcome to the Malware Removal Forums

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-
  • Continue to respond to this thread until I give you the All Clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:

    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.

NEXT Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please reply with:-
  • Uninstall list
  • MBAM log
  • RSIT logs ( info.txt and log.txt)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Website Re-direction

Unread postby PCCLEAN » July 14th, 2009, 6:38 pm

Uninstall list:

Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.2
Agere Systems PCI Soft Modem
AirPlus G
ANIO Service
ANIWZCS2 Service
Apple Mobile Device Support
Apple Software Update
AVG 8.5
Bonjour
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Google Chrome
Google Update Helper
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Deskjet 3840
HP Software Update
iTunes
Java(TM) 6 Update 14
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB954430)
QuickTime
Realtek AC'97 Audio
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Skype™ 4.0
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.9
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3


MBAM log:

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

14/07/2009 6:24:42 PM
mbam-log-2009-07-14 (18-24-42).txt

Scan type: Full Scan (C:\|E:\|F:\|)
Objects scanned: 296458
Time elapsed: 3 hour(s), 58 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 12
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gxvxcserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{37f946fc-0529-470e-b40d-e08486facae9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b1341c41-d300-414d-8d90-c4326f538ecd}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b1341c41-d300-414d-8d90-c4326f538ecd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{37f946fc-0529-470e-b40d-e08486facae9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b1341c41-d300-414d-8d90-c4326f538ecd}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b1341c41-d300-414d-8d90-c4326f538ecd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{37f946fc-0529-470e-b40d-e08486facae9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{b1341c41-d300-414d-8d90-c4326f538ecd}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{b1341c41-d300-414d-8d90-c4326f538ecd}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.131,85.255.112.74 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-4855531.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\tempo-4888453.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.


RSIT logs ( info.txt and log.txt):

info.txt logfile of random's system information tool 1.06 2009-07-14 18:26:14

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Agere Systems PCI Soft Modem-->agrsmdel
AirPlus G-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B7E4354-0492-460A-BDB1-1F59EE141025}\setup.exe" -l0x9 -removeonly
ANIO Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.33\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet 3840-->msiexec /x{B1591C79-1C35-4E09-AA15-F7D6923AFB96}
HP Software Update-->MsiExec.exe /X{B81023A5-71ED-46EB-BE3B-9F974D1155F1}
iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Remote Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C098AEC-BBE1-49E1-83F9-60E186B2EEF0}\Setup.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: IVANHOE
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001346E96EDE. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 2525
Source Name: Dhcp
Time Written: 20090506151132.000000-240
Event Type: warning
User:

Computer Name: IVANHOE
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001346E96EDE. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 2520
Source Name: Dhcp
Time Written: 20090506151124.000000-240
Event Type: warning
User:

Computer Name: IVANHOE
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001346E96EDE. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 2518
Source Name: Dhcp
Time Written: 20090506151117.000000-240
Event Type: warning
User:

Computer Name: IVANHOE
Event Code: 1009
Message: A network error occurred when trying to send a message. The error code is: A blocking operation was interrupted by a call to WSACancelBlockingCall.
.

Record Number: 2483
Source Name: Dhcp
Time Written: 20090506103215.000000-240
Event Type: warning
User:

Computer Name: IVANHOE
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001346E96EDE. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 2477
Source Name: Dhcp
Time Written: 20090506103206.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: IVANHOE
Event Code: 1000
Message: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module flash10b.ocx, version 10.0.22.87, fault address 0x000c1890.

Record Number: 195
Source Name: Application Error
Time Written: 20090420144344.000000-240
Event Type: error
User:

Computer Name: IVANHOE
Event Code: 1000
Message: Faulting application vlc.exe, version 0.9.9.0, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0001070f.

Record Number: 86
Source Name: Application Error
Time Written: 20090403195720.000000-240
Event Type: error
User:

Computer Name: IVANHOE
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16791, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 77
Source Name: Application Hang
Time Written: 20090403174734.000000-240
Event Type: error
User:

Computer Name: IVANHOE
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16791, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 76
Source Name: Application Hang
Time Written: 20090403174715.000000-240
Event Type: error
User:

Computer Name: IVANHOE
Event Code: 1001
Message: Fault bucket 1213735858.

Record Number: 72
Source Name: Application Error
Time Written: 20090403164333.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0c00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.06 (written by random/random)
Run by Ivan at 2009-07-14 18:25:58
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 144 GB (94%) free of 153 GB
Total RAM: 511 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:26:12, on 14/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Ivan\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ivan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9b7fb7c544d86) (gupdate1c9b7fb7c544d86) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 6488 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{6A80E6E1-CD35-4AF1-B1BA-97A1D29FD298}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-02 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-09 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"D-Link AirPlus G"=C:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2007-04-14 1556480]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-06-16 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 49152]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-06 1948440]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2006-01-13 172032]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2006-01-13 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-09 148888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-07-13 1287440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"WeatherEye"=C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe [2009-01-16 4519832]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-06 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe"="C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-07-14 18:25:58 ----D---- C:\rsit
2009-07-14 18:25:17 ----A---- C:\WINDOWS\embqju.txt
2009-07-14 14:41:37 ----D---- C:\Program Files\Samsung
2009-07-14 13:35:11 ----D---- C:\WINDOWS\Sun
2009-07-13 19:21:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-09 14:32:37 ----HD---- C:\WINDOWS\PIF
2009-07-09 13:25:56 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-09 13:25:56 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-09 13:25:55 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-09 13:25:55 ----A---- C:\WINDOWS\system32\java.exe
2009-07-09 13:25:38 ----D---- C:\Program Files\Java
2009-07-09 13:24:54 ----D---- C:\Documents and Settings\Ivan\Application Data\Sun
2009-07-08 12:38:22 ----D---- C:\Program Files\Trend Micro
2009-07-06 12:27:10 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-06-28 16:08:41 ----D---- C:\Program Files\xerox
2009-06-27 10:13:27 ----A---- C:\WINDOWS\system32\tmp.txt
2009-06-27 10:13:23 ----A---- C:\rapport.txt
2009-06-27 10:12:51 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-06-27 10:12:50 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-06-27 10:12:50 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-06-27 10:12:49 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-06-27 10:12:48 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-06-27 10:12:48 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-06-27 10:12:47 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-06-27 10:12:46 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-06-27 10:12:46 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-06-27 10:12:45 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-06-27 10:12:45 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-06-27 10:12:44 ----A---- C:\WINDOWS\system32\swsc.exe
2009-06-27 10:12:44 ----A---- C:\WINDOWS\system32\swreg.exe
2009-06-27 10:12:42 ----A---- C:\WINDOWS\system32\Process.exe
2009-06-24 16:00:20 ----D---- C:\Documents and Settings\Ivan\Application Data\Malwarebytes
2009-06-24 16:00:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-23 13:07:49 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-06-22 23:23:15 ----A---- C:\WINDOWS\ntbtlog.txt

======List of files/folders modified in the last 1 months======

2009-07-14 18:26:00 ----D---- C:\WINDOWS\Prefetch
2009-07-14 18:25:17 ----D---- C:\WINDOWS\system32\drivers
2009-07-14 18:25:17 ----D---- C:\WINDOWS
2009-07-14 18:24:42 ----SD---- C:\WINDOWS\Tasks
2009-07-14 15:00:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-14 14:41:37 ----RD---- C:\Program Files
2009-07-14 14:41:37 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-14 14:29:11 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-14 13:44:22 ----D---- C:\Documents and Settings\Ivan\Application Data\uTorrent
2009-07-14 13:40:18 ----D---- C:\Program Files\Mozilla Firefox
2009-07-14 12:42:34 ----D---- C:\WINDOWS\Temp
2009-07-13 20:49:01 ----D---- C:\Documents and Settings\Ivan\Application Data\dvdcss
2009-07-09 13:26:09 ----SHD---- C:\WINDOWS\Installer
2009-07-09 13:25:56 ----D---- C:\WINDOWS\system32
2009-07-09 13:09:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-09 13:09:07 ----HD---- C:\WINDOWS\inf
2009-07-06 12:25:54 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-06-27 10:23:33 ----SHD---- C:\RECYCLER
2009-06-24 15:39:18 ----D---- C:\Program Files\Common Files
2009-06-24 13:44:54 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-23 13:23:48 ----SD---- C:\Documents and Settings\Ivan\Application Data\Microsoft
2009-06-23 13:21:14 ----D---- C:\Program Files\Bonjour
2009-06-23 13:07:44 ----D---- C:\WINDOWS\WinSxS
2009-06-23 00:04:37 ----D---- C:\WINDOWS\repair
2009-06-22 23:23:58 ----D---- C:\Documents and Settings
2009-06-22 15:32:44 ----HD---- C:\$AVG8.VAULT$
2009-06-22 15:09:01 ----D---- C:\Program Files\MSN

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-06 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-06 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-02 108552]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2001-03-06 40448]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 rt2500usb;DWL-G122(rev.B) USB Wireless LAN Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-03-12 243456]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-06 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-09 152984]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2007-01-19 49152]
S2 gupdate1c9b7fb7c544d86;Google Update Service (gupdate1c9b7fb7c544d86); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-07 133104]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------
PCCLEAN
Active Member
 
Posts: 6
Joined: July 8th, 2009, 12:49 pm

Re: Website Re-direction

Unread postby muppy03 » July 15th, 2009, 4:22 am

Hello! That looks a lot better :cheers:


MRU P2P Policy
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent

I'd like you to read the MRU policy for P2P Programs.

This program is not showing in ADD/REMOVE programs. Take note remnants will be removed if you continue with the fix.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

P2P programs also open up access to the computer on which the program is installed. The computer's settings are more often than not changed in a manner that renders them insecure, and access to the computer is left open even when the program is not in use. Therefore, the system's security is compromised.

So be aware that it's not just what's downloaded with P2P programs that creates problems, just having the program installed is like leaving all the doors to your house unlocked.

Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • If you need help to disable your protection programs see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image
Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please reply with:-
  • Combofix log
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Website Re-direction

Unread postby PCCLEAN » July 15th, 2009, 11:36 am

ComboFix 09-07-14.08 - Ivan 15/07/2009 11:28.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.146 [GMT -4:00]
Running from: c:\documents and settings\Ivan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.

2009-07-14 22:25 . 2009-07-14 22:26 -------- d-----w- C:\rsit
2009-07-14 18:41 . 2001-03-06 04:20 40448 ----a-w- c:\windows\system32\drivers\DGIVECP.SYS
2009-07-14 18:41 . 2009-07-14 18:41 -------- d-----w- c:\program files\Samsung
2009-07-14 17:35 . 2009-07-14 17:35 -------- d-----w- c:\windows\Sun
2009-07-13 23:21 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 23:21 . 2009-07-13 23:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 23:21 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 18:32 . 2009-07-09 18:32 -------- d--h--w- c:\windows\PIF
2009-07-09 17:25 . 2009-07-09 17:25 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-09 17:25 . 2009-07-09 17:25 -------- d-----w- c:\program files\Java
2009-07-09 17:25 . 2009-07-09 17:25 152576 ----a-w- c:\documents and settings\Ivan\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-09 17:09 . 2001-08-17 17:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-07-09 17:09 . 2001-08-17 17:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-07-08 16:38 . 2009-07-08 16:38 -------- d-----w- c:\program files\Trend Micro
2009-07-06 16:28 . 2009-07-06 16:28 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Application Data\AVG Security Toolbar
2009-07-06 16:27 . 2009-07-06 16:25 832144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-07-06 16:27 . 2009-07-06 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-24 20:00 . 2009-06-24 20:00 -------- d-----w- c:\documents and settings\Ivan\Application Data\Malwarebytes
2009-06-24 20:00 . 2009-06-24 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-23 17:07 . 2009-06-24 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-23 16:43 . 2009-06-23 16:43 -------- d-----w- c:\documents and settings\MAIN\Local Settings\Application Data\Mozilla
2009-06-23 03:53 . 2009-06-23 03:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-23 03:24 . 2009-06-23 03:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-22 21:47 . 2009-06-22 21:47 -------- d-sh--w- c:\documents and settings\MAIN\IECompatCache
2009-06-22 21:46 . 2009-06-22 21:46 -------- d-sh--w- c:\documents and settings\MAIN\PrivacIE
2009-06-22 21:46 . 2009-06-22 21:47 -------- d-----w- c:\documents and settings\MAIN\Application Data\AVGTOOLBAR
2009-06-22 21:45 . 2009-06-22 21:45 -------- d-----w- c:\documents and settings\MAIN\Local Settings\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 18:41 . 2009-04-01 00:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-14 00:49 . 2009-04-04 01:22 -------- d-----w- c:\documents and settings\Ivan\Application Data\dvdcss
2009-07-06 16:25 . 2009-04-03 17:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-06 16:25 . 2009-04-03 17:34 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-06 16:25 . 2009-04-03 17:34 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-23 17:21 . 2009-04-03 22:33 -------- d-----w- c:\program files\Bonjour
2009-05-22 00:37 . 2009-05-21 23:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-05-22 00:15 . 2009-04-08 13:09 -------- d-----w- c:\documents and settings\Ivan\Application Data\DivX
2009-05-02 15:00 . 2009-04-03 17:34 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-12 18:51 . 2009-04-08 03:12 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 20:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WeatherEye"="c:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2009-01-16 4519832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2007-04-14 1556480]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-06 1948440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2006-01-14 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-01-14 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-09 148888]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\Alcxmntr.exe [2004-09-07 57344]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-06 16:25 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/04/2009 1:34 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/04/2009 1:34 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/04/2009 1:34 PM 298776]
S2 gupdate1c9b7fb7c544d86;Google Update Service (gupdate1c9b7fb7c544d86);c:\program files\Google\Update\GoogleUpdate.exe [07/04/2009 11:38 PM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 03:38]

2009-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 03:38]

2009-07-15 c:\windows\Tasks\User_Feed_Synchronization-{6A80E6E1-CD35-4AF1-B1BA-97A1D29FD298}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ivan\Application Data\Mozilla\Firefox\Profiles\yun62npp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 11:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-15 11:32
ComboFix-quarantined-files.txt 2009-07-15 15:32

Pre-Run: 150,790,705,152 bytes free
Post-Run: 151,419,002,880 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

163 --- E O F --- 2009-05-13 02:12




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:02, on 15/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9b7fb7c544d86) (gupdate1c9b7fb7c544d86) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 6165 bytes
PCCLEAN
Active Member
 
Posts: 6
Joined: July 8th, 2009, 12:49 pm

Re: Website Re-direction

Unread postby muppy03 » July 16th, 2009, 3:45 am

Hello!
How is the computer running now?

Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Once selected close all windows except HJT an click on Fix Checked

Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<

Use IE

  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply

Please reply with:-
  • Kaspersky report
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Website Re-direction

Unread postby PCCLEAN » July 17th, 2009, 3:15 pm

Computer seems good so far. Still being re-directed now and then...Thanks for your help so far.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, July 17, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, July 16, 2009 17:25:04
Records in database: 2474971
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 176807
Threat name: 3
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 06:24:21


File name / Threat name / Threats count
E:\Documents and Settings\Ivan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-7fa2058c-39daf171.zip Infected: Trojan-Downloader.Java.OpenConnection.ap 1
E:\Documents and Settings\Ivan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-58b62bbb.zip Infected: Exploit.Java.Gimsh.a 1
E:\Documents and Settings\Ivan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-470d71e-50210cad.zip Infected: Trojan-Downloader.Java.OpenConnection.ap 1
F:\I386\Apps\APP15425\src\HPSummer2005.exe Infected: not-a-virus:AdWare.Win32.MyWay.j 1

The selected area was scanned.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:11:56, on 17/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Ivan\Local Settings\temp\jkos-Ivan\binaries\ScanningProcess.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9b7fb7c544d86) (gupdate1c9b7fb7c544d86) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 6501 bytes
PCCLEAN
Active Member
 
Posts: 6
Joined: July 8th, 2009, 12:49 pm

Re: Website Re-direction

Unread postby muppy03 » July 17th, 2009, 8:06 pm

Hello! What is E and F dirve? If they are external drives, please make sure they are connected (plugged in) before doing the next step.

COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.


  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    File::
    E:\Documents and Settings\Ivan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-7fa2058c-39daf171.zip 
    E:\Documents and Settings\Ivan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-58b62bbb.zip 
    E:\Documents and Settings\Ivan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-470d71e-50210cad.zip 
    F:\I386\Apps\APP15425\src\HPSummer2005.exe 
     
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Download DDS

Download DDS from one of the below links and save it to your desktop.

Link1
Link2
Link3
  • Double click the tool to run it.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finishes it will open 2 reports.
  • Copy/paste both reports back here and remove DDS from your desktop.

[b]Let me know if the re-directs are still happening now?

Please reply with:-
  • Combofix log
  • DDS logs
  • Answer to question
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Website Re-direction

Unread postby PCCLEAN » July 18th, 2009, 10:12 pm

ComboFix 09-07-14.08 - Ivan 18/07/2009 22:00.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.167 [GMT -4:00]
Running from: c:\documents and settings\Ivan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ivan\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"e:\documents and settings\Ivan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-7fa2058c-39daf171.zip"
"e:\documents and settings\Ivan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-58b62bbb.zip"
"e:\documents and settings\Ivan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-470d71e-50210cad.zip"
"f:\i386\Apps\APP15425\src\HPSummer2005.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\documents and settings\Ivan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\eRT.jar-7fa2058c-39daf171.zip
e:\documents and settings\Ivan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-58b62bbb.zip
e:\documents and settings\Ivan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nRT.jar-470d71e-50210cad.zip
f:\i386\Apps\APP15425\src\HPSummer2005.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.

2009-07-19 01:39 . 2009-07-06 16:25 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-19 01:39 . 2009-07-06 16:25 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-19 01:39 . 2009-07-06 16:25 493336 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtbapi.dll
2009-07-19 01:39 . 2009-07-06 16:25 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-19 01:39 . 2009-07-06 16:25 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-19 01:39 . 2009-07-06 16:25 2301208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-07-19 01:39 . 2009-07-06 16:25 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-19 01:39 . 2009-07-06 16:25 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-19 01:39 . 2009-07-06 16:25 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-19 01:39 . 2009-07-06 16:25 353048 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-07-19 01:39 . 2009-07-06 16:25 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-19 01:38 . 2009-07-06 16:20 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-07-19 01:38 . 2009-07-06 16:20 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-17 21:29 . 2009-07-17 21:29 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Application Data\Temp
2009-07-15 16:16 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2009-07-15 16:03 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-15 16:03 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-15 15:39 . 2009-06-14 20:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-14 22:25 . 2009-07-14 22:26 -------- d-----w- C:\rsit
2009-07-14 18:41 . 2001-03-06 04:20 40448 ----a-w- c:\windows\system32\drivers\DGIVECP.SYS
2009-07-14 18:41 . 2009-07-14 18:41 -------- d-----w- c:\program files\Samsung
2009-07-14 17:35 . 2009-07-14 17:35 -------- d-----w- c:\windows\Sun
2009-07-13 23:21 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 23:21 . 2009-07-13 23:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 23:21 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 18:32 . 2009-07-09 18:32 -------- d--h--w- c:\windows\PIF
2009-07-09 17:25 . 2009-07-09 17:25 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-09 17:25 . 2009-07-09 17:25 -------- d-----w- c:\program files\Java
2009-07-09 17:25 . 2009-07-09 17:25 152576 ----a-w- c:\documents and settings\Ivan\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-09 17:09 . 2001-08-17 17:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-07-09 17:09 . 2001-08-17 17:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2009-07-08 16:38 . 2009-07-08 16:38 -------- d-----w- c:\program files\Trend Micro
2009-07-06 16:28 . 2009-07-06 16:28 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Application Data\AVG Security Toolbar
2009-07-06 16:27 . 2009-07-06 16:25 832144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-07-06 16:27 . 2009-07-15 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-24 20:00 . 2009-06-24 20:00 -------- d-----w- c:\documents and settings\Ivan\Application Data\Malwarebytes
2009-06-24 20:00 . 2009-06-24 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-23 17:07 . 2009-06-24 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-23 16:43 . 2009-06-23 16:43 -------- d-----w- c:\documents and settings\MAIN\Local Settings\Application Data\Mozilla
2009-06-23 03:53 . 2009-06-23 03:53 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-23 03:24 . 2009-06-23 03:24 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-22 21:47 . 2009-06-22 21:47 -------- d-sh--w- c:\documents and settings\MAIN\IECompatCache
2009-06-22 21:46 . 2009-06-22 21:46 -------- d-sh--w- c:\documents and settings\MAIN\PrivacIE
2009-06-22 21:46 . 2009-06-22 21:47 -------- d-----w- c:\documents and settings\MAIN\Application Data\AVGTOOLBAR
2009-06-22 21:45 . 2009-06-22 21:45 -------- d-----w- c:\documents and settings\MAIN\Local Settings\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 01:39 . 2009-04-03 17:34 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-15 16:16 . 2009-07-15 16:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-15 16:16 . 2009-07-15 16:16 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-14 18:41 . 2009-04-01 00:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-14 00:49 . 2009-04-04 01:22 -------- d-----w- c:\documents and settings\Ivan\Application Data\dvdcss
2009-07-06 16:25 . 2009-04-03 17:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-06 16:25 . 2009-04-03 17:34 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-23 17:21 . 2009-04-03 22:33 -------- d-----w- c:\program files\Bonjour
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-22 00:37 . 2009-05-21 23:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-05-22 00:15 . 2009-04-08 13:09 -------- d-----w- c:\documents and settings\Ivan\Application Data\DivX
2009-05-13 05:15 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:14 . 2009-05-09 05:14 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-09 05:14 . 2009-05-09 05:14 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-02 15:00 . 2009-04-03 17:34 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-12 18:51 . 2009-04-08 03:12 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-15_15.31.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-19 01:36 . 2009-07-19 01:36 16384 c:\windows\Temp\Perflib_Perfdata_710.dat
+ 2009-07-15 16:16 . 2008-04-14 00:11 21504 c:\windows\system32\ReinstallBackups\0004\DriverFiles\i386\hidserv.dll
- 2004-08-04 12:00 . 2009-03-08 08:33 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2009-04-30 21:22 25600 c:\windows\system32\jsproxy.dll
+ 2006-11-02 11:22 . 2006-11-02 11:22 32224 c:\windows\system32\drivers\wdfldr.sys
+ 2007-08-13 22:54 . 2009-04-30 21:22 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2007-08-13 22:54 . 2009-03-08 08:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-04-01 01:48 . 2009-07-15 16:17 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2009-04-01 01:48 . 2009-05-13 02:12 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2009-04-01 01:48 . 2009-07-15 16:17 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2009-04-01 01:48 . 2009-05-13 02:12 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-04-01 01:48 . 2009-07-15 16:17 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2009-04-01 01:48 . 2009-05-13 02:12 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2009-04-01 01:48 . 2009-07-15 16:17 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2009-04-01 01:48 . 2009-05-13 02:12 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-04-01 01:48 . 2009-07-15 16:17 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2009-04-01 01:48 . 2009-05-13 02:12 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2009-04-01 01:48 . 2009-05-13 02:12 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-04-01 01:48 . 2009-07-15 16:17 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2009-04-01 01:48 . 2009-05-13 02:12 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-04-01 01:48 . 2009-07-15 16:17 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-07-15 16:16 . 2009-03-08 08:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll
+ 2009-07-15 16:16 . 2009-03-08 08:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll
- 2009-04-01 01:48 . 2009-05-13 02:12 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-04-01 01:48 . 2009-07-15 16:17 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2009-04-01 01:48 . 2009-05-13 02:12 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-04-01 01:48 . 2009-07-15 16:17 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2009-04-01 01:48 . 2009-05-13 02:12 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-04-01 01:48 . 2009-07-15 16:17 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2004-08-04 12:00 . 2009-04-15 14:51 585216 c:\windows\system32\rpcrt4.dll
+ 2004-08-04 12:00 . 2009-04-30 21:22 385536 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2009-04-30 11:21 173056 c:\windows\system32\ie4uinit.exe
- 2004-08-04 12:00 . 2009-03-08 08:32 173056 c:\windows\system32\ie4uinit.exe
- 2009-03-31 18:58 . 2009-04-03 16:42 110992 c:\windows\system32\FNTCACHE.DAT
+ 2009-03-31 18:58 . 2009-07-15 20:23 110992 c:\windows\system32\FNTCACHE.DAT
+ 2006-11-02 11:22 . 2006-11-02 11:22 492000 c:\windows\system32\drivers\wdf01000.sys
+ 2009-04-01 01:59 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\wininet.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2007-08-13 22:39 . 2009-04-30 21:22 385536 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 22:39 . 2009-04-30 11:21 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-13 22:39 . 2009-03-08 08:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-04-20 18:59 . 2009-04-20 18:59 219648 c:\windows\Installer\6c66c5.msp
- 2009-04-01 01:48 . 2009-05-13 02:12 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2009-04-01 01:48 . 2009-07-15 16:17 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2009-04-01 01:48 . 2009-05-13 02:12 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-04-01 01:48 . 2009-07-15 16:17 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-07-15 16:16 . 2009-03-08 08:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll
+ 2009-07-15 16:16 . 2008-07-09 07:38 382840 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll
+ 2009-07-15 16:16 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe
+ 2009-07-15 16:16 . 2009-03-08 08:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll
+ 2009-07-15 16:16 . 2009-03-08 18:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll
+ 2009-07-15 16:16 . 2009-03-08 08:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-04-17 12:26 1847168 c:\windows\system32\win32k.sys
+ 2004-08-04 12:00 . 2009-04-30 21:22 1207808 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2009-05-13 05:15 5936128 c:\windows\system32\mshtml.dll
- 2007-08-13 22:34 . 2009-03-08 08:32 1985024 c:\windows\system32\iertutil.dll
+ 2007-08-13 22:34 . 2009-04-30 21:22 1985024 c:\windows\system32\iertutil.dll
+ 2009-02-09 11:13 . 2009-04-17 12:26 1847168 c:\windows\system32\dllcache\win32k.sys
+ 2009-04-01 01:59 . 2009-04-30 21:22 1207808 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2009-04-01 01:59 . 2009-05-13 05:15 5936128 c:\windows\system32\dllcache\mshtml.dll
- 2009-04-03 16:49 . 2009-03-08 08:32 1985024 c:\windows\system32\dllcache\iertutil.dll
+ 2009-04-03 16:49 . 2009-04-30 21:22 1985024 c:\windows\system32\dllcache\iertutil.dll
+ 2009-04-29 19:03 . 2009-04-29 19:03 8404992 c:\windows\Installer\6c66b0.msp
+ 2009-07-15 16:16 . 2009-03-08 08:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll
+ 2009-07-15 16:16 . 2009-03-08 08:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll
+ 2009-07-15 16:16 . 2009-03-08 08:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll
+ 2009-04-03 16:47 . 2009-07-07 12:10 24539592 c:\windows\system32\MRT.exe
+ 2007-08-13 22:54 . 2009-04-30 21:22 11064832 c:\windows\system32\ieframe.dll
+ 2009-04-03 16:49 . 2009-04-30 21:22 11064832 c:\windows\system32\dllcache\ieframe.dll
+ 2009-05-05 22:06 . 2009-05-05 22:06 17515008 c:\windows\Installer\6c66db.msp
+ 2009-07-15 16:16 . 2009-03-08 08:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 20:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"WeatherEye"="c:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2009-01-16 4519832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2007-04-14 1556480]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-06 1948440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2006-01-14 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-01-14 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-09 148888]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-06 16:25 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/04/2009 1:34 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/04/2009 1:34 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/04/2009 1:34 PM 298776]
S2 gupdate1c9b7fb7c544d86;Google Update Service (gupdate1c9b7fb7c544d86);c:\program files\Google\Update\GoogleUpdate.exe [07/04/2009 11:38 PM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 03:38]

2009-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-08 03:38]

2009-07-19 c:\windows\Tasks\User_Feed_Synchronization-{6A80E6E1-CD35-4AF1-B1BA-97A1D29FD298}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ivan\Application Data\Mozilla\Firefox\Profiles\yun62npp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-18 22:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-19 22:05
ComboFix-quarantined-files.txt 2009-07-19 02:05
ComboFix2.txt 2009-07-15 15:32

Pre-Run: 151,051,612,160 bytes free
Post-Run: 151,104,552,960 bytes free

265 --- E O F --- 2009-07-15 16:17




DDS (Ver_09-06-26.01) - NTFSx86
Run by Ivan at 22:07:03.48 on 18/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.180 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ivan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [WeatherEye] c:\program files\theweathernetwork\weathereye\WeatherEye.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [D-Link AirPlus G] c:\program files\d-link\airplus g\AirGCFG.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ivan\applic~1\mozilla\firefox\profiles\yun62npp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-3 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-3 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-3 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-3 298776]
S2 gupdate1c9b7fb7c544d86;Google Update Service (gupdate1c9b7fb7c544d86);c:\program files\google\update\GoogleUpdate.exe [2009-4-7 133104]

=============== Created Last 30 ================

2009-07-18 21:59 <DIR> --ds---- C:\ComboFix
2009-07-15 12:16 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-07-15 12:16 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-07-15 12:16 21,504 a------- c:\windows\system32\drivers\hidserv.dll
2009-07-15 12:03 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-15 12:03 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-15 11:31 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-15 11:27 <DIR> a-dshr-- C:\cmdcons
2009-07-15 11:18 219,648 a------- c:\windows\PEV.exe
2009-07-15 11:18 161,792 a------- c:\windows\SWREG.exe
2009-07-15 11:18 98,816 a------- c:\windows\sed.exe
2009-07-14 14:41 40,448 a------- c:\windows\system32\drivers\DGIVECP.SYS
2009-07-14 14:41 766 a------- c:\windows\Uninstall.ico
2009-07-14 14:41 <DIR> --d----- c:\program files\Samsung
2009-07-13 19:21 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 19:21 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-13 19:21 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 14:32 <DIR> --d-h--- c:\windows\PIF
2009-07-09 13:25 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-09 13:25 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-09 13:09 7,552 ac------ c:\windows\system32\dllcache\sonypvu1.sys
2009-07-09 13:09 7,552 a------- c:\windows\system32\drivers\SONYPVU1.SYS
2009-07-08 12:38 <DIR> --d----- c:\program files\Trend Micro
2009-07-06 12:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-06-24 16:00 <DIR> --d----- c:\docume~1\ivan\applic~1\Malwarebytes
2009-06-24 16:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2009-07-18 21:39 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-06 12:25 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 01:14 1,418,120 a------- c:\windows\system32\wdfcoinstaller01005.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll

============= FINISH: 22:07:11.82 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume3
Install Date: 31/03/2009 8:22:41 PM
System Uptime: 18/07/2009 9:35:20 PM (1 hours ago)

Motherboard: ASUSTek Computer INC. | | Salmon
Processor: AMD Sempron(tm) Processor 3100+ | Socket 754 | 1808/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 140.751 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 143 GiB total, 37.06 GiB free.
F: is FIXED (FAT32) - 6 GiB total, 1.044 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP43: 20/04/2009 12:32:26 PM - System Checkpoint
RP44: 21/04/2009 5:56:18 PM - Software Distribution Service 3.0
RP45: 22/04/2009 11:17:35 AM - Software Distribution Service 3.0
RP46: 22/04/2009 11:28:06 PM - Software Distribution Service 3.0
RP47: 23/04/2009 10:41:41 AM - Installed HP Deskjet 3840
RP48: 23/04/2009 10:42:50 AM - Installed HP Software Update
RP49: 24/04/2009 11:33:18 AM - System Checkpoint
RP50: 24/04/2009 12:54:35 PM - Software Distribution Service 3.0
RP51: 26/04/2009 5:49:48 PM - System Checkpoint
RP52: 27/04/2009 6:29:48 PM - System Checkpoint
RP53: 29/04/2009 10:57:41 AM - System Checkpoint
RP54: 30/04/2009 2:04:33 PM - System Checkpoint
RP55: 01/05/2009 5:36:22 PM - System Checkpoint
RP56: 02/05/2009 11:00:06 AM - Avg8 Update
RP57: 02/05/2009 11:00:46 AM - Avg8 Update
RP58: 04/05/2009 4:46:56 PM - System Checkpoint
RP59: 05/05/2009 5:52:57 PM - System Checkpoint
RP60: 06/05/2009 6:15:49 PM - System Checkpoint
RP61: 08/05/2009 12:03:25 AM - System Checkpoint
RP62: 11/05/2009 6:46:01 PM - System Checkpoint
RP63: 12/05/2009 7:28:36 PM - Avg8 Update
RP64: 12/05/2009 10:10:28 PM - Software Distribution Service 3.0
RP65: 14/05/2009 11:10:38 AM - System Checkpoint
RP66: 18/05/2009 2:43:44 PM - System Checkpoint
RP67: 19/05/2009 8:15:27 PM - Avg8 Update
RP68: 19/05/2009 8:16:14 PM - Avg8 Update
RP69: 21/05/2009 7:56:21 PM - System Checkpoint
RP70: 24/05/2009 5:58:54 PM - System Checkpoint
RP71: 26/05/2009 6:46:24 PM - System Checkpoint
RP72: 29/05/2009 2:09:36 PM - System Checkpoint
RP73: 30/05/2009 2:49:46 PM - System Checkpoint
RP74: 01/06/2009 7:49:46 PM - System Checkpoint
RP75: 03/06/2009 8:06:19 PM - System Checkpoint
RP76: 04/06/2009 8:34:21 PM - System Checkpoint
RP77: 05/06/2009 9:00:54 PM - System Checkpoint
RP78: 07/06/2009 3:20:24 PM - System Checkpoint
RP79: 08/06/2009 5:41:31 PM - System Checkpoint
RP80: 09/06/2009 6:58:34 PM - System Checkpoint
RP81: 10/06/2009 9:36:28 PM - System Checkpoint
RP82: 12/06/2009 12:50:23 PM - System Checkpoint
RP83: 14/06/2009 10:36:01 AM - System Checkpoint
RP84: 15/06/2009 2:37:09 PM - System Checkpoint
RP85: 16/06/2009 7:01:05 PM - System Checkpoint
RP86: 17/06/2009 7:14:10 PM - System Checkpoint
RP87: 20/06/2009 11:27:54 AM - System Checkpoint
RP88: 21/06/2009 8:55:32 PM - System Checkpoint
RP89: 22/06/2009 9:31:05 PM - System Checkpoint
RP90: 23/06/2009 10:31:00 PM - System Checkpoint
RP91: 24/06/2009 2:36:06 PM - Installed Ad-Aware
RP92: 24/06/2009 3:39:08 PM - Removed Ad-Aware
RP93: 25/06/2009 8:11:53 PM - System Checkpoint
RP94: 28/06/2009 5:46:57 PM - System Checkpoint
RP95: 06/07/2009 12:20:12 PM - Avg8 Update
RP96: 06/07/2009 12:26:45 PM - Avg8 Update
RP97: 07/07/2009 12:56:33 PM - System Checkpoint
RP98: 08/07/2009 5:03:40 PM - System Checkpoint
RP99: 09/07/2009 1:25:35 PM - Installed Java(TM) 6 Update 14
RP100: 10/07/2009 1:34:20 PM - System Checkpoint
RP101: 11/07/2009 1:50:33 PM - System Checkpoint
RP102: 13/07/2009 5:50:09 PM - System Checkpoint
RP103: 15/07/2009 11:27:03 AM - ComboFix created restore point
RP104: 15/07/2009 12:14:02 PM - Software Distribution Service 3.0
RP105: 16/07/2009 6:53:52 PM - System Checkpoint
RP106: 18/07/2009 9:38:40 PM - Avg8 Update
RP107: 18/07/2009 9:39:29 PM - Avg8 Update

==== Installed Programs ======================

AAC Decoder
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.2
Agere Systems PCI Soft Modem
AirPlus G
ANIO Service
ANIWZCS2 Service
Apple Mobile Device Support
Apple Software Update
AutoUpdate
AVG 8.5
Bonjour
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Google Chrome
Google Update Helper
H.264 Decoder
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Deskjet 3840
HP Software Update
iTunes
Java(TM) 6 Update 14
Malwarebytes' Anti-Malware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB954430)
QuickTime
Realtek AC'97 Audio
Remote Control Panel
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Skype™ 4.0
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.9
WeatherEye
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

15/07/2009 11:28:28 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
15/07/2009 11:16:29 AM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
14/07/2009 6:29:34 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
13/07/2009 5:53:46 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
13/07/2009 5:49:28 PM, error: atapi [9] - The device, \Device\Ide\IdePort3, did not respond within the timeout period.
11/07/2009 3:46:50 PM, error: WPDMTPDriver [15300] - MTP WPD Driver has failed to start. Error 0x80070005.
11/07/2009 11:54:01 PM, error: atapi [5] - A parity error was detected on \Device\Ide\IdePort3.

==== End Of File ===========================


Hasn't been redirecting lately. Thanks for all the help.
PCCLEAN
Active Member
 
Posts: 6
Joined: July 8th, 2009, 12:49 pm

Re: Website Re-direction

Unread postby muppy03 » July 18th, 2009, 10:50 pm

Any problems remaining?

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.
Make sure that all browser windows are closed.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Uncheck Cookies if you do not want them deleted. (If deleted, you will likely need to re-enter your passwords at all sites where a cookie is used to recognize you when you visit). Click the Empty Selected button.

If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Uncheck Cookies if you do not want them deleted.
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.


If you use Opera browser
    Click Opera at the top and choose: Select All
    Uncheck Cookies if you do not want them deleted
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Please reply with:-

  • New HJT log
  • Answer to question
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Website Re-direction

Unread postby PCCLEAN » July 20th, 2009, 11:32 am

No problems as of yet. Seems to be running like new. Thank you for all your help, without it Id be fighting ad-aware for a while!
Ill be away from a computer for the next few days so if there is anything else I need to get back to you about, it may be over 3 days.

Cheers, Ivan




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:23, on 20/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9b7fb7c544d86) (gupdate1c9b7fb7c544d86) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 6317 bytes
PCCLEAN
Active Member
 
Posts: 6
Joined: July 8th, 2009, 12:49 pm

Re: Website Re-direction

Unread postby muppy03 » July 20th, 2009, 6:19 pm

Hi Ivan, Everything is looking good :thumbright:, just a bit of clean up to do.

Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)


Once selected close all windows except HJT an click on Fix Checked

If you are not having any further problems, I would suggest you proceed as follows.

MBAM and ATF are great tools for you to keep and use on a regular basis.

You can delete RSIT from your Desktop and it associated folder.

Next
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • Image
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.


Now that the infection is gone lets try to keep it that way by following the below recommendations.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.

Here are some free programs I recommend that could help you improve your computer's security.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check


Install SpyWare Blaster 4.0
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Read some information here how to prevent Malware.


Please reply if you have any problems or questions

Happy Safe Surfing :flower:
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: Website Re-direction

Unread postby Gary R » July 21st, 2009, 3:42 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: M2Judy and 66 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware