Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Annoying Google Redirects in Firefox and System Crashes :(

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Annoying Google Redirects in Firefox and System Crashes :(

Unread postby gingercool » August 21st, 2009, 1:56 am

Past 2 days, been having system crashes, and google redirects in firefox. Here is my Hijackthis log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:08 PM, on 8/20/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\D4\D4.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Mayank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Mayank\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mmc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Users\Mayank\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - C:\Program%20Files\Tweak%20Marketing\Advanced%20Email%20Extractor\AeeMSIE.dll (file missing)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - C:\Program%20Files\Tweak%20Marketing\Advanced%20Email%20Extractor\AeeMSIE.dll (file missing)
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COM Host (comHost) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (file missing)
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iRemotePC Host (iRemotePC) - Athivision Inc - C:\Program Files\iRemotePC\iRemotePC.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\ComboFix\HIDEC.exe" "C:\Windows\system32\CF27480.exe" /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED (file missing)
O23 - Service: Symantec AppCore Service (SymAppCore) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (file missing)
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\Windows\system32\UTSCSI.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5119 bytes


MalwareBytes runs.. but it hangs in the middle. Gives Not Responding and even though i try to close it/kill it, the window stays with blank and no response.
Instead i ran superAntiSpyware, and the log is


LOG FROM LAST NIGHT (When It worked )
Malwarebytes' Anti-Malware 1.40
Database version: 2651
Windows 6.0.6001 Service Pack 1 (Safe Mode)

8/19/2009 10:41:46 PM
mbam-log-2009-08-19 (22-41-46).txt

Scan type: Full Scan (C:\|H:\|)
Objects scanned: 240590
Time elapsed: 26 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




LOG From Super Antispyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/20/2009 at 02:27 PM

Application Version : 4.27.1002

Core Rules Database Version : 4064
Trace Rules Database Version: 2004

Scan type : Quick Scan
Total Scan Time : 00:39:36

Memory items scanned : 581
Memory threats detected : 0
Registry items scanned : 588
Registry threats detected : 4
File items scanned : 16021
File threats detected : 2

Rootkit.Cloaked/Service-GEN
HKLM\system\controlset001\services\kbiwkmbctovvys
C:\WINDOWS\SYSTEM32\DRIVERS\KBIWKMQNDBCUTE.SYS
HKLM\system\controlset001\services\kbiwkmbwipvnqc
C:\WINDOWS\SYSTEM32\DRIVERS\KBIWKMRVQQPIBT.SYS
HKLM\system\controlset004\services\kbiwkmbctovvys
HKLM\system\controlset004\services\kbiwkmbwipvnqc





ROOTER LOG

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows Vista Home Edition (6.0.6001) Service Pack 1
[32_bits] - x86 Family 6 Model 15 Stepping 2, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Disabled !
.
Internet Explorer 7.0.6001.18000
Mozilla Firefox 3.0.13 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:318 Go - Free:235 Go )
E:\ [CD_Rom]
H:\ [Fixed-NTFS] .. ( Total:147 Go - Free:105 Go )
.
Scan : 16:37.48
Path : C:\Users\MyComputer\Documents\Downloads\Rooter.exe
User : MyComputer ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ \SystemRoot\System32\smss.exe (472)
______ C:\Windows\system32\csrss.exe (552)
______ C:\Windows\system32\wininit.exe (596)
______ C:\Windows\system32\csrss.exe (608)
______ C:\Windows\system32\services.exe (640)
______ C:\Windows\system32\winlogon.exe (672)
______ C:\Windows\system32\lsass.exe (720)
______ C:\Windows\system32\lsm.exe (728)
______ C:\Windows\system32\svchost.exe (864)
______ C:\Windows\system32\svchost.exe (940)
______ C:\Windows\System32\svchost.exe (980)
______ C:\Windows\System32\svchost.exe (1100)
______ C:\Windows\System32\svchost.exe (1172)
______ C:\Windows\system32\svchost.exe (1192)
Locked audiodg.exe (1256)
______ C:\Windows\system32\SLsvc.exe (1328)
______ C:\Windows\system32\svchost.exe (1420)
______ C:\Windows\system32\svchost.exe (1552)
______ C:\Windows\system32\Dwm.exe (1880)
______ C:\Windows\System32\spoolsv.exe (1388)
______ C:\Windows\system32\taskeng.exe (860)
______ C:\Windows\system32\svchost.exe (1460)
______ C:\Windows\system32\svchost.exe (1704)
______ C:\Windows\System32\svchost.exe (2700)
______ C:\Windows\system32\svchost.exe (2780)
______ C:\Windows\system32\svchost.exe (2844)
______ C:\Windows\System32\svchost.exe (2988)
______ C:\Windows\system32\SearchIndexer.exe (3040)
______ C:\Windows\system32\taskeng.exe (3876)
______ C:\Windows\system32\svchost.exe (2348)
______ C:\Windows\system32\wuauclt.exe (3716)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (5724)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (5816)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (5824)
______ C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (6132)
______ C:\Program Files\Windows Media Player\wmpnetwk.exe (1692)
______ C:\Windows\explorer.exe (2144)
______ C:\Windows\system32\wbem\unsecapp.exe (4212)
______ C:\Windows\system32\wbem\wmiprvse.exe (4156)
______ C:\Users\MyComputer\AppData\Local\Google\Chrome\Application\chrome.exe (1972)
______ C:\Users\MyComputer\AppData\Local\Google\Chrome\Application\chrome.exe (4364)
______ C:\Users\MyComputer\AppData\Local\Google\Chrome\Application\chrome.exe (4380)
______ C:\Program Files\AVG\AVG8\avgui.exe (4972)
______ C:\Program Files\Notepad++\notepad++.exe (4644)
______ C:\Users\MyComputer\AppData\Local\Google\Chrome\Application\chrome.exe (1072)
______ C:\Windows\Explorer.exe (5716)
______ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (316)
______ C:\Windows\system32\SearchProtocolHost.exe (4920)
______ C:\Windows\system32\SearchFilterHost.exe (5116)
______ C:\Windows\system32\DllHost.exe (5132)
______ C:\Users\MyComputer\Documents\Downloads\Rooter.exe (4656)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:341768577024)
\Device\Harddisk0\Partition2 (Start_Offset:341768667136 | Length:158338145792)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GlaryInitialize.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2962011118-3784428583-210714513-1000Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2962011118-3784428583-210714513-1000UA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{637CF393-1361-456A-8A86-5B301AEA4B13}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 16:38.06
.
C:\Rooter$\Rooter_1.txt - (20/08/2009 | 16:38.06)


ROOT REPEAL LOG


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/20 16:41
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x940F9000 Size: 45056 File Visible: No Signed: -
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x94104000 Size: 40960 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xC45E6000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1256 Status: Locked to the Windows API!

Hidden Services
-------------------
Service Name: kbiwkmbctovvys
Image Path: C:\Windows\system32\drivers\kbiwkmvcxttmfx.sys

Service Name: kbiwkmbwipvnqc
Image Path: C:\Windows\system32\drivers\kbiwkmvsyclvod.sys

==EOF==


Pls help, i need my PC back!!! Thanks Malware removal team :cheers:
gingercool
Active Member
 
Posts: 2
Joined: August 21st, 2009, 1:53 am
Advertisement
Register to Remove

Re: Annoying Google Redirects in Firefox and System Crashes :(

Unread postby gingercool » August 21st, 2009, 12:51 pm

Please close post , i am already being helped on another forum. Thanks
gingercool
Active Member
 
Posts: 2
Joined: August 21st, 2009, 1:53 am

Re: Annoying Google Redirects in Firefox and System Crashes :(

Unread postby markkhunt » August 21st, 2009, 9:57 pm

Due to poster's request, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
markkhunt
Admin/Teacher Emeritus
 
Posts: 7911
Joined: April 15th, 2005, 8:58 pm
Location: Newburgh, IN


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 14 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware