Free Malware Removal Forum

[trxgt05]

I apparently have some sort of browser hijacker that affects IE and firefox. Usually I'm redirected to some random search-engine-ish website when I click on a google search result relating to virus software or browser hijacking. Here's the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:02 PM, on 11/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\Program Files\AVG\AVG9\avgchsvx.exe
H:\Program Files\AVG\AVG9\avgrsx.exe
H:\Program Files\AVG\AVG9\avgcsrvx.exe
H:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
H:\WINDOWS\System32\wltrysvc.exe
H:\WINDOWS\System32\bcmwltry.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\AVG\AVG9\avgwdsvc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\Kodak\AiO\center\KodakSvc.exe
H:\WINDOWS\system32\PnkBstrA.exe
H:\WINDOWS\system32\PnkBstrB.exe
H:\WINDOWS\system32\SearchIndexer.exe
H:\Program Files\AVG\AVG9\avgnsx.exe
H:\Program Files\AVG\AVG9\avgemc.exe
H:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
H:\Program Files\AVG\AVG9\avgcsrvx.exe
H:\WINDOWS\system32\wltray.exe
H:\WINDOWS\LTMSG.exe
H:\PROGRA~1\AVG\AVG9\avgtray.exe
H:\Program Files\Ashampoo\Ashampoo FireWall FREE\FireWall.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Valve\Steam\Steam.exe
H:\Program Files\Windows Desktop Search\WindowsSearch.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Documents and Settings\DMC\Desktop\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG9\avgssie.dll
O4 - HKLM\..\Run: [wltray.exe] H:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [AVG9_TRAY] H:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Ashampoo FireWall] "H:\Program Files\Ashampoo\Ashampoo FireWall FREE\FireWall.exe" -TRAY
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "H:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - H:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0522656359
O17 - HKLM\System\CCS\Services\Tcpip\..\{282C1275-941E-4661-8699-8EFAD7ED8BDC}: NameServer = 85.255.112.213,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0733E12-988B-45BC-8BA3-BB6621DA53D4}: NameServer = 85.255.112.213,85.255.112.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.213,85.255.112.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.213,85.255.112.6
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - H:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - H:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - H:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Keenfinder Service - Unknown owner - H:\Program Files\Keenfinder\keenfinder.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - H:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - H:\Program Files\Kodak\AiO\center\KodakSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - H:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - H:\WINDOWS\System32\wltrysvc.exe

--
End of file - 6369 bytes

[MWR 3 day Mod]

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

[NonSuch]

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.