Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Redirected from links on Google

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Redirected from links on Google

Unread postby Paul-InMe » July 28th, 2010, 4:21 pm

Recently i managed to get abit of malware with was basically bringing up a fake virus scanner at the start up and didnt allow any access etc. I managed to clear that but since then when ive search for something on google the links havnt been taking me to the expected pages. Ive tried many scanners like SuperAntispyware, AVG, Spybot, Malwarebytes Anti-Malware, Hitman pro, Windows malicious removal tool and Windows Defender.

I was recommended to run combofix but i dont know if thats fixed it or not, i have a hijackthis log and just wondering if anyone is able to see if there are problems on my computer remaining?

Thanks


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:13:19, on 28/07/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18470)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\RTHDCPL.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Paul\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6051 bytes
Paul-InMe
Active Member
 
Posts: 2
Joined: July 28th, 2010, 4:15 pm
Top
Advertisement
Register to Remove

Re: Redirected from links on Google

Unread postby Paul-InMe » July 28th, 2010, 4:27 pm

Here is also the log from i got from ComboFix...

ComboFix 10-07-27.05 - Paul 28/07/2010 20:48:11.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2046.849 [GMT 1:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
SP: Prevx Edge *enabled* (Updated) {D486329C-1488-4CEB-9CC8-D662B732D902}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Paul\AppData\Local\{5F01180E-D598-43F7-BD61-8AC72205AD38}
c:\users\Paul\AppData\Local\{5F01180E-D598-43F7-BD61-8AC72205AD38}\chrome.manifest
c:\users\Paul\AppData\Local\{5F01180E-D598-43F7-BD61-8AC72205AD38}\chrome\content\_cfg.js
c:\users\Paul\AppData\Local\{5F01180E-D598-43F7-BD61-8AC72205AD38}\chrome\content\overlay.xul
c:\users\Paul\AppData\Local\{5F01180E-D598-43F7-BD61-8AC72205AD38}\install.rdf

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 )))))))))))))))))))))))))))))))
.

2010-07-28 19:56 . 2010-07-28 19:58 -------- d-----w- c:\users\Paul\AppData\Local\temp
2010-07-28 19:56 . 2010-07-28 19:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-28 19:56 . 2010-07-28 19:56 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-07-28 17:11 . 2010-07-23 16:22 43008 ----a-w- c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ts85q3mz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-28 17:11 . 2010-07-23 16:22 338944 ----a-w- c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ts85q3mz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-28 17:11 . 2010-07-23 16:22 346112 ----a-w- c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ts85q3mz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-28 17:11 . 2010-07-23 16:22 1496064 ----a-w- c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ts85q3mz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-27 18:59 . 2010-07-27 18:59 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-07-27 18:45 . 2010-07-28 18:57 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-27 18:45 . 2010-07-27 18:59 -------- d-----w- c:\programdata\Hitman Pro
2010-07-27 18:45 . 2010-07-27 18:45 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-07-23 05:50 . 2010-07-23 05:50 2804 ----a-w- c:\users\Paul\AppData\Local\ibidowur.dll
2010-07-22 22:31 . 2010-07-22 22:31 2804 ----a-w- c:\users\Paul\AppData\Local\avebisovuni.dll
2010-07-22 22:24 . 2010-07-22 22:24 2804 ----a-w- c:\users\Paul\AppData\Local\uxorihikiciluc.dll
2010-07-22 22:20 . 2010-07-23 05:50 0 ----a-w- c:\users\Paul\AppData\Local\Pxozeqijolozikeq.bin
2010-07-22 22:20 . 2010-07-23 05:50 2804 ----a-w- c:\users\Paul\AppData\Local\Tmucipataxuh.dat
2010-07-22 22:18 . 2010-07-23 19:10 -------- d-----w- c:\users\Paul\AppData\Local\hcjmaimlk
2010-07-22 22:18 . 2010-07-22 22:19 -------- d-----w- c:\users\Paul\AppData\Roaming\9DF8370C49EC76AF4028DBD41468DD44
2010-07-21 16:43 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-07-20 17:29 . 2010-07-20 17:29 1373536 ----a-w- c:\programdata\avg9\update\backup\avgssff.dll
2010-07-20 17:29 . 2010-07-20 17:29 1107296 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-20 17:29 . 2010-07-20 17:29 921440 ----a-w- c:\programdata\avg9\update\backup\avgemc.exe
2010-07-20 17:29 . 2010-07-20 17:29 4368224 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-07-19 20:34 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-07-19 20:34 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2010-07-16 17:06 . 2010-07-16 17:06 242896 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-07-16 17:06 . 2010-07-16 17:06 216200 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-07-16 17:05 . 2010-07-16 17:05 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 17:03 . 2010-07-16 17:03 813336 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-07-16 17:03 . 2010-07-16 17:03 624920 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-07-16 17:03 . 2010-07-16 17:03 1690464 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-07-16 17:03 . 2010-07-16 17:03 1038688 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-07-14 17:37 . 2010-07-14 17:42 -------- d-----w- C:\2a35b2b5faed53cfc41ed7

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-28 16:40 . 2009-06-21 22:02 117760 ----a-w- c:\users\Paul\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-23 19:58 . 2009-11-01 20:17 -------- d-----w- c:\users\Paul\AppData\Roaming\Spotify
2010-07-23 18:02 . 2010-03-20 13:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-21 17:18 . 2008-08-28 19:09 680 ----a-w- c:\users\Paul\AppData\Local\d3d9caps.dat
2010-07-16 17:06 . 2010-03-27 12:45 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 17:04 . 2010-03-27 12:45 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-14 17:42 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-26 11:30 . 2010-06-26 11:30 -------- d-----w- c:\program files\Microsoft.NET
2010-06-18 13:56 . 2010-04-22 18:25 -------- d-----w- c:\users\Paul\AppData\Roaming\vlc
2010-06-02 17:59 . 2010-03-27 12:45 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-26 16:16 . 2010-06-10 17:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-10 17:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 13:14 . 2009-10-03 04:27 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 19:54 . 2010-05-18 19:54 655360 ----a-w- c:\users\Paul\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-05-18 19:54 . 2010-05-18 19:54 282624 ----a-w- c:\users\Paul\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-05-18 19:54 . 2010-05-18 19:54 208896 ----a-w- c:\users\Paul\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll
2010-05-04 18:42 . 2010-06-10 17:41 833024 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 18:37 . 2010-06-10 17:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 16:53 . 2010-06-10 17:41 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 13:53 . 2010-06-10 17:41 2036224 ----a-w- c:\windows\system32\win32k.sys
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 09:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Google Update"="c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-07-28 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 312240]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-23 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
"SoundMan"="SOUNDMAN.EXE" [2006-05-04 86016]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-12 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 01:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-07-22 19:42 116040 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-07-30 09:47 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 11:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2008-06-17 15:00 1249280 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-08-11 07:31 1124352 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 09:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2008-07-02 16:16 393216 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 03:27 144784 ----a-w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-05-26 09:05 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-18 22:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-04-19 430152]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-05-26 7408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-16 243024]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-26 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-05-26 72944]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 537520]

.
Contents of the 'Scheduled Tasks' folder

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-348800456-1619426833-1477096888-1000Core.job
- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 18:46]

2010-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-348800456-1619426833-1477096888-1000UA.job
- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 18:46]

2010-07-28 c:\windows\Tasks\User_Feed_Synchronization-{2C7DE67E-EBAD-4F89-987A-8D74D554AD63}.job
- c:\windows\system32\msfeedssync.exe [2010-03-28 22:33]
.
.
------- Supplementary Scan -------
.
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ts85q3mz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Amazon.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://www.skysports.com/football/
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/sear ... -web_uk&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\ts85q3mz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\users\Paul\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Paul\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-BVRPLiveUpdate - c:\program files\Avanquest update\Engine\Setup.exe
MSConfigStartUp-SpywareTerminator - c:\program files\Spyware Terminator\SpywareTerminatorShield.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-28 20:58
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-348800456-1619426833-1477096888-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8E8FF4E5-3878-BABC-82C9-D3766D84552F}*]
"oaecndbkfjlkpjaiglelkgbibjgnhb"=hex:6b,61,69,67,61,63,6d,63,6c,6f,6c,6f,65,63,
65,61,6c,62,6d,68,69,62,00,77
"nakjhenbmaheicnlmplpifnbkpjd"=hex:6b,61,66,67,68,63,64,6a,6d,67,64,61,62,61,
6d,6b,6a,62,6f,6f,63,64,00,c0
"oaiififlillpagphladphfhchapcbd"=hex:64,61,69,67,67,63,6e,64,00,ff

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-07-28 21:01:00
ComboFix-quarantined-files.txt 2010-07-28 20:00

Pre-Run: 117,951,008,768 bytes free
Post-Run: 119,196,168,192 bytes free

- - End Of File - - B0276BD32DAE58F81B89F23F5B53D6A0
Paul-InMe
Active Member
 
Posts: 2
Joined: July 28th, 2010, 4:15 pm
Top

Re: Redirected from links on Google

Unread postby NonSuch » July 29th, 2010, 1:36 am

Please familiarize yourself with the forum rules: >Forum Posting Rules - Please Read<

We're sorry, but it is necessary to close your topic because you have replied to it prior to receiving a response from a helper.

Due to adding on to your topic with your second post it is highly unlikely that you would have received a response. Our helpers are looking for topics with zero responses. When you post replies to your own topic, it no longer has zero responses, and so it appears that you have received help when in fact, you have not.

If you still require help, please open a new thread in the Malware Removal forum and wait for assistance. Please do not run additional programs and/or post additional logs. Just your HijackThis log to start with is adequate. Your helper will ask for additional logs as needed. DO NOT reply to your own topic until you have received a response from a helper. Be patient. There are others who have been waiting longer than you, so do not expect an immediate reply.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 232 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index