Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Constant redirecting on internet

Started by gericault23 , Aug 20 2007 08:47 PM

  • Please log in to reply

#1
gericault23
Posted 20 August 2007 - 08:47 PM

gericault23

    New Member

  • Member
  • Pip
  • 4 posts
Hello,
Something has infected my browsers and redirects me to other pages when I try to navigate through the internet. This is in both Mozilla Firefox and Internet Explorer. Antivirus and antispyware programs have not detected anything, so I'm assuming it is hidden pretty good. Any help would be greatly appreciated.

Activision Scan Pro
Incident Status Location

Potentially unwanted tool:Application/KillApp.B No disinfected C:\hp\bin\KillIt.exe
Spyware:Spyware/PeoplePC Disinfected C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL

HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 9:32:42 PM, on 8/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CF2470B-4863-4B14-869F-CC980C2E8C98}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: NameServer = 85.255.114.23,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{A6A035DA-B31A-4FAF-B426-E6EC087D7249}: NameServer = 85.255.114.23,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACED9498-022B-43CF-A3BA-44A9B16B4D9E}: NameServer = 85.255.114.23,85.255.112.213
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{1CF2470B-4863-4B14-869F-CC980C2E8C98}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

uninstall list
Adobe Flash Player Plugin
Adobe Reader 7.0.5
Apple Software Update
AVG Anti-Spyware 7.5
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Dawn of War - Dark Crusade
Dawn Of War - Winter Assault
DawnOfWar
DISCover
DivX
Enhanced Multimedia Keyboard Solution
ewido anti-spyware 4.0
GameSpy Arcade
High Definition Audio Driver Package - KB888111
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
HP Boot Optimizer
hp deskjet 3600
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Software Update
HP Web Helper
iolo technologies' System Mechanic Professional 6
J2SE Runtime Environment 5.0 Update 6
Kaspersky Anti-Virus Personal
Macromedia Flash Player 8
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
NVIDIA Drivers
Otto
Painkiller
Painkiller - Battle Out Of [bleep]
Panda ActiveScan
Panda ActiveScan Pro
PC-Doctor 5 for Windows
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sony ACID Music Studio 5.0
SoulSeek Client 157 test 8
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
Titan Quest
Titan Quest Immortal Throne
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB938828)
Updates from HP (remove only)
VideoLAN VLC media player 0.8.6c
WildTangent Web Driver
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
WinRAR archiver
Xfire (remove only)
  • 0

Advertisements

#2
Rorschach112
Posted 22 August 2007 - 06:36 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello gericault23, I'm just looking over your log and will get back to you soon.
  • 0

#3
Rorschach112
Posted 22 August 2007 - 09:14 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello gericault23, my name is Rorschach and I'll be helping you with your problems.

We need to disable the AVG Anti-Spyware guard :

1. Open AVG Anti-Spyware by double-clicking the multi-colored box emblazoned with an 'S' in the system tray.
2. In the 'Resident Shield' section, toggle the AVG Anti-Spyware active protection 'off' by clicking 'Change state' which will then change the protection status to 'inactive'.
3. If you are instructed to reboot at any time during your cleanup, AVG Anti-Spyware will prompt you as to whether you would like to "Restart the Resident Shield".
4. Reply 'no' and set it to 'inactive' for the duration of your cleanup.



Please download FixWareout from here:
http://downloads.sub.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log

If you have internet connection problems then do the following :

Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.



I see you have WildTangent installed, this comes bundled with adware, so I recommend that you remove it. You can read more about it here. Please go to Start > Control Panel > Add or Remove Programs > Remove WildTangent Web Driver



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

So in your next reply please post the following : the FixWareout report, the two DSS texts in full, and tell me how your PC is running now and if you had any problems.
  • 0

#4
gericault23
Posted 22 August 2007 - 04:50 PM

gericault23

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hello Rorschach, and thank you so much for the help.

DSS kept encountering an error at the end of running while 'examining event logs', so I could not get these two reports. "dss.exe has encountered a problem and needs to close. We are sorry for the inconvenience." I tried multiple times and rebooted, but the program always stopped at the same place.

After the FixWareout ran everything appeared to be working perfectly. I didn't realize how slow my computer was before. Here are the requested reports:

Username "HP_Administrator" - 2007-08-22 17:03:17 [Fixwareout edited 2007/07/05]

»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdnoy.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}
"nameserver"="85.255.114.23,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{A6A035DA-B31A-4FAF-B426-E6EC087D7249}
"nameserver"="85.255.114.23,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{ACED9498-022B-43CF-A3BA-44A9B16B4D9E}
"nameserver"="85.255.114.23,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1CF2470B-4863-4B14-869F-CC980C2E8C98}
"DhcpNameServer"="85.255.114.23,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4D589907-2D53-4DBA-8511-D302D05BE3EB}
"DhcpNameServer"="85.255.114.23,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{892900FC-9814-4488-99C0-81491C1EE93D}
"DhcpNameServer"="85.255.114.23,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{ACED9498-022B-43CF-A3BA-44A9B16B4D9E}
"DhcpNameServer"="85.255.114.23,85.255.112.213" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
»»»»» Other
C:\WINDOWS\Temp\kdnoy.ren 71180 06/13/2007

»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"ftutil2"="rundll32.exe ftutil2.dll,SetWriteCacheMode"
"RTHDCPL"="RTHDCPL.EXE"
"AlwaysReady Power Message APP"="ARPWRMSG.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"DMAScheduler"="\"c:\\Program Files\\HP DigitalMedia Archive\\DMAScheduler.exe\""
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"PCDrProfiler"=""
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"KAVPersonal50"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe\" /minimize"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"SMSystemAnalyzer"="\"C:\\Program Files\\iolo\\System Mechanic Professional 6\\SMSystemAnalyzer.exe\""
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

Logfile of HijackThis v1.99.1
Scan saved at 5:46:43 PM, on 8/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CF2470B-4863-4B14-869F-CC980C2E8C98}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{1CF2470B-4863-4B14-869F-CC980C2E8C98}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


Right now everything appears to work just fine. I am not being redirected at all on the internet. Thanks!!!
  • 0

#5
Rorschach112
Posted 22 August 2007 - 06:15 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello gericault23

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  • 0

#6
gericault23
Posted 23 August 2007 - 01:42 PM

gericault23

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Alright, here's the report.

ComboFix 07-08-17.2 - "HP_Administrator" 2007-08-23 14:33:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1523 [GMT -5:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


D:\Autorun.inf


((((((((((((((((((((((((( Files Created from 2007-07-23 to 2007-08-23 )))))))))))))))))))))))))))))))


2007-08-23 11:32 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-22 17:15 <DIR> d-------- C:\Deckard
2007-08-22 17:03 9,346 --a------ C:\dnsbak.reg
2007-08-20 19:40 69,632 --a------ C:\WINDOWS\system32\asprouni.exe
2007-08-20 19:39 <DIR> d-------- C:\WINDOWS\system32\ASPRO
2007-08-20 16:20 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-08-20 11:20 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-08-20 11:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-20 11:20 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-20 11:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-08-19 21:24 <DIR> d-------- C:\Program Files\ewido anti-spyware 4.0
2007-08-19 19:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-19 18:51 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-19 02:52 <DIR> d--h----- C:\WINDOWS\PIF
2007-08-18 19:12 <DIR> d-------- C:\Program Files\QuickTime
2007-08-18 19:12 <DIR> d-------- C:\Program Files\Apple Software Update
2007-08-18 19:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-18 19:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-08-18 13:01 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\dvdcss
2007-08-16 16:22 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\CyberLink
2007-08-15 23:23 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\iolo
2007-08-15 23:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\iolo
2007-08-15 23:22 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\vlc
2007-08-14 21:07 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sony
2007-08-14 21:07 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Publish Providers
2007-08-14 21:07 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\NetMedia Providers
2007-08-14 21:05 <DIR> d-------- C:\Program Files\Sony
2007-08-14 18:56 <DIR> d-------- C:\Program Files\VideoLAN
2007-08-13 21:28 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-08-12 22:54 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\HPQ
2007-08-12 20:55 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Sonic
2007-08-12 20:55 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Leadertech
2007-08-11 20:30 <DIR> d-------- C:\Program Files\Soulseek-Test
2007-08-11 19:46 40,960 -ra------ C:\WINDOWS\system32\psfind.dll
2007-08-11 17:04 <DIR> d-------- C:\Program Files\GameSpy Arcade
2007-08-11 17:02 90,112 --a------ C:\WINDOWS\unvise32.exe
2007-08-11 16:49 <DIR> d-------- C:\Program Files\DreamCatcher
2007-08-11 16:07 <DIR> d---s---- C:\Program Files\Xfire
2007-08-11 16:07 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Xfire
2007-08-11 16:01 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\InstallShield
2007-08-11 15:55 <DIR> d-------- C:\DirectX9
2007-08-11 15:38 <DIR> d-------- C:\Program Files\THQ
2007-08-10 23:59 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-08-10 23:59 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-08-10 23:59 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-08-10 23:46 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-10 23:39 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache
2007-08-10 23:14 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-08-10 22:47 9,341 --a------ C:\WINDOWS\system32\drivers\filedisk.sys
2007-08-10 22:47 41,472 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2007-08-10 22:47 25,264 --a------ C:\WINDOWS\system32\smrgdf.exe
2007-08-10 22:47 1,212,416 --a------ C:\WINDOWS\system32\Incinerator.dll
2007-08-10 22:42 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-08-10 22:42 <DIR> d-------- C:\WINDOWS\NV30843124.TMP
2007-08-10 22:34 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-08-10 22:33 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-08-10 22:22 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-08-10 22:18 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-08-10 22:17 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-08-10 22:09 <DIR> dr-hs---- C:\cmdcons
2007-08-10 22:03 3,407,872 --a------ C:\DOCUME~1\HP_ADM~1\NTUSER.DAT
2007-08-10 22:03 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\WINDOWS
2007-08-10 22:03 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Real
2007-08-10 22:03 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Intuit
2007-08-10 20:21 <DIR> d-------- C:\Program Files\Azureus
2007-08-10 20:21 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Azureus
2007-08-10 20:20 <DIR> d-------- C:\Program Files\BitTorrent
2007-08-10 19:58 262,144 --a------ C:\DOCUME~1\ALLUSE~1\NTUSER.DAT
2007-08-10 19:58 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\WINDOWS
2007-08-10 19:58 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
2007-08-10 19:58 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intuit
2007-08-10 19:56 242 --a------ C:\WINDOWS\system\hpsysdrv.dat
2007-08-10 19:56 <DIR> d-------- C:\WINDOWS\Prefetch
2007-08-10 19:53 <DIR> d--hs---- C:\System Volume Information
2007-08-10 19:39 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-08-10 19:37 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-08-10 19:01 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-08-10 19:00 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-08-10 18:59 <DIR> dr-h----- C:\MSOCache
2007-08-10 18:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-08-10 18:34 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-08-10 18:00 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-08-10 17:42 <DIR> d-------- C:\Program Files\Winamp
2007-08-10 17:39 23,040 --------- C:\WINDOWS\kb913800.exe
2007-08-10 17:37 <DIR> d-------- C:\Program Files\Codec Pack - All In 1
2007-08-10 17:27 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-10 17:23 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Google
2007-08-10 17:18 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-08-10 17:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Anti-Virus Personal
2007-08-10 17:17 <DIR> d-------- C:\Program Files\iolo
2007-08-10 16:59 <DIR> d--hs---- C:\RECYCLER
2007-08-10 16:37 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-08-10 16:37 <DIR> d-------- C:\Program Files\Google
2007-08-10 16:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-10 16:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-08-10 16:04 <DIR> d-------- C:\WINDOWS\setup.pss


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-23 12:34 --------- d-------- C:\Program Files\DISC
2007-08-22 17:00 --------- d-------- C:\Program Files\WildTangent
2007-08-22 16:55 --------- d-------- C:\Program Files\HP DigitalMedia Archive
2007-08-22 16:52 --------- d-a------ C:\Program Files\Common Files\LightScribe
2007-08-20 18:00 --------- d-------- C:\Program Files\Windows NT
2007-08-20 17:46 --------- d-------- C:\Program Files\Rhapsody
2007-08-20 17:41 --------- d-------- C:\Program Files\Quicken
2007-08-20 17:41 --------- d-------- C:\Program Files\PC-Doctor 5 for Windows
2007-08-20 17:31 --------- d-------- C:\Program Files\Online Services
2007-08-20 17:25 --------- d-------- C:\Program Files\music_now
2007-08-20 17:25 --------- d-------- C:\Program Files\MSN Encarta Standard
2007-08-20 17:24 --------- d-------- C:\Program Files\Movie Maker
2007-08-20 17:24 --------- d-------- C:\Program Files\Microsoft Works
2007-08-20 17:20 --------- d-------- C:\Program Files\Messenger
2007-08-20 17:07 --------- d-------- C:\Program Files\EnglishOtto
2007-08-20 17:05 --------- d-------- C:\Program Files\Common Files\SureThing Shared
2007-08-20 17:05 --------- d-------- C:\Program Files\Common Files\Sonic Shared
2007-08-12 22:30 --------- d-------- C:\Program Files\HP
2007-08-12 22:30 --------- d-------- C:\Program Files\Hewlett-Packard
2007-08-11 19:49 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-10 22:39 --------- d-------- C:\Program Files\Symantec
2007-08-10 22:39 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-10 22:23 --------- d-------- C:\Program Files\GemMaster
2007-08-10 22:07 1916 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_RF243AA-ABA M7640n_YC_0Pavi_QCNX642_E64NAemMPA4_48_INODUSM3_SASUSTek Computer INC._V1.05_B3.07_T060802_WXP2_L409_M2047_J320_7AMD_8Athlon 64 X2 Dual Core_92.6_#070811_N_Z14F12F20_G10DE0193.MRK
2007-07-19 01:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-12 18:31 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll
2007-06-27 09:34 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 09:34 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 09:34 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 09:34 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 09:34 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 09:34 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 09:34 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 09:34 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 09:34 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 09:34 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 09:34 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:34 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 09:34 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 09:34 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 09:34 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 09:34 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 09:34 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 09:34 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 09:34 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 09:34 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 03:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 03:27 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 03:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 02:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 01:08 1104896 --------- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 08:31 282112 --------- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-13 05:23 1033216 --------- C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 05:23 1033216 --------- C:\WINDOWS\explorer.exe
2006-02-19 12:28 12288 --a------ C:\WINDOWS\Fonts.\RandFont.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 23:01]
"ftutil2"="ftutil2.dll" [2004-06-07 16:05 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 22:05 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 01:19 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-10 14:41]
"nwiz"="nwiz.exe" [2006-11-10 14:41 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 11:05]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-23 00:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 00:34]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-11-10 14:41]
"KAVPersonal50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" [2005-10-07 05:02]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-22 21:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe" [2006-12-20 17:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


Contents of the 'Scheduled Tasks' folder
2007-08-19 00:12:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-23 14:36:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-23 14:37:13
C:\ComboFix-quarantined-files.txt ... 2007-08-23 14:36

--- E O F ---
  • 0

#7
Rorschach112
Posted 24 August 2007 - 05:48 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello gericault23


* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Double click the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

So in your next reply post the Dr. Web Cureit report and tell me how your PC is running now.
  • 0

#8
gericault23
Posted 27 August 2007 - 12:20 PM

gericault23

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Alright, here's the DrWeb report.

A0118965.exe;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP38;Tool.ProcessKill;Incurable.Deleted.;
A0122130.dll;C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP38;Probably STPAGE.Trojan;Incurable.Deleted.;
firstopt.js;D:\I386\APPS\APP03764;Probably SCRIPT.Virus;Incurable.Deleted.;
KillWind.exe;C:\hp\bin;Tool.ProcessKill;Incurable.Deleted.;
PPCInstall.dll;C:\Program Files\Online Services\PeoplePC;Probably STPAGE.Trojan;Incurable.Deleted.;
sb6adts.htc;C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard L=Cupertino S=Ca C=US\Scripts;Archive contains infected objects;Moved.;
sb6adts.htc\Script.0;C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard L=Cupertino S=Ca C=US\Scripts\sb6adts.htc;Probably SCRIPT.Virus;;
  • 0

#9
Rorschach112
Posted 27 August 2007 - 06:55 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello gericault23, your logs look good! We need to do a few little things.

You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.


Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP