Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Links open up in new tabs


  • Please log in to reply

#1
Looch

Looch

    New Member

  • Member
  • Pip
  • 3 posts
Every time I click on a link in Mozilla Firefox, it opens a new tab which goes to google-redirect.com with a bunch of numbers after it, and 90% of the time, it goes to a spam web site such as http://youtube-xmovies.com/. Sometimes, that web site comes up and reads: "This request is blocked by the SonicWALL Gateway Anti-Virus Service. Name: FakeAV.K#html (Trojan)"

So basically, if I want to jump from one page to another, then from that page to another page, then from that page to another page, I have to close three different tabs or three different windows. Make sense? That gets makes it nearly impossible when I want to, you know, surf the Internet. The Internet has become virtually unusable for me until this stops.

I would post a HijackThis! log, except my current problem prevents me from getting to most web sites. I am posting this from another computer. I have tried for a few hours to download HijackThis!, but I am not able to get to any web site where it is offered.

I've scanned for viruses and nothing has come up.



ComboFix log:

ComboFix 09-05-08.03 - Administrator 05/10/2009 2:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.247 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\protect.dll
c:\documents and settings\Administrator\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\Administrator\Start Menu\Programs\Startup\ChkDisk.lnk
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\ahtn.htm
c:\windows\system32\ak1.exe
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll
c:\windows\system32\drivers\ovfsth.sys
c:\windows\system32\drivers\ovfsthjmhxduirjlqjonwoaavsytetvhrmyblc.sys
c:\windows\system32\falxuisw.dll
c:\windows\system32\jmVxHRqr.ini
c:\windows\system32\jmVxHRqr.ini2
c:\windows\system32\kcwynnyl.dll
c:\windows\system32\lkorwspy.dll
c:\windows\system32\lmppcsetup.exe
c:\windows\system32\ovfsthcwkdqoeplastexuwkiorwvmyilltawmp.dll
c:\windows\system32\ovfsthkgkryfojpcyulxnxrldacqqmowxlvnxn.dll
c:\windows\system32\ovfsthmpailwksnihkulywfsihkbfybjionhhu.dat
c:\windows\system32\ovfsthmpwkuuuefbjkgictonthbsksrrulnhsm.dll
c:\windows\system32\ovfsthqfhwwbvnxsaitdyexrtiafmbyhuhcdbf.dat
c:\windows\system32\uniq.tll
c:\windows\system32\winglsetup.exe

----- BITS: Possible infected sites -----

hxxp://drm.wippiespace.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthcbepxgwutoijwbmflwbwwapamextbfeb


((((((((((((((((((((((((( Files Created from 2009-04-10 to 2009-05-10 )))))))))))))))))))))))))))))))
.

2009-05-10 05:20 . 2009-05-10 05:20 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Help
2009-05-09 14:09 . 2009-05-10 05:13 27648 ----a-w c:\windows\system32\lmn_setup.exe
2009-05-03 04:09 . 2009-05-03 04:09 -------- d-----w c:\windows\Downloaded Installations
2009-05-03 04:08 . 2009-05-03 04:08 -------- d-----w c:\program files\Common Files\Scanner
2009-05-03 04:08 . 2009-02-16 16:17 161008 ----a-w c:\windows\system32\drivers\vetmonnt.sys
2009-05-03 04:08 . 2009-02-16 16:17 21488 ----a-w c:\windows\system32\drivers\vetfddnt.sys
2009-05-03 04:08 . 2009-02-16 16:17 21104 ----a-w c:\windows\system32\drivers\vet-rec.sys
2009-05-03 04:08 . 2009-02-16 16:17 26352 ----a-w c:\windows\system32\drivers\vet-filt.sys
2009-05-03 04:08 . 2009-02-16 16:16 111856 ----a-w c:\windows\system32\isafprod.dll
2009-05-03 04:08 . 2009-02-16 16:17 879760 ----a-w c:\windows\system32\drivers\vetefile.sys
2009-05-03 04:08 . 2009-02-16 16:17 108288 ----a-w c:\windows\system32\drivers\veteboot.sys
2009-04-18 17:49 . 2009-04-18 19:50 7039 ----a-w c:\windows\system32\winsetup66.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 22:45 . 2007-05-26 21:04 -------- d-----w c:\program files\FlashGet
2009-04-05 19:51 . 2009-04-05 19:51 -------- d-----w c:\program files\AVG
2009-02-16 16:16 . 2009-02-23 04:58 99568 ----a-w c:\windows\system32\isafeif.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"AS00_WN311B"="c:\program files\NETGEAR\WN311B\Utility\WN311B.exe" [2006-05-08 1413241]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-04-17 102455]
"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-04-04 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-03 185896]


[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-06-06 19:46 79368 ----a-w c:\windows\system32\UmxWNP.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\utorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:UDP"= 8080:UDP:8080 UDP
"8080:TCP"= 8080:TCP:8080 TCP
"80:UDP"= 80:UDP:80 UDP
"3128:TCP"= 3128:TCP:3128 UDP
"46042:TCP"= 46042:TCP:46042 TCP
"46042:UDP"= 46042:UDP:46042 UDP

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [1/5/2009 11:36 AM 107512]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [11/18/2008 12:14 PM 72696]
R2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [12/12/2008 12:37 PM 1153528]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [12/10/2008 12:58 PM 797176]
R2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [12/19/2008 1:59 PM 297464]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/25/2007 10:41 AM 24652]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [5/26/2007 1:19 PM 16194]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [12/12/2008 12:37 PM 205304]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53c8aaeb-181f-11de-a0ad-000f1f555606}]
\Shell\AutoRun\command - e:\wd_windows_tools\WDSetup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\mlJYqPGW.dll
BHO-{D23A9B5F-E984-4658-B900-24D96B51A014} - c:\windows\system32\rqRHxVmj.dll
HKLM-Run-b8c4022f - c:\windows\system32\wgmdglmv.dll
HKU-Default-Run-autochk - c:\windows\system32\config\SYSTEM~1\protect.dll
ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\mlJYqPGW.dll
Notify-mlJYqPGW - mlJYqPGW.dll


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 130.88.203.27:3128
uInternet Settings,ProxyOverride = local
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 02:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1316)
c:\windows\system32\UmxWnp.Dll
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'lsass.exe'(1516)
c:\windows\system32\VetRedir.dll
c:\windows\system32\ISafeIf.dll

- - - - - - - > 'explorer.exe'(2168)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-10 2:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-10 06:20

Pre-Run: 3,752,628,224 bytes free
Post-Run: 5,497,720,832 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

189

Edited by Looch, 10 May 2009 - 12:29 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP