[Closed] Google Redirection

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

[Closed] Google Redirection

Options

Ticker View Member Profile	Nov 8 2009, 03:21 PM Post #1
New Member Group: New Member Posts: 1 Joined: 8-November 09 Member No.: 88,718 Operating System: Windows XP Professional	Yesterday my Google results links began redirecting to a blank website called Avabon and a pay per download website. I'm currently using Firefox 3.5.5 on Windows XP Pro. Here is my HijackThis logfile. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:15:12 PM, on 11/8/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\WINDOWS\system32\igfxsrvc.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1256585636125 O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe -- End of file - 5178 bytes And here's my Combo fix log from earlier. ComboFix 09-11-08.01 - Dano 11/08/2009 15:51.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3318.2562 [GMT -5:00] Running from: c:\documents and settings\Dano\Desktop\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 ))))))))))))))))))))))))))))))) . 2009-11-08 08:36 . 2009-11-08 20:26 0 ----a-w- c:\documents and settings\Dano\Local Settings\Application Data\prvlcl.dat 2009-11-07 21:25 . 2009-11-07 21:25 117760 ----a-w- c:\documents and settings\Dano\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-11-07 21:24 . 2009-11-07 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-11-07 21:24 . 2009-11-07 21:24 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-11-07 21:24 . 2009-11-07 21:24 -------- d-----w- c:\documents and settings\Dano\Application Data\SUPERAntiSpyware.com 2009-11-07 21:24 . 2009-11-07 21:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-11-07 20:41 . 2009-11-07 20:50 -------- d-----w- C:\$AVG 2009-11-07 20:41 . 2009-11-07 20:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-11-07 20:41 . 2009-11-07 20:41 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-11-07 20:41 . 2009-11-08 19:30 -------- d-----w- c:\windows\system32\drivers\Avg 2009-11-07 20:41 . 2009-11-07 20:41 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-11-07 20:41 . 2009-11-07 20:41 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-11-07 20:41 . 2009-11-07 20:41 -------- d-----w- c:\program files\AVG 2009-11-07 20:40 . 2009-11-07 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2009-11-07 18:32 . 2009-11-07 18:32 -------- d-----w- c:\documents and settings\Dano\Application Data\Malwarebytes 2009-11-07 18:32 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-07 18:32 . 2009-11-07 18:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-07 18:32 . 2009-11-07 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-07 18:32 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-07 16:07 . 2009-11-08 00:10 -------- d-----w- c:\documents and settings\All Users\Defence 2009-11-06 05:41 . 2009-11-06 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-11-04 22:46 . 2009-11-04 22:46 -------- d-----w- c:\documents and settings\Dano\Local Settings\Application Data\Identities 2009-11-04 21:36 . 2009-11-04 21:36 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-11-04 17:51 . 2009-11-04 17:51 -------- d-----w- c:\program files\Adobe CS4 2009-11-04 08:13 . 2009-11-02 22:40 15880 ----a-w- c:\windows\system32\lsdelete.exe 2009-11-04 07:04 . 2009-11-04 21:41 -------- d-----w- c:\program files\Common Files\Adobe 2009-11-04 07:04 . 2009-11-04 21:38 -------- d-----w- c:\documents and settings\Dano\Local Settings\Application Data\Adobe 2009-11-02 22:40 . 2009-11-02 22:40 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2009-11-02 22:40 . 2009-11-02 22:40 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys 2009-11-02 22:40 . 2009-11-02 22:40 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll 2009-11-02 22:40 . 2009-11-02 22:40 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2009-11-02 22:40 . 2009-11-02 22:40 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll 2009-11-02 22:40 . 2009-11-02 22:40 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll 2009-11-02 22:39 . 2009-11-02 22:39 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll 2009-11-02 22:39 . 2009-11-02 22:39 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll 2009-11-02 22:39 . 2009-11-02 22:39 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2009-10-30 10:09 . 2009-11-06 08:18 158552 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-10-30 06:25 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll 2009-10-30 06:25 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll 2009-10-30 06:25 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2009-10-30 06:25 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll 2009-10-30 06:25 . 2009-10-30 06:26 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-10-30 06:25 . 2009-10-27 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2009-10-29 08:07 . 2009-10-29 08:18 -------- d-----w- c:\program files\auto-clicker 2009-10-28 17:06 . 2009-10-28 17:06 -------- d-----w- c:\program files\MSXML 4.0 2009-10-28 08:02 . 2009-10-28 08:02 -------- d-----w- c:\windows\system32\XPSViewer 2009-10-28 08:02 . 2009-10-28 08:02 -------- d-----w- c:\program files\MSBuild 2009-10-28 08:02 . 2009-10-28 08:02 -------- d-----w- C:\63fe1c68c0399a1a4a0f2203 2009-10-28 08:02 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-10-28 08:02 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-10-28 08:02 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-10-28 08:02 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-10-28 08:02 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-10-28 08:02 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-10-28 08:02 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-10-28 08:00 . 2009-10-28 08:00 -------- d-----w- c:\program files\MSXML 6.0 2009-10-28 08:00 . 2009-10-28 08:03 -------- d-----w- C:\6a152061b27d02276d248c 2009-10-28 00:04 . 2009-10-28 01:04 -------- d-----w- c:\windows\system32\CatRoot_bak 2009-10-27 21:50 . 2009-11-06 01:25 -------- d-----w- c:\documents and settings\Dano\Local Settings\Application Data\Corel 2009-10-27 21:47 . 2009-11-06 01:04 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-10-27 21:47 . 2009-10-27 21:47 8 --sh--r- c:\documents and settings\All Users\Application Data\A2301789F4.sys 2009-10-27 21:47 . 2009-10-27 21:47 -------- d-----w- c:\documents and settings\Dano\Application Data\Corel 2009-10-27 21:45 . 2009-10-27 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel 2009-10-27 21:45 . 2009-10-27 21:46 -------- d-----w- c:\program files\Common Files\Corel 2009-10-27 21:45 . 2009-10-27 21:45 -------- d-----w- c:\program files\Common Files\Protexis 2009-10-27 21:43 . 2009-10-27 21:45 -------- d-----w- c:\program files\Corel 2009-10-27 21:43 . 2009-10-27 21:43 -------- d-----w- c:\documents and settings\Dano\Application Data\InstallShield 2009-10-27 05:17 . 2006-02-28 12:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2009-10-27 05:16 . 2009-11-04 07:01 -------- d-----w- c:\program files\Windows Media Connect 2 2009-10-27 05:15 . 2009-10-27 05:16 -------- d-----w- c:\windows\system32\drivers\UMDF 2009-10-27 05:15 . 2009-10-27 05:15 -------- d-----w- c:\windows\system32\LogFiles 2009-10-27 05:07 . 2009-10-27 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus! 2009-10-27 05:06 . 2009-11-07 06:32 -------- d-----w- c:\documents and settings\Dano\Application Data\Winamp 2009-10-27 04:58 . 2009-10-27 04:58 -------- d-----w- c:\program files\Microsoft 2009-10-27 04:54 . 2006-08-25 03:47 115880 ------w- c:\windows\system32\pxinsi64.exe 2009-10-27 03:00 . 2009-10-27 05:04 -------- d-----w- c:\program files\Messenger Plus! Live 2009-10-27 01:32 . 2009-10-27 01:32 -------- d-----w- c:\windows\Sun 2009-10-27 00:32 . 2009-11-04 07:01 -------- d-----w- c:\program files\Wisdom-soft ScreenHunter 5 Pro 2009-10-26 22:54 . 2009-10-26 22:54 -------- d-----w- c:\program files\Pokemon World Online 2009-10-26 22:45 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-10-26 22:45 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll 2009-10-26 22:38 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-10-26 22:38 . 2009-11-02 22:40 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe 2009-10-26 22:38 . 2009-11-02 22:40 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll 2009-10-26 22:38 . 2009-11-02 22:40 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll 2009-10-26 22:38 . 2009-11-02 22:40 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll 2009-10-26 22:38 . 2009-11-02 22:40 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2009-10-26 22:38 . 2009-11-02 22:40 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll 2009-10-26 22:36 . 2009-10-26 22:36 -------- d-----w- c:\program files\Lavasoft 2009-10-26 22:30 . 2009-10-26 22:30 -------- d-----w- c:\program files\Windows Journal Viewer 2009-10-26 22:18 . 2009-11-07 06:34 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWA\unins000.exe 2009-10-26 22:18 . 2009-10-26 22:18 91 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat 2009-10-26 22:18 . 2009-10-26 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm 2009-10-26 22:17 . 2009-11-07 06:39 -------- d-----w- c:\documents and settings\Dano\Local Settings\Application Data\Last.fm 2009-10-26 22:17 . 2009-11-07 06:25 -------- d-----w- c:\program files\Last.fm 2009-10-26 21:27 . 2009-11-08 19:24 -------- d-----w- c:\documents and settings\Dano\Tracing 2009-10-26 21:25 . 2009-10-26 21:25 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-10-26 21:25 . 2009-10-27 04:58 -------- d-----w- c:\program files\Windows Live 2009-10-26 21:13 . 2009-10-26 21:13 -------- d-----w- c:\program files\Common Files\Windows Live 2009-10-26 20:59 . 2009-10-26 20:59 -------- d-----w- c:\documents and settings\Dano\Application Data\uniblue 2009-10-26 20:24 . 2006-02-28 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-10-26 20:08 . 2009-08-04 13:58 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-10-26 20:08 . 2009-08-04 14:00 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2009-10-26 20:08 . 2009-08-04 13:13 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-10-26 20:08 . 2009-08-04 13:13 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-10-26 20:02 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-10-26 20:02 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys 2009-10-26 19:39 . 2009-08-07 00:24 44768 ----a-w- c:\windows\system32\wups2.dll 2009-10-26 19:35 . 2009-10-26 19:35 -------- d-----w- c:\program files\Uniblue 2009-10-26 19:35 . 2008-10-26 05:02 2835262 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe 2009-10-26 19:35 . 2008-10-29 09:43 771360 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\23A3CF01\CACB8439\UBSysMan.dll 2009-10-26 19:35 . 2008-10-29 09:43 614688 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\EA1A1734\CACB8439\Launcher.exe 2009-10-26 19:35 . 2008-10-29 09:43 54608 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\13A9C5E5\CACB8439\Interop.IWshRuntimeLibrary.dll 2009-10-26 19:35 . 2008-10-29 09:43 381216 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\1F13E51E\CACB8439\AvalonCommon.dll 2009-10-26 19:35 . 2008-10-29 09:43 364320 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\F4DC5C6B\CACB8439\SUMPBackend.dll 2009-10-26 19:35 . 2008-10-29 09:43 191264 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\67304DB7\CACB8439\PowerSuiteBackendUtils.dll 2009-10-26 19:35 . 2008-10-29 09:43 1194784 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\744435A3\CACB8439\SUMP.exe 2009-10-26 19:35 . 2008-08-26 16:49 519168 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\7A8C224A\CACB8439\IsLicense40.dll 2009-10-26 19:35 . 2008-08-26 16:49 345008 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\D7904F02\CACB8439\IsLicense30.dll 2009-10-26 19:33 . 2009-10-26 19:33 -------- d-----w- c:\program files\Reference Assemblies 2009-10-26 19:27 . 2009-10-26 21:03 -------- d-----w- c:\program files\Visual Styles 2009-10-26 19:27 . 2009-10-26 19:27 -------- d-----r- C:\AHCache 2009-10-26 19:27 . 2009-11-05 08:02 15032 ----a-w- c:\documents and settings\Dano\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-26 19:24 . 2009-10-26 19:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0} 2009-10-26 19:23 . 2009-10-26 19:23 -------- d-----w- c:\program files\TGTSoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-07 06:32 . 2009-10-26 21:28 -------- d-----w- c:\program files\Winamp 2009-11-07 05:59 . 2009-11-07 05:59 5 ----a-w- c:\windows\system32\YoItzVlad.tmp 2009-11-02 22:40 . 2009-10-26 22:38 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll 2009-11-02 22:39 . 2009-10-26 22:37 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll 2009-11-02 22:39 . 2009-10-26 22:37 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2009-11-02 22:39 . 2009-10-26 22:37 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll 2009-11-02 22:39 . 2009-10-26 22:37 640608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2009-11-02 22:39 . 2009-10-26 22:37 815760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2009-11-02 22:38 . 2009-10-26 22:37 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-11-02 22:38 . 2009-10-26 22:37 1638104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-11-02 22:38 . 2009-10-26 22:37 788368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-11-02 22:38 . 2009-10-26 22:37 1179232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-10-27 20:32 . 2009-10-26 07:54 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-10-26 22:38 . 2009-10-26 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-10-26 22:36 . 2009-10-26 22:36 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-10-26 18:02 . 2009-10-26 18:02 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-26 18:02 . 2009-10-26 18:02 -------- d-----w- c:\program files\Realtek 2009-10-26 18:02 . 2009-10-26 18:02 315392 ----a-w- c:\windows\HideWin.exe 2009-10-26 18:02 . 2009-10-26 18:02 -------- d-----w- c:\program files\Common Files\InstallShield 2009-10-26 07:55 . 2009-10-26 07:55 -------- d-----w- c:\program files\microsoft frontpage 2009-10-26 07:52 . 2009-10-26 07:52 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-10-03 08:15 . 2009-10-26 22:36 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe 2009-09-11 14:33 . 2006-02-28 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 20:45 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-26 08:16 . 2006-02-28 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-10-27 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-26 149280] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-07 2010904] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-04-10 16861184] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-11-07 20:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/26/2009 5:38 PM 64288] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/7/2009 3:41 PM 333192] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/7/2009 3:41 PM 360584] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/7/2009 3:41 PM 906520] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/7/2009 3:41 PM 285392] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1179232] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408] --- Other Services/Drivers In Memory --- NewlyCreated - MBR NewlyCreated - PROCEXP113 Deregistered - mbr Deregistered - PROCEXP113 . Contents of the 'Scheduled Tasks' folder 2009-11-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:38] . . ------- Supplementary Scan ------- . uStart Page = about:blank Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: com.tw\www.msi DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab FF - ProfilePath - c:\documents and settings\Dano\Application Data\Mozilla\Firefox\Profiles\x2o92j8i.default\ FF - prefs.js: browser.startup.homepage - hxxp://phen0type.proboards.com/index.cgi FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-08 15:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(724) c:\program files\SUPERAntiSpyware\SASWINLO.dll - - - - - - - > 'explorer.exe'(2244) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-11-08 15:55 ComboFix-quarantined-files.txt 2009-11-08 20:54 ComboFix2.txt 2009-11-08 20:18 Pre-Run: 235,587,735,552 bytes free Post-Run: 235,574,149,120 bytes free - - End Of File - - 8F395A78EC9321584E717715CA406C79 Any help would be greatly appreciated. I've noticed that other people have been having this problem but so far no fixes have been working for me. I have also been getting this from AVG. This post has been edited by Ticker**: Nov 8 2009, 06:15 PM

Replies

LDTate View Member Profile	Nov 20 2009, 03:59 PM Post #2
Forum God Group: Root Admin Posts: 48,367 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Due to inactivity this topic will be closed. If you need help please start a new thread.

Posts in this topic

Ticker [Closed] Google Redirection Nov 8 2009, 03:21 PM

LDTate DO NOT use any TOOLS such as Combofix, SmitfraudFi... Nov 13 2009, 08:38 PM

LDTate Due to inactivity this topic will be closed. If yo... Nov 20 2009, 03:59 PM

« Next Oldest · Infections Removal · Next Newest »

Topic Title	Replies	Topic Starter	Views	Last Action
Infections Removal [Closed] Can not run Malwarebytes and Hijackthis	22	stech	610	9 minutes ago Last post by: extremeboy
Infections Removal [Closed] Security tool	3	Whatsurname	68	9 minutes ago Last post by: extremeboy
Infections Removal [Closed] Win.32Patched.CH	3	AAAjack	64	9 minutes ago Last post by: extremeboy
Updates To Software Google Chrome updated	7	AplusWebMaster	742	Today, 04:44 AM Last post by: AplusWebMaster