Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91983 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Google Redirection


  • This topic is locked This topic is locked
2 replies to this topic

#1 Ticker

Ticker

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 08 November 2009 - 03:21 PM

Yesterday my Google results links began redirecting to a blank website called Avabon and a pay per download website. I'm currently using Firefox 3.5.5 on Windows XP Pro.

Here is my HijackThis logfile.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:15:12 PM, on 11/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1256585636125
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.ms...ine/install.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 5178 bytes



And here's my Combo fix log from earlier.



ComboFix 09-11-08.01 - Dano 11/08/2009 15:51.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3318.2562 [GMT -5:00]
Running from: c:\documents and settings\Dano\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))
.

2009-11-08 08:36 . 2009-11-08 20:26 0 ----a-w- c:\documents and settings\Dano\Local Settings\Application Data\prvlcl.dat
2009-11-07 21:25 . 2009-11-07 21:25 117760 ----a-w- c:\documents and settings\Dano\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-07 21:24 . 2009-11-07 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-07 21:24 . 2009-11-07 21:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-07 21:24 . 2009-11-07 21:24 -------- d-----w- c:\documents and settings\Dano\Application Data\SUPERAntiSpyware.com
2009-11-07 21:24 . 2009-11-07 21:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-07 20:41 . 2009-11-07 20:50 -------- d-----w- C:\$AVG
2009-11-07 20:41 . 2009-11-07 20:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-07 20:41 . 2009-11-07 20:41 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-07 20:41 . 2009-11-08 19:30 -------- d-----w- c:\windows\system32\drivers\Avg
2009-11-07 20:41 . 2009-11-07 20:41 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-07 20:41 . 2009-11-07 20:41 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-07 20:41 . 2009-11-07 20:41 -------- d-----w- c:\program files\AVG
2009-11-07 20:40 . 2009-11-07 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-07 18:32 . 2009-11-07 18:32 -------- d-----w- c:\documents and settings\Dano\Application Data\Malwarebytes
2009-11-07 18:32 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 18:32 . 2009-11-07 18:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 18:32 . 2009-11-07 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-07 18:32 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-07 16:07 . 2009-11-08 00:10 -------- d-----w- c:\documents and settings\All Users\Defence
2009-11-06 05:41 . 2009-11-06 05:41 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-11-04 22:46 . 2009-11-04 22:46 -------- d-----w- c:\documents and settings\Dano\Local Settings\Application Data\Identities
2009-11-04 21:36 . 2009-11-04 21:36 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-11-04 17:51 . 2009-11-04 17:51 -------- d-----w- c:\program files\Adobe CS4
2009-11-04 08:13 . 2009-11-02 22:40 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-04 07:04 . 2009-11-04 21:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-04 07:04 . 2009-11-04 21:38 -------- d-----w- c:\documents and settings\Dano\Local Settings\Application Data\Adobe
2009-11-02 22:40 . 2009-11-02 22:40 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-02 22:40 . 2009-11-02 22:40 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-11-02 22:40 . 2009-11-02 22:40 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2009-11-02 22:40 . 2009-11-02 22:40 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-11-02 22:40 . 2009-11-02 22:40 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-11-02 22:40 . 2009-11-02 22:40 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-11-02 22:39 . 2009-11-02 22:39 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-11-02 22:39 . 2009-11-02 22:39 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-11-02 22:39 . 2009-11-02 22:39 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-10-30 10:09 . 2009-11-06 08:18 158552 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-30 06:25 . 2009-08-16 15:08 178176 ----a-w- c:\windows\system32\unrar.dll
2009-10-30 06:25 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2009-10-30 06:25 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2009-10-30 06:25 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2009-10-30 06:25 . 2009-10-30 06:26 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-30 06:25 . 2009-10-27 18:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-10-29 08:07 . 2009-10-29 08:18 -------- d-----w- c:\program files\auto-clicker
2009-10-28 17:06 . 2009-10-28 17:06 -------- d-----w- c:\program files\MSXML 4.0
2009-10-28 08:02 . 2009-10-28 08:02 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-28 08:02 . 2009-10-28 08:02 -------- d-----w- c:\program files\MSBuild
2009-10-28 08:02 . 2009-10-28 08:02 -------- d-----w- C:\63fe1c68c0399a1a4a0f2203
2009-10-28 08:02 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-28 08:02 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-28 08:02 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-28 08:02 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-28 08:02 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-28 08:02 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-28 08:02 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-28 08:00 . 2009-10-28 08:00 -------- d-----w- c:\program files\MSXML 6.0
2009-10-28 08:00 . 2009-10-28 08:03 -------- d-----w- C:\6a152061b27d02276d248c
2009-10-28 00:04 . 2009-10-28 01:04 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-10-27 21:50 . 2009-11-06 01:25 -------- d-----w- c:\documents and settings\Dano\Local Settings\Application Data\Corel
2009-10-27 21:47 . 2009-11-06 01:04 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-10-27 21:47 . 2009-10-27 21:47 8 --sh--r- c:\documents and settings\All Users\Application Data\A2301789F4.sys
2009-10-27 21:47 . 2009-10-27 21:47 -------- d-----w- c:\documents and settings\Dano\Application Data\Corel
2009-10-27 21:45 . 2009-10-27 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2009-10-27 21:45 . 2009-10-27 21:46 -------- d-----w- c:\program files\Common Files\Corel
2009-10-27 21:45 . 2009-10-27 21:45 -------- d-----w- c:\program files\Common Files\Protexis
2009-10-27 21:43 . 2009-10-27 21:45 -------- d-----w- c:\program files\Corel
2009-10-27 21:43 . 2009-10-27 21:43 -------- d-----w- c:\documents and settings\Dano\Application Data\InstallShield
2009-10-27 05:17 . 2006-02-28 12:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-10-27 05:16 . 2009-11-04 07:01 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-27 05:15 . 2009-10-27 05:16 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-10-27 05:15 . 2009-10-27 05:15 -------- d-----w- c:\windows\system32\LogFiles
2009-10-27 05:07 . 2009-10-27 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-10-27 05:06 . 2009-11-07 06:32 -------- d-----w- c:\documents and settings\Dano\Application Data\Winamp
2009-10-27 04:58 . 2009-10-27 04:58 -------- d-----w- c:\program files\Microsoft
2009-10-27 04:54 . 2006-08-25 03:47 115880 ------w- c:\windows\system32\pxinsi64.exe
2009-10-27 03:00 . 2009-10-27 05:04 -------- d-----w- c:\program files\Messenger Plus! Live
2009-10-27 01:32 . 2009-10-27 01:32 -------- d-----w- c:\windows\Sun
2009-10-27 00:32 . 2009-11-04 07:01 -------- d-----w- c:\program files\Wisdom-soft ScreenHunter 5 Pro
2009-10-26 22:54 . 2009-10-26 22:54 -------- d-----w- c:\program files\Pokemon World Online
2009-10-26 22:45 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-26 22:45 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-10-26 22:38 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-26 22:38 . 2009-11-02 22:40 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-10-26 22:38 . 2009-11-02 22:40 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-10-26 22:38 . 2009-11-02 22:40 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-10-26 22:38 . 2009-11-02 22:40 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-10-26 22:38 . 2009-11-02 22:40 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-10-26 22:38 . 2009-11-02 22:40 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-10-26 22:36 . 2009-10-26 22:36 -------- d-----w- c:\program files\Lavasoft
2009-10-26 22:30 . 2009-10-26 22:30 -------- d-----w- c:\program files\Windows Journal Viewer
2009-10-26 22:18 . 2009-11-07 06:34 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWA\unins000.exe
2009-10-26 22:18 . 2009-10-26 22:18 91 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat
2009-10-26 22:18 . 2009-10-26 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm
2009-10-26 22:17 . 2009-11-07 06:39 -------- d-----w- c:\documents and settings\Dano\Local Settings\Application Data\Last.fm
2009-10-26 22:17 . 2009-11-07 06:25 -------- d-----w- c:\program files\Last.fm
2009-10-26 21:27 . 2009-11-08 19:24 -------- d-----w- c:\documents and settings\Dano\Tracing
2009-10-26 21:25 . 2009-10-26 21:25 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-10-26 21:25 . 2009-10-27 04:58 -------- d-----w- c:\program files\Windows Live
2009-10-26 21:13 . 2009-10-26 21:13 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-26 20:59 . 2009-10-26 20:59 -------- d-----w- c:\documents and settings\Dano\Application Data\uniblue
2009-10-26 20:24 . 2006-02-28 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-10-26 20:08 . 2009-08-04 13:58 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-26 20:08 . 2009-08-04 14:00 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-26 20:08 . 2009-08-04 13:13 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-26 20:08 . 2009-08-04 13:13 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-10-26 20:02 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-26 20:02 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-10-26 19:39 . 2009-08-07 00:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-26 19:35 . 2009-10-26 19:35 -------- d-----w- c:\program files\Uniblue
2009-10-26 19:35 . 2008-10-26 05:02 2835262 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe
2009-10-26 19:35 . 2008-10-29 09:43 771360 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\23A3CF01\CACB8439\UBSysMan.dll
2009-10-26 19:35 . 2008-10-29 09:43 614688 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\EA1A1734\CACB8439\Launcher.exe
2009-10-26 19:35 . 2008-10-29 09:43 54608 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\13A9C5E5\CACB8439\Interop.IWshRuntimeLibrary.dll
2009-10-26 19:35 . 2008-10-29 09:43 381216 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\1F13E51E\CACB8439\AvalonCommon.dll
2009-10-26 19:35 . 2008-10-29 09:43 364320 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\F4DC5C6B\CACB8439\SUMPBackend.dll
2009-10-26 19:35 . 2008-10-29 09:43 191264 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\67304DB7\CACB8439\PowerSuiteBackendUtils.dll
2009-10-26 19:35 . 2008-10-29 09:43 1194784 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\744435A3\CACB8439\SUMP.exe
2009-10-26 19:35 . 2008-08-26 16:49 519168 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\7A8C224A\CACB8439\IsLicense40.dll
2009-10-26 19:35 . 2008-08-26 16:49 345008 -c--a-w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\Uniblue SpeedUpMyPc 4\D7904F02\CACB8439\IsLicense30.dll
2009-10-26 19:33 . 2009-10-26 19:33 -------- d-----w- c:\program files\Reference Assemblies
2009-10-26 19:27 . 2009-10-26 21:03 -------- d-----w- c:\program files\Visual Styles
2009-10-26 19:27 . 2009-10-26 19:27 -------- d-----r- C:\AHCache
2009-10-26 19:27 . 2009-11-05 08:02 15032 ----a-w- c:\documents and settings\Dano\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-26 19:24 . 2009-10-26 19:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-10-26 19:23 . 2009-10-26 19:23 -------- d-----w- c:\program files\TGTSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 06:32 . 2009-10-26 21:28 -------- d-----w- c:\program files\Winamp
2009-11-07 05:59 . 2009-11-07 05:59 5 ----a-w- c:\windows\system32\YoItzVlad.tmp
2009-11-02 22:40 . 2009-10-26 22:38 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-11-02 22:39 . 2009-10-26 22:37 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-02 22:39 . 2009-10-26 22:37 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-02 22:39 . 2009-10-26 22:37 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-02 22:39 . 2009-10-26 22:37 640608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-02 22:39 . 2009-10-26 22:37 815760 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-02 22:38 . 2009-10-26 22:37 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-02 22:38 . 2009-10-26 22:37 1638104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-02 22:38 . 2009-10-26 22:37 788368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-02 22:38 . 2009-10-26 22:37 1179232 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-10-27 20:32 . 2009-10-26 07:54 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-26 22:38 . 2009-10-26 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-26 22:36 . 2009-10-26 22:36 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-26 18:02 . 2009-10-26 18:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-26 18:02 . 2009-10-26 18:02 -------- d-----w- c:\program files\Realtek
2009-10-26 18:02 . 2009-10-26 18:02 315392 ----a-w- c:\windows\HideWin.exe
2009-10-26 18:02 . 2009-10-26 18:02 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-26 07:55 . 2009-10-26 07:55 -------- d-----w- c:\program files\microsoft frontpage
2009-10-26 07:52 . 2009-10-26 07:52 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-03 08:15 . 2009-10-26 22:36 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-09-11 14:33 . 2006-02-28 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:16 . 2006-02-28 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-10-27 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-26 149280]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-08-18 16712]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-07 2010904]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-04-10 16861184]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-07 20:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/26/2009 5:38 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/7/2009 3:41 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/7/2009 3:41 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/7/2009 3:41 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/7/2009 3:41 PM 285392]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1179232]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 22:38]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Dano\Application Data\Mozilla\Firefox\Profiles\x2o92j8i.default\
FF - prefs.js: browser.startup.homepage - hxxp://phen0type.proboards.com/index.cgi
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 15:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(2244)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-08 15:55
ComboFix-quarantined-files.txt 2009-11-08 20:54
ComboFix2.txt 2009-11-08 20:18

Pre-Run: 235,587,735,552 bytes free
Post-Run: 235,574,149,120 bytes free

- - End Of File - - 8F395A78EC9321584E717715CA406C79

Any help would be greatly appreciated. I've noticed that other people have been having this problem but so far no fixes have been working for me.


I have also been getting this from AVG.

Posted Image

Edited by Ticker, 08 November 2009 - 06:15 PM.

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 13 November 2009 - 08:38 PM

Posted Image


DO NOT use any TOOLS such as Combofix, SmitfraudFix, MBAM, Vundofix, or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.


Vista users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Uncheck "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Uncheck "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Posted Image
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.
  • Posted Image
  • Then click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.


Please don't attach the scans / logs, use "copy/paste". .

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,173 posts

Posted 20 November 2009 - 03:59 PM

Due to inactivity this topic will be closed. If you need help please start a new thread.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users