We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
AAArgh....Got the rediraction virus again and cannot get rid of it.
dori2o
Posts: 8,150 Forumite
in Techie Stuff
I've got the internet redirection virus again, you know the one that redirects you to web pages you don't want to go to when your searching for something on the net.
I've run C cleaner, Advance system care and malwarebytes, installed and uninstalled AVG, Avast, Avira ( now running) and none of them have detected it.
I've also deleted/uninstalled all the files/programs I have downloaded in the past week.
Any help appreciated.
I've run C cleaner, Advance system care and malwarebytes, installed and uninstalled AVG, Avast, Avira ( now running) and none of them have detected it.
I've also deleted/uninstalled all the files/programs I have downloaded in the past week.
Any help appreciated.
[SIZE=-1]To equate judgement and wisdom with occupation is at best . . . insulting.
[/SIZE]
[/SIZE]
0
Comments
-
can we see the malwarebytes log pleaseEx forum ambassador
Long term forum member0 -
and download this
http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
and do a scan and post that log file
thank youEx forum ambassador
Long term forum member0 -
could I ask what anti-virus software you are using? Where do you think it's coming from?Utinam logica falsa tuam philosophiam totam suffodiant.0
-
DatabaseError wrote: »could I ask what anti-virus software you are using? Where do you think it's coming from?
Currently using Avira.
I have no idea where the problem is comming from.
It affects both Firefox and IE.
Cannot complete system restore
Firefox is now completely locked out.[SIZE=-1]To equate judgement and wisdom with occupation is at best . . . insulting.
[/SIZE]0 -
Hijack this logLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:49, on 27/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MPlayerForWindows_UpdateReminder] "C:\Program Files\MPlayer for Windows\AutoUpdate.exe" /L=1033 /TASK
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Customize Menu - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [URL]file://C:\Program[/URL] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1ca1baa34fdc0e4) (gupdate1ca1baa34fdc0e4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8156 bytes
Malwarebytes logMalwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 6.0.6000
26/12/2009 20:40:21
mbam-log-2009-12-26 (20-40-21).txt
Scan type: Quick Scan
Objects scanned: 70449
Time elapsed: 2 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)[SIZE=-1]To equate judgement and wisdom with occupation is at best . . . insulting.
[/SIZE]0 -
run this
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
then post the log ( you may need to rename combofix.exe to something else like cleanmypc.exe) , you can just run it as you are running Vista , no need to install recovery console like on XP
edit , see the malwarebytes log now
and also post the hijackthis log after the combofix scanEx forum ambassador
Long term forum member0 -
Malwarebytes' Anti-Malware 1.37
Database version: 2182
Malwarebytes is WELL old. You need to update to 1.42 and then update again (probably) to get the latest database version (Well over 3000 now)
Then run a FULL scan:idea:0 -
Malwarebytes' Anti-Malware 1.42
Database version: 3438
Windows 6.0.6000
Internet Explorer 7.0.6000.16945
27/12/2009 14:45:16
mbam-log-2009-12-27 (14-45-16).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 239976
Time elapsed: 1 hour(s), 27 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\SystemRestore\FRStaging\Users\home\Downloads\PreRelease.Twilight.Saga.New.Moon.XviD.R5.ChecHnyA\WatchTwilightNewMoonNow.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\sdra64.exe (Spyware.Zbot) -> Quarantined and deleted successfully.ComboFix 09-12-26.04 - home 27/12/2009 12:48:39.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.2038.1073 [GMT 0:00]
Running from: c:\users\home\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: AntiVir Desktop *enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\AutoRun.inf
c:\windows\system32\VideoEA560DEADrivers.dll
BITS: Possible infected sites
hxxp://nds1.nokia.com
.
((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.
2009-12-27 12:55 . 2009-12-27 12:55
d
w- c:\users\home\AppData\Local\temp
2009-12-27 12:44 . 2009-12-27 12:46
d
w- C:\32788R22FWJFW
2009-12-27 11:28 . 2009-12-27 11:28
d
w- c:\program files\Trend Micro
2009-12-26 16:03 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-26 16:03 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-26 16:03 . 2009-12-26 16:03
d
w- c:\programdata\Avira
2009-12-26 16:03 . 2009-12-26 16:03
d
w- c:\program files\Avira
2009-12-26 08:53 . 2009-12-25 17:25 4043032 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2009-12-26 08:53 . 2009-12-25 17:25 3776280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2009-12-26 08:53 . 2009-12-25 17:25 3967256 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2009-12-26 08:53 . 2009-12-25 17:25 2352920 ----a-w- c:\programdata\avg9\update\backup\avgresf.dll
2009-12-26 08:53 . 2009-12-25 17:25 916248 ----a-w- c:\programdata\avg9\update\backup\avgcfgx.dll
2009-12-25 17:26 . 2009-12-25 19:22
d
w- C:\$AVG
2009-12-25 17:25 . 2009-12-26 11:00
d
w- c:\programdata\avg9
2009-12-25 17:24 . 2009-12-25 17:25
d
w- c:\program files\AVG
2009-12-25 16:20 . 2009-12-25 16:20
d
w- c:\users\home\AppData\Roaming\Nokia
2009-12-25 16:20 . 2009-12-25 16:20
d
w- c:\users\home\AppData\Local\Nokia
2009-12-25 16:20 . 2009-12-25 16:20
d
w- c:\programdata\PC Suite
2009-12-25 16:20 . 2009-12-25 16:20
d
w- c:\users\home\AppData\Roaming\PC Suite
2009-12-25 16:20 . 2009-12-25 16:20
d
w- c:\users\home\AppData\Local\NokiaAccount
2009-12-25 11:41 . 2009-12-25 11:42
d
w- c:\program files\Common Files\Nokia
2009-12-25 11:41 . 2009-12-25 11:41
d
w- c:\program files\DIFX
2009-12-25 11:41 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-25 11:41 . 2009-12-25 11:41
d
w- c:\program files\PC Connectivity Solution
2009-12-25 11:39 . 2009-10-06 11:52 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-25 11:39 . 2009-12-25 11:39 12212040 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2009-12-25 11:39 . 2009-12-25 11:39 13930312 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2009-12-25 11:39 . 2009-12-25 11:39 77824 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-12-25 11:39 . 2009-12-25 11:39 61440 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx86.exe
2009-12-25 11:39 . 2009-12-25 11:39 58880 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx64.exe
2009-12-25 11:39 . 2009-12-25 11:39 50000 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2009-12-25 11:38 . 2009-12-25 11:41
d
w- c:\program files\Nokia
2009-12-25 11:38 . 2009-12-25 11:38
d
w- c:\programdata\OviInstallerCache
2009-12-25 11:38 . 2009-12-25 11:31 95992424 ----a-w- c:\programdata\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_webinstaller_ALL.exe
2009-12-24 15:21 . 2009-12-26 10:07
d-sh--w- c:\users\home\AppData\Roaming\lowsec
2009-12-23 17:40 . 2009-12-23 17:40
d
w- c:\windows\Turtix
2009-12-23 17:12 . 2009-12-23 17:12
d
w- c:\windows\Turtle Odyssey 3-in-1
2009-12-18 07:59 . 2009-12-18 07:59
d
w- c:\users\home\AppData\Local\Yahoo!
2009-12-11 03:02 . 2009-11-09 13:34 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-11 03:02 . 2009-11-09 13:30 31232 ----a-w- c:\windows\system32\httpapi.dll
2009-12-11 03:02 . 2009-11-09 11:17 396800 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-05 20:55 . 2009-12-05 20:55 43602 ----a-w- c:\windows\system32\xvid-uninstall.exe
2009-12-05 20:55 . 2009-12-05 20:55
d
w- c:\program files\Gabest
2009-12-05 20:55 . 2009-12-05 20:55
d
w- c:\program files\AutoGK
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 10:30 . 2009-06-22 22:42
d
w- c:\users\home\AppData\Roaming\uTorrent
2009-12-27 10:30 . 2009-11-10 21:33
d
w- c:\program files\iTunes
2009-12-27 10:30 . 2009-08-13 00:08
d
w- c:\program files\Google
2009-12-27 10:30 . 2009-07-31 07:05
d
w- c:\program files\Common Files\DivX Shared
2009-12-27 10:30 . 2009-07-31 07:05
d
w- c:\program files\DivX
2009-12-27 10:30 . 2009-07-24 16:27
d
w- c:\program files\Bonjour
2009-12-27 10:29 . 2006-11-02 12:37
d
w- c:\program files\Windows Sidebar
2009-12-27 10:29 . 2006-11-02 12:37
d
w- c:\program files\Windows Defender
2009-12-26 18:10 . 2009-06-22 18:30 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-11 03:19 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2009-12-05 20:55 . 2009-10-08 19:41
d
w- c:\program files\AviSynth 2.5
2009-11-29 10:06 . 2009-06-23 09:20 1 ----a-w- c:\users\home\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-25 07:11 . 2009-07-24 16:36
d
w- c:\users\home\AppData\Roaming\Apple Computer
2009-11-19 20:21 . 2009-11-19 20:21
d
w- c:\program files\Instant Lock
2009-11-19 20:06 . 2009-11-19 20:06 1940 ----a-w- c:\windows\system32\wmppsfv.dll
2009-11-19 20:06 . 2009-11-19 20:05
d
w- c:\program files\FolderVault
2009-11-19 20:06 . 2009-11-19 20:06 98 ----a-w- c:\windows\system32\run.bat
2009-11-19 20:06 . 2009-11-19 20:06 757760 ----a-w- c:\windows\system32\help.dll
2009-11-19 20:06 . 2009-11-19 20:06 22304 ----a-w- c:\windows\system32\drivers\HMFAxCore90472fbe86416a7647815f92f3d628dc.sys
2009-11-19 20:06 . 2009-11-19 20:06 135168 ----a-w- c:\windows\system32\Lock.dll
2009-11-19 20:06 . 2009-11-19 20:06 713504 ----a-w- c:\windows\system32\HMFAx.dll
2009-11-19 20:06 . 2009-11-19 20:06 11776 ----a-w- c:\windows\system32\reghmf.exe
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-14 00:02 . 2009-11-14 00:02 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-11-14 00:02 . 2009-11-14 00:02 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-11-10 21:33 . 2009-11-10 21:33
d
w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-10 21:33 . 2009-11-10 21:33
d
w- c:\program files\iPod
2009-11-10 21:33 . 2009-07-24 16:24
d
w- c:\program files\Common Files\Apple
2009-11-10 21:32 . 2009-11-10 21:31
d
w- c:\program files\QuickTime
2009-11-10 21:24 . 2009-11-10 21:24 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-10 18:45 . 2009-11-10 18:45
d
w- c:\program files\EASEUS
2009-11-09 22:27 . 2009-11-09 22:26
d
w- c:\program files\XVI32
2009-11-09 22:17 . 2009-11-09 22:17
d
w- c:\program files\WBFS
2009-11-08 13:35 . 2009-07-31 08:51
d
w- c:\users\home\AppData\Roaming\DVD Flick
2009-11-05 16:38 . 2009-11-10 18:45 1669120 ----a-w- c:\windows\system32\BootMan.exe
2009-11-02 20:42 . 2009-10-02 20:36 195456
w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:59 . 2009-11-25 03:01 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-27 15:05 . 2009-12-10 12:33 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-27 15:01 . 2009-12-10 12:33 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-10-27 15:01 . 2009-12-10 12:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 15:01 . 2009-12-10 12:33 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2009-10-27 14:59 . 2009-12-10 12:33 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-27 12:27 . 2009-12-10 12:33 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-27 10:56 . 2009-12-10 12:33 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-10-07 12:47 . 2009-12-10 12:33 232960 ----a-w- c:\windows\system32\rastls.dll
2009-10-07 12:47 . 2009-12-10 12:33 274432 ----a-w- c:\windows\system32\raschap.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-06-22 1232896]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-04-01 405504]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-07-25 2968512]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-09-06 160592]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-13 39408]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2009-12-10 401728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2009-06-22 1006264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-22 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"MPlayerForWindows_UpdateReminder"="c:\program files\MPlayer for Windows\AutoUpdate.exe" [2009-07-24 72016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
c:\users\home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50:58, on 27/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MPlayerForWindows_UpdateReminder] "C:\Program Files\MPlayer for Windows\AutoUpdate.exe" /L=1033 /TASK
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1ca1baa34fdc0e4) (gupdate1ca1baa34fdc0e4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 7286 bytes
Log files as requested[SIZE=-1]To equate judgement and wisdom with occupation is at best . . . insulting.
[/SIZE]0 -
-
have you looked inside your hosts file ?
This is where the re-direction can occur, and may not show in anti-virus/malware scans.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.1K Banking & Borrowing
- 253.5K Reduce Debt & Boost Income
- 454.2K Spending & Discounts
- 245.1K Work, Benefits & Business
- 600.7K Mortgages, Homes & Bills
- 177.4K Life & Family
- 258.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards