|
Registered User
Join Date: Jun 2009
Posts: 16
OS: xp
|
Re: Overclick.CN redirect driving me crAzY-Please help!
I see some other folks here are having this problem too, but it appears I would have to run some kind of diagnostic first. I am a newbie, so I'm not sure what I need to do. Is it the program called HiJack This? I know I must sound like an idiot in this forum, but that's OK, I accept that. Can you please help. The problem started a few days ago and it has been difficult to even get to a site to help because I keep getting redirected! So, whew, I'm finally here. I ran so many programs, AdAware, SpyBot, Stinger, Malware Bytes, Microsoft tool...nothing can locate it. The only thing I found suspicious was a file called ctfcom.exe, but apparently that was not related. It sounds like a very complicated fix here, but anyone has the patience to explain in layman terms, I'd really appreciate it. Thanks!
Oh, I also ran something called CWShredder and I don't know if this means anything:
Found Hosts file: C:\WINDOWS\system32\drivers\etc\hosts (288517 bytes, R)
Shell Registry value: HKLM\..\WinLogon [Shell] Explorer.exe
UserInit Registry value: HKLM\..\WinLogon [UserInit] C:\WINDOWS\system32\userinit.exe,
Found Win.ini file: C:\WINDOWS\win.ini (680 bytes, A)
Found System.ini file: C:\WINDOWS\system.ini (227 bytes, A)
Oh gosh, after posting my questions, I found the little red "First Steps" link and realized all the instructions were all laid out for me...sorry.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Donald at 0:49:54.34 on Mon 06/29/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.522 [GMT -7:00]
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\AOL\1222283402\ee\AOLSoftware.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
c:\program files\common files\aol\1222283402\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1222283402\ee\aolsoftware.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Intuit\QuickBooks Basic\qbw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Donald\Desktop\dds.scr
C:\Documents and Settings\Donald\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HostManager] c:\program files\common files\aol\1222283402\ee\AOLSoftware.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DXDllRegExe] dxdllreg.exe
mRun: [CXMon] "c:\program files\hewlett-packard\photosmart\photo imaging\Hpi_Monitor.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AOLAspSunset2] c:\documents and settings\all users\application data\aol\userprofiles\all users\antispyware\dat\updates\aspapp\sunsetAsp2.exe
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks basic\components\qbagent\qbdagent2002.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: miscrosoft.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
============= SERVICES / DRIVERS ===============
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
=============== Created Last 30 ================
2009-06-28 21:08 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-06-28 20:13 <DIR> --d----- c:\docume~1\donald\applic~1\Uniblue
2009-06-28 18:34 <DIR> --d----- c:\windows\system32\scripting
2009-06-28 18:34 <DIR> --d----- c:\windows\l2schemas
2009-06-28 18:34 <DIR> --d----- c:\windows\system32\en
2009-06-28 18:34 <DIR> --d----- c:\windows\system32\bits
2009-06-28 18:33 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-28 18:31 <DIR> --d----- c:\windows\network diagnostic
2009-06-24 22:48 <DIR> --d----- C:\!KillBox
2009-06-24 22:37 <DIR> --dsh--- c:\documents and settings\donald\PrivacIE
2009-06-24 22:35 <DIR> --dsh--- c:\documents and settings\donald\IETldCache
2009-06-24 22:34 <DIR> --d----- c:\windows\ie8updates
2009-06-24 22:33 <DIR> --d----- c:\windows\Offline Web Pages
2009-06-24 22:32 <DIR> -cd-h--- c:\windows\ie8
2009-06-24 22:30 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-24 22:30 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-24 22:30 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-24 15:37 <DIR> --d----- c:\docume~1\donald\applic~1\Malwarebytes
2009-06-24 15:37 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-24 15:37 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-24 15:37 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-24 15:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-19 21:59 54,156 a---h--- c:\windows\QTFont.qfn
2009-06-19 21:59 1,409 a------- c:\windows\QTFont.for
2009-06-11 07:42 118 a------- c:\windows\system32\MRT.INI
2009-06-04 19:51 <DIR> --d----- c:\windows\pss
==================== Find3M ====================
2009-06-28 18:37 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2008-12-21 08:12 31 a------- c:\documents and settings\donald\jagex_runescape_preferences.dat
2008-11-26 11:29 15,083,520 a------- c:\program files\spybotsd160.exe
2008-09-21 19:47 19,153,264 a------- c:\program files\aaw2008.exe
2008-09-21 17:34 14,564,931 a------- c:\program files\ysitebuilder.exe
2007-11-29 13:53 0 a------- c:\docume~1\donald\applic~1\wklnhst.dat
2004-08-10 05:00 94,784 ---sh--- c:\windows\twain.dll
2008-04-13 17:12 50,688 ---sh--- c:\windows\twain_32.dll
2008-04-13 17:11 1,028,096 a--sh--- c:\windows\system32\mfc42.dll
2008-04-13 17:12 57,344 a--sh--- c:\windows\system32\msvcirt.dll
2008-04-13 17:12 413,696 a--sh--- c:\windows\system32\msvcp60.dll
2008-04-13 17:12 343,040 a--sh--- c:\windows\system32\msvcrt.dll
2008-04-13 17:12 551,936 ---sh--- c:\windows\system32\oleaut32.dll
2008-04-13 17:12 84,992 ---sh--- c:\windows\system32\olepro32.dll
2008-04-13 17:12 11,776 ---sh--- c:\windows\system32\regsvr32.exe
============= FINISH: 0:51:50.45 ===============
Last edited by TheBruce1; 06-29-2009 at 06:29 AM.
|