Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page I Keep Getting Redirected
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 12-02-2007, 04:15 PM   #1 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 20
OS: Windows XP Professional SP2


I Keep Getting Redirected
More often than not, when I do a Google search and click on a link, I get redirected to sites like rpicamps.com, primosearch.com, etc. etc. I usually have to type the url to get to the site. This has been going on for about a week. I use Firefox. NOD32 found a few infections and deleted and quarantined them, but I still get redirected. Can someone please help me out?


Logfile of HijackThis v1.99.1
Scan saved at 6:43:16 PM, on 12/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Zeeshan\Desktop\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8118;socks=localhost:9050
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C696142-D7D8-4DA4-B44D-B18A1D835780}: NameServer = 85.255.116.86,85.255.112.82
O17 - HKLM\System\CCS\Services\Tcpip\..\{475DE4B7-801B-4877-8702-B2CD28D7EF66}: NameServer = 85.255.116.86,85.255.112.82
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.86 85.255.112.82
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C696142-D7D8-4DA4-B44D-B18A1D835780}: NameServer = 85.255.116.86,85.255.112.82
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.86 85.255.112.82
O17 - HKLM\System\CS2\Services\Tcpip\..\{3C696142-D7D8-4DA4-B44D-B18A1D835780}: NameServer = 85.255.116.86,85.255.112.82
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.86 85.255.112.82
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Tor Win32 Service (tor) - Unknown owner - C:\Program Files\Vidalia Bundle\Tor\tor.exe" --nt-service -f "C:\Documents and Settings\Zeeshan\Application Data\Vidalia\torrc" ControlPort 9051 (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
__________________
If a fan gives off cool air when spun in one direction, then it only makes perfect sense that if spun in the opposite direction, it would give off heat.
10FootPianist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 12-05-2007, 03:06 PM   #2 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 20
OS: Windows XP Professional SP2


Re: I Keep Getting Redirected
bumped
__________________
If a fan gives off cool air when spun in one direction, then it only makes perfect sense that if spun in the opposite direction, it would give off heat.
10FootPianist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-06-2007, 06:12 AM   #3 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 23,958
OS: WinXP and Vista


Re: I Keep Getting Redirected
Hello 10FootPianist,

Please download FixWareout

http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
  • The fix will begin, follow the prompts.
  • You will be asked to reboot your computer, please do so.
  • Your system may take longer than usual to load. This is normal.
  • Once the desktop loads post the text that will open C:\fixwareout\report.txt which I will need in your next reply.
----------------------------------------------------------------

Fownload Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review.
  • DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.


Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

----------------------------------------------------------------

Please include the following in your next reply:

C:\fixwareout\report.txt
main.txt
extra.txt
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-06-2007, 04:31 PM   #4 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 20
OS: Windows XP Professional SP2


Re: I Keep Getting Redirected
Username "Zeeshan" - 12/06/2007 19:14:05 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdyys.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.116.86 85.255.112.82" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{3C696142-D7D8-4DA4-B44D-B18A1D835780}
"nameserver"="85.255.116.86,85.255.112.82" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{475DE4B7-801B-4877-8702-B2CD28D7EF66}
"nameserver"="85.255.116.86,85.255.112.82" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{475DE4B7-801B-4877-8702-B2CD28D7EF66}
"DhcpNameServer"="85.255.116.86,85.255.112.82" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4FA72A5C-BBEE-4653-8DF0-D29FD20BE3BE}
"DhcpNameServer"="85.255.116.86,85.255.112.82" <Value cleared.

Successfully flushed the DNS Resolver Cache.
System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\" -H"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"Acrobat Assistant 8.0"="\"C:\\Program Files\\Adobe\\Acrobat 8.0\\Acrobat\\Acrotray.exe\""
"Adobe_ID0EYTHM"="C:\\PROGRA~1\\COMMON~1\\Adobe\\ADOBEV~1\\Server\\bin\\VERSIO~2.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"uTorrent"="\"C:\\Program Files\\uTorrent\\uTorrent.exe\""
"Aim6"=""
"PeerGuardian"="C:\\Program Files\\PeerGuardian2\\pg2.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


Deckard's System Scanner v20071014.68
Run by Zeeshan on 2007-12-06 19:20:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
49: 2007-12-07 00:20:36 UTC - RP49 - Deckard's System Scanner Restore Point
48: 2007-12-02 05:02:13 UTC - RP48 - Installed Unreal Tournament 3
47: 2007-12-02 02:48:24 UTC - RP47 - System Checkpoint
46: 2007-11-23 00:32:22 UTC - RP46 - Installed QuickTime
45: 2007-11-18 00:28:07 UTC - RP45 - Installed Kaplan Essential Review - Writing and Vocabulary


-- First Restore Point --
1: 2007-10-07 19:51:03 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Zeeshan.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:58 PM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\Zeeshan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Zeeshan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8118;socks=localhost:9050
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Tor Win32 Service (tor) - Unknown owner - C:\Program Files\Vidalia Bundle\Tor\tor.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9053 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 libusb0 (LibUsb-Win32 - Kernel Driver, Version 0.1.10.1) - c:\windows\system32\drivers\libusb0.sys
R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 libusbd (LibUsb-Win32 - Daemon, Version 0.1.10.1) - system32\libusbd-nt.exe <Not Verified; http://libusb-win32.sourceforge.net; LibUsb-Win32>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
R2 tor (Tor Win32 Service) - "c:\program files\vidalia bundle\tor\tor.exe" --nt-service -f "c:\documents and settings\zeeshan\application data\vidalia\torrc" controlport 9051
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: nVidia WDM Video Capture (universal)
Device ID: DISPLAY\NVCAP\5&1C54517E&0&CA000002&01&00
Manufacturer: nVidia
Name: nVidia WDM Video Capture (universal)
PNP Device ID: DISPLAY\NVCAP\5&1C54517E&0&CA000002&01&00
Service: nvcap


-- Scheduled Tasks -------------------------------------------------------------

2007-12-04 10:01:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-06 and 2007-12-06 -----------------------------

2007-12-06 19:23:50 0 d-------- C:\Program Files\Trend Micro
2007-12-02 00:14:01 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\InstallShield Installation Information
2007-12-02 00:03:25 0 d-------- C:\Program Files\Unreal Tournament 3
2007-12-01 21:04:22 0 d-------- C:\Program Files\Portal
2007-11-24 10:55:49 0 d-------- C:\Program Files\LD-Anime
2007-11-22 20:13:31 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-22 20:01:50 0 d-------- C:\Program Files\TI Emulators
2007-11-22 20:01:42 0 d-------- C:\Documents and Settings\Zeeshan\WINDOWS
2007-11-22 20:01:34 0 d-------- C:\Program Files\Precalculus An Internet Approach
2007-11-22 19:34:51 1756 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-11-22 19:32:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-22 19:31:25 0 d-------- C:\Program Files\Apple Software Update
2007-11-22 19:31:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-11-21 20:38:58 0 d-------- C:\Program Files\Graphmatica
2007-11-21 20:35:45 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\Design Science
2007-11-21 20:35:32 0 d-------- C:\Program Files\MathType
2007-11-21 11:02:28 0 d-------- C:\Program Files\Process Explorer
2007-11-17 19:25:23 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-11-17 19:25:19 28672 --a------ C:\WINDOWS\system32\qttask.exe
2007-11-17 19:24:40 0 d-------- C:\Program Files\Kap.ACTr
2007-11-11 19:50:40 0 d-------- C:\Program Files\Media Player Classic
2007-11-11 19:47:38 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\Media Player Classic
2007-11-11 11:19:06 0 d-------- C:\Program Files\Kap.SATr
2007-11-11 10:32:16 0 d-------- C:\WINDOWS\network diagnostic
2007-11-11 10:26:54 0 d---s---- C:\Documents and Settings\Zeeshan\UserData
2007-11-10 12:46:37 0 d-------- C:\Program Files\Web Publish


-- Find3M Report ---------------------------------------------------------------

2007-12-06 19:24:29 0 d-------- C:\Program Files\PeerGuardian2
2007-12-06 19:14:20 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\uTorrent
2007-12-02 13:22:11 1460 --a------ C:\WINDOWS\mozver.dat
2007-12-02 13:21:00 0 d-------- C:\Program Files\DivX
2007-11-27 18:35:25 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\LimeWire
2007-11-22 20:18:54 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\Real
2007-11-22 20:13:31 0 d-------- C:\Program Files\Common Files
2007-11-22 20:13:26 0 d-------- C:\Program Files\Common Files\Real
2007-11-22 20:01:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-22 19:32:58 0 d-------- C:\Program Files\QuickTime
2007-11-11 12:30:02 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\Adobe
2007-10-31 12:58:09 0 d-------- C:\Program Files\Real
2007-10-28 11:10:54 0 d-------- C:\Program Files\Alcohol Soft
2007-10-27 17:47:48 0 d-------- C:\Program Files\HarvEX
2007-10-27 14:14:15 0 d-------- C:\Program Files\Chankast Alpha
2007-10-27 14:11:49 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\.myibay
2007-10-24 19:42:18 0 d-------- C:\Program Files\PSX 1.9
2007-10-21 18:01:37 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-10-21 14:50:58 0 d-------- C:\Program Files\Common Files\DirectX
2007-10-21 12:49:19 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-21 12:46:56 0 d-------- C:\Program Files\Common Files\Control Panels
2007-10-21 12:11:54 0 d-------- C:\Program Files\Bonjour
2007-10-21 12:07:28 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-10-20 14:40:13 0 d-------- C:\Program Files\LibUSB-Win32-0.1.10.1
2007-10-19 15:35:20 0 d-------- C:\Program Files\GameSpy Arcade
2007-10-18 22:38:20 0 d-------- C:\Program Files\AGEIA Technologies
2007-10-18 22:37:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-18 18:39:22 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\Vidalia
2007-10-17 16:15:12 0 d-------- C:\Program Files\Media Converter SA Edition
2007-10-14 21:32:50 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\ArcSoft
2007-10-14 21:30:28 0 d-------- C:\Program Files\ArcSoft
2007-10-14 13:39:57 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\Google
2007-10-13 19:44:26 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\Apple Computer
2007-10-12 20:11:28 0 d-------- C:\Program Files\uTorrent
2007-10-12 17:55:58 0 d-------- C:\Program Files\Microsoft Works
2007-10-12 17:55:49 0 d-------- C:\Program Files\MSBuild
2007-10-12 15:40:36 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-10-12 14:38:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-11 21:19:16 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\tor
2007-10-11 18:29:51 0 d-------- C:\Program Files\Vidalia Bundle
2007-10-10 20:13:05 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\Sun
2007-10-10 17:13:08 0 d-------- C:\Program Files\MSN Messenger
2007-10-10 15:41:57 0 d-------- C:\Program Files\Google
2007-10-09 15:25:42 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\Viewpoint
2007-10-08 20:07:05 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\TVU Networks
2007-10-08 17:00:20 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\vlc
2007-10-08 16:59:47 0 d-------- C:\Program Files\VideoLAN
2007-10-08 16:34:59 0 d-------- C:\Program Files\Wiley
2007-10-08 16:29:39 0 d-------- C:\Program Files\Windows Media Connect 2
2007-10-07 16:24:49 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\WinRAR
2007-10-07 16:10:12 0 d-------- C:\Program Files\Java
2007-10-07 15:58:29 0 d-------- C:\Program Files\LimeWire
2007-10-07 15:57:44 0 d-------- C:\Program Files\Common Files\Java
2007-10-07 15:56:53 0 d-------- C:\Program Files\PowerISO
2007-10-07 15:53:02 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\acccore
2007-10-07 15:52:48 0 d-------- C:\Program Files\AIM6
2007-10-07 15:52:26 0 d-------- C:\Program Files\Viewpoint
2007-10-07 15:52:09 0 d-------- C:\Program Files\Common Files\AOL
2007-10-07 15:38:23 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\Thinstall
2007-10-07 15:22:48 0 d-------- C:\Program Files\Messenger
2007-10-07 15:18:50 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\Macromedia
2007-10-07 15:14:34 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-07 15:14:31 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\Mozilla
2007-10-07 15:02:59 0 d-------- C:\Program Files\Common Files\InstallShield
2007-10-07 15:02:46 0 d-------- C:\Program Files\Object Desktop
2007-10-07 14:58:14 0 d-------- C:\Program Files\Analog Devices
2007-10-07 14:55:29 0 d-------- C:\Program Files\CONEXANT
2007-10-07 14:50:51 0 d-------- C:\Documents and Settings\Zeeshan\Application Data\Identities
2007-10-07 14:46:48 0 d-------- C:\Program Files\microsoft frontpage
2007-10-07 14:46:26 0 -rahs---- C:\MSDOS.SYS
2007-10-07 14:46:26 0 -rahs---- C:\IO.SYS
2007-10-07 14:46:26 0 --a------ C:\CONFIG.SYS
2007-10-07 14:46:26 0 --a------ C:\AUTOEXEC.BAT
2007-10-07 14:45:06 0 d--h----- C:\Program Files\WindowsUpdate
2007-10-07 14:44:13 0 d-------- C:\Program Files\Common Files\MSSoap
2007-10-07 14:44:04 0 d-------- C:\Program Files\Movie Maker
2007-10-07 14:43:16 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-10-07 14:42:54 0 d-------- C:\Program Files\Online Services
2007-10-07 14:42:46 0 d-------- C:\Program Files\MSN Gaming Zone
2007-10-07 14:42:36 0 d-------- C:\Program Files\Windows NT
2007-10-07 10:38:10 0 d-------- C:\Program Files\Common Files\ODBC
2007-10-07 10:38:07 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-10-07 10:37:40 62 --ahs---- C:\Documents and Settings\Zeeshan\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 01:42 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/16/2005 05:09 PM]
"nwiz"="nwiz.exe" [07/16/2005 05:09 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [07/16/2005 05:09 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 12:11 AM]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" []
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [10/12/2007 03:40 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/26/2006 11:47 PM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [05/10/2007 09:46 PM]
"@"="" []
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [03/20/2007 03:40 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/19/2007 08:16 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/22/2007 08:12 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/07/2007 03:11 PM]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [10/07/2007 03:40 PM]
"Aim6"="" []
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [09/18/2005 05:40 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [11/20/2006 9:30:54 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll 12/20/2001 09:34 PM 24576 C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\FrameworkCheck.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\Autorun.exe




-- End of Deckard's System Scanner: finished at 2007-12-06 19:25:01 ------------
Attached Files
File Type: txt extra.txt (20.9 KB, 0 views)
__________________
If a fan gives off cool air when spun in one direction, then it only makes perfect sense that if spun in the opposite direction, it would give off heat.
10FootPianist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-06-2007, 05:29 PM   #5 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 23,958
OS: WinXP and Vista


Re: I Keep Getting Redirected
Hi,

Now that the infection has been cleared, please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------

Run a new scan with HijackThis and save the log.

---------------------------------------------------------------

Please include the following in your next reply:

Kaspersky results
New HijackThis log
Update on system behavior
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-07-2007, 06:54 PM   #6 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 20
OS: Windows XP Professional SP2


Re: I Keep Getting Redirected
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, December 07, 2007 9:52:23 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/12/2007
Kaspersky Anti-Virus database records: 476856
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 176968
Number of viruses found: 6
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 02:45:19

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Zeeshan\Application Data\acccore\nss\cert8.db Object is locked skipped
C:\Documents and Settings\Zeeshan\Application Data\acccore\nss\key3.db Object is locked skipped
C:\Documents and Settings\Zeeshan\Application Data\Mozilla\Firefox\Profiles\ih6bkgpr.default\cert8.db Object is locked skipped
C:\Documents and Settings\Zeeshan\Application Data\Mozilla\Firefox\Profiles\ih6bkgpr.default\history.dat Object is locked skipped
C:\Documents and Settings\Zeeshan\Application Data\Mozilla\Firefox\Profiles\ih6bkgpr.default\key3.db Object is locked skipped
C:\Documents and Settings\Zeeshan\Application Data\Mozilla\Firefox\Profiles\ih6bkgpr.default\parent.lock Object is locked skipped
C:\Documents and Settings\Zeeshan\Application Data\Mozilla\Firefox\Profiles\ih6bkgpr.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Zeeshan\Application Data\Mozilla\Firefox\Profiles\ih6bkgpr.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Zeeshan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Zeeshan\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Zeeshan\Local Settings\Application Data\AOL OCP\AIM\Storage\data\irakistan911\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Zeeshan\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Zeeshan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Zeeshan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Zeeshan\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNSD.XML Object is locked skipped
C:\Documents and Settings\Zeeshan\Local Settings\Application Data\Mozilla\Firefox\Profiles\ih6bkgpr.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Zeeshan\Local Settings\Application Data\Mozilla\Firefox\Profiles\ih6bkgpr.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Zeeshan\Local Settings\Application Data\Mozilla\Firefox\Profiles\ih6bkgpr.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Zeeshan\Local Settings\Application Data\Mozilla\Firefox\Profiles\ih6bkgpr.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Zeeshan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Zeeshan\Local Settings\History\History.IE5\MSHist012007120720071208\index.dat Object is locked skipped
C:\Documents and Settings\Zeeshan\Local Settings\Temp\fla857.tmp Object is locked skipped
C:\Documents and Settings\Zeeshan\Local Settings\Temp\hsperfdata_Zeeshan\3940 Object is locked skipped
C:\Documents and Settings\Zeeshan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Zeeshan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Zeeshan\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20071207-174438.log Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\BDNTT2AA.NQF/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.dhb skipped
C:\Program Files\ESET\infected\BDNTT2AA.NQF/stream Infected: Trojan-Downloader.Win32.Zlob.dhb skipped
C:\Program Files\ESET\infected\BDNTT2AA.NQF NSIS: infected - 2 skipped
C:\Program Files\ESET\infected\BDNTT2AA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\Program Files\ESET\infected\TEMSXRDA.NQF Infected: Trojan.Win32.DNSChanger.abk skipped
C:\Program Files\ESET\infected\V3XJQECA.NQF/stream/data0003 Infected: Trojan-Downloader.Win32.Zlob.eag skipped
C:\Program Files\ESET\infected\V3XJQECA.NQF/stream Infected: Trojan-Downloader.Win32.Zlob.eag skipped
C:\Program Files\ESET\infected\V3XJQECA.NQF NSIS: infected - 2 skipped
C:\Program Files\ESET\infected\V3XJQECA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\Program Files\ESET\infected\VSACNGCA.NQF Infected: not-virus:Hoax.Win32.Renos.vm skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\PeerGuardian2\history.db Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A78FE975-9AA2-494D-9627-E3E4FE335312}\RP38\A0011386.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.dhb skipped
C:\System Volume Information\_restore{A78FE975-9AA2-494D-9627-E3E4FE335312}\RP38\A0011386.exe/stream Infected: Trojan-Downloader.Win32.Zlob.dhb skipped
C:\System Volume Information\_restore{A78FE975-9AA2-494D-9627-E3E4FE335312}\RP38\A0011386.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{A78FE975-9AA2-494D-9627-E3E4FE335312}\RP48\A0016835.exe/data0001 Infected: Trojan.Win32.DNSChanger.adz skipped
C:\System Volume Information\_restore{A78FE975-9AA2-494D-9627-E3E4FE335312}\RP48\A0016835.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{A78FE975-9AA2-494D-9627-E3E4FE335312}\RP48\A0017209.exe Object is locked skipped
C:\System Volume Information\_restore{A78FE975-9AA2-494D-9627-E3E4FE335312}\RP49\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\60C14960.TMP Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{A78FE975-9AA2-494D-9627-E3E4FE335312}\RP7\A0000830.exe Infected: Trojan.Win32.ShipUp.n skipped

Scan process completed.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:49 PM, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8118;socks=localhost:9050
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Tor Win32 Service (tor) - Unknown owner - C:\Program Files\Vidalia Bundle\Tor\tor.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9325 bytes



I don't seem to be getting redirected anymore.
__________________
If a fan gives off cool air when spun in one direction, then it only makes perfect sense that if spun in the opposite direction, it would give off heat.
10FootPianist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-07-2007, 09:44 PM   #7 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 23,958
OS: WinXP and Vista


Re: I Keep Getting Redirected
Kaspersky is only reporting the infections Eset (Nod32) has taken care of for you--clear out that folder. our logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

Reset hidden/system files and folders

Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Ensure Windows Auto Update is Enabled
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will flush out previous restore points (which contain the infections) and create a new restore point.

**************************************************************************************




To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
  • It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-11-2007, 03:58 PM   #8 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 20
OS: Windows XP Professional SP2


Re: I Keep Getting Redirected
Yes this issue is resolved. Thank you very much!
__________________
If a fan gives off cool air when spun in one direction, then it only makes perfect sense that if spun in the opposite direction, it would give off heat.
10FootPianist is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-11-2007, 06:16 PM   #9 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 23,958
OS: WinXP and Vista


Re: I Keep Getting Redirected
You're welcome. Surf safely.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 01:20 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84