TommyD Posted October 29, 2009 ID:150733 Share Posted October 29, 2009 Please take a look at this, My browser keeps redirecting to multiple sites.. cannot search without it going to multiple sites...pleas help thanks Link to post Share on other sites More sharing options...
TommyD Posted October 29, 2009 Author ID:150735 Share Posted October 29, 2009 Please take a look at this, My browser keeps redirecting to multiple sites.. cannot search without it going to multiple sites...pleas help thanksLogfile of HijackThis v1.99.1Scan saved at 9:14:29 PM, on 10/28/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\System32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\Ati2evxx.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Eset\nod32krn.exeC:\WINDOWS\system32\PSIService.exeC:\WINDOWS\system32\slserv.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Eset\nod32kui.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\devldr32.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Fastrek82\Desktop\New Folder\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICEO4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startguiO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\System32\shdocvw.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO14 - IERESET.INF: START_PAGE_URL=http://www.emachines.comO16 - DPF: Dice City Roller by pogo - http://game1.pogo.com/applet-6.7.3.23/ytz/ytz-en_US.cabO16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.7.2.33/domi...omino-en_US.cabO16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.7.2.24/euch...uchre-en_US.cabO16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.7.1.33/harv...rvest-en_US.cabO16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.7.2.24/pool2/pool-en_US.cabO16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.7.1.33/gin/gin-en_US.cabO16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.7.1.33/mlsl...slots-en_US.cabO16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.7.2.33/popp...ppit2-en_US.cabO16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.7.2.33/spad...ades2-en_US.cabO16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.7.1.23/stax/stax-en_US.cabO16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.7.2.24/hold...oldem-en_US.cabO16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-6.7.3.23/turb...rbo22-en_US.cabO16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.7.2.24/memo...ories-en_US.cabO16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.7.1.23/word...djong-en_US.cabO16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.7.1.33/worl...class-en_US.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www1.pcpitstop.com/betapit/PCPitStop.CABO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocxO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238546859937O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate...opAntiVirus.dllO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1238634909375O16 - DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} (Stm Class) - https://mpsnare.iesnare.com/StmOCX.cabO16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cabO16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cabO16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cabO16 - DPF: {BAACD2A2-F1E0-49DF-BF2C-4DCF05EDFCFD} (ds_scap Class) - http://72.9.157.186/cam/ds_scrncap.dllO16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.20.19/ttinst.cabO16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cabO16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cabO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLLO20 - Winlogon Notify: awtsTLBq - awtsTLBq.dll (file missing)O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exeO23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exeO23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exeO23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted October 30, 2009 Root Admin ID:151353 Share Posted October 30, 2009 Hello and welcome to MalwarebytesPlease run the following.Update and Scan with Malwarebytes' Anti-MalwareStart MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.Update Malwarebytes' Anti-Malware Select the Update tabClick Update[*]When the update is complete, select the Scanner tab[*]Select Perform quick scan, then click Scan.[*]When the scan is complete, click OK, then Show Results to view the results.[*]Be sure that everything is checked, and click Remove Selected.[*]When completed, a log will open in Notepad. please copy and paste the log into your next reply If you accidently close it, the log file is saved here and will be named like this:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txtThen post back the MBAM log and a new Hijackthis log. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 2, 2009 Root Admin ID:152466 Share Posted November 2, 2009 Please post an update Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 3, 2009 Root Admin ID:152869 Share Posted November 3, 2009 I will be closing your post soon if I don't hear back from you.Please post an update Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 6, 2009 Root Admin ID:154283 Share Posted November 6, 2009 Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you. Link to post Share on other sites More sharing options...
Recommended Posts