Jump to content

Noto's redirect problem


Noto

Recommended Posts

Hi the last few days ive been trying to get rid of my redirect problem which links me to a site called gomeo

ive tried almost everything i can think of

from the guide i found here im supposed to post the results of 2 scans i hope im right cause its a allot of text here i go

if im wrong im srry.

from the DDS.text

DDS (Ver_10-12-05.01) - NTFSx86

Run by Eigenaar at 16:55:52,98 on za 11-12-2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Documents and Settings\Eigenaar\Application Data\dwm.exe

C:\Documents and Settings\Eigenaar\Application Data\Microsoft\conhost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\csrss.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe

C:\WINDOWS\Mixer.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\vsnpstd.exe

C:\PROGRA~1\IWONGIE\bar\1.bin\vrbrmon.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\DNA\btdna.exe

D:\program files\ncsoft\launcher\NCLauncher.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Eigenaar\Local Settings\Temporary Internet Files\Content.IE5\CR7CO6EA\dds[1].scr

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k bthsvcs

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.nl/

uSearch Page = hxxp://www.google.com

uWindow Title = Windows Internet Explorer wordt aangeboden door Netlog

uDefault_Page_URL = hxxp://nl.netlog.com

uInternet Settings,ProxyServer = http=127.0.0.1:54061

uURLSearchHooks: N/A: {2ad11eb6-a327-4dfe-88bf-c6071e09f05b} - c:\program files\iwongie\bar\1.bin\vrSrcAs.dll

uWinlogon: Shell=explorer.exe,c:\documents and settings\eigenaar\application data\dwm.exe

uWindows: Load=c:\docume~1\eigenaar\locals~1\temp\csrss.exe

BHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

BHO: Toolbar BHO: {d6995d07-cd9b-4cc0-a22a-9e14684d6d64} - c:\progra~1\iwongie\bar\1.bin\vrbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: IWON: {43a3055a-6ff3-4aa5-90e6-18a10297cb53} - c:\program files\iwongie\bar\1.bin\vrbar.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

EB: &AdVantage Branding Window: {d367a4af-8202-4173-a115-9831108f1e0a} - %SystemRoot%\system32\shdocvw.dll

uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe"

uRun: [igndlm.exe] d:\program files\download manager\DLM.exe /windowsstart /startifwork

uRun: [PlayNC Launcher]

uRun: [NCsoft Launcher] d:\program files\ncsoft\launcher\NCLauncher.exe /Minimized

uRunOnce: [shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.spele.nl/game/vlieg_en_schiet/bacterien_gevecht.html"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [C-Media Echo Control] c:\program files\pci audio applications\bin\EchoCtrl.exe

mRun: [C-Media Mixer] Mixer.exe /startup

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray

mRun: [snpstd] c:\windows\vsnpstd.exe

mRun: [iWONGIE Browser Plugin Loader] c:\progra~1\iwongie\bar\1.bin\vrbrmon.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [HydraVisionDesktopManager] c:\program files\ati technologies\ati hydravision\HydraDM.exe

mRun: [svchost] c:\documents and settings\eigenaar\application data\microsoft\conhost.exe

IE: &Search - http://tbedits.iwon.com/one-toolbaredits/m...mp;n=2010071107

IE: E&xporteren naar Microsoft Excel - d:\progra~1\micros~1\office11\EXCEL.EXE/3000

IE: Klant openen op monitor &1 - c:\windows\web\AOpenClient.htm

IE: Klant openen op monitor &2 - c:\windows\web\AOpenClient.htm

IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\eigenaar\menu start\programma's\imvu\Run IMVU.lnk

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL

DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: AtiExtEvent - Ati2evxx.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

AppInit_DLLs: igldqh.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 0.0.0.0 l2authd.lineage2.com

Hosts: 1.1.1.1 nprotect.ncsoft.co.kr

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\eigenaar\applic~1\mozilla\firefox\profiles\vho51fl7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/402

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=402&q=

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 54061

FF - prefs.js: network.proxy.type - 1

FF - component: c:\program files\mozilla firefox\components\AdVComponent.dll

FF - plugin: c:\docume~1\eigenaar\applic~1\flatcast\NpFv522.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NpFp522.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NpFv522.dll

FF - plugin: d:\program files\download manager\npfpdlm.dll

FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll

FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll

FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll

FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll

FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll

FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll

FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\eigenaar\applic~1\mozilla\firefox\profiles\vho51fl7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R? fsssvc;De service Windows Live Family Safety

R? IWONGIEService;IWON Service

R? s115bus;Sony Ericsson Device 115 driver (WDM)

R? s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter

R? s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver

R? s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)

R? s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface

S? AVGIDSEH;AVGIDSEH

S? fssfltr;fssfltr

S? HMFAxCore55688327e8f59cf41f6f99d9c88a251d;HMFAxCore55688327e8f59cf41f6f99d9c88a2

51d

S? ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver

=============== Created Last 30 ================

2010-12-10 19:51:37 120832 ----a-w- c:\docume~1\eigenaar\applic~1\microsoft\conhost.exe

2010-12-10 19:50:54 134656 ----a-w- c:\docume~1\eigenaar\applic~1\dwm.exe

2010-12-10 19:47:36 -------- d-----w- c:\windows\system32\wbem\repository\FS

2010-12-10 19:47:36 -------- d-----w- c:\windows\system32\wbem\Repository

2010-12-10 19:46:55 -------- d--h--r- c:\documents and settings\eigenaar\Onlangs geopend

2010-12-10 19:21:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Bandoo

2010-12-10 19:20:51 -------- d-----w- c:\docume~1\eigenaar\applic~1\searchqutb

2010-12-10 19:20:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Fun4IM

2010-12-10 19:20:43 -------- d-----w- c:\program files\Windows Searchqu Toolbar

2010-12-10 19:20:43 -------- d-----w- c:\program files\Fun4IM

2010-11-28 18:43:11 120832 ----a-w- c:\docume~1\eigenaar\applic~1\microsoft\svchost.exe

==================== Find3M ====================

2010-10-22 15:16:52 111928 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-09-18 10:23:46 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:44 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:44 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:44 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-15 02:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-15 00:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

============= FINISH: 16:56:57,00 ===============

from the last scan from malware

Malwarebytes' Anti-Malware 1.50

www.malwarebytes.org

Databaseversie: 5289

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10-12-2010 8:37:28 PM

mbam-log-2010-12-10 (20-37-28).txt

Scantype: Snelle scan

Objecten gescand: 135889

Verstreken tijd: 7 minuut/minuten, 46 seconde(n)

Geheugenprocessen ge

Attach.txt

Link to post
Share on other sites

Hello Noto! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.

Please post the entire log file from Attach.txt .

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.