Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » links redirected to ads

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

links redirected to ads

Reply
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 08-07-2009, 03:11 AM
Newbie
D-A-L Newbie
  
Join Date: Jul 2009
Posts: 5
MissyDancer88 is a jewel in the roughMissyDancer88 is a jewel in the roughMissyDancer88 is a jewel in the roughMissyDancer88 is a jewel in the rough
Question links redirected to ads
Hi,

When I search my links go to other ad websites. It happens on google when using firefox and internet explorer. I have already used MalwareBytes, AdAware, AVG and JV Power tools.

Here is my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:06:17 PM, on 7/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Anna Cardozo\Desktop\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Start Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell UK: Laptops, Desktop Computers, Monitors, Printers & PC Accessories
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Dell UK: Laptops, Desktop Computers, Monitors, Printers & PC Accessories
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Dell Start Page
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Reso...s.10.6.0.4.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/R...hotoOnline.cab
O16 - DPF: {C6D25826-96AE-462F-A852-BB33B882B723} (SFImageUpload1_4.ImageUpload) - http://duanereade.storefront.com/ima...eUpload1_4.CAB
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47...familyfeud.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/di...h.1.0.0.93.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe


Can anyone help??

Thanks!
Last edited by MissyDancer88; 08-07-2009 at 04:35 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 08-07-2009, 03:21 AM
jephree's Avatar
¨*·.¸ «.·°·..·°·.» ¸.·*¨
  
Join Date: Jun 2004
Posts: 25,326
jephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniture
Re: links redirected to ads
Welcome to D-A-L.

First off your version of HJT is outdated.

Please read this post and post a new HJT log after following the suggestions.

Read This First - IMPORTANT Instructions

Afterwords one of our HJT Pros will address your log.


Thanks.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 08-07-2009, 03:26 AM
Newbie
D-A-L Newbie
  
Join Date: Jul 2009
Posts: 5
MissyDancer88 is a jewel in the roughMissyDancer88 is a jewel in the roughMissyDancer88 is a jewel in the roughMissyDancer88 is a jewel in the rough
Re: links redirected to ads
Sorry about that. Here's the log from the new version

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:06 PM, on 7/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Start Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell UK: Laptops, Desktop Computers, Monitors, Printers & PC Accessories
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Dell UK: Laptops, Desktop Computers, Monitors, Printers & PC Accessories
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Dell Start Page
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Reso...s.10.6.0.4.cab
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.webshots.com/html/atx/wsaxcontrol.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.riteaid.com/control/R...hotoOnline.cab
O16 - DPF: {C6D25826-96AE-462F-A852-BB33B882B723} (SFImageUpload1_4.ImageUpload) - http://duanereade.storefront.com/ima...eUpload1_4.CAB
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47...familyfeud.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/di...h.1.0.0.93.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 8694 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 08-07-2009, 03:30 AM
jephree's Avatar
¨*·.¸ «.·°·..·°·.» ¸.·*¨
  
Join Date: Jun 2004
Posts: 25,326
jephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniturejephree is beginning to become part of the furniture
Re: links redirected to ads
No problem. Thanks for the update.

One of our readers will be with you ASAP.

We have 3 trained professionals that are only allowed to review these logs.

I am not one.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 08-07-2009, 06:07 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: links redirected to ads
Visit this page below to familiarize yourself to the tool below and download from one of the links provided.

A guide and tutorial on using ComboFix




If you have previously downloaded ComboFix,please delete that version now.



It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Please do not re-connect your machine back to the Internet until Combofix has completely finished.

Disable your antivirus program and any realtime malware scanners and script blockers now


How To Disable



Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix's window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Re-enable your anti-virus and re-connect back to the internet and post the combofix log.



*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

ComboFix SHOULD NOT be used unless requested by a forum helper.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 09-07-2009, 02:47 AM
Newbie
D-A-L Newbie
  
Join Date: Jul 2009
Posts: 5
MissyDancer88 is a jewel in the roughMissyDancer88 is a jewel in the roughMissyDancer88 is a jewel in the roughMissyDancer88 is a jewel in the rough
Re: links redirected to ads
Ran combofix. Here's the log:

ComboFix 09-07-08.04 - Anna Cardozo 07/08/2009 21:37.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.594 [GMT -4:00]
Running from: c:\documents and settings\Anna Cardozo\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\SKYNETmgxwjmpa.sys
c:\windows\system32\Ijl11.dll
c:\windows\system32\SKYNETdrkuytuf.dll
c:\windows\system32\SKYNETeyobsstb.dll
c:\windows\system32\SKYNETopplkvlf.dat
c:\windows\system32\SKYNETpdajxibm.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETkdvbrcbw


((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.

2009-07-08 02:26 . 2009-07-08 02:26 -------- d-----w- c:\program files\Trend Micro
2009-07-08 01:48 . 2009-07-08 01:48 23 --sha-w- c:\windows\system32\edacded0.dat
2009-07-08 01:48 . 2009-07-08 01:48 -------- d-----w- c:\program files\jv16 PowerTools 2009
2009-07-08 01:29 . 2009-07-08 01:35 -------- d-----w- C:\fixwareout
2009-07-08 01:12 . 2009-07-08 01:12 -------- d-----w- c:\documents and settings\Anna Cardozo\Application Data\Malwarebytes
2009-07-08 00:50 . 2009-07-08 00:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-08 00:50 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-08 00:50 . 2009-07-08 00:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-07 16:41 . 2009-07-07 16:40 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-07-07 16:41 . 2009-07-08 12:45 -------- dc----w- c:\windows\system32\DRVSTORE
2009-07-07 16:41 . 2009-07-07 16:41 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-07 16:41 . 2009-07-07 16:41 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-07 16:41 . 2009-07-07 16:41 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-07-07 16:41 . 2009-07-07 16:41 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-07 16:41 . 2009-07-07 16:41 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-07 16:41 . 2009-07-07 16:41 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-07 16:41 . 2009-07-07 16:41 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-07 16:40 . 2009-07-07 16:40 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-07 16:40 . 2009-07-07 16:40 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-07 16:40 . 2009-07-07 16:40 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-07 16:40 . 2009-07-07 16:40 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-07-07 16:40 . 2009-07-07 16:40 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-07 16:40 . 2009-07-07 16:40 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-07 16:40 . 2009-07-07 16:40 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-07 16:40 . 2009-07-07 16:40 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-07 16:40 . 2009-07-07 16:40 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-07 16:40 . 2009-07-07 16:40 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-07 16:40 . 2009-07-07 16:40 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-07 16:40 . 2009-07-07 16:40 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-07 16:19 . 2009-07-07 16:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-07 16:19 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-07-07 16:19 . 2009-07-07 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-07 16:19 . 2009-07-07 16:19 -------- d-----w- c:\program files\Lavasoft
2009-07-07 15:57 . 2009-06-14 20:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-02 13:25 . 2009-06-29 12:27 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-02 13:24 . 2009-06-29 12:27 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-02 13:24 . 2009-06-29 12:27 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-02 13:24 . 2009-06-29 12:26 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-02 13:24 . 2009-06-29 12:26 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-29 20:56 . 2009-06-29 20:56 -------- d-----w- c:\documents and settings\Anna Cardozo\Local Settings\Application Data\AVG Security Toolbar
2009-06-29 12:27 . 2009-06-29 12:27 832144 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-29 12:27 . 2009-07-07 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-29 12:27 . 2009-06-29 12:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-23 21:47 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Anna Cardozo\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-06-23 21:47 . 2009-06-23 21:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-23 21:46 . 2009-06-23 21:46 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-06-23 21:46 . 2009-07-07 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-23 21:46 . 2009-07-07 16:47 -------- d-----w- c:\program files\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-08 02:00 . 2006-09-04 18:42 65584 ----a-w- c:\documents and settings\Anna Cardozo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-08 01:55 . 2007-01-28 23:16 -------- d-----w- c:\program files\Finale NotePad 2007
2009-07-08 00:50 . 2009-07-08 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-07 23:55 . 2006-08-12 14:23 -------- d-----w- c:\program files\WildTangent
2009-07-07 16:41 . 2009-07-07 23:53 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-07 16:13 . 2006-08-12 14:20 -------- d-----w- c:\documents and settings\All Users\Application Data\GTek
2009-07-07 16:12 . 2006-08-12 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-07 16:11 . 2006-08-12 14:16 -------- d-----w- c:\program files\Dell
2009-07-07 16:10 . 2006-08-12 14:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-07 16:06 . 2007-02-10 18:43 -------- d-----w- c:\program files\IrfanView
2009-07-07 16:01 . 2006-08-12 14:16 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-07-07 15:58 . 2007-05-15 02:42 -------- d-----w- c:\program files\AOL Pictures
2009-07-07 15:58 . 2006-08-12 14:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-07-07 15:58 . 2006-08-12 14:18 -------- d-----w- c:\program files\Common Files\AOL
2009-07-07 15:57 . 2006-08-12 14:18 -------- d-----w- c:\program files\Common Files\aolshare
2009-07-02 13:24 . 2009-05-11 15:03 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 12:27 . 2009-05-11 15:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-29 12:27 . 2009-05-11 15:02 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-24 14:16 . 2006-09-03 23:22 -------- d-----w- c:\program files\Lexmark 1200 Series
2009-06-23 21:55 . 2006-09-13 23:38 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-17 15:27 . 2009-07-08 00:50 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-02 15:46 . 2009-05-11 15:02 -------- d-----w- c:\documents and settings\Anna Cardozo\Application Data\AVGTOOLBAR
2009-05-11 15:02 . 2009-05-11 15:02 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-11 15:02 . 2009-05-11 15:02 -------- d-----w- c:\program files\AVG
2009-05-11 15:02 . 2009-05-11 15:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-07 15:44 . 2004-08-10 16:51 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:31 . 2004-08-10 16:51 668160 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2004-08-10 16:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2004-08-10 16:51 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-10 16:51 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2007-11-23 22:20 . 2007-11-23 22:20 774144 ----a-w- c:\program files\RngInterstitial.dll
2008-08-03 15:10 . 2006-09-04 18:42 88 --sh--r- c:\windows\system32\80144F8BF4.sys
2008-08-03 15:10 . 2006-09-04 18:42 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 20:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-29 1948440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-07 520024]

c:\documents and settings\Anna Cardozo\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Ulead Photo Express 4.0 SE Calendar Checker .lnk - c:\program files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2007-6-26 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-29 12:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/7/2009 12:41 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/11/2009 11:03 AM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/11/2009 11:02 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/11/2009 11:02 AM 298776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-07-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 16:40]

2009-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 22:13]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: {C6D25826-96AE-462F-A852-BB33B882B723} - hxxp://duanereade.storefront.com/images/global/activex/SFImageUpload1_4.CAB
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
FF - ProfilePath - c:\documents and settings\Anna Cardozo\Application Data\Mozilla\Firefox\Profiles\yar1uksa.default\
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\compone nts\xpavgtbapi.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dl l
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-08 21:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2009-07-09 21:45
ComboFix-quarantined-files.txt 2009-07-09 01:45

Pre-Run: 98,138,804,224 bytes free
Post-Run: 98,727,755,776 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect

212 --- E O F --- 2009-07-08 07:00
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 09-07-2009, 02:49 AM
Newbie
D-A-L Newbie
  
Join Date: Jul 2009
Posts: 5
MissyDancer88 is a jewel in the roughMissyDancer88 is a jewel in the roughMissyDancer88 is a jewel in the roughMissyDancer88 is a jewel in the rough
Re: links redirected to ads
It appears to be working fine now. Is there anything else I need to do?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 09-07-2009, 05:30 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: links redirected to ads
Let's check this out:


Go to next site:
VirusTotal - Free Online Virus and Malware Scan
On top you'll find 'Browse'
Click the browse button and browse to next file:



c:\windows\system32\80144F8BF4.sys


Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.


If that one is to busy here is another option:


Jotti's malware scan

And

Virus File Scanner


Thanks.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 09-07-2009, 09:57 PM
Newbie
D-A-L Newbie
  
Join Date: Jul 2009
Posts: 5
MissyDancer88 is a jewel in the roughMissyDancer88 is a jewel in the roughMissyDancer88 is a jewel in the roughMissyDancer88 is a jewel in the rough
Re: links redirected to ads
Sorry... that file doesn't seem to be on my computer anymore. It didn't show up in the Browse, its not in the folder on my computer and it doesn't come up in a Search.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 10-07-2009, 07:56 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: links redirected to ads
Go here to learn how to show hidden files/folders:

http://www.microsoft.com/windowsxp/u...ddenfiles.mspx

Re-hide after we are done

Then try again please.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Last edited by Neal; 10-07-2009 at 08:03 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Links Redirected! Help Please! sarahhh92 Spyware, Adware, Viruses and HijackThis Logs 1 30-08-2009 08:08 PM
Google links redirected randomnation Spyware, Adware, Viruses and HijackThis Logs 1 30-03-2009 01:28 AM
Links in Explore keep getting redirected and..... Aboyd15 Windows XP Help 1 13-03-2009 04:57 PM
Google links being redirected. shorty1974 Spyware, Adware, Viruses and HijackThis Logs 2 10-01-2009 07:05 PM
Google links are being redirected eirwynnt Spyware, Adware, Viruses and HijackThis Logs 7 29-07-2008 11:31 AM


All times are GMT +1. The time now is 04:38 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav