Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » [Resolved] Browser Hijack Google Redirecting Links (Log File Included)

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

[Resolved] Browser Hijack Google Redirecting Links (Log File Included)

Reply
Page 1 of 3 1 23
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 20-08-2009, 05:04 AM
Newbie
D-A-L Newbie
  
Join Date: Aug 2009
Posts: 16
awtryau89 Is a beginner here at D-A-L
[Resolved] Browser Hijack Google Redirecting Links (Log File Included)
Usually been pretty good at this but my subscription ran out and I picked up something I can root out. Google search links are redirecting. Spybot is blocking the pages but its still annoying.

Here is the HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:33 AM, on 8/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe
C:\Program Files\SafeBoot\SbClientManager.exe
C:\Program Files\Symantec\PCAnywhere\host\awhost32.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateServic e.exe
C:\WINDOWS\system32\lxducoms.exe
c:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\CM Remote Client\CSIRemoteCSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.ex e
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Centra\Client\bin\centraSystray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HERSHEY'S Chocolate: Home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HERSHEY'S Chocolate: Home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by The Hershey Company
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://ssposeidon01.hersheys.com:808...d_pac_base.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = dfg
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\ swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Centra Launcher] C:\Program Files\Centra\Client\bin\centraSystray.exe /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.hersheys.com/
O15 - Trusted Zone: HERSHEY'S Chocolate: Home
O15 - Trusted Zone: http://*.homepage
O15 - Trusted Zone: http://hersheys.msa.com
O15 - Trusted Zone: http://eac.schwab.com
O15 - Trusted Zone: http://*.schwab.com
O15 - Trusted Zone: http://*.thetalentmix.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: HERSHEY'S Chocolate: Home (HKLM)
O15 - Trusted Zone: http://*.homepage (HKLM)
O15 - Trusted Zone: http://hersheys.msa.com (HKLM)
O15 - Trusted Zone: http://eac.schwab.com (HKLM)
O15 - Trusted Zone: http://*.schwab.com (HKLM)
O15 - Trusted Zone: http://*.thetalentmix.com (HKLM)
O15 - Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted Zone: http://*.hersheys.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://*.hersheys.com (HKLM)
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} (RIM AxLoader) - http://mobileapps.blackberry.com/dev...e/AxLoader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hersheys.com
O17 - HKLM\Software\..\Telephony: DomainName = hersheys.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hersheys.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = hersheys.com
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\PCAnywhere\host\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CM Remote Client (CSIRemoteC) - Configuresoft, Inc. - C:\Program Files\CM Remote Client\CSIRemoteCSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.ex e
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateServic e.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduse rv.exe
O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe
O23 - Service: OracleOracle_817ClientCache - Unknown owner - C:\Oracle\Ora817\BIN\ONRSD.EXE
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SafeBoot Client Manager (SafeBootClientManager) - SafeBoot International - C:\Program Files\SafeBoot\SbClientManager.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11367 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 20-08-2009, 05:06 AM
Newbie
D-A-L Newbie
  
Join Date: Aug 2009
Posts: 16
awtryau89 Is a beginner here at D-A-L
re: [Resolved] Browser Hijack Google Redirecting Links (Log File Included)
Here is the uninstall Manager List:

32BitDownloader_Dnldupdt
ABBYY FineReader 6.0 Sprint
Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe LiveCycle Designer 8.0
Adobe Reader 9.1.2
Adobe Shockwave Player
BlackBerry Desktop Software 5.0
BlackBerry Desktop Software 5.0
BlackBerry Device Software v4.6.1 for the BlackBerry 8900 smartphone
Centra
Centra Client
Cisco Systems VPN Client 5.0.00.0340
Citrix ICA Web Client
CM Remote Client
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
CrackMem
CrackUtil
Dell Touchpad
Dell Wireless WLAN Card Utility
EXTRA! Personal Client 32-bit
Google Calendar Sync
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
HSY - Org Publisher 7.1
IDT Audio
Integrated Webcam Driver (1.02.02.0603)
Intel(R) Graphics Media Accelerator Driver
iPassConnect
IXOS-eCON Clients
Java 2 Runtime Environment Standard Edition v1.3.1_11
Java 2 SDK Standard Edition v1.3.1_11
Java(TM) 6 Update 2
Lexmark 5600-6600 Series
Lexmark Printable Web
LiveUpdate 3.0 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft Office Visio Viewer 2003 (English)
Microsoft redistributable runtime DLLs VS2005 SP1(x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.2)
MSXML 4.0 SP2 (KB954430)
MSXML4.0 redistributable
Naviextras Toolbox
Naviextras Toolbox Prerequesities
ODBC2
OneTouch 5.1 Client
PC Configurator
PowerDVD
PrintKey2000
Progressive Labs CA-6X
Progressive Labs CA-6X (C:\Program Files\CA-6X\)
RDC
RICOH R5C83x/84x Media Driver Ver.3.53.02
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
SAP Business Explorer
SAP GUI 7.10
SAP Mobile Engine SP2(T)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Siebel eBusiness Applications Client in c:/siebel2000
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
SpywareBlaster 4.2
Symantec Client Security
Symantec Enterprise Vault HTTP-only Outlook Add-In
Symantec pcAnywhere
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Video Notification
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WIMGAPI
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinZip 11.2
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 21-08-2009, 02:09 AM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,264
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
re: [Resolved] Browser Hijack Google Redirecting Links (Log File Included)
What subscription did expire? Norton?
Are you planning to renew, or are you looking for some new protection?
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 21-08-2009, 02:42 AM
Newbie
D-A-L Newbie
  
Join Date: Aug 2009
Posts: 16
awtryau89 Is a beginner here at D-A-L
re: [Resolved] Browser Hijack Google Redirecting Links (Log File Included)
Quote:
Originally Posted by broni View Post
What subscription did expire? Norton?
Are you planning to renew, or are you looking for some new protection?
Looking to find out what has hijacked my browser and delete it. Not sure if I should just purchase protection or if someone on here could help and show me what to delete. Thanks.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 21-08-2009, 02:55 AM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,264
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
re: [Resolved] Browser Hijack Google Redirecting Links (Log File Included)
Well, you have to have some CURRENT, ACTIVE protection, to start with.
You didn't answer my question about what has expired, and what are your plans.
We can't start any cleaning, if you don't have any active AV program.
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 21-08-2009, 03:17 AM
Newbie
D-A-L Newbie
  
Join Date: Aug 2009
Posts: 16
awtryau89 Is a beginner here at D-A-L
re: [Resolved] Browser Hijack Google Redirecting Links (Log File Included)
Quote:
Originally Posted by broni View Post
Well, you have to have some CURRENT, ACTIVE protection, to start with.
You didn't answer my question about what has expired, and what are your plans.
We can't start any cleaning, if you don't have any active AV program.
Sorry about that. I have current protection from Symantec Antivirus. This is provided to me from my company. In the past I have Trend Micro and it expired a while back.

I didn't mean to be confusing. I have usually been good about not getting any of these viruses in the past. I just need help in getting this stuff rooted out. I can send the computer back to my home office to get this fixed but it takes too long. I am in field sales and cannot be without the computer as i have meetings all next week. Thanks for any help.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 21-08-2009, 03:19 AM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,264
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
re: [Resolved] Browser Hijack Google Redirecting Links (Log File Included)
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    NOTE. If Combofix asks you to install Recovery Console, please allow it.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 21-08-2009, 04:40 AM
Newbie
D-A-L Newbie
  
Join Date: Aug 2009
Posts: 16
awtryau89 Is a beginner here at D-A-L
re: [Resolved] Browser Hijack Google Redirecting Links (Log File Included)
One issue may have come up. I could not disable my Symantec. My company has it locked out on me somehow. If this caused an issue, let me know.

Here is the Combo Fix Log:

ComboFix 09-08-20.02 - HFEWA001 08/20/2009 23:19.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3536.2885 [GMT -4:00]
Running from: c:\documents and settings\hfewa001\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Do wnloader\qmgr0.dat
c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Do wnloader\qmgr1.dat
c:\recycler\S-1-5-21-1220945662-682003330-725345543-500
c:\windows\Installer\914777.msi
c:\windows\run.log
c:\windows\system32\drivers\kbiwkmqiropisy.sys
c:\windows\system32\kbiwkmbbmqppbp.dat
c:\windows\system32\kbiwkmmmqjnvow.dll
c:\windows\system32\kbiwkmqrcqkexa.dll
c:\windows\system32\kbiwkmscbkyeqy.dat
c:\windows\system32\kbiwkmtyuuhjon.dat

----- BITS: Possible infected sites -----

hxxp://DCSMS03.HERSHEYS.COM:80
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kbiwkmeshlkows


((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
.

2009-08-20 03:27 . 2009-08-20 03:27 -------- d-----w- c:\program files\Trend Micro
2009-08-19 19:35 . 2009-08-19 19:35 -------- d-----w- c:\documents and settings\hfewa001\Application Data\Malwarebytes
2009-08-19 19:35 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-19 19:35 . 2009-08-19 19:35 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-08-19 19:35 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-19 19:35 . 2009-08-19 19:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-19 17:26 . 2009-08-21 03:05 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-08-19 17:26 . 2009-08-20 03:40 -------- d-----w- c:\program files\SpywareBlaster
2009-08-19 15:47 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-19 14:31 . 2009-08-19 16:04 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-08-19 14:31 . 2009-08-19 15:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-19 14:21 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-19 14:20 . 2009-08-19 14:20 -------- dc-h--w- c:\docume~1\ALLUSE~1\APPLIC~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-19 14:20 . 2009-08-19 14:20 -------- d-----w- c:\program files\Lavasoft
2009-08-19 14:20 . 2009-08-19 14:20 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-08-19 13:02 . 2009-08-19 13:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-08-19 12:01 . 2009-08-19 12:01 -------- d-----w- C:\spoolerlogs
2009-08-18 20:29 . 2003-07-16 14:27 43264 ----a-r- c:\windows\system32\drivers\ser2pl.sys
2009-08-12 17:29 . 2009-08-12 17:30 -------- d-----w- C:\android-sdk-windows-1.5_r2
2009-08-12 12:10 . 2009-08-12 12:10 -------- d-----w- c:\program files\Enterprise Vault
2009-08-09 15:52 . 2009-08-09 15:53 -------- d-----w- c:\program files\Java
2009-08-09 15:52 . 2009-08-09 15:52 -------- d-----w- c:\program files\Common Files\Java
2009-08-04 03:25 . 2009-08-04 03:25 0 ----a-w- c:\windows\nsreg.dat
2009-08-04 03:25 . 2009-08-04 03:25 -------- d-----w- c:\documents and settings\hfewa001\Local Settings\Application Data\Mozilla
2009-07-28 15:16 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-07-28 01:51 . 2009-07-28 02:54 -------- d-----w- c:\documents and settings\hfewa001\Application Data\Naviextras
2009-07-28 01:50 . 2009-07-28 01:50 -------- d-----w- c:\program files\Naviextras

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-08-21 03:26 . 2009-01-24 18:39 40 ----a-w- c:\windows\system32\profile.dat
2009-08-20 19:53 . 2009-01-27 17:19 256 ----a-w- c:\windows\system32\pool.bin
2009-08-20 19:13 . 2009-02-19 03:43 -------- d-----w- c:\program files\CrackUtil
2009-08-17 12:48 . 2009-01-24 18:33 -------- d-----w- c:\program files\SAPMobileEngine
2009-08-12 17:35 . 2009-08-12 17:35 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_androidusb _01005.Wdf
2009-08-12 12:45 . 2009-01-24 18:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-21 17:57 . 2009-01-27 18:48 71384 -c--a-w- c:\documents and settings\hfewa001\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-21 17:04 . 2009-07-21 13:03 -------- d-----w- c:\program files\CM Remote Client
2009-07-18 03:41 . 2009-06-26 02:31 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-07-13 16:05 . 2009-07-13 16:05 36960402 ----a-w- c:\documents and settings\All Users\SPL32E6.tmp
2009-06-27 02:40 . 2009-06-27 02:40 -------- d-----w- c:\documents and settings\hfewa001\Application Data\Research In Motion
2009-06-26 16:50 . 2008-09-11 15:12 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2009-03-01 16:46 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-26 02:33 . 2009-06-26 02:33 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-26 02:30 . 2009-06-26 02:30 -------- d-----w- c:\program files\Research In Motion
2009-06-24 13:42 . 2008-12-30 19:37 -------- d-----w- c:\program files\IDT
2009-06-24 13:42 . 2009-05-18 18:03 -------- d-----w- c:\program files\Common Files\InstallShield_Old1
2009-06-16 14:36 . 2008-09-11 15:12 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2008-09-11 15:12 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:09 . 2008-09-11 15:12 1291264 ----a-w- c:\windows\system32\quartz.dll
2007-12-11 13:55 . 2008-09-11 19:04 626688 -c--a-w- c:\program files\Common Files\sapconsaccess.dll
2007-12-11 13:55 . 2008-09-11 19:04 3125248 -c--a-w- c:\program files\Common Files\sapxlhelper.dll
2007-12-11 13:55 . 2008-09-11 19:04 192512 -c--a-w- c:\program files\Common Files\sapconsr3.dll
2007-12-11 13:55 . 2008-09-11 19:04 1229312 -c--a-w- c:\program files\Common Files\SAPActiveXL_nosig.xlt
2007-12-11 13:55 . 2008-09-11 19:04 40960 -c--a-w- c:\program files\Common Files\DigitalSignature.ocx
2007-12-11 13:55 . 2008-09-11 19:04 1167872 -c--a-w- c:\program files\Common Files\SAPActiveXL.xlt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-03-21 39408]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"Centra Launcher"="c:\program files\Centra\Client\bin\centraSystray.exe" [2008-09-12 249856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]
Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2008-9-11 869376]
VPN Client.lnk - c:\windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-12-30 6144]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-4-28 415072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoHardwareTab"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)
"NoAutoUpdate"= 0 (0x0)
"NoManageMyComputerVerb"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2001-11-02 15:50 24636 ----a-w- c:\windows\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\group policy\state\S-1-5-21-2098403209-122039945-746205981-10118\Scripts\Logon\0\0]
"Script"=AVCheck.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxducoms.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/19/2009 10:21 AM 64160]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\Safe Boot.sys [2/22/2008 12:56 PM 101647]
R0 SBAlg;SBAlg;c:\windows\system32\drivers\SbAlg.sys [7/16/2007 1:32 PM 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFs Lock.sys [2/22/2008 12:57 PM 6272]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\RsvLoc k.sys [2/22/2008 12:57 PM 5840]
R1 SbFlop;SbFlop;c:\windows\system32\drivers\SbFlop.s ys [2/22/2008 12:57 PM 34000]
R1 SbPrcCtl;SbPrcCtl;c:\windows\system32\drivers\SbPr cCtl.sys [2/22/2008 12:57 PM 14960]
R2 CSIRemoteC;CM Remote Client;c:\program files\CM Remote Client\CSIRemoteCSvc.exe [5/26/2009 1:12 PM 102400]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxduco ms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 SafeBootClientManager;SafeBoot Client Manager;c:\program files\SafeBoot\SbClientManager.exe [2/22/2008 12:58 PM 356352]
R2 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [6/15/2006 2:40 AM 115952]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [12/30/2008 3:37 PM 112512]
R3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [5/14/2009 6:21 PM 25728]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [12/30/2008 5:34 PM 32808]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [12/30/2008 5:34 PM 244368]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [12/30/2008 3:44 PM 110080]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [12/30/2008 5:34 PM 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [12/30/2008 5:34 PM 277504]
S2 lxduCATSCustConnectService;lxduCATSCustConnectServ ice;c:\windows\system32\spool\drivers\w32x86\3\lxd userv.exe [1/27/2009 1:30 PM 98984]
S3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [12/30/2008 5:34 PM 148056]
S3 OracleOracle_817ClientCache;OracleOracle_817Client Cache;c:\oracle\Ora817\bin\ONRSD.EXE [12/15/2001 2:48 AM 450220]
S3 seqcal;seqcal;c:\windows\system32\drivers\seqcal.s ys [1/31/2009 9:09 PM 44344]

--- Other Services/Drivers In Memory ---

*Deregistered* - EraserUtilDrv10910
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://home.hersheys.com/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = dfg
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: hersheys.com
Trusted Zone: hersheys.com\homepage
Trusted Zone: hersheys.com\sp
Trusted Zone: homepage
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\oca
Trusted Zone: msa.com\hersheys
Trusted Zone: schwab.com
Trusted Zone: schwab.com\eac
Trusted Zone: thetalentmix.com
Trusted Zone: windowsupdate.com
Trusted Zone: WORKS.COM \PAYMENT2
Trusted Zone: hersheys.com
Trusted Zone: hersheys.com\homepage
Trusted Zone: hersheys.com\sp
Trusted Zone: homepage
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\oca
Trusted Zone: msa.com\hersheys
Trusted Zone: schwab.com
Trusted Zone: schwab.com\eac
Trusted Zone: thetalentmix.com
Trusted Zone: windowsupdate.com
Trusted Zone: WORKS.COM \PAYMENT2
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\docume~1\hfewa001\APPLIC~1\Mozilla\Firefox\Prof iles\vfiw99pl.default\
FF - prefs.js: browser.startup.homepage - hxxp://home.hersheys.com/
FF - prefs.js: network.proxy.ftp - dfg
FF - prefs.js: network.proxy.gopher - dfg
FF - prefs.js: network.proxy.http - dfg
FF - prefs.js: network.proxy.socks - dfg
FF - prefs.js: network.proxy.ssl - dfg
FF - prefs.js: network.proxy.type - 2

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_sett ing", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-20 23:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\k biwkmeshlkows]
"imagepath"="\systemroot\system32\drivers\kbiwkmqi ropisy.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\ DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00 ,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00 ,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\k biwkmeshlkows]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\driver s\\kbiwkmqiropisy.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1420)
c:\windows\system32\awgina.dll

- - - - - - - > 'explorer.exe'(3980)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\IDT\DellXPM09B_6159v043\WDM\stacsv.exe
c:\windows\system32\scardsvr.exe
c:\program files\Symantec\PCAnywhere\host\awhost32.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\program files\iPass\iPassConnect\iPassPeriodicUpdateServic e.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\windows\system32\lxducoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\windows\system32\CCM\CcmExec.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPass\iPassConnect\iPassPeriodicUpdateApp.ex e
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\msiexec.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
************************************************** ************************
.
Completion time: 2009-08-21 23:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-21 03:35

Pre-Run: 34,262,224,896 bytes free
Post-Run: 34,532,454,400 bytes free

323
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 21-08-2009, 04:43 AM
Newbie
D-A-L Newbie
  
Join Date: Aug 2009
Posts: 16
awtryau89 Is a beginner here at D-A-L
re: [Resolved] Browser Hijack Google Redirecting Links (Log File Included)
And here is the HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:48 PM, on 8/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe
C:\Program Files\SafeBoot\SbClientManager.exe
C:\Program Files\Symantec\PCAnywhere\host\awhost32.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateServic e.exe
C:\WINDOWS\system32\lxducoms.exe
c:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\CM Remote Client\CSIRemoteCSvc.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.ex e
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Centra\Client\bin\centraSystray.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HERSHEY'S Chocolate: Home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = dfg
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\ swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Centra Launcher] C:\Program Files\Centra\Client\bin\centraSystray.exe /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.hersheys.com/
O15 - Trusted Zone: HERSHEY'S Chocolate: Home
O15 - Trusted Zone: http://*.homepage
O15 - Trusted Zone: http://hersheys.msa.com
O15 - Trusted Zone: http://eac.schwab.com
O15 - Trusted Zone: http://*.schwab.com
O15 - Trusted Zone: http://*.thetalentmix.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: HERSHEY'S Chocolate: Home (HKLM)
O15 - Trusted Zone: http://*.homepage (HKLM)
O15 - Trusted Zone: http://hersheys.msa.com (HKLM)
O15 - Trusted Zone: http://eac.schwab.com (HKLM)
O15 - Trusted Zone: http://*.schwab.com (HKLM)
O15 - Trusted Zone: http://*.thetalentmix.com (HKLM)
O15 - Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted Zone: http://*.hersheys.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://*.hersheys.com (HKLM)
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} (RIM AxLoader) - http://mobileapps.blackberry.com/dev...e/AxLoader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hersheys.com
O17 - HKLM\Software\..\Telephony: DomainName = hersheys.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hersheys.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = hersheys.com
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\PCAnywhere\host\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CM Remote Client (CSIRemoteC) - Configuresoft, Inc. - C:\Program Files\CM Remote Client\CSIRemoteCSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.ex e
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateServic e.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxduCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxduse rv.exe
O23 - Service: lxdu_device - - C:\WINDOWS\system32\lxducoms.exe
O23 - Service: OracleOracle_817ClientCache - Unknown owner - C:\Oracle\Ora817\BIN\ONRSD.EXE
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SafeBoot Client Manager (SafeBootClientManager) - SafeBoot International - C:\Program Files\SafeBoot\SbClientManager.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\dellxpm09b_6159v043\wdm\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11270 bytes
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 21-08-2009, 04:54 AM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,264
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
re: [Resolved] Browser Hijack Google Redirecting Links (Log File Included)
Is this company computer, or yours?


1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.


2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\documents and settings\All Users\SPL32E6.tmp


Folder::

Driver::

Registry::

RegLockDel::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbiwkmeshlkows]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 1 of 3 1 23

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[Active] redirecting links Google Please HELP bal Spyware, Adware, Viruses and HijackThis Logs 23 13-06-2009 05:08 PM
Google Links Redirecting(RESOLVED) Stone Spyware, Adware, Viruses and HijackThis Logs 8 20-05-2009 08:21 PM
Browser hijack-HJT log included. richardschuster Windows 2000 Help 1 13-05-2005 02:11 PM
Hijacked Browser (Go Away, Google!)--Hijack This Log Included homeuzr Spyware, Adware, Viruses and HijackThis Logs 5 12-04-2005 11:00 PM
Links Freeze...Hijack Log included LiLaZnGUy Spyware, Adware, Viruses and HijackThis Logs 3 08-04-2005 04:18 PM


All times are GMT +1. The time now is 06:04 AM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav