# Keep Getting Redirected from Google



## elmateo (Jul 29, 2007)

Recently every time I click a link in google I get redirected to an outside page or search engine. It is soo annoying so would be grateful for some help.

Here is the log file
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:29:03, on 29/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe
C:\Program Files\Belkin\Belkin 54Mbps Wireless Utility\TOOL\OpenXpAuto.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ASHAMPOO\ASHAMP~1\bin\DEFRAG~3.EXE
C:\PROGRA~1\ASHAMPOO\ASHAMP~1\bin\defragActivityMonitor.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\JZ9U7GY2\HiJackThis_v2[1].exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [XpDis0Conf] C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70011799 /d
O4 - HKLM\..\Run: [XpOpenAuto] "C:\Program Files\Belkin\Belkin 54Mbps Wireless Utility\TOOL\OpenXpAuto.exe" VEN_14E4&DEV_4320&SUBSYS_70011799
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [RunCanonMsetUp] C:\DOCUME~1\Matt\LOCALS~1\Temp\MasterReboot\CANON_IJ\MCDCHK2.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigital.com/HMV.Digi...ages/System/Secure/HMV.Digital.Downloader.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129286014281
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AC1B32E1-9638-434D-8F6C-65CBBE444C1A} (ISVFlashIE Control) - http://download.isvinternet.com/public/htmlwrapper/assemblysoft.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.telewest.co.uk/motive/files/MotivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{008A55E6-98A0-4459-8761-152B0C71A13C}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CCS\Services\Tcpip\..\{03752D13-FD92-4CDE-BAB3-5240CE4498AC}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{16E5AEFA-69DC-49A7-9004-304A290B7F4D}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{28D2C5E4-FA63-40ED-B37C-B8A397FC8273}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{29F4BA90-1D1A-41DB-9DC5-2F96318B6620}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D6414F7-00AF-4203-82D8-8A06EADA453F}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{357D6C5B-407E-4149-9022-8939A06E6BFC}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{3779BA7B-C3DD-4371-ACD8-CDA781EFB94E}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{44EDD17D-E7E5-4FEB-8BC8-70E7242CACC3}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{458C8358-AB2A-4110-9B8B-6289B369B3D2}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E6B6C0D-4A60-4B90-9DBC-1669A59C3494}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F92BF80-8518-42FB-92BB-0C9DBD1C9855}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{620535DF-6D64-4212-9722-5A6D6625087D}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{783C5883-1559-4C7D-9A8B-3D2D21633645}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F547665-16A9-4343-8350-BE2FC95225D2}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C9E30BA-3303-4F30-8ECE-83766B48C2A2}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CEB180C-DAFA-4EAB-B3BD-C221FC27F7DC}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7231D5B-08D5-43BD-8586-E408A1633F77}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB356490-EB73-48DA-B137-6B0BAC62359A}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC6A166A-5D63-417D-8EF7-9471A23A3828}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFAE18F7-6398-4AD1-BCC9-BFA40B6DA7BE}: NameServer = 85.255.116.170,85.255.112.213
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS1\Services\Tcpip\..\{008A55E6-98A0-4459-8761-152B0C71A13C}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS2\Services\Tcpip\..\{008A55E6-98A0-4459-8761-152B0C71A13C}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 15651 bytes


----------



## MFDnNC (Sep 7, 2004)

Please download *FixWareout* from one of these mirrors:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
http://downloads.subratam.org/Fixwareout.exe

_Note: You must have an active Internet connection when running this fix, in order to download the Brute Force Uninstaller (BFU)._

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log.

==================
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
·	It will ask if you want to update the program definitions, click Yes.
·	Under Configuration and Preferences, click the Preferences button.
·	Click the Scanning Control tab.
·	Under Scanner Options make sure the following are checked:
o	Close browsers before scanning
o	Scan for tracking cookies
o	Terminate memory threats before quarantining.
o	Please leave the others unchecked.
o	Click the Close button to leave the control center screen.
·	On the main screen, under Scan for Harmful Software click Scan your computer.
·	On the left check C:\Fixed Drive.
·	On the right, under Complete Scan, choose Perform Complete Scan.
·	Click Next to start the scan. Please be patient while it scans your computer.
·	After the scan is complete a summary box will appear. Click OK.
·	Make sure everything in the white box has a check next to it, then click Next.
·	It will quarantine what it found and if it asks if you want to reboot, click Yes.
·	To retrieve the removal information for me please do the following:
o	After reboot, double-click the SUPERAntispyware icon on your desktop.
o	Click Preferences. Click the Statistics/Logs tab.
o	Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o	It will open in your default text editor (such as Notepad/Wordpad).
o	Please highlight everything in the notepad, then right-click and choose copy.
·	Click close and close again to exit the program.
·	Please paste that information here for me *with a new HijackThis log*.

This will take some time!!!!!!!!


----------



## elmateo (Jul 29, 2007)

HERE ARE THE FIXWAREOUT REPORT AND THE NEW HIJACKTHIS REPORT AS REQUESTED. THE SUPER ANTISPYWARE REEPORT IS IN THE REPLY UNDERNEATH
THANKS FOR YOUR HELP

Username "Matt" - 2007-08-01 18:53:47 [Fixwareout edited 2007/07/05]

»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdwob.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{03752D13-FD92-4CDE-BAB3-5240CE4498AC} 
"nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{16E5AEFA-69DC-49A7-9004-304A290B7F4D} 
"nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{28D2C5E4-FA63-40ED-B37C-B8A397FC8273} 
"nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{29F4BA90-1D1A-41DB-9DC5-2F96318B6620} 
"nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2D6414F7-00AF-4203-82D8-8A06EADA453F} 
"nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{357D6C5B-407E-4149-9022-8939A06E6BFC} 
"nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{3779BA7B-C3DD-4371-ACD8-CDA781EFB94E} 
"nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{44EDD17D-E7E5-4FEB-8BC8-70E7242CACC3} 
"nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{458C8358-AB2A-4110-9B8B-6289B369B3D2} 
"nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4E6B6C0D-4A60-4B90-9DBC-1669A59C3494} 
"nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5F92BF80-8518-42FB-92BB-0C9DBD1C9855} 
"nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{620535DF-6D64-4212-9722-5A6D6625087D} 
"nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{783C5883-1559-4C7D-9A8B-3D2D21633645} 
"nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7F547665-16A9-4343-8350-BE2FC95225D2} 
"nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9C9E30BA-3303-4F30-8ECE-83766B48C2A2} 
"nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9CEB180C-DAFA-4EAB-B3BD-C221FC27F7DC} 
"nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D7231D5B-08D5-43BD-8586-E408A1633F77} 
"nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DB356490-EB73-48DA-B137-6B0BAC62359A} 
"nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DC6A166A-5D63-417D-8EF7-9471A23A3828} 
"nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{FFAE18F7-6398-4AD1-BCC9-BFA40B6DA7BE} 
"nameserver"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{008A55E6-98A0-4459-8761-152B0C71A13C}
"DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{03752D13-FD92-4CDE-BAB3-5240CE4498AC}
"DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{16E5AEFA-69DC-49A7-9004-304A290B7F4D}
"DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{28D2C5E4-FA63-40ED-B37C-B8A397FC8273}
"DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{29F4BA90-1D1A-41DB-9DC5-2F96318B6620}
"DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2D6414F7-00AF-4203-82D8-8A06EADA453F}
"DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{357D6C5B-407E-4149-9022-8939A06E6BFC}
"DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{3779BA7B-C3DD-4371-ACD8-CDA781EFB94E}
"DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{44EDD17D-E7E5-4FEB-8BC8-70E7242CACC3}
"DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{458C8358-AB2A-4110-9B8B-6289B369B3D2}
"DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4E6B6C0D-4A60-4B90-9DBC-1669A59C3494}
"DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5F92BF80-8518-42FB-92BB-0C9DBD1C9855}
"DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{620535DF-6D64-4212-9722-5A6D6625087D}
"DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{783C5883-1559-4C7D-9A8B-3D2D21633645}
"DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{7F547665-16A9-4343-8350-BE2FC95225D2}
"DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{8F909023-E7DE-4452-9FEE-C666949FC1B0}
"DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9C9E30BA-3303-4F30-8ECE-83766B48C2A2}
"DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9CEB180C-DAFA-4EAB-B3BD-C221FC27F7DC}
"DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D7231D5B-08D5-43BD-8586-E408A1633F77}
"DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{DC6A166A-5D63-417D-8EF7-9471A23A3828}
"DhcpNameServer"="85.255.116.170,85.255.112.213" <Value cleared.

Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.

»»»»» Postrun check 
HKLM\SOFTWARE\~\Winlogon\ "system"="" 
....
....
»»»»» Misc files. 
....
»»»»» Checking for older varients.
....
»»»»» Other
C:\WINDOWS\TEMP\kdwob.ren 63436 04/08/2004

»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"XpDis0Conf"="C:\\PROGRA~1\\Belkin\\BELKIN~1\\Tool\\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70011799 /d"
"XpOpenAuto"="\"C:\\Program Files\\Belkin\\Belkin 54Mbps Wireless Utility\\TOOL\\OpenXpAuto.exe\" VEN_14E4&DEV_4320&SUBSYS_70011799"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"DefragTaskBar"="\"C:\\Program Files\\Ashampoo\\Ashampoo Magical Defrag 2\\bin\\defragTaskBar.exe\""
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SoundMan"="SOUNDMAN.EXE"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"OpwareSE4"="\"C:\\Program Files\\ScanSoft\\OmniPageSE4.0\\OpwareSE4.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"WService"="WService.EXE"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"nwiz"="nwiz.exe /install"
"PCguardadvisor.exe"="\"C:\\Program Files\\blueyonder\\PCguard advisor\\PCguardadvisor.exe\""
"XpDis0Conf"="C:\\PROGRA~1\\Belkin\\BELKIN~1\\Tool\\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70011799 /d"
"XpOpenAuto"="\"C:\\Program Files\\Belkin\\Belkin 54Mbps Wireless Utility\\TOOL\\OpenXpAuto.exe\" VEN_14E4&DEV_4320&SUBSYS_70011799"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
"BTCLiveUpdate"="\"C:\\Program Files\\LiveUpdate\\LiveUpdate.exe\" /autostart"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

:up:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:09:22, on 02/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe
C:\Program Files\Belkin\Belkin 54Mbps Wireless Utility\TOOL\OpenXpAuto.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\Sitecom\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\FJVYCY33\HiJackThis[1].exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [XpDis0Conf] C:\PROGRA~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe VEN_14E4&DEV_4320&SUBSYS_70011799 /d
O4 - HKLM\..\Run: [XpOpenAuto] "C:\Program Files\Belkin\Belkin 54Mbps Wireless Utility\TOOL\OpenXpAuto.exe" VEN_14E4&DEV_4320&SUBSYS_70011799
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [DefragTaskBar] "C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigital.com/HMV.Digi...ages/System/Secure/HMV.Digital.Downloader.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129286014281
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AC1B32E1-9638-434D-8F6C-65CBBE444C1A} (ISVFlashIE Control) - http://download.isvinternet.com/public/htmlwrapper/assemblysoft.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.telewest.co.uk/motive/files/MotivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{008A55E6-98A0-4459-8761-152B0C71A13C}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS1\Services\Tcpip\..\{008A55E6-98A0-4459-8761-152B0C71A13C}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CS2\Services\Tcpip\..\{008A55E6-98A0-4459-8761-152B0C71A13C}: NameServer = 208.67.220.220,208.67.222.222 
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AshampooDefragService - - C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 12889 bytes

:up:


----------



## elmateo (Jul 29, 2007)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/02/2007 at 07:33 PM

Application Version : 3.9.1008

Core Rules Database Version : 3276
Trace Rules Database Version: 1287

Scan type : Custom Scan
Total Scan Time : 02:44:36

Memory items scanned : 374
Memory threats detected : 0
Registry items scanned : 7332
Registry threats detected : 2
File items scanned : 127355
File threats detected : 151

Adware.MyWay
HKU\S-1-5-21-4269025734-3394474572-595836222-1009\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{014DA6C9-189F-421A-88CD-07CFE51CFF10}

Adware.Tracking Cookie
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
C:\Documents and Settings\Matt\Cookies\[email protected][3].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][3].txt
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
C:\Documents and Settings\Matt\Cookies\[email protected][3].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][3].txt
C:\Documents and Settings\James\Cookies\[email protected][4].txt
C:\Documents and Settings\James\Cookies\[email protected][5].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][3].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][3].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][3].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][8].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected]www.teenswishes[2].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][1].txt
C:\Documents and Settings\James\Cookies\[email protected][2].txt
C:\Documents and Settings\David\Cookies\[email protected][2].txt
C:\Documents and Settings\David\Cookies\[email protected][1].txt
C:\Documents and Settings\David\Cookies\[email protected][2].txt
C:\Documents and Settings\David\Cookies\[email protected][1].txt
C:\Documents and Settings\David\Cookies\[email protected][3].txt
C:\Documents and Settings\David\Cookies\[email protected][2].txt
C:\Documents and Settings\David\Cookies\[email protected][3].txt
C:\Documents and Settings\David\Cookies\[email protected][2].txt
C:\Documents and Settings\David\Cookies\[email protected][2].txt
C:\Documents and Settings\David\Cookies\[email protected][2].txt
C:\Documents and Settings\David\Cookies\[email protected][1].txt
C:\Documents and Settings\David\Cookies\[email protected][2].txt
C:\Documents and Settings\David\Cookies\[email protected][2].txt
C:\Documents and Settings\David\Cookies\[email protected][1].txt
C:\Documents and Settings\David\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt
C:\Documents and Settings\Matt\Cookies\[email protected][1].txt
C:\Documents and Settings\Matt\Cookies\[email protected][2].txt

Trojan.Media-Codec
HKU\S-1-5-21-4269025734-3394474572-595836222-1009\Software\Internet Security

Trojan.Downloader-Fake/Codec
C:\WINDOWS\TEMP\KDWOB.REN
C:\SYSTEM VOLUME INFORMATION\_RESTORE{782AFE99-786B-4EB6-9DFC-A79B34D4AD95}\RP1777\A0364015.EXE


----------



## MFDnNC (Sep 7, 2004)

Sorry - HiJackThis is runing from a temp directory and must be moved to run correctly

*Click here* to download *HJTInstall.exe*

Save *HJTInstall.exe* to your desktop.
Doubleclick on the *HJTInstall.exe* icon on your desktop.
By default it will install to *C:\Program Files\Trend Micro\HijackThis* . 
Click on *Install*.
It will create a HijackThis icon on the desktop.
Once installed, it will launch *Hijackthis*.
Click on the *Do a system scan and save a logfile* button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT* have Hijackthis fix anything yet. Most of what it finds will be harmless or even required. 

How are thing snow, we have to clean up a little but need to know if things are OK


----------

