WiredWX Hobby Weather ToolsLog in

 


descriptionHi I need help. EmptyHi I need help.

more_horiz
The virus or malware I have redirects every search and blocks me opening malwarebytes or ad-aware.

Thank you
Lynn

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:29 PM, on 7/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\system32\wdfmgr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINNT\system32\wbem\unsecapp.exe
C:\WINNT\System32\alg.exe
C:\WINNT\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\mljones\LOCALS~1\Temp\Temporary Directory 1 for JavaRa[1].zip\JavaRa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_11\bin\javaw.exe
C:\Documents and Settings\mljones\Local Settings\Temporary Internet Files\Content.IE5\4TYBS5IF\winlogon[1].exe
C:\WINNT\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://merc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://merc/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://merc/
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\system32\twex.exe,
O1 - Hosts: 74.208.77.54 hcurltest1
O1 - Hosts: 82.165.161.232 hcurltest2
O1 - Hosts: 255.255.255.255 hcurltest5
O1 - Hosts: 255.255.255.255 vnsjs1.1stworks.com
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {14121D2A-AB83-4CA6-9310-C9D5685190F0} - (no file)
O2 - BHO: (no name) - {161FA7FE-5068-469F-9A7B-98E90144AB21} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {49D758EA-BD9F-4B5B-83BD-7B6B7DFD348A} - (no file)
O2 - BHO: (no name) - {71E8DC9A-AD5A-480E-86EA-6CC3AB231469} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: (no name) - {AF2A4EB5-111B-496D-8E34-543BFC4F22AD} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: (no name) - {BB4005AB-ECD0-48CF-9BF5-E9DC4B1DDF1C} - C:\WINNT\system32\mlJcArSi.dll
O2 - BHO: (no name) - {BF62A190-1276-4CD3-AF2D-974A95A8B1AB} - (no file)
O2 - BHO: (no name) - {D4F542E3-CE36-4452-8CF8-4CDD870EE45B} - (no file)
O2 - BHO: (no name) - {D63FCD84-A520-4481-B094-DD871043D237} - (no file)
O2 - BHO: (no name) - {D9E2F5D8-3B87-4B26-99B5-257F8D348B21} - (no file)
O2 - BHO: (no name) - {F1D69D1B-7881-4DB6-8BBC-F263B80D79CD} - (no file)
O2 - BHO: Microsoft Online Helper! - {F8A5B495-BDB2-4504-9897-504AF839E947} - %SystemRoot%\system32\msonlinebb.dll (file missing)
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PowerManagement_GPO] C:\WINNT\system32\\PowerManagement_GPO.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HelpSupportLaunch] \\na.micron.com\root\apps\MTAPPS\CS\FieldService\HSC\XP_HSC.exe
O4 - HKLM\..\Run: [203c17a4] rundll32.exe "C:\WINNT\system32\rbmhiyfl.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [PowerManagement_GPO] C:\WINNT\system32\\PowerManagement_GPO.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PowerManagement_GPO] C:\WINNT\system32\\PowerManagement_GPO.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader\reader_sl.exe
O4 - Global Startup: Snagit 9.lnk = C:\Program Files\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://merc/
O15 - Trusted Zone: *.books24x7.com (HKLM)
O15 - Trusted Zone: *.centra.com (HKLM)
O15 - Trusted Zone: http://spcorp.micron.com (HKLM)
O15 - Trusted Zone: http://spmysite.micron.com (HKLM)
O15 - Trusted Zone: http://spsales.micron.com (HKLM)
O15 - Trusted Zone: http://spsearch.micron.com (HKLM)
O15 - Trusted Zone: http://spweb.micron.com (HKLM)
O15 - Trusted Zone: *.skillport.com (HKLM)
O15 - Trusted Zone: *.skillsoft.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202871974109
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = micron.com
O17 - HKLM\Software\..\Telephony: DomainName = micron.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B70C2C5-4A18-4F23-8546-441ADF58E295}: NameServer = 85.255.112.209,85.255.112.191
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = micron.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = micron.com,lehi.micron.com,mava.micron.com,nijp.micron.com,sing.micron.com,azit.micron.com,altx.micron.com,lexarmedia.com,lexar.com,xacn.micron.com,imfs.micron.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191
O17 - HKLM\System\CS1\Services\Tcpip\..\{8B70C2C5-4A18-4F23-8546-441ADF58E295}: NameServer = 85.255.112.209,85.255.112.191
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = micron.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = micron.com,lehi.micron.com,mava.micron.com,nijp.micron.com,sing.micron.com,azit.micron.com,altx.micron.com,lexarmedia.com,lexar.com,xacn.micron.com,imfs.micron.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191
O17 - HKLM\System\CS2\Services\Tcpip\..\{8B70C2C5-4A18-4F23-8546-441ADF58E295}: NameServer = 85.255.112.209,85.255.112.191
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = micron.com,lehi.micron.com,mava.micron.com,nijp.micron.com,sing.micron.com,azit.micron.com,altx.micron.com,lexarmedia.com,lexar.com,xacn.micron.com,imfs.micron.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: qmwaqy.dll wztpmm.dll unmgiq.dll xpfddm.dll zojgtj.dll uxemvg.dll wknefz.dll dqlsdi.dll rwslyp.dll yyniyp.dll yrqzvs.dll dfvoba.dll cfywql.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINNT\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: nnnoLBsr - nnnoLBsr.dll (file missing)
O23 - Service: addmSvc Baserv (addmSvc) - Unknown owner - C:\MTApps\addmSvc\bin\addmSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Update Service (gupdate1c9c449f50f3fa6) (gupdate1c9c449f50f3fa6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 12427 bytes

descriptionHi I need help. EmptyRe: Hi I need help.

more_horiz
Hello lvjones,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

  • If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  • If you have any cracked/pirated software in your computer delete them or we will not help you.
  • Only follow advise from Geek Police Staff and not a regular member.
  • Do NOT run any tool without Geek Police supervision as it could hinder your system useless.



  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://merc/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://merc/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://merc/
    R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O1 - Hosts: 74.208.77.54 hcurltest1
    O1 - Hosts: 82.165.161.232 hcurltest2
    O1 - Hosts: 255.255.255.255 hcurltest5
    O1 - Hosts: 255.255.255.255 vnsjs1.1stworks.com
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {14121D2A-AB83-4CA6-9310-C9D5685190F0} - (no file)
    O2 - BHO: (no name) - {161FA7FE-5068-469F-9A7B-98E90144AB21} - (no file)
    O2 - BHO: (no name) - {49D758EA-BD9F-4B5B-83BD-7B6B7DFD348A} - (no file)
    O2 - BHO: (no name) - {71E8DC9A-AD5A-480E-86EA-6CC3AB231469} - (no file)
    O2 - BHO: (no name) - {AF2A4EB5-111B-496D-8E34-543BFC4F22AD} - (no file)
    O2 - BHO: (no name) - {BF62A190-1276-4CD3-AF2D-974A95A8B1AB} - (no file)
    O2 - BHO: (no name) - {D4F542E3-CE36-4452-8CF8-4CDD870EE45B} - (no file)
    O2 - BHO: (no name) - {D63FCD84-A520-4481-B094-DD871043D237} - (no file)
    O2 - BHO: (no name) - {D9E2F5D8-3B87-4B26-99B5-257F8D348B21} - (no file)
    O2 - BHO: (no name) - {F1D69D1B-7881-4DB6-8BBC-F263B80D79CD} - (no file)
    O2 - BHO: Microsoft Online Helper! - {F8A5B495-BDB2-4504-9897-504AF839E947} - %SystemRoot%\system32\msonlinebb.dll (file missing)
    O4 - HKLM\..\Run: [203c17a4] rundll32.exe "C:\WINNT\system32\rbmhiyfl.dll",b
    O14 - IERESET.INF: START_PAGE_URL=http://merc/
    O15 - Trusted Zone: *.books24x7.com (HKLM)
    O15 - Trusted Zone: *.centra.com (HKLM)
    O15 - Trusted Zone: http://spcorp.micron.com (HKLM)
    O15 - Trusted Zone: http://spmysite.micron.com (HKLM)
    O15 - Trusted Zone: http://spsales.micron.com (HKLM)
    O15 - Trusted Zone: http://spsearch.micron.com (HKLM)
    O15 - Trusted Zone: http://spweb.micron.com (HKLM)
    O15 - Trusted Zone: *.skillport.com (HKLM)
    O15 - Trusted Zone: *.skillsoft.com (HKLM)
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191
    O17 - HKLM\System\CS2\Services\Tcpip\..\{8B70C2C5-4A18-4F23-8546-441ADF58E295}: NameServer = 85.255.112.209,85.255.112.191
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = micron.com,lehi.micron.com,mava.micron.com,nijp.micron.com,sing.micron.com,azit.micron.com,altx.micron.com,lexarmedia.com,lexar.com,xacn.micron.com,imfs.micron.com
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8B70C2C5-4A18-4F23-8546-441ADF58E295}: NameServer = 85.255.112.209,85.255.112.191
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191
    O17 - HKLM\System\CS1\Services\Tcpip\..\{8B70C2C5-4A18-4F23-8546-441ADF58E295}: NameServer = 85.255.112.209,85.255.112.191
    O20 - AppInit_DLLs: qmwaqy.dll wztpmm.dll unmgiq.dll xpfddm.dll zojgtj.dll uxemvg.dll wknefz.dll dqlsdi.dll rwslyp.dll yyniyp.dll yrqzvs.dll dfvoba.dll cfywql.dll
    O20 - Winlogon Notify: nnnoLBsr - nnnoLBsr.dll (file missing)


  • Press "Fix Checked"
  • Close Hijack This.


Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum