I think I have a virus to do with google!

EEK! A VIRUS!!

Page 1 of 1

11 Replies - 1636 Views - Last Post: 29 June 2009 - 02:12 AM

#1 Jack Eagles1  Icon User is offline

  • Pugnacious Penguin (inspired by no2pencil)
  • member icon

Reputation: 183
  • View blog
  • Posts: 1,152
  • Joined: 10-December 08

I think I have a virus to do with google!

Posted 26 June 2009 - 12:58 PM

Hi, whenever I go onto google in whatever browser, when I try to open a webpage from a result which I search for, It either opens in a new window, or redirects to adverts to enlarge parts of my body, some of which I don't have.
I have tried to use different browsers, clear cookies, and whatever. I have run Norton, and also Malawarebytes, but they are not detecting anything.

Lets say I search google for the word: Hello.
The URL should be like this:
http://www.google.co...h?hl=en&q=Hello
But it comes up like this instead:
http://www.google.co...amp;newwindow=1


Also, when I click many of the links to web results, I get redirected to this URL:
http://216.133.243.28/2.php?sid=1566&keyword=default+google+search+url&goto=8ea093d3479d05aacd3dfeb217908da9-wskUfkUf4U%09us.U3.wfw.w3U%09%09R_aNfw%09wSUU%09oIOjWiv%2BzttziI%2BNIjaE2%2BWai%09OqLotitz0atNI%092vvR%3A%2F%2Fnnn.OqLotitz0.EtQ%2FAqoEiqEH.R2R%3FAqo_qo%3DwwF3sSsS%26Wai%3D2vvR%25Fj%25sO%25sOitYIQWNqE%25sIIQa%25so2tNv%25sIEtQ%25sO1iNEjRqvji%25sO%25FOQL%25FowsFk%26joY_Nqo%3Dsf3S3%26joY_qo%3D43uU%26v0RI%3DatL%26ovN%3Dsff3_fU_sU_ws_Sk_FU%26i2L%3DQIvjUS-If%26atL_WLqMWI%3Df%26aIoqaIEv_Wai%3D%26AitEH_joWiv%3Df%09f.fw%09sf3S3%09w%09w3FU_sFUF%09%09w%09GLqvIo+dqLzotQ%0985%09nnn.0tWvWAI.EtQ&objTimStr=0.56122400+1246046076



I have run a system analysis, and here are the results:

DDS (Ver_09-06-26.01) - NTFSx86  
Run by Josh The Great at 20:17:12.86 on 26/06/2009
Internet Explorer: 7.0.6000.16851
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.44.1033.18.2046.752 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)   {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security *On-access scanning enabled* (Outdated)   {E10A9785-9598-4754-B552-92431C1C35F8}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled*   {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DeskPins\DeskPins.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\ehome\ehsched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\System32\TuneUpDefragService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Josh The Great\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [sysav] c:\users\josh the great\appdata\roaming\pcdefender.exe
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Eraser] c:\program files\eraser\Eraser.exe -hide
uRun: [EvidenceNuker] c:\program files\evidencenuker\enuker.exe /hide
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\users\joshth~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\deskpins.lnk - c:\program files\deskpins\DeskPins.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
TCP: NameServer = 85.255.112.191,85.255.112.78
TCP: {756ABC29-708C-48A4-9847-D6DE90DECA21} = 85.255.112.191,85.255.112.78
TCP: {EB7CF5F1-A6D2-4183-B5EC-C07FEC466343} = 85.255.112.191,85.255.112.78
TCP: {F99166B9-9441-4AFC-9035-C776941E0DA2} = 85.255.112.191,85.255.112.78
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\joshth~1\appdata\roaming\mozilla\firefox\profiles\s6dstjgs.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?hl=en&site=en&q=
FF - component: c:\users\josh the great\appdata\roaming\mozilla\firefox\profiles\s6dstjgs.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090618.001\IDSvix86.sys [2009-6-22 272432]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-11 101936]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

=============== Created Last 30 ================

2009-06-26 18:56	335	a-------	C:\spyhunter.fix
2009-06-26 18:56	<DIR>	--d-----	c:\program files\Enigma Software Group
2009-06-26 17:19	11,952	a-------	c:\windows\system32\avgrsstx.dll
2009-06-26 17:19	108,552	a-------	c:\windows\system32\drivers\avgtdix.sys
2009-06-26 17:18	327,688	a-------	c:\windows\system32\drivers\avgldx86.sys
2009-06-26 17:18	<DIR>	--d-----	c:\windows\system32\drivers\Avg
2009-06-26 17:18	<DIR>	--d-----	c:\programdata\AVG Security Toolbar
2009-06-26 17:18	<DIR>	--d-----	c:\progra~2\AVG Security Toolbar
2009-06-26 17:17	<DIR>	--d-----	c:\program files\AVG
2009-06-26 17:17	<DIR>	--d-----	c:\programdata\avg8
2009-06-26 17:17	<DIR>	--d-----	c:\progra~2\avg8
2009-06-25 23:20	<DIR>	--d-----	c:\program files\Timed Shutdown
2009-06-24 23:44	<DIR>	--d-----	c:\users\josh the great\dwhelper
2009-06-24 22:45	<DIR>	--d-----	C:\Backup
2009-06-23 23:32	4	a-------	c:\windows\system32\MSIVXcount
2009-06-23 23:32	0	a-------	c:\windows\system32\MSIVXddlpkudadqcjqhubvgirvbpudgsgpjcv.dll
2009-06-23 23:31	<DIR>	--d-----	c:\program files\MoviesPlay
2009-06-23 23:31	77,824	a-------	c:\windows\system32\drivers\MSIVXserv.sys
2009-06-23 22:18	<DIR>	--d-----	C:\~ERAFSWD.TMP
2009-06-23 20:18	<DIR>	--d-----	c:\users\joshth~1\appdata\roaming\EvidenceNuker
2009-06-23 20:18	<DIR>	--d-----	c:\program files\EvidenceNuker
2009-06-23 20:15	<DIR>	--d-----	c:\users\joshth~1\appdata\roaming\uTorrent
2009-06-23 19:55	<DIR>	--d-----	C:\Rbackup
2009-06-23 19:55	42	a-------	c:\windows\system32\Jiii_PNUCT.pnc
2009-06-23 19:51	42	a-------	c:\windows\system32\AK083E209605E394C.lie
2009-06-23 19:51	<DIR>	--d-----	c:\program files\Perfect Uninstaller
2009-06-23 19:22	<DIR>	--d-----	c:\users\joshth~1\appdata\roaming\Artisteer
2009-06-23 19:19	<DIR>	--d-----	c:\program files\Artisteer 2
2009-06-23 19:07	307,088	a-------	c:\windows\system32\Eraser.dll
2009-06-23 19:07	83,344	a-------	c:\windows\system32\Erasext.dll
2009-06-23 19:07	73,104	a-------	c:\windows\system32\Eraserl.exe
2009-06-23 19:07	<DIR>	--d-----	c:\program files\Eraser
2009-06-23 19:00	<DIR>	--d-----	c:\users\joshth~1\appdata\roaming\TuneUp Software
2009-06-23 18:19	28,190	a-------	c:\users\joshth~1\appdata\roaming\nvModes.dat
2009-06-23 07:11	<DIR>	--d-----	c:\users\joshth~1\appdata\roaming\CyberScrub
2009-06-22 21:57	428,032	a-------	c:\windows\system32\EncDec.dll
2009-06-22 21:57	292,352	a-------	c:\windows\system32\psisdecd.dll
2009-06-22 21:57	1,244,672	a-------	c:\windows\system32\mcmde.dll
2009-06-22 21:57	217,088	a-------	c:\windows\system32\psisrndr.ax
2009-06-22 21:57	177,152	a-------	c:\windows\system32\mpg2splt.ax
2009-06-22 21:57	68,608	a-------	c:\windows\system32\Mpeg2Data.ax
2009-06-22 21:57	80,896	a-------	c:\windows\system32\MSNP.ax
2009-06-22 21:57	57,856	a-------	c:\windows\system32\MSDvbNP.ax
2009-06-21 11:31	5,420	a-------	C:\svchost.application
2009-06-21 11:31	<DIR>	--d-----	C:\Application Files
2009-06-18 09:27	<DIR>	--dsh---	C:\$RECYCLE.BIN
2009-06-13 22:56	107,888	a-------	c:\windows\system32\CmdLineExt.dll
2009-06-13 22:56	507,400	a-------	c:\windows\system32\XAudio2_1.dll
2009-06-13 22:56	65,032	a-------	c:\windows\system32\XAPOFX1_0.dll
2009-06-13 22:56	238,088	a-------	c:\windows\system32\xactengine3_1.dll
2009-06-13 22:56	25,608	a-------	c:\windows\system32\X3DAudio1_4.dll
2009-06-13 22:56	1,491,992	a-------	c:\windows\system32\D3DCompiler_38.dll
2009-06-13 22:56	467,984	a-------	c:\windows\system32\d3dx10_38.dll
2009-06-13 22:56	3,850,760	a-------	c:\windows\system32\D3DX9_38.dll
2009-06-13 22:56	479,752	a-------	c:\windows\system32\XAudio2_0.dll
2009-06-13 22:56	238,088	a-------	c:\windows\system32\xactengine3_0.dll
2009-06-13 22:56	25,608	a-------	c:\windows\system32\X3DAudio1_3.dll
2009-06-13 22:52	22,328	a-------	c:\windows\system32\drivers\PnkBstrK.sys
2009-06-13 22:52	107,832	a-------	c:\windows\system32\PnkBstrB.exe
2009-06-13 22:51	66,872	a-------	c:\windows\system32\PnkBstrA.exe
2009-06-13 22:51	2,250,024	a-------	c:\windows\system32\pbsvc.exe
2009-06-10 14:19	<DIR>	--d-----	c:\windows\Eurobattle.net
2009-06-09 17:54	<DIR>	--d-----	c:\program files\Mozilla Firefox 3.5 Beta 4
2009-06-07 17:30	5,812	a-------	c:\windows\system32\tmp.reg
2009-06-07 14:11	<DIR>	--d-----	c:\users\joshth~1\appdata\roaming\PeerNetworking
2009-06-05 10:34	<DIR>	--d-----	c:\users\joshth~1\appdata\roaming\PE Explorer
2009-06-05 10:34	<DIR>	--d-----	c:\program files\PE Explorer
2009-06-05 10:27	117,248	a-------	c:\windows\system32\RestoratorContextMenu.dll
2009-06-05 10:27	<DIR>	--d-----	c:\program files\Restorator 2007
2009-06-05 10:20	<DIR>	--d-----	c:\users\joshth~1\appdata\roaming\Resource Tuner
2009-06-05 10:20	<DIR>	--d-----	c:\program files\Resource Tuner
2009-06-05 10:18	<DIR>	--d-----	c:\programdata\SiComponents
2009-06-05 10:18	<DIR>	--d-----	c:\progra~2\SiComponents
2009-06-05 10:15	<DIR>	--d-----	c:\program files\SiComponents
2009-06-04 22:06	7	a-------	c:\windows\sbacknt.bin
2009-06-04 18:05	84	a-------	c:\windows\csact.ini
2009-06-03 21:26	249,856	--------	c:\windows\Setup1.exe
2009-06-03 21:25	73,216	a-------	c:\windows\ST6UNST.EXE
2009-06-02 19:59	2,231	a-------	c:\windows\system32\config.ini
2009-06-01 18:52	<DIR>	--d-----	c:\program files\Reversoft
2009-05-30 23:00	<DIR>	--d-----	c:\users\joshth~1\appdata\roaming\Delayed Shutdown
2009-05-30 23:00	<DIR>	--d-----	c:\program files\Delayed Shutdown
2009-05-30 22:08	<DIR>	--d-----	c:\program files\CCleaner
2009-05-30 19:46	<DIR>	--d-----	c:\program files\common files\PX Storage Engine
2009-05-30 19:45	<DIR>	--d-----	c:\program files\common files\DivX Shared
2009-05-30 19:45	<DIR>	--d-----	c:\program files\DivX
2009-05-30 19:00	<DIR>	--d-----	c:\program files\Unlocker
2009-05-30 18:59	33	a-------	c:\windows\system32\pickup.listchecker.ini
2009-05-30 18:21	<DIR>	--d-----	c:\program files\WC3Banlist
2009-05-30 13:33	<DIR>	--d-----	c:\program files\WinPcap

==================== Find3M  ====================

2009-06-09 15:15	86,016	a-------	c:\windows\inf\infstrng.dat
2009-06-09 15:15	86,016	a-------	c:\windows\inf\infstor.dat
2009-06-09 15:15	51,200	a-------	c:\windows\inf\infpub.dat
2009-06-02 11:17	75,776	a-------	c:\windows\system32\WS2Fix.exe
2009-05-20 03:02	268,800	a-------	c:\windows\system32\es.dll
2009-05-18 03:50	174	a--sh---	c:\program files\desktop.ini
2009-05-18 03:43	665,600	a-------	c:\windows\inf\drvindex.dat
2009-05-18 03:33	28,672	a-------	c:\windows\system32\FwRemoteSvr.dll
2009-05-18 03:32	361,984	a-------	c:\windows\system32\IPSECSVC.DLL
2009-05-18 03:32	272,896	a-------	c:\windows\system32\polstore.dll
2009-05-18 03:32	61,440	a-------	c:\windows\system32\winipsec.dll
2009-05-18 03:32	241,152	a-------	c:\windows\system32\PortableDeviceApi.dll
2009-05-18 03:32	95,232	a-------	c:\windows\system32\PortableDeviceClassExtension.dll
2009-05-18 03:32	160,768	a-------	c:\windows\system32\PortableDeviceTypes.dll
2009-05-18 03:30	376,832	a-------	c:\windows\system32\winhttp.dll
2009-05-18 03:30	297,472	a-------	c:\windows\system32\gdi32.dll
2009-05-18 03:29	1,060,920	a-------	c:\windows\system32\drivers\ntfs.sys
2009-05-18 03:29	41,984	a-------	c:\windows\system32\drivers\monitor.sys
2009-05-18 03:29	211,456	a-------	c:\windows\system32\drivers\mrxsmb10.sys
2009-05-18 03:28	500,736	a-------	c:\windows\system32\msdtcprx.dll
2009-05-18 03:28	30,208	a-------	c:\windows\system32\xolehlp.dll
2009-05-18 03:28	28,672	a-------	c:\windows\system32\Apphlpdm.dll
2009-05-18 03:28	2,560	a-------	c:\windows\apppatch\AcRes.dll
2009-05-18 03:28	2,144,256	a-------	c:\windows\apppatch\AcGenral.dll
2009-05-18 03:28	537,600	a-------	c:\windows\apppatch\AcLayers.dll
2009-05-18 03:28	449,536	a-------	c:\windows\apppatch\AcSpecfc.dll
2009-05-18 03:28	4,247,552	a-------	c:\windows\system32\GameUXLegacyGDFs.dll
2009-05-18 03:28	173,056	a-------	c:\windows\apppatch\AcXtrnal.dll
2009-05-18 03:28	1,687,040	a-------	c:\windows\system32\gameux.dll
2009-05-18 03:27	303,616	a-------	c:\windows\system32\wmpeffects.dll
2009-05-18 03:27	1,194,496	a-------	c:\windows\system32\msxml3.dll
2009-05-18 03:27	2,048	a-------	c:\windows\system32\msxml3r.dll
2009-05-18 03:26	356,864	a-------	c:\windows\system32\MediaMetadataHandler.dll
2009-05-18 03:25	2,048	a-------	c:\windows\system32\tzres.dll
2009-05-18 03:23	8,147,968	a-------	c:\windows\system32\wmploc.DLL
2009-05-18 03:23	7,680	a-------	c:\windows\system32\spwmp.dll
2009-05-18 03:23	4,096	a-------	c:\windows\system32\dxmasf.dll
2009-05-18 03:21	109,624	a-------	c:\windows\system32\drivers\ataport.sys
2009-05-18 03:21	45,112	a-------	c:\windows\system32\drivers\pciidex.sys
2009-05-18 03:21	21,560	a-------	c:\windows\system32\drivers\atapi.sys
2009-05-18 03:21	17,464	a-------	c:\windows\system32\drivers\intelide.sys
2009-05-18 03:21	211,000	a-------	c:\windows\system32\drivers\volsnap.sys
2009-05-18 03:21	154,624	a-------	c:\windows\system32\drivers\nwifi.sys
2009-05-18 03:21	2,923,520	a-------	c:\windows\explorer.exe
2009-05-18 03:19	1,808,896	a-------	c:\windows\system32\NlsLexicons0046.dll
2009-05-18 03:17	220,160	a-------	c:\windows\system32\drivers\bthport.sys
2009-05-18 03:17	181,760	a-------	c:\windows\system32\fsquirt.exe
2009-05-18 03:17	29,184	a-------	c:\windows\system32\drivers\BTHUSB.SYS
2009-05-18 03:17	19,456	a-------	c:\windows\system32\drivers\bthenum.sys
2009-05-18 03:17	1,585,664	a-------	c:\windows\system32\setupapi.dll
2009-05-18 03:16	371,712	a-------	c:\windows\system32\srcore.dll
2009-05-18 03:16	313,856	a-------	c:\windows\system32\rstrui.exe
2009-05-18 03:16	40,960	a-------	c:\windows\system32\srclient.dll
2009-05-18 03:16	16,384	a-------	c:\windows\system32\srdelayed.exe
2009-05-18 03:16	944,184	a-------	c:\windows\system32\winload.exe
2009-05-18 03:16	905,400	a-------	c:\windows\system32\winresume.exe
2009-05-18 03:16	613,888	a-------	c:\windows\system32\wpd_ci.dll
2009-05-18 03:16	19,000	a-------	c:\windows\system32\kd1394.dll
2009-05-18 03:14	549,888	a-------	c:\windows\system32\rpcss.dll
2009-05-18 03:14	3,503,584	a-------	c:\windows\system32\ntkrnlpa.exe
2009-05-18 03:14	3,469,280	a-------	c:\windows\system32\ntoskrnl.exe
2009-05-18 03:14	24,576	a-------	c:\windows\system32\printfilterpipelineprxy.dll
2009-05-18 03:14	654,336	a-------	c:\windows\system32\printfilterpipelinesvc.exe
2009-05-18 03:14	247,296	a-------	c:\windows\system32\wbem\WmiPrvSE.exe
2009-05-18 03:14	130,560	a-------	c:\windows\system32\wbem\WmiDcPrv.dll
2009-05-18 03:14	614,912	a-------	c:\windows\system32\wbem\fastprox.dll
2009-05-18 03:14	501,760	a-------	c:\windows\system32\wbem\WmiPrvSD.dll
2009-05-18 03:14	158,720	a-------	c:\windows\system32\sdohlp.dll
2009-05-18 03:14	97,280	a-------	c:\windows\system32\iasrecst.dll
2009-05-18 03:14	53,248	a-------	c:\windows\system32\iasads.dll
2009-05-18 03:14	37,888	a-------	c:\windows\system32\iasdatastore.dll
2009-05-18 03:13	223,232	a-------	c:\windows\system32\WMASF.DLL
2009-05-18 03:13	9,728	a-------	c:\windows\system32\LAPRXY.DLL
2009-05-18 03:13	2,048	a-------	c:\windows\system32\asferror.dll
2009-05-18 03:13	72,704	a-------	c:\windows\system32\secur32.dll
2009-05-18 03:13	7,680	a-------	c:\windows\system32\lsass.exe
2009-05-18 03:13	1,233,408	a-------	c:\windows\system32\lsasrv.dll
2009-05-18 03:13	40,960	a-------	c:\windows\apppatch\apihex86.dll
2009-05-18 03:13	25,600	a-------	c:\windows\system32\amxread.dll
2009-05-18 03:13	14,848	a-------	c:\windows\system32\apilogen.dll
2009-05-18 03:12	712,192	a-------	c:\windows\system32\WindowsCodecs.dll
2009-05-18 03:12	425,472	a-------	c:\windows\system32\PhotoMetadataHandler.dll
2009-05-18 03:12	347,136	a-------	c:\windows\system32\WindowsCodecsExt.dll
2009-05-18 03:12	441,856	a-------	c:\windows\system32\win32spl.dll
2009-05-18 03:12	37,376	a-------	c:\windows\system32\printcom.dll
2009-05-18 03:11	113,664	a-------	c:\windows\system32\drivers\rmcast.sys
2009-05-18 03:11	14,848	a-------	c:\windows\system32\wshrm.dll
2009-05-18 03:11	11,776	a-------	c:\windows\system32\sbunattend.exe
2009-05-18 03:11	290,304	a-------	c:\windows\system32\drivers\srv.sys
2009-05-18 03:10	83,968	a-------	c:\windows\system32\dnsrslvr.dll
2009-05-18 03:10	24,576	a-------	c:\windows\system32\dnscacheugc.exe
2009-05-18 03:10	269,824	a-------	c:\windows\system32\schannel.dll
2009-05-18 03:08	2,855,424	a-------	c:\windows\system32\mf.dll
2009-05-18 03:08	98,816	a-------	c:\windows\system32\mfps.dll
2009-05-18 03:08	52,736	a-------	c:\windows\system32\rrinstaller.exe
2009-05-18 03:08	24,576	a-------	c:\windows\system32\mfpmp.exe
2009-05-18 03:08	2,048	a-------	c:\windows\system32\mferror.dll
2009-05-18 03:08	996,352	a-------	c:\windows\system32\WMNetMgr.dll
2009-05-18 03:08	94,720	a-------	c:\windows\system32\logagent.exe
2009-05-18 03:08:16 A-------	   101,888 c:\windows\system32\drivers\mrxsmb.sys

============= FINISH: 20:19:53.15 ===============



Here is another system anylisis.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 24/03/2008 06:57:22
System Uptime: 26/06/2009 16:47:03 (4 hours ago)

Motherboard: Wistron |  | 30CE
Processor: Intel(R) Core(TM)2 Duo CPU	 T8100  @ 2.10GHz | U2E1 | 2101/667mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 221 GiB total, 144.263 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.014 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

7-Zip 4.65
AAC Decoder
Activation Assistant for the 2007 Microsoft Office suites
Active GIF Creator 2.23
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.0
Adobe Shockwave Player
AIM 6
AppCore
Artisteer 2
µTorrent
AutoUpdate
AVG Free 8.5
CamStudio
ccCommon
Cheat Engine 5.5
Compatibility Pack for the 2007 Office system
Component Framework
Conexant HD Audio
CyberLink YouCam
Debut Video Capture Software
Delayed Shutdown 2.0
DEM
DeskPins (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DotNetBar for Windows Forms
DVD Suite
Eraser 5.8.7
ESU for Microsoft Vista
Eurobattle.net
Favorit
Firefox
Frets On Fire
Google Chrome
Google Earth
Google Update Helper
H.264 Decoder
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Host Process for Windows Services
Host Process for Windows Services - 1 
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Update
HP User Guides 0090
HP Wireless Assistant
Hydra Setup
Java(TM) 6 Update 2
LabelPrint
LightScribe System Software  1.10.13.1
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008 (6001.18000.367)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server VSS Writer
Microsoft VC Redist 2008 (6001.18000.367)
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
MKV Splitter
MoviesPlay
Mozilla Firefox (3.0.11)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.1
NeoPaint 4.7a
Net Browser
Net Browser - 1 
NetWaiting
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA Drivers
Opera 9.64
PCSecureDeleteTrial  V1.0
PE Explorer 1.99 R5
Perfect Uninstaller v6.3.3.4
Power2Go
PowerDirector
PunkBuster Services
QuickPlay SlingPlayer 0.4.4
Resource Builder 3.0.2.22
Resource Tuner 1.99 R5
Restorator 2007 Trial Update 2
Reversoft WBHost Control 1.0
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
SPBBC 32bit
SpyHunter
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
SWiSH miniMax2
Symantec Real Time Storage Protection Component
SymNet
Timed Shutdown 0.51b
Touch Pad Driver
TrLibrary
TuneUp Utilities 2009
Unlocker 1.8.7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
Viewpoint Media Player
Vista Buttons
VLC media player 0.9.9
Warcraft III
WC3Banlist
WinPcap 3.1

==== End Of File ===========================



Thanks in advance for any help

This post has been edited by Jack Eagles1: 26 June 2009 - 12:59 PM


Is This A Good Question/Topic? 0
  • +

Replies To: I think I have a virus to do with google!

#2 modi123_1  Icon User is online

  • Suitor #2
  • member icon



Reputation: 9569
  • View blog
  • Posts: 36,235
  • Joined: 12-June 08

Re: I think I have a virus to do with google!

Posted 26 June 2009 - 01:17 PM

sounds like a browser hijack.

Download and run 'hijackthis' and show us the logs.
Was This Post Helpful? 0
  • +
  • -

#3 Jack Eagles1  Icon User is offline

  • Pugnacious Penguin (inspired by no2pencil)
  • member icon

Reputation: 183
  • View blog
  • Posts: 1,152
  • Joined: 10-December 08

Re: I think I have a virus to do with google!

Posted 26 June 2009 - 01:22 PM

Will Do

Ok, Here is the anylisis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:52, on 26/06/2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DeskPins\DeskPins.exe
C:\Windows\System32\msdtc.exe
C:\Windows\system32\svchost.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\System32\TuneUpDefragService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\explorer.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [sysav] C:\Users\Josh The Great\AppData\Roaming\pcdefender.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [EvidenceNuker] C:\Program Files\EvidenceNuker\enuker.exe /hide
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{756ABC29-708C-48A4-9847-D6DE90DECA21}: NameServer = 85.255.112.191,85.255.112.78
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB7CF5F1-A6D2-4183-B5EC-C07FEC466343}: NameServer = 85.255.112.191,85.255.112.78
O17 - HKLM\System\CCS\Services\Tcpip\..\{F99166B9-9441-4AFC-9035-C776941E0DA2}: NameServer = 85.255.112.191,85.255.112.78
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.191,85.255.112.78
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.191,85.255.112.78
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.191,85.255.112.78
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Update Service (gupdate1c9db1e5e9e6330) (gupdate1c9db1e5e9e6330) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13797 bytes





Thanks, I hope you can help :S
Was This Post Helpful? 0
  • +
  • -

#4 AdamSpeight2008  Icon User is offline

  • MrCupOfT
  • member icon


Reputation: 2271
  • View blog
  • Posts: 9,498
  • Joined: 29-May 08

Re: I think I have a virus to do with google!

Posted 26 June 2009 - 01:27 PM

Out of Curiosity what is yor UAC setting.
Was This Post Helpful? 0
  • +
  • -

#5 Jack Eagles1  Icon User is offline

  • Pugnacious Penguin (inspired by no2pencil)
  • member icon

Reputation: 183
  • View blog
  • Posts: 1,152
  • Joined: 10-December 08

Re: I think I have a virus to do with google!

Posted 26 June 2009 - 01:32 PM

UAC is on, but I have had no warning dialogs to ask me if I want to change settings. I assume whatever virus I have can bypass it :(
Was This Post Helpful? 0
  • +
  • -

#6 AdamSpeight2008  Icon User is offline

  • MrCupOfT
  • member icon


Reputation: 2271
  • View blog
  • Posts: 9,498
  • Joined: 29-May 08

Re: I think I have a virus to do with google!

Posted 26 June 2009 - 01:38 PM

What did you last install prior to it?
Both Software & Browser Plugin
Was This Post Helpful? 0
  • +
  • -

#7 Jack Eagles1  Icon User is offline

  • Pugnacious Penguin (inspired by no2pencil)
  • member icon

Reputation: 183
  • View blog
  • Posts: 1,152
  • Joined: 10-December 08

Re: I think I have a virus to do with google!

Posted 26 June 2009 - 01:40 PM

Hi, once I fixed most of the issues in HijackThis, My browsers worked fine for a short while. But after around five minutes, the previous settings were restored. I have looked on the running process list in task manager, and there is nothing I don't recognize. The only conclusion I can come to is that the virus/malware which I have is hidden from the processes tab, which is quite possible.
Was This Post Helpful? 0
  • +
  • -

#8 paperclipmuffin  Icon User is offline

  • Disassembling...
  • member icon

Reputation: 13
  • View blog
  • Posts: 944
  • Joined: 16-April 09

Re: I think I have a virus to do with google!

Posted 27 June 2009 - 02:16 AM

Look through all the files on your compter, especially your documnets and windows. If you see something you don't recognise, try to delete. Chances are it won't let you.

Dang. Now shut down your computer. Wait about 20 seconds and start it up. Press f10 or whatever it is on your computer to start up the options. Select "Safe Mode". If there is a "Guest" account, login to that. Else, use your user.

Now try to delete the nasty file. If this doesn't work, PM em. (thought I'd never say that)
Was This Post Helpful? 0
  • +
  • -

#9 born2c0de  Icon User is offline

  • printf("I'm a %XR",195936478);
  • member icon

Reputation: 180
  • View blog
  • Posts: 4,667
  • Joined: 26-November 04

Re: I think I have a virus to do with google!

Posted 27 June 2009 - 06:52 AM

Go to ProcessLibrary and check if the running processes on your computer are viruses or worms.
Was This Post Helpful? 0
  • +
  • -

#10 Pwn  Icon User is offline

  • D.I.C Regular

Reputation: 19
  • View blog
  • Posts: 458
  • Joined: 25-November 07

Re: I think I have a virus to do with google!

Posted 27 June 2009 - 11:15 AM

Microsoft has a free download called ProcessExplorer or something like that. It will list all running process and their child processes in heirarchical form, and let's you do an incremental scan. Run the scan, then load your IE and it'll highlight new processes that weren't in the original scan letting you know what's new. This may help in tracking down your problem.
Was This Post Helpful? 0
  • +
  • -

#11 no2pencil  Icon User is offline

  • Admiral Fancy Pants
  • member icon

Reputation: 5388
  • View blog
  • Posts: 27,383
  • Joined: 10-May 07

Re: I think I have a virus to do with google!

Posted 27 June 2009 - 08:02 PM

Quote

AVG Anti-Virus Free *enabled*


After you find & remove what-ever virus that AVG missed, I would strongly suggest trashing your install & downloading an Antivirus that works worth a shit :) Almost every virus infected computer that comes into my shop is running AVG. I've deemed it useless, though others here would disagree.
Was This Post Helpful? 0
  • +
  • -

#12 Quin  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 19
  • View blog
  • Posts: 383
  • Joined: 16-October 08

Re: I think I have a virus to do with google!

Posted 29 June 2009 - 02:12 AM

View Postno2pencil, on 27 Jun, 2009 - 07:02 PM, said:

Quote

AVG Anti-Virus Free *enabled*


After you find & remove what-ever virus that AVG missed, I would strongly suggest trashing your install & downloading an Antivirus that works worth a shit :) Almost every virus infected computer that comes into my shop is running AVG. I've deemed it useless, though others here would disagree.
I'm using AVG, the trial version for the professional. Its nice to think that its there, working away, but I don't trust it - I've had problems with it and its only been installed a few days - I may get rid of it.
Spybot is always good - tret me well over the years.

Try getting some other anti-etc programs see if that helps :)
Or system restore (though it leaves files in-tact, it may help)
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1