omgitsrhys wrote:
> okay,
> For starters,
> My homepage, is the defualt google.co.uk/firefox?etc.blahblah
> Whenever i start ff, i get a "redirection loop error"
>
> Then whenever i search things, i click on a result
> and instead of going where i wanted, it bounces me from 216.133.243.28
> to a random page, sometimes a youtube vid, sometimes a different search
> engine
>
> Also, i cannot update anything
> Windows, AVG, Spybot, SUPERantispyware, adaware,
>
> So im pretty ,, Bummed?
>
> Hijack this log =
>
>
>
>
> Code:
> --------------------
>
> Logfile of HijackThis v1.99.1
> Scan saved at 01:17:47, on 18/02/2009
> Platform: Unknown Windows (WinNT 6.00.1905 SP1)
> MSIE: Internet Explorer v7.00 (7.00.6001.18000)
>
> Running processes:
> C:\Windows\system32\Dwm.exe
> C:\Windows\system32\taskeng.exe
> C:\Windows\Explorer.EXE
> C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
> C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
> C:\Program Files\COMODO\Firewall\cfp.exe
> C:\Windows\System32\rundll32.exe
> C:\Program Files\Common Files\logishrd\LComMgr\LVComSX.exe
> C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
> C:\Program Files\Windows Sidebar\sidebar.exe
> C:\Program Files\Windows Live\Messenger\msnmsgr.exe
> C:\Program Files\Rainlendar2\Rainlendar2.exe
> C:\Program Files\Windows Media Player\wmpnscfg.exe
> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
> C:\Program Files\Logitech\SetPoint\SetPoint.exe
> C:\Program Files\UltraMon\UltraMon.exe
> C:\Program Files\UltraMon\UltraMonTaskbar.exe
> C:\Program Files\Windows Sidebar\sidebar.exe
> C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
> C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
> C:\Program Files\Mozilla Firefox\firefox.exe
> C:\Program Files\AVG\AVG8\avgui.exe
> C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
> C:\Windows\Explorer.exe
> C:\Windows\system32\rundll32.exe
> C:\Windows\SYSTEM32\WISPTIS.EXE
> C:\Windows\system32\cmd.exe
> C:\Program Files\WinRAR\WinRAR.exe
> C:\Windows\system32\cmd.exe
> C:\Windows\notepad.exe
> C:\Program Files\HijackThis\HijackThis.exe
>
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
> R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
> O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
> O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
> O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
> O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
> O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
> O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
> O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
> O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
> O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
> O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
> O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
> O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
> O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
> O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
> O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
> O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
> O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
> O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
> O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
> O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
> O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
> O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
> O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
> O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
> O4 - Global Startup: UltraMon.lnk = ?
> O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
> O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
> O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
> O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\WEB2~1\Office12\REFIEBAR.DLL
> O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
> O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
> O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
> O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
> O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
> O11 - Options group: [INTERNATIONAL] International*
> O13 - Gopher Prefix:
> O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
> O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
> O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
> O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
> O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
> O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
> O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
> O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
> O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
> O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
> O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
> O23 - Service: Apache2.2 - Unknown owner - c:\xampp\apache\bin\apache.exe" -k runservice (file missing)
> O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
> O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
> O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
> O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
> O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
> O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
> O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
> O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
> O23 - Service: Google Update Service (gupdate1c918465de1025c) (gupdate1c918465de1025c) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
> O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
> O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
> O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
> O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
> O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
> O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe
> O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
> O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
> O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
> O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
> O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
> O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
> O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
> O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
>
>
> --------------------
>
>
You haven't downloaded anything from Download.com lately, have you? I
got something like this when I downloaded WinRAR.
Check your hosts file, you may have many new entries.
C:\Windows\System32\Drivers\etc\hosts
See if you have a file named explore on your system (not explorer but
explore).
Are you getting pop-ups?
Clark
Similar Threads
Linear Mode
