Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Monday 21.7.2025 / 17:17
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > virused, trojans, browser redirected
Show topics
 
Forums
Forums
Virused, Trojans, Browser Redirected
  Jump to:
 
Posted Message
ddcw
Newbie
_ 		12. May 2010 @ 18:52 _ Link to this message    Send private message to this user   
IE redirects to http://www.dh005.com/?72 yet internet options has homepage to to www.yahoo.com. Have ran Kapersky Webscanner, Adaware, AdawareAway Anti-malware, Trend Micro House Call. Spybot S&D, Malwarebytes Anti-malware, AVG and each restart it finds each finds either same things or new objects. Windows XP OS.

HJT log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:44:34 PM, on 5/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Kapersky Scan:

Wednesday, May 12, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, May 12, 2010 17:18:03
Records in database: 4100928


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
A:\
C:\
D:\

Scan statistics
Objects scanned 50323
Threats found 3
Infected objects found 8
Suspicious objects found 0
Scan duration 00:39:40

File name Threat Threats count
C:\Documents and Settings\Administrator\Local Settings\Temp\HouseCall\log\048D7F9C-9DBF-478A-B360-19807DBC14F2\backup\10 Infected: Trojan-Downloader.Win32.Geral.chl 1

C:\Documents and Settings\Administrator\Local Settings\Temp\HouseCall\log\048D7F9C-9DBF-478A-B360-19807DBC14F2\backup\11 Infected: Trojan-Downloader.Win32.Geral.chl 1

C:\Documents and Settings\Administrator\Local Settings\Temp\HouseCall\log\048D7F9C-9DBF-478A-B360-19807DBC14F2\backup\12 Infected: Trojan-Downloader.Win32.Geral.chl 1

C:\Documents and Settings\Administrator\Local Settings\Temp\HouseCall\log\048D7F9C-9DBF-478A-B360-19807DBC14F2\backup\13 Infected: Trojan-GameThief.Win32.OnLineGames.wsvc 1

C:\Documents and Settings\Administrator\Local Settings\Temp\HouseCall\log\048D7F9C-9DBF-478A-B360-19807DBC14F2\backup\14 Infected: Trojan-PSW.Win32.Kykymber.enf 1

C:\Documents and Settings\Administrator\Local Settings\Temp\HouseCall\log\048D7F9C-9DBF-478A-B360-19807DBC14F2\backup\7 Infected: Trojan-PSW.Win32.Kykymber.enf 1

C:\Documents and Settings\Administrator\Local Settings\Temp\HouseCall\log\048D7F9C-9DBF-478A-B360-19807DBC14F2\backup\9 Infected: Trojan-Downloader.Win32.Geral.chl 1

C:\WINDOWS\system32\dllcache\ddraw.dll.TCFJ Infected: Trojan-GameThief.Win32.OnLineGames.wsvc 1

Selected area has been scanned.

AdawareAway Scan:

Scan ""Scheduled scan"" was finished."
"Infections";"18";"18";"0"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Wednesday, May 12, 2010, 3:43:44 PM"
"Scan finished:";"Wednesday, May 12, 2010, 3:50:40 PM (6 minute(s) 55 second(s))"
"Total object scanned:";"122532"
"User who launched the scan:";"SYSTEM"

"Infections"
"File";"Infection";"Result"
"C:\System Volume Information\_restore{ADF03400-6217-45DA-8A19-7AB9D0B00E7C}\RP22\A0007163.sys";"Trojan horse BackDoor.Generic12.BJPG";"Moved to Virus Vault"
"C:\System Volume Information\_restore{ADF03400-6217-45DA-8A19-7AB9D0B00E7C}\RP22\A0007162.dll";"Virus identified Win32/Patched.CM";"Moved to Virus Vault"
"C:\System Volume Information\_restore{ADF03400-6217-45DA-8A19-7AB9D0B00E7C}\RP21\A0007130.sys";"Trojan horse Agent2.TWO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{ADF03400-6217-45DA-8A19-7AB9D0B00E7C}\RP21\A0007116.sys";"Trojan horse Agent2.TWO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{ADF03400-6217-45DA-8A19-7AB9D0B00E7C}\RP21\A0007088.sys";"Trojan horse Agent2.TWO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{ADF03400-6217-45DA-8A19-7AB9D0B00E7C}\RP21\A0007074.sys";"Trojan horse Agent2.TWO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{ADF03400-6217-45DA-8A19-7AB9D0B00E7C}\RP21\A0006074.sys";"Trojan horse Agent2.TWO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{ADF03400-6217-45DA-8A19-7AB9D0B00E7C}\RP21\A0006051.sys";"Trojan horse Agent2.TWO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{ADF03400-6217-45DA-8A19-7AB9D0B00E7C}\RP21\A0006010.exe";"Trojan horse Downloader.Generic9.AXYS";"Moved to Virus Vault"
"C:\System Volume Information\_restore{ADF03400-6217-45DA-8A19-7AB9D0B00E7C}\RP20\A0004846.sys";"Trojan horse Agent2.TWO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{ADF03400-6217-45DA-8A19-7AB9D0B00E7C}\RP19\A0004749.sys";"Trojan horse Agent2.TWO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{ADF03400-6217-45DA-8A19-7AB9D0B00E7C}\RP19\A0004739.sys";"Trojan horse Agent2.TWO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{ADF03400-6217-45DA-8A19-7AB9D0B00E7C}\RP19\A0004733.sys";"Trojan horse Agent2.TWO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{ADF03400-6217-45DA-8A19-7AB9D0B00E7C}\RP19\A0004721.sys";"Trojan horse Agent2.TWO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{ADF03400-6217-45DA-8A19-7AB9D0B00E7C}\RP19\A0004703.sys";"Trojan horse Agent2.TWO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{ADF03400-6217-45DA-8A19-7AB9D0B00E7C}\RP19\A0004683.sys";"Trojan horse Agent2.TWO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{ADF03400-6217-45DA-8A19-7AB9D0B00E7C}\RP19\A0004621.sys";"Trojan horse Agent2.TWO";"Moved to Virus Vault"
"C:\System Volume Information\_restore{ADF03400-6217-45DA-8A19-7AB9D0B00E7C}\RP19\A0004590.sys";"Trojan horse Agent2.TWO";"Moved to Virus Vault"


Not sure what else to do as this occurs each restart and it has disabled Zonealarms firewall from start-up and even after reinstalling ZA, it disables it on next restart, have to manually start ZA. Any help would be greatly appreciated.
[ + quote]
Paula_X
Suspended permanently
_ 		12. May 2010 @ 20:48 _ Link to this message    Send private message to this user   
run the same antivirus junk in safe mode.. it's finding the crap each time but as it's embedded itself in the registry every time you start up it reinstalls itself..

reading the log.. hahahaha.. busted by punkbuster
[ + quote]
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > virused, trojans, browser redirected
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork