0

Hi, I'm having the redirect problem as well. Below is the log from Hijackthis, please HELP!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:53:08 PM, on 9/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\SafeNet ProtectDrive\ClientDM.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\hjavaw.exe
C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SmartCardMonitor\scardmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SafeNet ProtectDrive\storageencryptionservice.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Tumbleweed\Desktop Validator\DVService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD SE\PDVDServ.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\SafeNet ProtectDrive\pdtrayicon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Tumbleweed\Desktop Validator\DVTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\SafeNet ProtectDrive\pdencoder.exe
C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\V-ONE\SmartPass\smartpass.exe
C:\Program Files\F-Secure\Ssh Trial\fsshclient.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ping.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD SE\PDVDServ.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AprvRemoveLegacyExcelKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn
O4 - HKLM\..\Run: [AprvRemoveLegacyWordKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn
O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [CrypWarning] "C:\Program Files\SafeNet ProtectDrive\chkcryp.exe"
O4 - HKLM\..\Run: [pdtrayicon] "C:\Program Files\SafeNet ProtectDrive\pdtrayicon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DVTrayApp] C:\Program Files\Tumbleweed\Desktop Validator\DVTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ApproveItForOfficeSetup] "C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe " /1 /p "C:\Program Files\ApproveIt\"
O4 - HKLM\..\Run: [inrhc9rpj0e7cl] D:\Documents and Settings\bindrar\Local Settings\Temp\.ttDB0.tmp.exe /CR=5F8C0875B49BA02BB503A8EC828A17BC39E5B08868A9B13363D3E458F5CC07D8D503ED807412C101D55B1E493EB53B1B4B560EC51BF1E8F04E3FE8CDEBB03DE850813A9F88A8917D5097F4A740D323F84F
O4 - HKLM\..\RunOnce: [AprvRemoveOfficeAddIn] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -f OfficeAddIn.dll
O4 - HKLM\..\RunOnce: [AprvRemoveApvOcxSrv] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -f ApvOcxSrv.exe
O4 - HKLM\..\RunOnce: [AprvRemoveAprOff97] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -f AprOff97.dll
O4 - HKLM\..\RunOnce: [combofix] C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [xrt_Shell] D:\Documents and Settings\bindrar\xrt_uyki.exe
O4 - HKUS\S-1-5-21-329068152-1897051121-839522115-78324\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Raj.Bindra')
O4 - HKUS\S-1-5-21-329068152-1897051121-839522115-78324\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Raj.Bindra')
O4 - HKUS\S-1-5-21-329068152-1897051121-839522115-78324\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Raj.Bindra')
O4 - HKUS\S-1-5-21-329068152-1897051121-839522115-78324\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Raj.Bindra')
O4 - Global Startup: ActivClient Agent.lnk = C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
O4 - Global Startup: McAfee Host Intrusion Prevention Tray.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.us.army.mil/suite/page/429668
O16 - DPF: {27F03659-FAD1-4D51-9B42-E3A0264494AB} (JNILoader Control) - https://collab.e-collabcenter.com/sametime/stmeetingroomclient/STJNILoader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121267111965
O20 - AppInit_DLLs: AMINIT.dll
O20 - Winlogon Notify: ackpbsc - C:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: scardmondll2 - C:\WINDOWS\SYSTEM32\scardmondll2.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client Data Manager (ClientDataManager) - Unknown owner - C:\Program Files\SafeNet ProtectDrive\ClientDM.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Inetd\inetd32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.00\Jconfig\jconfigdNT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Smart Card Monitor (SmartCardMonitor) - AFRL/PROE - C:\Program Files\SmartCardMonitor\scardmon.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Storage Encryption Service (StorageEncryptionService) - Unknown owner - C:\Program Files\SafeNet ProtectDrive\storageencryptionservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Tumbleweed Desktop Validator - Tumbleweed Communications Inc. - C:\Program Files\Tumbleweed\Desktop Validator\DVService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 15500 bytes

2
Contributors
1
Reply
2
Views
8 Years
Discussion Span
Last Post by crunchie
0

Hi and welcome to the Daniweb forums :).

==========

Download
SDFix
and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the
following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the
    Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract
    All
    ,
  • Open the extracted folder and double click RunThis.bat to
    start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the
    registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool
    will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and
    display Finished, then press any key to end the script and load
    your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the
    contents of the results file Report.txt back onto the forum with
    a new HijackThis log.

    Please post the SDFix log within CODE Tags.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.