Internet browser opens itself and displays ad

rick, on Tuesday 7 October 2008 à 20:44:44

Hello,

here's the hijackthis script and process. please help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:49:21 AM, on 10/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/...
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: innbanner browser enhancer - {64d32e84-30fc-cbad-061b-2c6a2e16fad5} - C:\WINDOWS\system32\pmtzinuarivxid.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [xtoxsgxplxru] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\pmtzinuarivxid.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /M "Stylus Photo R320" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-21-2054569906-1806645074-3114041435-1009\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'kodak')
O4 - HKUS\S-1-5-21-2054569906-1806645074-3114041435-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - S-1-5-21-2054569906-1806645074-3114041435-1009 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'kodak')
O4 - S-1-5-21-2054569906-1806645074-3114041435-1009 User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'kodak')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://roxypalace.microgaming.com/freeplay/FlashAX.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{1272ECCF-309C-4BB5-B2B0-B0E7F2091495}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{55F363B8-61FE-4CCC-993D-C2BE4BA62339}: NameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1272ECCF-309C-4BB5-B2B0-B0E7F2091495}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1272ECCF-309C-4BB5-B2B0-B0E7F2091495}: NameServer = 192.168.1.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KodakDigitalDisplayService - Orb Networks - C:\Program Files\Kodak\Digital Display\OrbKodakLauncher\DllStartupService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
End of file - 11208 bytes

Process list saved on 7:02:56 AM, on 10/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)

[pid] [full path to filename] [file version] [company name]
672 C:\WINDOWS\System32\smss.exe 5.1.2600.5512 Microsoft Corporation
804 C:\WINDOWS\system32\winlogon.exe 5.1.2600.5512 Microsoft Corporation
852 C:\WINDOWS\system32\services.exe 5.1.2600.5512 Microsoft Corporation
864 C:\WINDOWS\system32\lsass.exe 5.1.2600.5512 Microsoft Corporation
1036 C:\WINDOWS\system32\Ati2evxx.exe 6.14.10.4119 ATI Technologies Inc.
1052 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation
1208 C:\WINDOWS\System32\svchost.exe 5.1.2600.5512 Microsoft Corporation
1656 C:\WINDOWS\system32\Ati2evxx.exe 6.14.10.4119 ATI Technologies Inc.
1748 C:\WINDOWS\Explorer.EXE 6.0.2900.5512 Microsoft Corporation
1764 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 107.0.5.5 Symantec Corporation
1972 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe 1.9.2.84
724 C:\WINDOWS\system32\spoolsv.exe 5.1.2600.5512 Microsoft Corporation
272 C:\WINDOWS\arservice.exe 6.0.160.0 Microsoft
292 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe 3.4.1.234 Symantec Corporation
336 C:\WINDOWS\eHome\ehRecvr.exe 5.1.2715.2773 Microsoft Corporation
568 C:\Program Files\Common Files\LightScribe\LSSrvc.exe 1.4.52.1 Hewlett-Packard Company
740 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 7.0.9466.0 Microsoft Corporation
2116 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation
2204 C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe 3.3.1.2592 Webroot Software, Inc.
3188 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE 3.0.0.0 SEIKO EPSON CORPORATION
3264 C:\WINDOWS\ehome\ehtray.exe 5.1.2710.2732 Microsoft Corporation
3276 C:\WINDOWS\ARPWRMSG.EXE 6.0.160.0 Microsoft
3296 C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE 1.0.3.0 BrÃ¸derbund Software
3352 C:\WINDOWS\System32\regsvr32.exe 5.1.2600.5512 Microsoft Corporation
3360 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 107.0.5.5 Symantec Corporation
3368 C:\WINDOWS\system32\ctfmon.exe 5.1.2600.5512 Microsoft Corporation
3384 C:\Program Files\Microsoft ActiveSync\wcescomm.exe 4.5.5096.0 Microsoft Corporation
3392 C:\Program Files\Messenger\msmsgs.exe 4.7.0.3001 Microsoft Corporation
3480 C:\WINDOWS\eHome\ehmsas.exe 5.1.2710.2732 Microsoft Corporation
3556 C:\Program Files\Internet Explorer\iexplore.exe 6.0.2900.5512 Microsoft Corporation
3736 C:\PROGRA~1\MI3AA1~1\rapimgr.exe 4.5.5096.0 Microsoft Corporation
3080 C:\HP\KBD\KBD.EXE 1.0.2.2 Hewlett-Packard Company
3732 C:\WINDOWS\ALCXMNTR.EXE 1.5.0.0 Realtek Semiconductor Corp.
2016 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 6.14.10.5166 ATI Technologies, Inc.
636 c:\windows\system\hpsysdrv.exe 1.7.0.0 Hewlett-Packard Company
1684 C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe 5.0.50.5 Sun Microsystems, Inc.
2356 C:\WINDOWS\System32\svchost.exe 5.1.2600.5512 Microsoft Corporation
632 C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe 5.1.2600.5512 Microsoft Corporation
1512 C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe 3.0.0.71 Symantec Corporation
4528 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe 2.0.0.2 Trend Micro Inc.

Configuration: Windows XP
Internet Explorer 6.0

Reply to rick Report this message to moderators