Overclock.net banner

got some nasty re directing going on in firefox!

Jump to Latest Follow
1 - 7 of 7 Posts
H

·
Registered
Joined
·
171 Posts
Discussion Starter · #1 ·
Hi there everyone! been ages since i posted on here, not had enough time on my hands to be messin with my machine lol. anyways, i was wondering if anyone had any ideas what could be causing my problem? the probelm is this: when i do a search in google, it brings up the results as per usual, but when i click one of them it redirects me all over the place! my machine is running very slow these days aswell. now ive run ad adware and avast scans, but they come up empty handed, (maybe a few cookies in ad aware) so now im at a loss. i did the following Hijackthis log, but i cant work out what im looking for, so would someone please have a look at this for me and also maybe explain what i should look for in the future? many many thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:19, on 11/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\\Windows\\system32\\Dwm.exe
C:\\Windows\\system32\askeng.exe
C:\\Windows\\Explorer.EXE
C:\\Program Files\\Windows Defender\\MSASCui.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe
C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe
C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe
C:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe
C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe
C:\\Program Files\\Lexmark 3600-4600 Series\\lxdxMsdMon.exe
C:\\Windows\\System32\
undll32.exe
C:\\Program Files\\PowerISO\\PWRISOVM.EXE
C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe
C:\\Program Files\\Saitek\\SD6\\Software\\ProfilerU.exe
C:\\Program Files\\Saitek\\SD6\\Software\\SaiMfd.exe
C:\\Program Files\\Lavasoft\\Ad-Aware\\AAWTray.exe
C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe
C:\\Windows\\ehome\\ehtray.exe
C:\\Program Files\\uTorrent\\uTorrent.exe
C:\\Windows\\ehome\\ehmsas.exe
C:\\Windows\\system32\\wuauclt.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Windows\\system32\\SearchFilterHost.exe
C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.d ll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\\Program Files\\Real\\RealPlayer\
pbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.6.0_07\\bin\\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\4.1.805.4472 \\swg.dll
O4 - HKLM\\..\\Run: [Windows Defender] %ProgramFiles%\\Windows Defender\\MSASCui.exe -hide
O4 - HKLM\\..\\Run: [TBPanel] C:\\Program Files\\XpertVision\\TBPanel.exe /A
O4 - HKLM\\..\\Run: [avast!] C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe
O4 - HKLM\\..\\Run: [SoundMAXPnP] C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] "C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe"
O4 - HKLM\\..\\Run: [lxdxmon.exe] "C:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"
O4 - HKLM\\..\\Run: [lxdxamon] "C:\\Program Files\\Lexmark 3600-4600 Series\\lxdxamon.exe"
O4 - HKLM\\..\\Run: [GrooveMonitor] "C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [PWRISOVM.EXE] C:\\Program Files\\PowerISO\\PWRISOVM.EXE
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] "C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"
O4 - HKLM\\..\\Run: [ZoneAlarm Client] "C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
O4 - HKLM\\..\\Run: [ProfilerU] C:\\Program Files\\Saitek\\SD6\\Software\\ProfilerU.exe
O4 - HKLM\\..\\Run: [SaiMfd] C:\\Program Files\\Saitek\\SD6\\Software\\SaiMfd.exe
O4 - HKLM\\..\\Run: [Ad-Watch] C:\\Program Files\\Lavasoft\\Ad-Aware\\AAWTray.exe
O4 - HKCU\\..\\Run: [NVIDIA nTune] C:\\Program Files\\NVIDIA Corporation\
Tune\
TuneCmd.exe resetprofile
O4 - HKCU\\..\\Run: [MsnMsgr] "C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe" /background
O4 - HKCU\\..\\Run: [ehTray.exe] C:\\Windows\\ehome\\ehTray.exe
O4 - HKCU\\..\\Run: [uTorrent] "C:\\Program Files\\uTorrent\\uTorrent.exe"
O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-19\\..\\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office12\\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\PROGRA~1\\Java\\JRE16~1.0_0\\bin\\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\PROGRA~1\\Java\\JRE16~1.0_0\\bin\\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\Office12\\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{98293894-F039-4405-BE0D-F84CE87681E0}: NameServer = 85.255.112.24,85.255.112.118
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{9C9ED8E7-E973-43F3-B6FF-DA3BD79608EA}: NameServer = 85.255.112.24,85.255.112.118
O17 - HKLM\\System\\CS1\\Services\\Tcpip\\Parameters: NameServer = 85.255.112.24,85.255.112.118
O17 - HKLM\\System\\CS12\\Services\\Tcpip\\Parameters: NameServer = 85.255.112.24,85.255.112.118
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: NameServer = 85.255.112.24,85.255.112.118
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\\Windows\\System32\\DreamScene.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\\Windows\\System32\\appdrvrem01.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\\Program Files\\Common Files\\Autodata Limited Shared\\Service\\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\11\\Intel 32\\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\\Program Files\\Lavasoft\\Ad-Aware\\AAWService.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\\Windows\\system32\\spool\\DRIVERS\\W32X86\\3\\ \\lxdxserv.exe
O23 - Service: lxdx_device - - C:\\Windows\\system32\\lxdxcoms.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\\Program Files\\NVIDIA Corporation\
Tune\
TuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\\Windows\\system32\
vvsvc.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\\Program Files\\NVIDIA Corporation\\System Update\\UpdateCenterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\\Windows\\System32\\ZoneLabs\\vsmon.exe

--
End of file - 8454 bytes
 
keyboard_commando

·
Registered
Joined
·
408 Posts
#2 ·
O1 - Hosts: ::1 localhost <<<< Looks strange, havent looked it up myself but id start looking in your Hosts file see whats in there. It could be part of Ad-aware, not sure if they use redirects like Spybot S&D, check Ad-aware site.

Location: %SystemRoot%\\System32\\drivers\\etc\\hosts.
--------------------------------------------------------------------

O13 - Gopher Prefix: <<< check this out

Also check any (no name) BHO's ... but do a little research on the key to find out if its a legit helper, before removing.

You could trim your started services, I notice, Google updater is on

O23 - Service: Autodata Limited License Service - Unknown owner - C:\\Program Files\\Common Files\\Autodata Limited Shared\\Service\\ADCDLicSvc.exe, ... might be worthing checking it out

O17 - HKLM\\System\\CS1\\Services\\Tcpip\\Parameters: NameServer = 85.255.112.24,85.255.112.118
O17 - HKLM\\System\\CS12\\Services\\Tcpip\\Parameters: NameServer = 85.255.112.24,85.255.112.118
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: NameServer = 85.255.112.24,85.255.112.118

Who's IP are those above ^^^ ???? Unless youre Ukrainian lol

I think you need to remove these IP's straight away, very suspsicious.
 
keyboard_commando

·
Registered
Joined
·
408 Posts
#4 ·
BTW.

Turn System restore off, Scan the hell out of your comp with Malwarebytes and SuperAntiSpyware and your Anti Virus.

Find a decent online scanner, after scanning with your own anti virus, and when everything is gone, turn system restore back on.
 
Lige

·
Premium Member
Joined
·
8,052 Posts
#5 ·
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:19, on 11/03/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal

Running processes:
C:\\Windows\\system32\\Dwm.exe
C:\\Windows\\system32\askeng.exe
C:\\Windows\\Explorer.EXE
C:\\Program Files\\Windows Defender\\MSASCui.exe
C:\\Program Files\\Alwil Software\\Avast4\\ashDisp.exe
C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe
C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe
C:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe
C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe
C:\\Program Files\\Lexmark 3600-4600 Series\\lxdxMsdMon.exe
C:\\Windows\\System32\
undll32.exe
C:\\Program Files\\PowerISO\\PWRISOVM.EXE
C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe
C:\\Program Files\\Saitek\\SD6\\Software\\ProfilerU.exe
C:\\Program Files\\Saitek\\SD6\\Software\\SaiMfd.exe
C:\\Program Files\\Lavasoft\\Ad-Aware\\AAWTray.exe
C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe
C:\\Windows\\ehome\\ehtray.exe
C:\\Program Files\\uTorrent\\uTorrent.exe
C:\\Windows\\ehome\\ehmsas.exe
C:\\Windows\\system32\\wuauclt.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Windows\\system32\\SearchFilterHost.exe
C:\\Program Files\\Trend Micro\\HijackThis\\HijackThis.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.d ll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\\Program Files\\Real\\RealPlayer\
pbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre1.6.0_07\\bin\\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\\Program Files\\Google\\GoogleToolbarNotifier\\4.1.805.4472 \\swg.dll
O4 - HKLM\\..\\Run: [Windows Defender] %ProgramFiles%\\Windows Defender\\MSASCui.exe -hide
O4 - HKLM\\..\\Run: [TBPanel] C:\\Program Files\\XpertVision\\TBPanel.exe /A
O4 - HKLM\\..\\Run: [avast!] C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe
O4 - HKLM\\..\\Run: [SoundMAXPnP] C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] "C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe"
O4 - HKLM\\..\\Run: [lxdxmon.exe] "C:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"
O4 - HKLM\\..\\Run: [lxdxamon] "C:\\Program Files\\Lexmark 3600-4600 Series\\lxdxamon.exe"
O4 - HKLM\\..\\Run: [GrooveMonitor] "C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [NvMediaCenter] RUNDLL32.EXE C:\\Windows\\system32\\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\\..\\Run: [PWRISOVM.EXE] C:\\Program Files\\PowerISO\\PWRISOVM.EXE
O4 - HKLM\\..\\Run: [Adobe Reader Speed Launcher] "C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"
O4 - HKLM\\..\\Run: [ZoneAlarm Client] "C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
O4 - HKLM\\..\\Run: [ProfilerU] C:\\Program Files\\Saitek\\SD6\\Software\\ProfilerU.exe
O4 - HKLM\\..\\Run: [SaiMfd] C:\\Program Files\\Saitek\\SD6\\Software\\SaiMfd.exe
O4 - HKLM\\..\\Run: [Ad-Watch] C:\\Program Files\\Lavasoft\\Ad-Aware\\AAWTray.exe
O4 - HKCU\\..\\Run: [NVIDIA nTune] C:\\Program Files\\NVIDIA Corporation\
Tune\
TuneCmd.exe resetprofile
O4 - HKCU\\..\\Run: [MsnMsgr] "C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe" /background
O4 - HKCU\\..\\Run: [ehTray.exe] C:\\Windows\\ehome\\ehTray.exe
O4 - HKCU\\..\\Run: [uTorrent] "C:\\Program Files\\uTorrent\\uTorrent.exe"
O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-19\\..\\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office12\\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\PROGRA~1\\Java\\JRE16~1.0_0\\bin\\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\PROGRA~1\\Java\\JRE16~1.0_0\\bin\\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\Office12\\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{98293894-F039-4405-BE0D-F84CE87681E0}: NameServer = 85.255.112.24,85.255.112.118
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{9C9ED8E7-E973-43F3-B6FF-DA3BD79608EA}: NameServer = 85.255.112.24,85.255.112.118
O17 - HKLM\\System\\CS1\\Services\\Tcpip\\Parameters: NameServer = 85.255.112.24,85.255.112.118
O17 - HKLM\\System\\CS12\\Services\\Tcpip\\Parameters: NameServer = 85.255.112.24,85.255.112.118
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: NameServer = 85.255.112.24,85.255.112.118
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\\Windows\\System32\\DreamScene.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\\Windows\\System32\\appdrvrem01.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\\Program Files\\Common Files\\Autodata Limited Shared\\Service\\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\11\\Intel 32\\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\\Program Files\\Lavasoft\\Ad-Aware\\AAWService.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\\Windows\\system32\\spool\\DRIVERS\\W32X86\\3\\ \\lxdxserv.exe
O23 - Service: lxdx_device - - C:\\Windows\\system32\\lxdxcoms.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\\Program Files\\NVIDIA Corporation\
Tune\
TuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\\Windows\\system32\
vvsvc.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\\Program Files\\NVIDIA Corporation\\System Update\\UpdateCenterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\\Windows\\System32\\ZoneLabs\\vsmon.exe

Delete all that.

Also, what is being redirected?
Have you done a Malwarebytes scan?
 
grunion

·
Premium Member
Joined
·
25,203 Posts
#6 ·
Copy and paste to here

Code:
Code: 
 O17 - HKLMSystemCCSServicesTcpip..{98293894-F039-4405-BE0D-F84CE87681E0}: NameServer = 85.255.112.24,85.255.112.118

Kind

Do you know the IP or Domain '85.255.112.24,85.255.112.118'? If not, fix this entry.
Visitor's assessment Analyzerdetails 
O17 - HKLMSystemCCSServicesTcpip..{9C9ED8E7-E973-43F3-B6FF-DA3BD79608EA}: NameServer = 85.255.112.24,85.255.112.118

Kind

Do you know the IP or Domain '85.255.112.24,85.255.112.118'? If not, fix this entry.
Visitor's assessment Analyzerdetails 
O17 - HKLMSystemCS1ServicesTcpipParameters: NameServer = 85.255.112.24,85.255.112.118

Kind

Do you know the IP or Domain '85.255.112.24,85.255.112.118'? If not, fix this entry.
Visitor's assessment Analyzerdetails 
O17 - HKLMSystemCS12ServicesTcpipParameters: NameServer = 85.255.112.24,85.255.112.118

Kind

Do you know the IP or Domain '85.255.112.24,85.255.112.118'? If not, fix this entry.
Visitor's assessment Analyzerdetails 
O17 - HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.112.24,85.255.112.118

Kind

Do you know the IP or Domain '85.255.112.24,85.255.112.118'? If not, fix this entry.
 
1 - 7 of 7 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
About this Discussion
6 Replies
5 Participants
Last post:
Lige
Overclock.net
A forum community dedicated to overclocking enthusiasts and testing the limits of computing. Come join the discussion about computing, builds, collections, displays, models, styles, scales, specifications, reviews, accessories, classifieds, and more!
Full Forum Listing
Explore Our Forums
Hardware News PC Gaming Intel CPUs NVIDIA Water Cooling
Recommended Communities
Community avatar for VWVortex Volkswagen Forum
VWVortex Volkswagen Forum
1M+ members
Community avatar for Toyota Off-Road Forum
Toyota Off-Road Forum
168K+ members
Community avatar for Gaming Forum
Gaming Forum
220+ members
Top