Browser redirects - HJT log (part 2/2)

[fazeka@gmail.com]

Hoping someone can assist me with reading this and helping me to
determine what is causing my browser to redirect (part 2/2):

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-
B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX
\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:
\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:
\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-
CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier
\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java
\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application
Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor
\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD
\DVDLauncher.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real
\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files
\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:
\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files
\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core
\smax4pnp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /
STARTUP
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware
2007\AAWTray.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee
\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /
background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat
7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft
\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft
\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft
\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft
\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files
\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip
\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-
AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX
Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
- http://www.update.microsoft.com/wind...?1190720458093
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-
B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -
{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS
\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:
\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files
\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o.
- C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:
\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:
\WINDOWS\system32\CTsvcCDA.EXE (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:
\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common Files\InstallShield\Driver
\11\Intel 32\IDriverT.exe
O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation -
C:\WINDOWS\system32\ngvpnmgr.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner
- C:\WINDOWS\system32\r_server.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:
\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8831 bytes

[fazeka@gmail.com]

On Oct 6, 1:14 pm, faz...@gmail.com wrote:
> Hoping someone can assist me with reading this and helping me to
> determine what is causing my browser to redirect (part 2/2):

Part 1:

http://groups.google.com/group/alt.p...335b096f183951

[pcbutts1]

Use Remove-it version 13, it's fast and free. It now has over 5000
signatures to remove All variants of Rogue scanners, Desktop/Homepage
Hijackers, Trojans, Codec's, and related Malware/Spyware. New Feature,
Remove-it will now update your hosts file. This tool is designed to
Specifically remove all variants. Scan time is about 2-10 minutes. Designed
for Windows 2000/XP only. Password is still required.
First read this page http://www.pcbutts1.com/downloads then use the email
link on the bottom of the page to receive the software.


Check my feedback and see what others have said about it
http://pcbutts1-therealtruth.blogspot.com/


Feedback is very important to the development of Remove-it.
Let me know how it works. Send feedback here
http://pcbutts1-therealtruth.blogspot.com/

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



<fazeka@gmail.com> wrote in message
news:1191712478.992524.235680@57g2000hsv.googlegro ups.com...
> Hoping someone can assist me with reading this and helping me to
> determine what is causing my browser to redirect (part 2/2):
>
> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-
> B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX
> \AcroIEHelper.dll
> O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:
> \PROGRA~1\SPYBOT~1\SDHelper.dll
> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:
> \Program Files\Java\jre1.6.0_01\bin\ssv.dll
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
> CF10577473F7} - c:\program files\google\googletoolbar2.dll
> O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-
> CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier
> \2.0.301.7164\swg.dll
> O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java
> \jre1.6.0_01\bin\jusched.exe
> O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application
> Accelerator\iaanotif.exe
> O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
> Control Panel\atiptaxx.exe
> O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor
> \IntelMEM.exe
> O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD
> \DVDLauncher.exe"
> O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
> O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real
> \Update_OB\realsched.exe" -osboot
> O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files
> \Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
> O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
> O4 - HKLM\..\Run: [ISUSPM Startup] C:
> \PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
> O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files
> \InstallShield\UpdateService\issch.exe" -start
> O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
> O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core
> \smax4pnp.exe
> O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime
> \qttask.exe" -atboottime
> O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /
> STARTUP
> O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware
> 2007\AAWTray.exe
> O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee
> \SPAMKI~1\MSKAgent.exe
> O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
> O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /
> background
> O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat
> 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
> O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft
> \AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
> O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft
> \AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
> O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft
> \AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
> O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft
> \AVG7\avgw.exe /RUNONCE (User 'Default user')
> O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
> Files\Adobe\Calibration\Adobe Gamma Loader.exe
> O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files
> \Adobe\Acrobat 7.0\Reader\reader_sl.exe
> O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
> Files\InterVideo\Common\Bin\WinCinemaMgr.exe
> O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip
> \WZQKPICK.EXE
> O8 - Extra context menu item: E&xport to Microsoft Excel -
> res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
> - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
> O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-
> AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
> O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
> C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
> O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
> C:\WINDOWS\system32\Shdocvw.dll
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
> - C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-
> BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
> O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
> Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
> O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX
> Scan Agent 6.6) -
> http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
> O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
> -
> http://www.update.microsoft.com/wind...?1190720458093
> O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-
> B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
> O22 - SharedTaskScheduler: Component Categories cache daemon -
> {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS
> \system32\browseui.dll
> O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:
> \Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
> O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files
> \Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
> O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o.
> - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
> O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:
> \PROGRA~1\Grisoft\AVG7\avgupsvc.exe
> O23 - Service: Creative Service for CDROM Access - Unknown owner - C:
> \WINDOWS\system32\CTsvcCDA.EXE (file missing)
> O23 - Service: Google Updater Service (gusvc) - Google - C:\Program
> Files\Google\Common\Google Updater\GoogleUpdaterService.exe
> O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:
> \Program Files\Intel\Intel Application Accelerator\iaantmon.exe
> O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
> Corporation - C:\Program Files\Common Files\InstallShield\Driver
> \11\Intel 32\IDriverT.exe
> O23 - Service: Aventail VPN Client (NgVpnMgr) - Aventail Corporation -
> C:\WINDOWS\system32\ngvpnmgr.exe
> O23 - Service: Remote Administrator Service (r_server) - Unknown owner
> - C:\WINDOWS\system32\r_server.exe
> O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:
> \Program Files\Viewpoint\Common\ViewpointService.exe
>
> --
> End of file - 8831 bytes
>

[Leythos]

In article <fe9du8$fhq$1@blackhelicopter.databasix.com>, pcbutts1
@leythosthestalker.com says...
> Remove-it will now update your hosts file

Use a tool that you download from a PORNO WEBSITE? You've got to be
kidding that you would suggest that people download your file from your
PORNO website and not expect them to believe it contains malware.

Why does your application block access to proven, reputable, honest,
good, malware removal tools?

--
Leythos - spam999free@rrohio.com (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS1.COM that
create filth and put it on the web for any kid to see: Just take a look
at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive.../t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.