[Inactive] notice anything wrong here?

  • 1 Replies
  • 1001 Views
*

Offline deanetrue

  • Bronze Member
  • 1
[Inactive] notice anything wrong here?
« on: December 08, 2009, 03:38:58 PM »
I'm having a redirect from http://www.worldofwarcraft.com to http://sedoparking.com/worldwarcraft.com
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
D:\Program Files\Analog Devices\SoundMAX\Smax4.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
D:\Documents and Settings\deane truelove\My Documents\Downloads\Wowhead_Client.exe
D:\Documents and Settings\deane truelove\Local Settings\Apps\2.0\01XYXQ1N.H6A\P6PBMGBG.NNN\curs..tion_eee711038731a406_0004.0000_1332b9f434841748\CurseClient.exe
D:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\DllHost.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: Wowhead Client.lnk = D:\Documents and Settings\deane truelove\My Documents\Downloads\Wowhead_Client.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

*

Offline PCBruiser

  • Malware Removal Mentors
  • Ambassador
  • Diamond Member
  • 8146
Re: notice anything wrong here?
« Reply #1 on: December 09, 2009, 08:31:49 AM »
Your log is incomplete and unusable by our Staff.  Please carefully read and follow all the pinned topics at the top of our http://spywarehammer.com/simplemachinesforum/index.php?board=10.0 forum.  Then post a complete HJT log.  Once you do that, one of our experts will help you diagnose and remove any malware that may be on your system.
Don't Read?  Can't learn!