Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Get Hijacked from Google

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Get Hijacked from Google

Unread postby dmorrison522 » July 27th, 2009, 3:59 pm

Whenever I am searching using google search engine, when I select an entry from my search it sends me to some other website, trying to sell me something similar to the search item I entered. Sometimes by hitting the back key and re-selecting the entry I can go to my entry. Other times I need to cut and paste the URL of the entry I want to get there. This occurs in both IE and Mozilla




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:59 PM, on 7/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\OneSuiteFax\Client\SendMng.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\AcroTray.exe
C:\Documents and Settings\danm\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [sendmng] "C:\Program Files\OneSuiteFax\Client\SendMng.exe"
O4 - HKLM\..\Run: [18566564] C:\Documents and Settings\All Users\Application Data\18566564\18566564.exe
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\danm\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4102216276
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe

--
End of file - 6116 bytes
dmorrison522
Active Member
 
Posts: 2
Joined: July 27th, 2009, 3:45 pm
Advertisement
Register to Remove

Re: Get Hijacked from Google

Unread postby Bio-Hazard » July 30th, 2009, 10:09 am

Hello and Welcome to forums!

My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • I f you don't know or understand something please don't hesitate to ask.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

No Reply Within 3 Days Will Result In Your Topic Being Closed!!






STEP 1

Download DDS

Please download DDS by sUBs from one of the links below and save it to your desktop:

Image
Download DDS and save it to your desktop from:

Link 1
Link 2

Please disable any anti-malware program that will block scripts from running before running DDS.

  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply


STEP 2


Gmer

Please download Gmer by Gmer and save it to your desktop.

  • Right click on gmer.zip and select Extract All....
  • Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  • Click on the Browse button. Click on Desktop. Then click OK.
  • Click Next. It will start extracting.
  • Once done, check (tick) the Show extracted files box and click Finish.
  • Double click on gmer.exe to run it.
  • Select the Rootkit tab.
  • On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click on the Scan button.
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  • Open Notepad or a similar text editor.
  • Paste the clipboard contents into the text editor.
  • Save the Gmer scan log and post it in your next reply.
  • Close Gmer.

Note: Do not run any programs while Gmer is running.



Next Reply

Please reply with:
  • DDS.txt
  • Attach.txt
  • Gmer log
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Get Hijacked from Google

Unread postby dmorrison522 » July 30th, 2009, 11:54 am

Thanks for your help

Attach log:

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/3/2009 10:29:25 PM
System Uptime: 7/29/2009 3:06:45 AM (29 hours ago)

Motherboard: Dell Computer Corporation | | 07W080
Processor: Intel(R) Pentium(R) 4 CPU 1.80GHz | Socket 478 | 1794/400mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 28 GiB total, 10.382 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP49: 7/5/2009 9:21:32 AM - System Checkpoint
RP50: 7/6/2009 9:54:04 AM - System Checkpoint
RP51: 7/7/2009 10:16:19 AM - System Checkpoint
RP52: 7/8/2009 11:25:42 AM - Installed WinZip 12.1
RP53: 7/9/2009 11:47:52 AM - System Checkpoint
RP54: 7/10/2009 12:47:54 PM - System Checkpoint
RP55: 7/11/2009 1:47:53 PM - System Checkpoint
RP56: 7/12/2009 1:55:40 PM - System Checkpoint
RP57: 7/13/2009 2:56:28 PM - Installed VIPRE Antivirus + Antispyware.
RP58: 7/14/2009 3:00:22 AM - Software Distribution Service 3.0
RP59: 7/14/2009 7:19:53 AM - Installed Windows XP WgaNotify.
RP60: 7/14/2009 3:29:55 PM - Software Distribution Service 3.0
RP61: 7/15/2009 12:48:40 PM - Installed QuickBooks.
RP62: 7/16/2009 3:00:18 AM - Software Distribution Service 3.0
RP63: 7/17/2009 3:18:15 AM - System Checkpoint
RP64: 7/18/2009 4:18:12 AM - System Checkpoint
RP65: 7/19/2009 5:18:14 AM - System Checkpoint
RP66: 7/20/2009 6:18:14 AM - System Checkpoint
RP67: 7/21/2009 8:25:55 AM - System Checkpoint
RP68: 7/22/2009 4:37:54 PM - System Checkpoint
RP69: 7/23/2009 5:02:00 PM - System Checkpoint
RP70: 7/24/2009 5:18:03 PM - System Checkpoint
RP71: 7/25/2009 6:18:04 PM - System Checkpoint
RP72: 7/26/2009 7:18:03 PM - System Checkpoint
RP73: 7/27/2009 8:17:51 PM - System Checkpoint
RP74: 7/28/2009 2:51:45 AM - Installed Roxio Media Manager
RP75: 7/29/2009 3:00:19 AM - Software Distribution Service 3.0
RP76: 7/30/2009 3:03:12 AM - System Checkpoint

==== Installed Programs ======================


2007 Microsoft Office Suite Service Pack 2 (SP2)
50 FREE MP3s +1 Free Audiobook!
Adobe Acrobat 6.0 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
ATI - Software Uninstall Utility
ATI Display Driver
BlackBerry Desktop Software 5.0
Broadcom 440x 10/100 Integrated Controller
CCleaner (remove only)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel(R) Extreme Graphics Driver
Malwarebytes' Anti-Malware
MeridianLink Site Security Certificate
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft WSE 2.0 SP3 Runtime
Mozilla Firefox (3.0.12)
Mozilla Thunderbird (2.0.0.21)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Nero 6 Ultra Edition
OneSuite Fax 2008
Point 6.2
QuickBooks Premier: Accountant Edition 2008
Quicken Basic 99
Roxio Media Manager
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
SkyCaddie Desktop
SoundMAX
Spybot - Search & Destroy
SupportSoft Assisted Service
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VIPRE Antivirus + Antispyware
VLC media player 0.9.9
WebFldrs XP
Winamp
Winamp Toolbar
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
WinRAR archiver
WinZip 12.1

==== Event Viewer Messages From Past Week ========

7/29/2009 3:07:52 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
7/26/2009 3:38:04 PM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 000874BA5D04 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================


DDS Log:

DDS (Ver_09-07-30.01) - NTFSx86
Run by danm at 8:36:20.89 on Thu 07/30/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1460 [GMT -6:00]

AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\OneSuiteFax\Client\SendMng.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\AcroTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\danm\Local Settings\Temporary Internet Files\Content.IE5\RXOJQNMF\dds[1].pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [cdloader] "c:\documents and settings\danm\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [sendmng] "c:\program files\onesuitefax\client\SendMng.exe"
mRun: [18566564] c:\documents and settings\all users\application data\18566564\18566564.exe
mRun: [SBAMTray] c:\program files\sunbelt software\vipre\SBAMTray.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
StartupFolder: c:\docume~1\danm\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billmi~1.lnk - c:\quickenw\BILLMIND.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\quickenw\QWDLLS.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 4102216276
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\danm\applic~1\mozilla\firefox\profiles\5si78ip7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli ... pab&query=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2009-7-13 13360]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-4-30 93360]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-7-13 202928]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-7-13 69936]
S0 cerc6;cerc6; [x]
S2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2009-6-10 980264]

=============== Created Last 30 ================

2009-07-28 02:52 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-07-28 02:52 <DIR> --d----- c:\program files\Roxio
2009-07-15 14:59 <DIR> --dsh--- c:\documents and settings\danm\IECompatCache
2009-07-15 12:59 <DIR> --d----- c:\program files\common files\supportsoft
2009-07-15 12:49 <DIR> --d----- c:\program files\common files\Intuit
2009-07-15 12:49 <DIR> --d----- c:\program files\Intuit
2009-07-15 12:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2009-07-15 12:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\COMMON FILES
2009-07-15 09:52 <DIR> --dsh--- c:\documents and settings\danm\PrivacIE
2009-07-15 07:25 <DIR> --dsh--- c:\documents and settings\danm\IETldCache
2009-07-14 16:13 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-14 16:13 <DIR> --d----- c:\windows\ie8updates
2009-07-14 16:12 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-14 16:12 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-14 16:09 <DIR> -cd-h--- c:\windows\ie8
2009-07-14 09:26 0 a------- c:\windows\system32\58.tmp
2009-07-13 15:19 69,936 a------- c:\windows\system32\drivers\sbapifs.sys
2009-07-13 15:19 13,360 a------- c:\windows\system32\drivers\sbaphd.sys
2009-07-13 14:59 <DIR> --d----- c:\docume~1\danm\applic~1\Sunbelt
2009-07-13 14:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sunbelt
2009-07-13 14:56 202,928 a------- c:\windows\system32\drivers\sbtis.sys
2009-07-13 14:56 <DIR> --d----- c:\program files\Sunbelt Software
2009-07-13 11:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\18566564
2009-07-13 09:18 0 a------- c:\windows\system32\1F.tmp
2009-07-07 10:40 395 a------- c:\windows\wininit.ini
2009-07-06 17:35 0 a------- c:\windows\system32\F4.tmp
2009-07-03 12:52 0 a------- c:\windows\system32\55F.tmp

==================== Find3M ====================

2009-07-03 11:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-18 15:36 256 a------- c:\documents and settings\danm\pool.bin
2009-06-16 08:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 08:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-10 06:00 68,392 a------- c:\windows\system32\sbbd.exe
2009-06-04 14:04 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-04 00:56 454,656 a------- c:\program files\putty.exe
2009-06-03 22:22 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-06-03 13:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-07 09:32 345,600 a------- c:\windows\system32\localspl.dll

============= FINISH: 8:36:48.32 ===============


GMER log:

{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.15.1515;}\viewkind4\uc1\pard\f0\fs20 GMER 1.0.15.15011 [gmer.exe] - http://www.gmer.net\par
Rootkit scan 2009-07-30 09:48:49\par
Windows 5.1.2600 Service Pack 3\par
\par
\par
---- System - GMER 1.0.15 ----\par
\par
SSDT \\SystemRoot\\system32\\drivers\\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xF79B34D0]\par
SSDT \\SystemRoot\\system32\\drivers\\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xF79B3520]\par
\par
---- User code sections - GMER 1.0.15 ----\par
\par
.text C:\\Program Files\\Common Files\\Research In Motion\\Auto Update\\RIMAutoUpdate.exe[352] C:\\WINDOWS\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\Program Files\\Common Files\\Research In Motion\\Auto Update\\RIMAutoUpdate.exe[352] C:\\WINDOWS\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\system32\\winlogon.exe[636] C:\\WINDOWS\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\system32\\winlogon.exe[636] C:\\WINDOWS\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\system32\\services.exe[680] C:\\WINDOWS\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\system32\\services.exe[680] C:\\WINDOWS\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\system32\\lsass.exe[692] C:\\WINDOWS\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\system32\\lsass.exe[692] C:\\WINDOWS\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\system32\\svchost.exe[864] c:\\windows\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\system32\\svchost.exe[864] c:\\windows\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\system32\\svchost.exe[956] c:\\windows\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\system32\\svchost.exe[956] c:\\windows\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\System32\\svchost.exe[1052] c:\\windows\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\System32\\svchost.exe[1052] c:\\windows\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\system32\\svchost.exe[1108] c:\\windows\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\system32\\svchost.exe[1108] c:\\windows\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\system32\\svchost.exe[1196] c:\\windows\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\system32\\svchost.exe[1196] c:\\windows\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\Explorer.EXE[1220] C:\\WINDOWS\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\Explorer.EXE[1220] C:\\WINDOWS\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\System32\\alg.exe[1228] C:\\WINDOWS\\System32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\System32\\alg.exe[1228] C:\\WINDOWS\\System32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\system32\\spoolsv.exe[1416] C:\\WINDOWS\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\system32\\spoolsv.exe[1416] C:\\WINDOWS\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\system32\\svchost.exe[1504] c:\\windows\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\system32\\svchost.exe[1504] c:\\windows\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBCFMonitorService.exe[1656] C:\\WINDOWS\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBCFMonitorService.exe[1656] C:\\WINDOWS\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\Program Files\\Adobe\\Acrobat 6.0\\Acrobat\\Acrobat.exe[2300] C:\\WINDOWS\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\Program Files\\Adobe\\Acrobat 6.0\\Acrobat\\Acrobat.exe[2300] C:\\WINDOWS\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\PROGRA~1\\WINZIP\\winzip32.exe[2548] C:\\WINDOWS\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\PROGRA~1\\WINZIP\\winzip32.exe[2548] C:\\WINDOWS\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9521 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCB69 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2543F6 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED408 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E3F78 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] C:\\WINDOWS\\system32\\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] C:\\WINDOWS\\system32\\ws2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3792] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3792] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3792] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3792] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3792] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3792] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3792] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3792] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3792] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3792] C:\\WINDOWS\\system32\\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3792] C:\\WINDOWS\\system32\\ws2_32.dll entry point in ".data" section [0x71AC41A1]\par
\par
---- User IAT/EAT - GMER 1.0.15 ----\par
\par
IAT C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] @ C:\\WINDOWS\\system32\\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\\Program Files\\Internet Explorer\\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)\par
\par
---- Devices - GMER 1.0.15 ----\par
\par
AttachedDevice \\Driver\\Tcpip \\Device\\Ip sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)\par
AttachedDevice \\Driver\\Tcpip \\Device\\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)\par
AttachedDevice \\Driver\\Tcpip \\Device\\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)\par
AttachedDevice \\Driver\\Tcpip \\Device\\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)\par
AttachedDevice \\FileSystem\\Fastfat \\Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)\par
\par
---- EOF - GMER 1.0.15 ----\par
}
dmorrison522
Active Member
 
Posts: 2
Joined: July 27th, 2009, 3:45 pm

Re: Get Hijacked from Google

Unread postby Bio-Hazard » July 30th, 2009, 1:45 pm

ATF-Cleaner

Please download ATF Cleaner by Atribune.

  • Save it to your desktop
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.

    NOTE: If you would like to keep your saved passwords please click No at the prompt.
  • Click Exit on the Main menu to close the program.


Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform full scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest



Kaspersky Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply along with a fresh HijackThis log.




Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • Malwarebytes Antimalware log
  • Kaspersky Log
  • A fresh HijackThis Log ( after all the above has been done)
  • A description of how your computer is behaving
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Get Hijacked from Google

Unread postby markkhunt » August 3rd, 2009, 12:26 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
markkhunt
Admin/Teacher Emeritus
 
Posts: 7911
Joined: April 15th, 2005, 8:58 pm
Location: Newburgh, IN
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 54 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware