Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Baidu Problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Baidu Problem

Unread postby deltalima » June 21st, 2010, 1:40 pm

Hi erik8mwr,

But when I change my current static IP address from 192.168.1.1 to 192.168.1.2 on my router page


Your router and PC are now configured correctly, when you make changes to the router you need to ensure that the PC is configured to match those changes. However this is adding confusion to the redirect issue, please do NOT make any changes other than the ones that I request.

Please give me a summary of the current situation, as I understand it the Baidu issue is now resolved but if you type an invalid url you are taken to your router configuration page?

If you type a valid url in the address bar does it go to the site correctly?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Re: Baidu Problem

Unread postby erik8mwr » June 21st, 2010, 2:03 pm

I thought the IP address problem is related to the Baidu problem or maybe seperate so I post another problem under same topic.

if you type an invalid url you are taken to your router configuration page?

No. When I simply type like 'asdfghjk' only on IE or firefox address bar, the page is redirect to my router page.

If you type a valid url in the address bar does it go to the site correctly?

Yes.
erik8mwr
Regular Member
 
Posts: 22
Joined: June 12th, 2010, 4:25 am

Re: Baidu Problem

Unread postby deltalima » June 21st, 2010, 2:15 pm

Hi erik8mwr,

When I simply type like 'asdfghjk' only on IE or firefox address bar, the page is redirect to my router page.


So an valid url like 'asdfghjk' takes you to the router but you would expect it to take you to your default search engine and search for 'asdfghjk'?

What default search settings do you have ? my180.com ?

Next

RSIT (Random's System Information Tool)

Please download RSIT by random/random... and save it to your desktop.
  • Right click on RSIT.exe and select "Run As Administrator" to run it. If Windows UAC prompts you, please allow it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", << will be maximized
  • The second one, "info.txt", << will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Baidu Problem

Unread postby erik8mwr » June 21st, 2010, 2:36 pm

So an valid url like 'asdfghjk' takes you to the router but you would expect it to take you to your default search engine and search for 'asdfghjk'?

It would be nice that 'asdfghjk' is redirect to Google search page instead of router page

What default search settings do you have ? my180.com ?

Google. The Google search engine is located at upper-left position of IE and Firefox. Is my180.com a search engine? Hw it exist on my computer cause i dont know.
erik8mwr
Regular Member
 
Posts: 22
Joined: June 12th, 2010, 4:25 am

Re: Baidu Problem

Unread postby deltalima » June 21st, 2010, 2:38 pm

OK, run the RSIT scan and post the logs.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Baidu Problem

Unread postby erik8mwr » June 21st, 2010, 2:41 pm

So an valid url like 'asdfghjk' takes you to the router but you would expect it to take you to your default search engine and search for 'asdfghjk'?

It would be nice that 'asdfghjk' is redirect to Google search page instead of router page

What default search settings do you have ? my180.com ?

Google. The Google search engine is located at upper-left position of IE and Firefox. Is my180.com a search engine? Hw it exist on my computer cause i dont know.

Since you mention the logs are lengthy, so I attach the files.
You do not have the required permissions to view the files attached to this post.
erik8mwr
Regular Member
 
Posts: 22
Joined: June 12th, 2010, 4:25 am

Re: Baidu Problem

Unread postby deltalima » June 21st, 2010, 3:23 pm

Hi erik8mwr,

Please re-open HijackThis and select Scan. Check the boxes next to all the entries listed below (if present):

R3 - URLSearchHook: PIPI Link Helper - {1E315374-71A5-471A-B683-4C4ADB5C588B} - C:\Program Files\StarTV\core\pipi\JfCheck.dll

Now close all other open windows and then click on Fix Checked. Close HijackThis.

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
C:\Program Files\Thunder Network\MiniThunder\MiniThunder.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Now please repeat this scan with the file

C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\ThunderService.exe


Please post the results from both scans in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Baidu Problem

Unread postby erik8mwr » June 22nd, 2010, 9:13 am

Here are the both results:
You do not have the required permissions to view the files attached to this post.
erik8mwr
Regular Member
 
Posts: 22
Joined: June 12th, 2010, 4:25 am

Re: Baidu Problem

Unread postby deltalima » June 22nd, 2010, 9:17 am

Hi erik8mwr,

Is the problem just with Internet Explorer?

Does Firefox work correctly?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Baidu Problem

Unread postby erik8mwr » June 23rd, 2010, 9:16 am

Yes. The both browser are redirect to router page when i simply type like 'asdf'.
erik8mwr
Regular Member
 
Posts: 22
Joined: June 12th, 2010, 4:25 am

Re: Baidu Problem

Unread postby deltalima » June 23rd, 2010, 9:34 am

Hi erik8mwr,

  1. Exit all programs, including Internet Explorer (if it is running).
  2. Click Start, and then click Run. Type the following command in the Open box, and then press ENTER:
    inetcpl.cpl
  3. The Internet Options dialog box appears.
  4. Click the Advanced tab.
  5. Under Reset Internet Explorer settings, click Reset. Then click Reset again.
  6. When Internet Explorer finishes resetting the settings, click Close in the Reset Internet Explorer Settings dialog box.
  7. Start Internet Explorer again

Now please test Internet Explorer and let me know how it is working now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Baidu Problem

Unread postby erik8mwr » June 23rd, 2010, 9:41 am

Still same.
erik8mwr
Regular Member
 
Posts: 22
Joined: June 12th, 2010, 4:25 am

Re: Baidu Problem

Unread postby deltalima » June 23rd, 2010, 9:45 am

Hi erik8mwr,

Still same.


Just to confirm, this is the same page that you would see if you type 192.168.1.2 into the address bar ?

Please run a new scan with HijackThis and post the log.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Baidu Problem

Unread postby erik8mwr » June 23rd, 2010, 9:53 am

Yes. That's the page. Here's the HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:53:07 PM, on 23/6/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Mozilla Firefox\FirefoxPreloader\FirefoxPreloader.exe
C:\Program Files\Window Hide Tool\Window Hide Tool.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\StarTV\LiveUpdater.exe
C:\Program Files\Thunder Network\MiniThunder\MiniThunder.exe
C:\Program Files\Common Files\Thunder Network\DS\Ver1\1.0.2.61\ThunderService.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HiJackThis\TrendMicro\HiJackThis\HiJackThis.exe

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PIPI Link Helper - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\Program Files\StarTV\core\pipi\JfCheck.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Startup: Window Hide Tool.lnk = C:\Program Files\Window Hide Tool\Window Hide Tool.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Firefox Preloader.lnk = C:\Program Files\Mozilla Firefox\FirefoxPreloader\FirefoxPreloader.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8317 bytes
erik8mwr
Regular Member
 
Posts: 22
Joined: June 12th, 2010, 4:25 am

Re: Baidu Problem

Unread postby deltalima » June 23rd, 2010, 10:12 am

Hi erik8mwr,

The HijackThis log shows the line

O2 - BHO: PIPI Link Helper - {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} - C:\Program Files\StarTV\core\pipi\JfCheck.dll

Did you remove that line using HijackThis (as per my earlier post)?

Please run Malwarebytes, update and run a quick scan and post the log in your next reply.

Also, can you tell me about MiniThunder, this looks to be some form of search tool.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 26 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware