Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Search engine links redirect to unwanted sites

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Re: Search engine links redirect to unwanted sites

Unread postby Mo the Hawk » August 26th, 2009, 12:59 am

Sorry about that... TeaTimer managed to persist even after unchecking the appropriate checkbox within SpyBot. This should do the trick:

----------------------

ComboFix 09-08-21.02 - HP_Administrator 08/25/2009 16:44.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1485 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\drv
c:\program files\drv\drv.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-25 to 2009-08-25 )))))))))))))))))))))))))))))))
.

2009-08-23 08:17 . 2009-08-23 08:17 -------- d-----w- C:\14e452c7e955f665f1aa565f32
2009-08-23 08:17 . 2009-08-23 14:56 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-22 15:45 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-08-22 15:45 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-08-22 15:45 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-08-22 15:45 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-08-22 15:45 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-08-22 15:45 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-08-22 15:45 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-08-22 15:45 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-08-22 15:45 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-08-22 15:44 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-22 15:40 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-08-22 15:40 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-08-22 15:23 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-22 15:23 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-08-21 23:18 . 2008-12-04 13:17 627072 ----a-r- c:\windows\system32\drivers\WUSB54GCv3.sys
2009-08-21 23:18 . 2008-12-04 13:17 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2009-08-21 23:18 . 2008-12-04 13:17 15312 ----a-r- c:\windows\system32\RaCoInst.dat
2009-08-21 23:14 . 2009-08-21 23:14 -------- d-----w- c:\program files\Pure Networks
2009-08-21 23:13 . 2009-08-21 23:13 -------- d-----w- c:\program files\WebEx
2009-08-21 23:13 . 2009-04-07 20:33 23984 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-08-21 23:13 . 2009-04-07 20:33 25264 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-08-21 23:13 . 2009-08-21 23:13 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-08-21 23:12 . 2009-08-21 23:19 -------- d-----w- c:\program files\Linksys
2009-08-21 23:12 . 2009-04-29 15:16 34276400 ----a-r- c:\documents and settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe
2009-08-21 23:12 . 2009-08-21 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-08-20 22:00 . 2009-08-20 22:00 -------- d-----w- c:\program files\TweetDeck
2009-08-17 05:38 . 2009-08-17 05:38 -------- d-----w- c:\program files\Trend Micro
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-29 04:37 . 2009-07-29 04:37 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-07-29 04:37 . 2009-07-29 04:37 119808 ------w- c:\windows\system32\dllcache\t2embed.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 15:00 . 2007-10-03 02:46 -------- d-----w- c:\program files\Steam
2009-08-24 22:25 . 2008-09-25 04:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-23 14:58 . 2006-02-09 00:37 63448 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-23 14:56 . 2008-03-20 06:18 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-23 08:09 . 2008-02-27 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-22 19:52 . 2009-02-05 23:28 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-21 23:13 . 2009-08-21 23:13 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2009-08-19 00:02 . 2008-08-17 21:08 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3
2009-08-05 09:01 . 2004-08-09 21:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2004-08-09 21:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2004-08-09 21:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-23 00:27 . 2009-07-23 00:26 -------- d-----w- c:\program files\iTunes
2009-07-23 00:26 . 2006-05-20 23:13 -------- d-----w- c:\program files\iPod
2009-07-23 00:26 . 2007-07-02 03:55 -------- d-----w- c:\program files\Common Files\Apple
2009-07-23 00:15 . 2009-07-23 00:15 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-17 19:01 . 2004-08-09 21:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 23:28 . 2009-07-16 23:28 34226736 ----a-w- c:\documents and settings\All Users\Application Data\Pure Networks\Platform\1033\Update\nm\nmsetup.exe
2009-07-14 04:43 . 2004-08-09 21:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-05 19:04 . 2009-07-05 19:04 0 ----a-w- c:\documents and settings\HP_Administrator\ntuser.tmp
2009-07-05 16:11 . 2008-09-25 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-02 06:57 . 2006-05-27 22:15 -------- d-----w- c:\program files\DivX
2009-07-02 06:57 . 2009-05-21 20:58 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-29 16:12 . 2004-08-09 21:00 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-09 21:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-09 21:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-17 05:36 . 2009-06-17 05:38 38208 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-12 12:31 . 2004-08-09 21:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-10 04:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2004-08-09 21:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-08-09 21:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-09 21:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-09 21:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2004-08-09 21:00 . 2006-05-20 14:47 28672 ----a-w- c:\program files\mozilla firefox\plugins\custsat.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2006-05-06 16:42 . 2006-08-10 20:13 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2006-05-10 03:26 . 2006-05-20 14:47 345088 ----a-w- c:\program files\mozilla firefox\plugins\mpvis.dll
2005-08-04 02:29 . 2006-05-20 14:47 47616 ----a-w- c:\program files\mozilla firefox\plugins\msoobci.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-10 02:02 . 2006-05-20 14:47 146432 ----a-w- c:\program files\mozilla firefox\plugins\wmpnssci.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-08-24_22.43.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-25 14:58 . 2009-08-25 14:58 16384 c:\windows\Temp\Perflib_Perfdata_694.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-06-10 1217784]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-04-05 344064]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-04-07 642856]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-8 27136]

c:\documents and settings\MCX1.AJ\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-8 27136]

c:\documents and settings\MCX2\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-8 27136]

c:\documents and settings\MCX3\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-8 27136]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Shortcut to iTunes.lnk - c:\program files\iTunes\iTunes.exe [2009-7-13 14074656]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJBQHaw]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"MDM"=2 (0x2)
"McTskshd.exe"=2 (0x2)
"McShield"=2 (0x2)
"LightScribeService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AresChatServer"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"mcupdmgr.exe"=3 (0x3)
"ppped"=2 (0x2)
"PnkBstrA"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"McDetect.exe"=2 (0x2)
"LiveUpdate"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"avg8wd"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2 Demo\\BF2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war ii - spd\\DOW2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [8/21/2009 6:18 PM 627072]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
drv REG_MULTI_SZ drv
.
Contents of the 'Scheduled Tasks' folder

2009-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{16F689D9-3CEB-478B-8E20-E39F50FF3173} - (no file)
BHO-{1963CD8E-E1C3-49D0-96AB-2912F4A1D53B} - (no file)
BHO-{29AB3C6A-81EE-4FCB-BF9C-C6C4814401C2} - (no file)
BHO-{7A0BB50B-0FC5-43CC-9876-21035D96CB6D} - (no file)
BHO-{8B2DD00E-A897-4569-BE3C-87A3B1FF2255} - (no file)
BHO-{905BAF2D-86B8-426D-B46D-536226F9C12C} - (no file)
BHO-{9F0DBE64-006F-48E3-90E2-1A1A6278C7C1} - (no file)
BHO-{A58E436F-CC58-469C-8798-66CEEED082B9} - (no file)
BHO-{A8CA3B1A-5478-4DA3-8ACA-71942A25AD65} - (no file)
BHO-{ADABB0C3-881F-4FA2-8EAC-802959513BE2} - (no file)
BHO-{CA310FBB-02AB-4DC8-AC71-DAA939550E29} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.neogaf.com/forum/
DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - hxxps://webapps.saionline.com/AccountMa ... /setup.exe
DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} - hxxp://drm1.reelsurvey.com/ePlayer/V3_2 ... Player.cab
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f2wjt8d4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.neogaf.com/forum/
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\f2wjt8d4.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-25 16:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\HP_ADM~1\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-08-25 16:57
ComboFix-quarantined-files.txt 2009-08-25 21:56
ComboFix2.txt 2009-08-24 22:46
ComboFix3.txt 2009-08-22 20:22
ComboFix4.txt 2009-08-22 15:42

Pre-Run: 104,267,210,752 bytes free
Post-Run: 104,220,749,824 bytes free

258 --- E O F --- 2009-08-24 06:52

--------------------------------
Mo the Hawk
Active Member
 
Posts: 13
Joined: August 17th, 2009, 5:49 pm
Top
Advertisement
Register to Remove

Re: Search engine links redirect to unwanted sites

Unread postby Shaba » August 26th, 2009, 3:05 am

Please post also a fresh HijackThis log :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Search engine links redirect to unwanted sites

Unread postby Mo the Hawk » August 26th, 2009, 6:47 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:10 PM, on 8/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neogaf.com/forum/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16F689D9-3CEB-478B-8E20-E39F50FF3173} - (no file)
O2 - BHO: (no name) - {1963CD8E-E1C3-49D0-96AB-2912F4A1D53B} - (no file)
O2 - BHO: (no name) - {29AB3C6A-81EE-4FCB-BF9C-C6C4814401C2} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - (no file)
O2 - BHO: (no name) - {7A0BB50B-0FC5-43CC-9876-21035D96CB6D} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {8B2DD00E-A897-4569-BE3C-87A3B1FF2255} - (no file)
O2 - BHO: (no name) - {905BAF2D-86B8-426D-B46D-536226F9C12C} - (no file)
O2 - BHO: (no name) - {9F0DBE64-006F-48E3-90E2-1A1A6278C7C1} - (no file)
O2 - BHO: (no name) - {A58E436F-CC58-469C-8798-66CEEED082B9} - (no file)
O2 - BHO: (no name) - {A8CA3B1A-5478-4DA3-8ACA-71942A25AD65} - (no file)
O2 - BHO: (no name) - {ADABB0C3-881F-4FA2-8EAC-802959513BE2} - (no file)
O2 - BHO: (no name) - {CA310FBB-02AB-4DC8-AC71-DAA939550E29} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F54AF7DE-6038-4026-8433-CC30E3F17212} - (no file)
O3 - Toolbar: Ad Guard - {CE0A34D3-C30F-4F3D-B0D3-9B936EDFBD91} - C:\Program Files\\AdGuard\AdGuard.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Shortcut to iTunes.lnk = C:\Program Files\iTunes\iTunes.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedow ... n11USA.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - https://webapps.saionline.com/AccountMa ... /setup.exe
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V3_2 ... Player.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedow ... in9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\
O20 - Winlogon Notify: mlJBQHaw - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O24 - Desktop Component 1: (no name) - http://card.mygamercard.net/Mo+the+Hawk.html

--
End of file - 9756 bytes
Mo the Hawk
Active Member
 
Posts: 13
Joined: August 17th, 2009, 5:49 pm
Top

Re: Search engine links redirect to unwanted sites

Unread postby Shaba » August 27th, 2009, 12:03 am

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {16F689D9-3CEB-478B-8E20-E39F50FF3173} - (no file)
O2 - BHO: (no name) - {1963CD8E-E1C3-49D0-96AB-2912F4A1D53B} - (no file)
O2 - BHO: (no name) - {29AB3C6A-81EE-4FCB-BF9C-C6C4814401C2} - (no file)
O2 - BHO: (no name) - {76DC0B63-1533-4ba9-8BE8-D59EB676FA02} - (no file)
O2 - BHO: (no name) - {7A0BB50B-0FC5-43CC-9876-21035D96CB6D} - (no file)
O2 - BHO: (no name) - {8B2DD00E-A897-4569-BE3C-87A3B1FF2255} - (no file)
O2 - BHO: (no name) - {905BAF2D-86B8-426D-B46D-536226F9C12C} - (no file)
O2 - BHO: (no name) - {9F0DBE64-006F-48E3-90E2-1A1A6278C7C1} - (no file)
O2 - BHO: (no name) - {A58E436F-CC58-469C-8798-66CEEED082B9} - (no file)
O2 - BHO: (no name) - {A8CA3B1A-5478-4DA3-8ACA-71942A25AD65} - (no file)
O2 - BHO: (no name) - {ADABB0C3-881F-4FA2-8EAC-802959513BE2} - (no file)
O2 - BHO: (no name) - {CA310FBB-02AB-4DC8-AC71-DAA939550E29} - (no file)
O2 - BHO: (no name) - {F54AF7DE-6038-4026-8433-CC30E3F17212} - (no file)
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - Winlogon Notify: mlJBQHaw - C:\WINDOWS\

Close all windows including browser and press fix checked.

Reboot.

Reinstall AVG.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Search engine links redirect to unwanted sites

Unread postby Mo the Hawk » August 27th, 2009, 8:52 pm

AVG Free 8.5 re-installed. Here you go:

------------------
Kaspersky log
------------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, August 27, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, August 27, 2009 19:53:13
Records in database: 2692567
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: no

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Objects scanned: 216301
Threats found: 10
Infected objects found: 13
Suspicious objects found: 0
Scan duration: 05:04:01


File name / Threat / Threats count
C:\Program Files\mIRC\backups\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.62 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1
C:\Qoobox\Quarantine\C\Program Files\drv\drv.dll.vir Infected: Trojan-Downloader.Win32.Agent.chpc 1
C:\Qoobox\Quarantine\C\WINDOWS\freddy49.exe.vir Infected: Net-Worm.Win32.Koobface.asb 1
C:\Qoobox\Quarantine\C\WINDOWS\pp10.exe.vir Infected: Trojan-Downloader.Win32.Agent.chps 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\dddesot.dll.vir Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.jf 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\desot.exe.vir Infected: not-a-virus:FraudTool.Win32.Antivirus2008pro.bq 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETlqxwygcw.dll.vir Infected: Trojan.Win32.Small.bzt 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETtueufvmh.dll.vir Infected: Trojan.Win32.Small.bzc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir Infected: Trojan.Win32.Inject.agaf 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP905\A0144420.dll Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.jf 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP905\A0144421.exe Infected: not-a-virus:FraudTool.Win32.Antivirus2008pro.bq 1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP905\A0144427.exe Infected: Trojan.Win32.Inject.agaf 1

Selected area has been scanned.

--------------------------------


---------------------
HijackThis log
---------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:05 PM, on 8/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neogaf.com/forum/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ad Guard - {CE0A34D3-C30F-4F3D-B0D3-9B936EDFBD91} - C:\Program Files\\AdGuard\AdGuard.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Shortcut to iTunes.lnk = C:\Program Files\iTunes\iTunes.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedow ... n11USA.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} (InstallShield Setup Player 2K2) - https://webapps.saionline.com/AccountMa ... /setup.exe
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V3_2 ... Player.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedow ... in9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O24 - Desktop Component 1: (no name) - http://card.mygamercard.net/Mo+the+Hawk.html

--
End of file - 9140 bytes

-----------------------
Mo the Hawk
Active Member
 
Posts: 13
Joined: August 17th, 2009, 5:49 pm
Top

Re: Search engine links redirect to unwanted sites

Unread postby Shaba » August 27th, 2009, 11:51 pm

Empty this folder:

C:\Qoobox\Quarantine

Empty Recycle Bin.

Still problems?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Search engine links redirect to unwanted sites

Unread postby Mo the Hawk » August 28th, 2009, 1:44 am

As far as I could tell, all of my problems disappeared about 10 posts ago. :P But I won't make you bore me with the details of what exactly I was doing after that point. Once again, you have my thanks!
Mo the Hawk
Active Member
 
Posts: 13
Joined: August 17th, 2009, 5:49 pm
Top

Re: Search engine links redirect to unwanted sites

Unread postby Shaba » August 28th, 2009, 2:02 am

Good :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor
3) PC Tools
4) Sunbelt/Kerio
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Now lets uninstall ComboFix:

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software and keep your other programs up-to-date
    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
    You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

    Malwarebytes' Anti-Malware Setup Guide

    Malwarebytes' Anti-Malware Scanning Guide

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Re: Search engine links redirect to unwanted sites

Unread postby Shaba » August 30th, 2009, 5:38 am

Mo the Hawk this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top
Advertisement
Register to Remove
Previous
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 440 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index