Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

Links open in new tab and redirect to spam - virus? logs attached

This is a discussion on Links open in new tab and redirect to spam - virus? logs attached within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Hi, recently almost every link I click in Opera 10 opens in a new tab and often redirects to a


 
 
Thread Tools Search this Thread
Old 06-15-2009, 04:10 AM   #1
Registered Member
 
Join Date: Jun 2009
Posts: 2
OS: Win XP



Hi,

recently almost every link I click in Opera 10 opens in a new tab and often redirects to a spam site.

Additionally, I lost access to my work network drive at around the same time - unsure if the problem is related. I disconnected the drive but when I tried to remap it the path was not found. I have Internet access and my colleagues can connect as normal.

I ran gmer and it found MSIVXserv.sys - I googled that and used Avenger to delete is successfully. However, the problem remains.

please help!

DDS log file:


DDS (Ver_09-05-14.01) - NTFSx86
Run by [USERNAME] at 10:55:03.71 on 15/06/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1101 [GMT 1:00]

AV: avast! antivirus 4.8.1335 [VPS 090611-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
"C:\WINDOWS\system32\svchost.exe"
"C:\WINDOWS\system32\svchost.exe"
"C:\WINDOWS\system32\svchost.exe"
svchost.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\LocalCooling\localcooling.exe
C:\Program Files\Taskix\Taskix32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\CaptureWiz\Pro\CaptureWiz.exe
C:\Program Files\Opera 10 Beta\opera.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\[USERNAME].FHIOS\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = http://www.google.co.uk/ig/dell?hl=e...uk&ibd=5070607
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AhIeBho Class: {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - c:\program files\zoomtext 9.1\ahoi\ah_ie_bho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BrowserBHO Object: {f83c32a5-b10d-4604-8979-9285633d44c0} - c:\program files\tobii\tobii studio\IERec2.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LocalCooling] "c:\program files\localcooling\localcooling.exe" -s
mRun: [Taskix] c:\program files\taskix\Taskix32.exe start
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\adewit~1.fhi\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\adewit~1.fhi\startm~1\programs\startup\captur~1.lnk - c:\program files\capturewiz\pro\CaptureWiz.exe
StartupFolder: c:\docume~1\adewit~1.fhi\startm~1\programs\startup\opera.lnk - c:\program files\opera 10 beta\opera.exe
StartupFolder: c:\docume~1\adewit~1.fhi\startm~1\programs\startup\shortc~1.lnk - z:\02 Clients
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.zumyn.com/ImageUploader4.cab
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://cam1.east-ayrshire.gov.uk/activex/AMC.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: NameServer = 85.255.112.71,85.255.112.105
TCP: {83E8352B-6825-40F0-ACBC-BAF86C642339} = 85.255.112.71,85.255.112.105
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\xobni\Skype4COM.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SubSystems: Windows = basedec32

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\adewit~1.fhi\applic~1\mozilla\firefox\profiles\fi3uutjp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 Ai2sXP;Ai2sXP;c:\windows\system32\drivers\Ai2sXP.sys [2008-2-5 7296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-12 114768]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 587096]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-12 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-6-12 138680]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-4-8 45288]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-6-12 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-6-12 352920]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090611.003\naveng.sys [2009-6-12 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090611.003\navex15.sys [2009-6-12 876144]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-6-7 29744]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2009-4-12 120168]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
S4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]

=============== Created Last 30 ================

2009-06-12 16:51 389,120 a------- c:\windows\system32\CF30211.exe
2009-06-12 16:49 389,120 a------- c:\windows\system32\CF29636.exe
2009-06-12 16:00 <DIR> --d----- c:\program files\Trend Micro
2009-06-12 13:48 <DIR> --d----- c:\windows\pss
2009-06-12 09:44 <DIR> --d----- c:\documents and settings\[USERNAME].fhios\.housecall6.6
2009-06-12 09:39 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-12 09:39 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-09 15:26 52,224 a------- c:\windows\system32\MSIVXxajyydovfrnjyxjssxyemkicsvkyprsr.dll
2009-06-09 15:26 4 a------- c:\windows\system32\MSIVXcount
2009-06-08 09:08 2,524 a------- C:\autorun.PNF
2009-06-05 10:48 <DIR> --d----- c:\docume~1\adewit~1.fhi\applic~1\TeraCopy
2009-06-05 10:48 <DIR> --d----- c:\program files\TeraCopy
2009-06-04 16:51 4 a------- c:\windows\system32\gxvxccount
2009-06-04 10:03 <DIR> --d----- c:\docume~1\adewit~1.fhi\applic~1\Foxit
2009-06-04 10:03 <DIR> --d----- c:\program files\Foxit Software
2009-06-03 14:26 <DIR> --d----- c:\program files\Opera 10 Beta
2009-06-02 11:23 <DIR> --d----- c:\program files\foldit
2009-06-02 11:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\foldit
2009-06-01 14:54 438,272 a------- c:\windows\system32\SkinCrafter.dll
2009-06-01 14:54 856,064 a------- c:\windows\system32\mpgfiltr.ax
2009-06-01 14:54 421,888 a------- c:\windows\system32\RealMediaSplitter.ax
2009-06-01 14:54 81,920 a------- c:\windows\system32\viscomwave.dll
2009-06-01 14:54 208,896 a------- c:\windows\system32\VideoEdit.ocx
2009-06-01 14:54 139,264 a------- c:\windows\system32\viscomqtde.dll
2009-06-01 14:54 <DIR> --d----- c:\program files\Extra YouTube FLV Downloader + Video Converter
2009-05-29 14:10 54,156 a---h--- c:\windows\QTFont.qfn
2009-05-29 14:10 1,409 a------- c:\windows\QTFont.for
2009-05-29 09:09 <DIR> --d----- c:\program files\MSECache
2009-05-28 09:15 10 a------- c:\windows\system32\kr_done1

==================== Find3M ====================

2009-03-21 15:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2008-07-10 15:39 60,744 a------- c:\documents and settings\[USERNAME].fhios\g2mdlhlpx.exe
2007-06-25 16:50 82 a------- c:\docume~1\alluse~1\applic~1\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat

============= FINISH: 10:55:44.14 ===============
Attached Files
File Type: zip Attach.zip (5.2 KB, 9 views)

__________________
xanderd is offline  
Old 06-20-2009, 04:05 AM   #2
Security Team
Analyst
 
Blade81's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jun 2008
Location: Finland
Posts: 1,448
OS: Win7 64-bit, Win8.1 64-bit



Hi there,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

__________________

Microsoft MVP Consumer Security 2008-2014
UNITE member since 2006
Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms please create own topic instead of following instructions given to some other.
Blade81 is offline  
Old 06-21-2009, 08:54 AM   #3
Registered Member
 
Join Date: Jun 2009
Posts: 2
OS: Win XP



Hi,

the combofix tool fixed the problem :)

I also noticed that it had changed the DNS address on my local area connection TCP/IP properties which is worrying...but all sorted now.

thanks
__________________
xanderd is offline  
Old 06-21-2009, 10:13 AM   #4
Security Team
Analyst
 
Blade81's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jun 2008
Location: Finland
Posts: 1,448
OS: Win7 64-bit, Win8.1 64-bit



Glad to hear that. However, I'd like to see the requested logs to make sure all bad things got removed
__________________

Microsoft MVP Consumer Security 2008-2014
UNITE member since 2006
Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms please create own topic instead of following instructions given to some other.
Blade81 is offline  
Old 06-27-2009, 05:44 AM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,780
OS: XP Win7 Ubuntu 10.10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html

__________________

amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 06:53 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts