|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
12-28-2008, 02:01 PM
|
#1 (permalink) |
|
Registered User
Join Date: Nov 2005
Posts: 11
OS: XP SP3
|
Google search hijacked
Hi All
I'm having a problem with google searches and believe that I have picked up some kind of unwanted attention. Basically I'm getting redirected from search results to unwanted search engines/porn sites etc. Here's my DDS log... DDS (Version 1.1.0) - NTFSx86 Run by Henry at 20:45:59.67 on 28/12/2008 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.459 [GMT 0:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) FW: Sygate Personal Firewall *enabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Sygate\SPF\smc.exe svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Conexant\AccessRunner ADSL\CnxDslTb.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Eraser\Eraser.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\Downloads\Hijack This\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ uInternet Connection Wizard,ShellNext = iexplore BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL uRun: [Sonic RecordNow!] uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Eraser] c:\program files\eraser\Eraser.exe -hide uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [Logitech Utility] Logi_MwX.Exe mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [CnxDslTaskBar] c:\program files\conexant\accessrunner adsl\CnxDslTb.exe mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE uPolicies-explorer: NoThemesTab = 0 (0x0) uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) uPolicies-system: NoDispAppearancePage = 0 (0x0) uPolicies-system: NoColorChoice = 0 (0x0) uPolicies-system: NoSizeChoice = 0 (0x0) uPolicies-system: NoVisualStyleChoice = 0 (0x0) uPolicies-system: NoDispSettingsPage = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll TCP: {3EDABF68-8F7F-4CCD-9EC9-2E6826CBE87C} = 212.159.6.10 212.159.6.9 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll AppInit_DLLs: avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-28 97928] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-28 26824] R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-5-12 611664] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-28 231704] R3 CnxTgN;Conexant AccessRunner PCI ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [2006-10-29 111649] R3 CnxTgP;Conexant AccessRunner PCI ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxTgP.sys [2006-10-29 427583] R3 CnxTgR;Conexant AccessRunner PCI ADSL Interface Device Driver;c:\windows\system32\drivers\CnxTgR.sys [2006-10-29 107360] R3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCcFltr.Sys [2006-1-17 14171] S1 ShldDrv;Panda File Shield Driver; [] S2 PavProc;Panda Process Protection Driver; [] S2 PavPrSrv;Panda Process Protection Service; [] S3 PavSRK.sys;PavSRK.sys; [] S3 PavTPK.sys;PavTPK.sys; [] S4 vsdatant;vsdatant; [] =============== Created Last 30 ================ 2008-12-28 20:34 250 a------- c:\windows\gmer.ini 2008-12-28 18:58 <DIR> --d----- C:\VundoFix Backups 2008-12-28 18:17 10,520 a------- c:\windows\system32\avgrsstx.dll 2008-12-28 18:17 97,928 a------- c:\windows\system32\drivers\avgldx86.sys 2008-12-28 18:17 <DIR> --d----- c:\windows\system32\drivers\Avg 2008-12-28 18:17 <DIR> --d----- c:\docume~1\henry\applic~1\AVGTOOLBAR 2008-12-28 18:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8 ==================== Find3M ==================== 2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll 2008-10-16 20:38 826,368 a------- c:\windows\system32\wininet.dll 2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll 2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll 2008-10-03 10:02 247,326 a------- c:\windows\system32\strmdll.dll 2008-08-22 21:56 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082220080823\index.dat ============= FINISH: 20:46:16.82 =============== And I attach the other logs in the zip file. Any help would be greatly appreciated. Many thanks Henners |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
12-30-2008, 07:47 PM
|
#2 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,594
OS: 2000 Pro; XP Pro; XP Home
|
Re: Google search hijacked
Hello. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- One or more of the identified infections is a backdoor trojan. This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. You can read this: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? Please visit this webpage for download links, and instructions for running combofix: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Microsoft MVP - Consumer Security 2009
|
|
|
|
|
01-05-2009, 08:27 PM
|
#3 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,594
OS: 2000 Pro; XP Pro; XP Home
|
Re: Google search hijacked
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
| Thread Tools | |
|
|
