When doing a Google Search...I get redirected to Ad sites...Needs Help!

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

When doing a Google Search...I get redirected to Ad sites...Needs Help!

Post by vangk15 on Mon 16 Nov 2009, 6:49 am

For the past week, I have been dealing with an issue where when I do a google search, I get a list of results but when I click on a result I get redirected to another website. On occasion, my Spy Sweeper will deny access to the redirection stating that it has blocked the website with an ip address of 64.11.196.117 and typically the websites begin with r3953724.cn/__________. I have tried Malware by Anti-malware, SDfix, SuperAntiware, Spy Sweeper, and Spybot to try to get rid of this issue but have had no luck. Please help!

This is the log that I got after running HijackThis!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:52 PM, on 11/15/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\system32\schtasks.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] "RtHDVCpl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RegClean] "C:\Program Files\RegClean\RegClean.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Linksys Wireless Manager] "C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [HPADVISOR] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autorun=AUTORUN
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor.lnk = ?
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O13 - Gopher Prefix:
O16 - DPF: ActiveGS.cab - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - [You must be registered and logged in to see this link.]
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [You must be registered and logged in to see this link.]
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O16 - DPF: {E9B80D94-D8BC-43DE-9138-75605A8D9666} (CPlayFirstWeddingDasControl Object) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: c:\programdata\kisiviya\kisiviya.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sentinel LM - SafeNet, Inc. - C:\Program Files\SURFWARE\Network Server8\Server\WinNT\lservnt.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. ([You must be registered and logged in to see this link.] - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12936 bytes

vangk15

Newbie Surfer
Newbie Surfer

Posts: 11
Joined: 2009-11-16
Operating System: Vista

View user profile

Back to top Go down

Re: When doing a Google Search...I get redirected to Ad sites...Needs Help!

Post by DragonMaster Jay on Mon 16 Nov 2009, 6:56 am

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts: 13452
Joined: 2009-09-07
Operating System: Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: When doing a Google Search...I get redirected to Ad sites...Needs Help!

Post by vangk15 on Mon 16 Nov 2009, 7:17 am

Malwarebytes' Anti-Malware 1.41
Database version: 3159
Windows 6.0.6000

11/13/2009 12:31:59 AM
mbam-log-2009-11-13 (00-31-59).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 287830
Time elapsed: 1 hour(s), 26 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servises (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Windows\System32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
C:\ProgramData\bobebeji\bobebeji.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\dozilibe\dozilibe.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\ProgramData\jiruludi\jiruludi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\jitoyeyu\jitoyeyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\nekewupo\nekewupo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\noyajego\noyajego.exe (Rogue.AntivirusPlus) -> Quarantined and deleted successfully.
C:\ProgramData\vedihome\vedihome.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\Ka\AppData\Local\sgkfuh\nefesysguard.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Ka\AppData\Local\Temp\vsfrtfcc7.tmp (Malware.Packer) -> Quarantined and deleted successfully.
C:\Users\Ka\AppData\Local\Temp\0.4845888339014577.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Users\Ka\AppData\Local\Temp\b026473e.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Ka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\799a240d-7fefa726 (Malware.Packer) -> Quarantined and deleted successfully.
C:\Windows\System32\yukikono.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\zeladugu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\RegClean Scheduled Scan.job (Rogue.RegClean) -> Quarantined and deleted successfully.

vangk15

Newbie Surfer
Newbie Surfer

Posts: 11
Joined: 2009-11-16
Operating System: Vista

View user profile

Back to top Go down

Re: When doing a Google Search...I get redirected to Ad sites...Needs Help!

Post by DragonMaster Jay on Mon 16 Nov 2009, 7:21 am

Please download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts: 13452
Joined: 2009-09-07
Operating System: Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: When doing a Google Search...I get redirected to Ad sites...Needs Help!

Post by vangk15 on Mon 16 Nov 2009, 8:06 am

Dragon Master Jay....I did everything as you asked with SDfix and was fine with it up until running my pc in safe mode. When I tried to open the RunThis.bat file, I would get another blue window pop open but then it would immediately close itself. I thought it may be due to it not recognizing that I have administrative privleges (which I do) since I've had problems with running programs due to this before but when I right clicked to choose "Run as Administrator" the same thing happens again. What do you suggest I do?

vangk15

Newbie Surfer
Newbie Surfer

Posts: 11
Joined: 2009-11-16
Operating System: Vista

View user profile

Back to top Go down

Re: When doing a Google Search...I get redirected to Ad sites...Needs Help!

Post by DragonMaster Jay on Mon 16 Nov 2009, 8:50 am

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts: 13452
Joined: 2009-09-07
Operating System: Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: When doing a Google Search...I get redirected to Ad sites...Needs Help!

Post by vangk15 on Mon 16 Nov 2009, 10:55 am

Here is my ComboFix log for you as requested:

ComboFix 09-11-16.03 - Ka 11/15/2009 18:34..2 - FAT32x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2942.1752 [GMT -6:00]
Running from: c:\users\Ka\Desktop\commy.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Microsoft Security Essentials *disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDE}
SP: Norton Internet Security *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Webroot Spy Sweeper *disabled* (Updated) {13B21AD6-3C95-4498-81A6-C5A79EF30475}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-294473244-1242961503-3298849250-500
c:\$recycle.bin\S-1-5-21-3704042418-4224051671-3462806213-500
c:\progra~1\Webroot\WEBROO~1\Backup\ntSVc.ocx
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\lsprst7.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\tmpPrst.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))))))
.

2009-11-16 00:46 . 2009-11-16 00:47 -------- d-----w- c:\users\Ka\AppData\Local\temp
2009-11-16 00:46 . 2009-11-16 00:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-16 00:46 . 2009-11-16 00:46 -------- d-----w- c:\users\bee_112\AppData\Local\temp
2009-11-16 00:18 . 2009-11-16 00:18 1025 ----a-w- c:\windows\system32\serauth2.dll
2009-11-16 00:18 . 2009-11-16 00:18 1025 ----a-w- c:\windows\system32\serauth1.dll
2009-11-15 22:51 . 2009-11-15 22:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-13 08:17 . 2009-11-13 08:17 -------- d-----w- c:\program files\Trend Micro
2009-11-13 07:45 . 2009-11-13 07:45 117760 ----a-w- c:\users\Ka\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-13 07:44 . 2009-11-13 07:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-11-13 07:43 . 2009-11-13 07:43 4096 d-----w- c:\program files\SUPERAntiSpyware
2009-11-13 07:43 . 2009-11-13 07:43 -------- d-----w- c:\users\Ka\AppData\Roaming\SUPERAntiSpyware.com
2009-11-13 06:59 . 2009-11-15 22:33 4096 d-----w- C:\SDFix
2009-11-13 05:02 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-13 05:02 . 2009-11-13 06:31 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-13 05:02 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-13 04:37 . 2009-11-13 04:37 4096 d-----w- c:\users\Ka\AppData\Roaming\muvee Technologies
2009-11-11 18:02 . 2009-08-15 21:08 2032128 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 17:59 . 2009-08-10 13:08 321536 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-11 07:27 . 2009-11-11 07:27 -------- d-----w- c:\program files\Playrix Entertainment
2009-11-10 00:54 . 2009-11-10 00:54 -------- d-----w- c:\program files\MSSOAP
2009-11-10 00:54 . 2009-10-22 15:50 1563008 ----a-w- c:\windows\WRSetup.dll
2009-11-10 00:54 . 2009-11-10 00:59 -------- d-----w- c:\programdata\Webroot
2009-11-10 00:54 . 2009-11-10 00:54 -------- d-----w- c:\users\Ka\AppData\Roaming\Webroot
2009-11-10 00:54 . 2009-11-10 00:54 -------- d-----w- c:\program files\Webroot
2009-11-10 00:49 . 2009-11-10 00:54 164 ----a-w- c:\windows\install.dat
2009-11-09 23:22 . 2009-11-09 23:22 4096 d-----w- c:\program files\setup
2009-11-09 22:37 . 2009-11-13 06:31 -------- d-----w- c:\programdata\dozilibe
2009-11-09 22:37 . 2009-11-13 05:56 -------- d-----w- c:\programdata\bobebeji
2009-11-09 22:33 . 2009-11-09 22:33 162304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{68E8C4DB-EC4A-96FF-1532-2B7B1B96E9F9}-msa.exe
2009-11-09 21:49 . 2009-11-09 21:49 -------- d-----w- c:\users\Ka\AppData\Roaming\Malwarebytes
2009-11-09 21:49 . 2009-11-09 21:49 -------- d-----w- c:\programdata\Malwarebytes
2009-11-09 18:59 . 2009-11-09 18:59 8704 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{036D435A-0EB8-5F8F-398C-9270EA5BD513}-isllv.exe
2009-11-09 18:59 . 2009-11-09 18:59 233216 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{5D508FC7-0527-15B8-3BE7-3BAF151232A3}-nefesysguard.exe
2009-11-09 18:59 . 2009-11-09 18:59 22016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{E2913423-6A3E-E608-7BF4-5360228F8614}-gsho.exe
2009-11-09 18:59 . 2009-11-09 18:59 110592 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{CBB5A34C-2994-043A-A575-313304E735DF}-sique.exe
2009-11-09 18:52 . 2009-11-13 06:31 -------- d-----w- c:\programdata\jitoyeyu
2009-11-09 18:52 . 2009-11-13 06:31 -------- d-----w- c:\programdata\vedihome
2009-11-09 18:52 . 2009-11-13 06:31 -------- d-----w- c:\programdata\noyajego
2009-11-09 18:52 . 2009-11-13 05:56 -------- d-----w- c:\programdata\jiruludi
2009-11-09 18:48 . 2009-11-13 05:55 -------- d-----w- c:\users\Ka\AppData\Local\sgkfuh
2009-11-09 18:47 . 2009-11-09 22:58 -------- d-----w- c:\programdata\kisiviya
2009-11-09 18:47 . 2009-11-13 05:41 -------- d-----w- c:\programdata\nekewupo
2009-11-09 18:47 . 2009-11-10 00:56 -------- d-----w- c:\programdata\guhobeso
2009-11-09 16:26 . 2009-11-09 16:26 162304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{DBA3821E-327D-3047-0EA0-538AA4E37885}-msa.exe
2009-11-09 05:30 . 2009-11-09 05:30 162304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{2A9DED24-11C1-96AB-0C53-9D4B6041E159}-msa.exe
2009-11-09 04:30 . 2009-11-09 04:30 162304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{0A7AE3C2-C1B0-16F1-E7CF-8213DFB73D5B}-msa.exe
2009-11-09 03:54 . 2009-11-09 03:54 162304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{6AF631A8-F327-F090-E2CB-EFF67FA4E24D}-msa.exe
2009-11-09 03:18 . 2009-11-09 03:18 162304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{F141CCBC-1792-424C-88FC-8CD864ACBC48}-msa.exe
2009-11-09 03:11 . 2009-11-09 03:11 -------- d-----w- c:\windows\Sun
2009-11-09 02:41 . 2009-11-09 02:41 162304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{1A356351-8251-595E-10B2-2B2F2D922EDB}-msa.exe
2009-11-09 01:51 . 2009-11-09 01:51 162304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{0A298331-4F50-D71A-1C7E-B82B9F40F8B6}-msa.exe
2009-11-09 01:31 . 2009-11-09 01:31 162304 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{64F6D0EB-E16A-F141-F440-9ADE4137F26E}-msa.exe
2009-11-04 16:08 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-11-04 16:08 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-11-04 16:08 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-11-04 16:08 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-11-04 16:08 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-11-04 16:08 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-11-04 16:08 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-11-04 16:08 . 2009-08-07 01:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-11-04 16:08 . 2009-08-07 00:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-28 16:02 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 16:02 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-28 16:02 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-28 16:02 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 05:12 . 2009-10-27 05:12 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-27 05:07 . 2008-06-12 10:09 33088 ----a-w- c:\users\Ka\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-10-27 05:07 . 2009-10-27 05:07 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-10-27 05:06 . 2009-10-27 16:18 4096 d-----w- c:\programdata\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-15 22:50 . 2007-08-05 05:00 55072 ----a-w- c:\windows\system32\jureg.exe
2009-11-15 22:50 . 2007-08-05 05:00 386872 ----a-w- c:\windows\system32\jucheck.exe
2009-11-15 22:50 . 2007-08-05 05:00 149280 ----a-w- c:\windows\system32\jusched.exe
2009-11-15 22:50 . 2007-08-05 05:00 4096 d-----w- c:\program files\Java
2009-11-15 22:43 . 2009-08-28 01:55 -------- d-----w- c:\program files\MSN Games
2009-11-13 07:43 . 2008-04-02 22:27 4096 d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-13 06:34 . 2009-10-05 16:22 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-13 06:02 . 2009-10-05 16:22 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-13 05:56 . 2009-08-27 17:59 -------- d-----w- c:\users\Ka\AppData\Roaming\RegClean
2009-11-12 22:48 . 2008-07-08 18:11 1892489 ----a-w- c:\programdata\NeoEdge Networks\MostFun_AtlantisQuest\IAF.dll
2009-11-12 22:48 . 2009-08-28 02:01 4096 d-----w- c:\programdata\NeoEdge Networks
2009-11-11 19:57 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-11 18:32 . 2009-08-17 18:15 8192 d-----w- c:\programdata\Microsoft Help
2009-11-03 02:42 . 2009-10-02 15:52 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-19 15:46 . 2009-08-01 15:49 92016 ----a-w- c:\users\Ka\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-18 08:03 . 2007-08-05 05:01 24576 d-----w- c:\program files\Microsoft Works
2009-10-12 19:47 . 2007-08-05 04:33 4096 d-----w- c:\program files\Hewlett-Packard
2009-10-12 19:43 . 2009-10-12 19:43 -------- d-----w- c:\users\Ka\AppData\Roaming\WinBatch
2009-10-05 15:46 . 2009-10-05 15:45 4096 d-----w- c:\program files\Microsoft Security Essentials
2009-10-05 07:01 . 2009-10-05 07:01 -------- d-----w- c:\programdata\FreshGames
2009-10-01 14:41 . 2009-10-01 14:41 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-10-01 05:15 . 2009-10-01 05:15 -------- d-----w- c:\programdata\Oberon Media
2009-10-01 05:14 . 2009-10-01 05:14 -------- d-----w- c:\program files\Oberon Media
2009-09-22 16:29 . 2009-09-22 16:29 4096 d-----w- c:\program files\InterActual
2009-09-21 05:39 . 2009-08-02 05:48 -------- d-----w- c:\programdata\Sandlot Games
2009-09-21 05:37 . 2009-08-28 02:01 4096 d-----w- c:\program files\MostFun
2009-09-20 21:45 . 2009-09-20 21:45 4096 ----a-w- c:\windows\d3dx.dat
2009-09-20 08:01 . 2009-09-20 08:01 -------- d-----w- c:\users\Ka\AppData\Roaming\Friday's games
2009-09-19 00:48 . 2009-08-19 05:57 -------- d-----w- c:\users\Ka\AppData\Roaming\Roxio
2009-09-18 19:42 . 2009-09-18 19:42 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-09-18 19:42 . 2009-09-18 19:42 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-09-18 19:42 . 2009-09-18 19:42 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-09-14 09:50 . 2009-10-15 17:40 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-10 17:38 . 2009-10-15 17:42 216576 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 06:51 . 2009-09-04 22:42 34216128 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\Installers\crystalix-setup.exe
2009-09-04 22:42 . 2009-09-04 22:38 35559856 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\Installers\pantheon-setup.exe
2009-09-04 22:38 . 2009-09-04 22:34 32333632 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\Installers\memoryloops-setup.exe
2009-09-04 22:34 . 2009-09-04 22:32 23108120 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\Installers\{ABFC4D3B-308C-4617-ADF8-D1999A58A96F}.exe
2009-09-04 22:32 . 2009-09-01 07:58 40687000 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\Installers\dreamchronicles-setup.exe
2009-09-04 12:38 . 2009-10-15 17:40 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-09-01 07:58 . 2009-09-01 07:49 29319160 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\Installers\bigkahunareef-setup.exe
2009-09-01 07:49 . 2009-08-29 07:46 143278200 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\Installers\lumines-setup.exe
2009-08-31 15:21 . 2009-10-15 17:41 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-08-31 15:17 . 2009-10-15 17:41 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-08-31 15:16 . 2009-10-15 17:41 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-08-29 07:46 . 2009-08-29 07:42 38891000 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\Installers\pokersuperstars3-setup.exe
2009-08-29 07:42 . 2009-08-29 07:37 42764312 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\Installers\jewelcraft-setup.exe
2009-08-29 07:37 . 2009-08-29 07:29 54281112 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\Installers\jojosfashionshow-setup.exe
2009-08-29 07:29 . 2009-08-29 07:24 34961808 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\Installers\deepbluesea-setup.exe
2009-08-29 07:24 . 2009-08-29 07:20 30743096 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\Installers\fairlyoddroachrampage-setup.exe
2009-08-29 07:20 . 2008-03-09 03:18 39975768 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\Installers\farmfrenzy-setup.exe
2009-08-29 07:17 . 2007-12-19 05:24 15386664 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\Installers\SetupGamesClient.exe
2009-08-29 03:41 . 2009-09-04 04:18 1686528 ----a-w- c:\windows\system32\gameux.dll
2009-08-29 03:40 . 2009-09-04 04:18 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 23:31 . 2009-09-04 04:18 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 14:02 . 2009-10-15 17:42 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:57 . 2009-10-15 17:41 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 13:57 . 2009-10-15 17:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 13:56 . 2009-10-15 17:41 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-27 11:24 . 2009-10-15 17:41 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-27 09:51 . 2009-10-15 17:41 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2008-01-29 23:29 . 2008-01-29 23:29 22 --sha-w- c:\windows\SMINST\HPCD.sys
2007-08-05 05:16 . 2007-08-05 05:11 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1232896]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2005-09-03 94208]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-11 2001648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-08-05 1006264]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-07 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-07 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-07 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-15 1358384]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-10-22 6515784]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]

c:\users\Ka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-8-19 229376]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageMixer 3 SE Camera Monitor.lnk - c:\program files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe [2009-8-19 253952]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-6-13 2498560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"hpsysdrv"=c:\hp\support\hpsysdrv.exe
"KBD"=c:\hp\KBD\KbdStub.EXE
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [9/18/2009 1:42 PM 29808]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20080215.002\IDSvix86.sys [2/15/2008 4:44 PM 261680]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [4/23/2007 9:50 AM 25896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 10:44 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 10:44 AM 74480]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [10/5/2009 10:22 AM 1153368]
R2 Sentinel LM;Sentinel LM;c:\program files\SURFWARE\Network Server8\Server\WinNT\lservnt.exe [2/11/2008 10:53 PM 811008]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [11/9/2009 6:55 PM 1201640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/15/2008 4:46 PM 109616]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [6/18/2009 5:48 PM 42480]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\System32\drivers\wg111v3.sys [8/10/2009 8:40 PM 289280]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 10:44 AM 7408]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [10/3/2008 1:14 PM 37936]
S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [5/7/2009 7:01 PM 655872]
S3 WUSB54GSCv2.NTx86;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\System32\drivers\WUSB54GSCV2_X86.sys [8/10/2009 5:53 PM 238072]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-11-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-08 14:59]

2009-11-10 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - bee_112.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 02:09]

2009-11-16 c:\windows\Tasks\User_Feed_Synchronization-{637F0A34-2B57-4584-94E9-00E0362AEA76}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]

2009-11-10 c:\windows\Tasks\wrSpySweeper_L179F7D151F40440AA5A74CC6CDAECF94.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-11-10 15:50]

2009-11-10 c:\windows\Tasks\wrSpySweeper_L179F7D151F40440AA5A74CC6CDAECF94.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-11-10 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: ActiveGS.cab - [You must be registered and logged in to see this link.]
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - [You must be registered and logged in to see this link.]
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-11-15 18:46
Windows 6.0.6000 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...


c:\users\Ka\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hȋdden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x852F150C]<<
kernel: MBR read successfully
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-15 18:50
ComboFix-quarantined-files.txt 2009-11-16 00:50

Pre-Run: 346,033,344,512 bytes free
Post-Run: 346,665,021,440 bytes free

- - End Of File - - 4722EF69E6F8289F6ADBD6962B80A8F8

vangk15

Newbie Surfer
Newbie Surfer

Posts: 11
Joined: 2009-11-16
Operating System: Vista

View user profile

Back to top Go down

Re: When doing a Google Search...I get redirected to Ad sites...Needs Help!

Post by DragonMaster Jay on Mon 16 Nov 2009, 10:59 am

Please run Trend Micro Housecall online scan.

  • Click Scan now.
  • Read and put a Check next to Yes I accept the terms of use.
  • Click the Launching HouseCall>> button.
  • If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  • You may receive a Security Warning about the TrendMicro Java applet, click YES.
  • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  • Please be patient while it installs, updates, and scans your system.
  • Once the scan is complete, it will take you to the summary page.
  • Under Cleanup options, choose clean all detected infections automatically.
  • Click the Clean now>> button.
  • If anything was found you may be prompted to run the scan again, you can just close the browser window.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts: 13452
Joined: 2009-09-07
Operating System: Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: When doing a Google Search...I get redirected to Ad sites...Needs Help!

Post by vangk15 on Mon 16 Nov 2009, 4:12 pm

I tried running Trend Micro Housecall 4x and whenever it pasts the 50% mark it stops working. Do you have an alternative for me? Thanks!

vangk15

Newbie Surfer
Newbie Surfer

Posts: 11
Joined: 2009-11-16
Operating System: Vista

View user profile

Back to top Go down

Re: When doing a Google Search...I get redirected to Ad sites...Needs Help!

Post by DragonMaster Jay on Mon 16 Nov 2009, 4:26 pm

Please use Internet Explorer and run a BitDefender Online scan

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts: 13452
Joined: 2009-09-07
Operating System: Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: When doing a Google Search...I get redirected to Ad sites...Needs Help!

Post by vangk15 on Mon 16 Nov 2009, 10:39 pm

Here's my results from BitDefender:

BitDefender Online Scanner



Scan report generated at: Mon, Nov 16, 2009 - 02:42:51





Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;







Statistics

Time
01:13:03

Files
514989

Folders
23270

Boot Sectors
0

Archives
5870

Packed Files
37303




Results

Identified Viruses
5

Infected Files
17

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
29




Engines Info

Virus Definitions
4551768

Engine build
AVCORE v2.1 Windows/i386 11.0.0.26 (Oct 20 2009)

Scan plugins
17

Archive plugins
44

Unpack plugins
8

E-mail plugins
6

System plugins
4




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{0A298331-4F50-D71A-1C7E-B82B9F40F8B6}-msa.exe=>(Quarantine-PE)
Infected with: Gen:Trojan.Heur.Renos.juW@baX8pHo

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{0A298331-4F50-D71A-1C7E-B82B9F40F8B6}-msa.exe=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{0A298331-4F50-D71A-1C7E-B82B9F40F8B6}-msa.exe=>(Quarantine-PE)
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{0A298331-4F50-D71A-1C7E-B82B9F40F8B6}-msa.exe
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{0A7AE3C2-C1B0-16F1-E7CF-8213DFB73D5B}-msa.exe=>(Quarantine-PE)
Infected with: Gen:Trojan.Heur.Renos.juW@baX8pHo

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{0A7AE3C2-C1B0-16F1-E7CF-8213DFB73D5B}-msa.exe=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{0A7AE3C2-C1B0-16F1-E7CF-8213DFB73D5B}-msa.exe=>(Quarantine-PE)
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{0A7AE3C2-C1B0-16F1-E7CF-8213DFB73D5B}-msa.exe
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{1A356351-8251-595E-10B2-2B2F2D922EDB}-msa.exe=>(Quarantine-PE)
Infected with: Gen:Trojan.Heur.Renos.juW@baX8pHo

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{1A356351-8251-595E-10B2-2B2F2D922EDB}-msa.exe=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{1A356351-8251-595E-10B2-2B2F2D922EDB}-msa.exe=>(Quarantine-PE)
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{1A356351-8251-595E-10B2-2B2F2D922EDB}-msa.exe
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{2A9DED24-11C1-96AB-0C53-9D4B6041E159}-msa.exe=>(Quarantine-PE)
Infected with: Gen:Trojan.Heur.Renos.juW@baX8pHo

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{2A9DED24-11C1-96AB-0C53-9D4B6041E159}-msa.exe=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{2A9DED24-11C1-96AB-0C53-9D4B6041E159}-msa.exe=>(Quarantine-PE)
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{2A9DED24-11C1-96AB-0C53-9D4B6041E159}-msa.exe
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{5D508FC7-0527-15B8-3BE7-3BAF151232A3}-nefesysguard.exe=>(Quarantine-PE)
Infected with: Trojan.Generic.2651217

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{5D508FC7-0527-15B8-3BE7-3BAF151232A3}-nefesysguard.exe=>(Quarantine-PE)
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{5D508FC7-0527-15B8-3BE7-3BAF151232A3}-nefesysguard.exe
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{64F6D0EB-E16A-F141-F440-9ADE4137F26E}-msa.exe=>(Quarantine-PE)
Infected with: Gen:Trojan.Heur.Renos.juW@baX8pHo

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{64F6D0EB-E16A-F141-F440-9ADE4137F26E}-msa.exe=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{64F6D0EB-E16A-F141-F440-9ADE4137F26E}-msa.exe=>(Quarantine-PE)
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{64F6D0EB-E16A-F141-F440-9ADE4137F26E}-msa.exe
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{68E8C4DB-EC4A-96FF-1532-2B7B1B96E9F9}-msa.exe=>(Quarantine-PE)
Infected with: Gen:Trojan.Heur.Renos.juW@baX8pHo

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{68E8C4DB-EC4A-96FF-1532-2B7B1B96E9F9}-msa.exe=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{68E8C4DB-EC4A-96FF-1532-2B7B1B96E9F9}-msa.exe=>(Quarantine-PE)
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{68E8C4DB-EC4A-96FF-1532-2B7B1B96E9F9}-msa.exe
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{6AF631A8-F327-F090-E2CB-EFF67FA4E24D}-msa.exe=>(Quarantine-PE)
Infected with: Gen:Trojan.Heur.Renos.juW@baX8pHo

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{6AF631A8-F327-F090-E2CB-EFF67FA4E24D}-msa.exe=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{6AF631A8-F327-F090-E2CB-EFF67FA4E24D}-msa.exe=>(Quarantine-PE)
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{6AF631A8-F327-F090-E2CB-EFF67FA4E24D}-msa.exe
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{CBB5A34C-2994-043A-A575-313304E735DF}-sique.exe=>(Quarantine-PE)
Infected with: Trojan.Generic.2661885

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{CBB5A34C-2994-043A-A575-313304E735DF}-sique.exe=>(Quarantine-PE)
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{CBB5A34C-2994-043A-A575-313304E735DF}-sique.exe
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{DBA3821E-327D-3047-0EA0-538AA4E37885}-msa.exe=>(Quarantine-PE)
Infected with: Gen:Trojan.Heur.Renos.juW@baX8pHo

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{DBA3821E-327D-3047-0EA0-538AA4E37885}-msa.exe=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{DBA3821E-327D-3047-0EA0-538AA4E37885}-msa.exe=>(Quarantine-PE)
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{DBA3821E-327D-3047-0EA0-538AA4E37885}-msa.exe
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{E2913423-6A3E-E608-7BF4-5360228F8614}-gsho.exe=>(Quarantine-PE)
Infected with: Trojan.Generic.2653035

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{E2913423-6A3E-E608-7BF4-5360228F8614}-gsho.exe=>(Quarantine-PE)
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{E2913423-6A3E-E608-7BF4-5360228F8614}-gsho.exe
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{F141CCBC-1792-424C-88FC-8CD864ACBC48}-msa.exe=>(Quarantine-PE)
Infected with: Gen:Trojan.Heur.Renos.juW@baX8pHo

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{F141CCBC-1792-424C-88FC-8CD864ACBC48}-msa.exe=>(Quarantine-PE)
Disinfection failed

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{F141CCBC-1792-424C-88FC-8CD864ACBC48}-msa.exe=>(Quarantine-PE)
Deleted

C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{F141CCBC-1792-424C-88FC-8CD864ACBC48}-msa.exe
Deleted

C:\Users\Ka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9ZD7U7W7\block[1].htm
Infected with: Trojan.FakeAlert.BFW

C:\Users\Ka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9ZD7U7W7\block[1].htm
Deleted

C:\Users\Ka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R9291APW\block[1].htm
Infected with: Trojan.FakeAlert.BFW

C:\Users\Ka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R9291APW\block[1].htm
Deleted

C:\Users\Ka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R9291APW\block[2].htm
Infected with: Trojan.FakeAlert.BFW

C:\Users\Ka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R9291APW\block[2].htm
Deleted

C:\Users\Ka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R9291APW\block[3].htm
Infected with: Trojan.FakeAlert.BFW

C:\Users\Ka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R9291APW\block[3].htm
Deleted

C:\Users\Ka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UI60G1JB\block[1].htm
Infected with: Trojan.FakeAlert.BFW

C:\Users\Ka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UI60G1JB\block[1].htm
Deleted




BitDefender Online Scanner - Real Time Virus Report



Generated at: Mon, Nov 16, 2009 - 06:36:10


--------------------------------------------------------------------------------





Scan Info



Scanned Files
538641

Infected Files
17








Virus Detected



Trojan.Generic.2653035
1

Trojan.FakeAlert.BFW
5

Trojan.Generic.2661885
1

Trojan.Generic.2651217
1

Gen:Trojan.Heur.Renos.juW@baX8pHo
9










--------------------------------------------------------------------------------



This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

vangk15

Newbie Surfer
Newbie Surfer

Posts: 11
Joined: 2009-11-16
Operating System: Vista

View user profile

Back to top Go down

Re: When doing a Google Search...I get redirected to Ad sites...Needs Help!

Post by DragonMaster Jay on Tue 17 Nov 2009, 5:13 am

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

==

Please download CKScanner by askey127 from here

Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts: 13452
Joined: 2009-09-07
Operating System: Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: When doing a Google Search...I get redirected to Ad sites...Needs Help!

Post by vangk15 on Tue 17 Nov 2009, 11:18 am

Here is my log for Malwarebytes' Anti-malware as requested:

Malwarebytes' Anti-Malware 1.41
Database version: 3183
Windows 6.0.6000

11/16/2009 7:02:50 PM
mbam-log-2009-11-16 (19-02-50).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 283845
Time elapsed: 1 hour(s), 6 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.

And here is the one for CKscanner:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\hp games\bejeweled 2 deluxe\sounds\cached_firecrackle.wav
c:\program files\hp games\bejeweled 2 deluxe\sounds\firecrackle.ogg
c:\program files\hp games\blasterball 3\data\art\bitmaps\enemies\boss2_crack.jpg.wkz
c:\program files\hp games\insaniquarium deluxe\images\eggcrack1.gif
c:\program files\hp games\insaniquarium deluxe\images\eggcrack2.gif
c:\program files\hp games\insaniquarium deluxe\images\_eggcrack1.gif
c:\program files\hp games\insaniquarium deluxe\images\_eggcrack2.gif
c:\program files\hp games\mah jong quest\images\tile_firecracker-1.pnge
c:\program files\hp games\mah jong quest\images\tile_firecracker-2.pnge
c:\program files\hp games\mah jong quest\images\tile_firecracker-3.pnge
c:\program files\hp games\mah jong quest\images\tile_firecracker1.pnge
c:\program files\hp games\mah jong quest\images\kwazi3\level5-1cracktop.jpge
c:\program files\hp games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack1.jpge
c:\program files\hp games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack2.jpge
c:\programdata\oberon media\bejeweled2\cached\sounds\firecrackle.wav
c:\users\ka\appdata\roaming\macromedia\flash player\#sharedobjects\snpfake4\[You must be registered and logged in to see this link.]
c:\users\ka\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\#[You must be registered and logged in to see this link.]
c:\users\ka\documents\crack.rar
c:\users\ka\favorites\fishdom key warez download crack serial keygen full version free.url
c:\users\ka\favorites\fishdom key warez download crack serial keygen full version free.url
scanner sequence 3.ZZ.11
----- EOF -----

vangk15

Newbie Surfer
Newbie Surfer

Posts: 11
Joined: 2009-11-16
Operating System: Vista

View user profile

Back to top Go down

Re: When doing a Google Search...I get redirected to Ad sites...Needs Help!

Post by DragonMaster Jay on Tue 17 Nov 2009, 2:53 pm

c:\users\ka\documents\crack.rar
c:\users\ka\favorites\fishdom key warez download crack serial keygen full version free.url
c:\users\ka\favorites\fishdom key warez download crack serial keygen full version free.url

Referring to the quoted text from the CKScanner log, your computer has keygens, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware" which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.

==

Please use Internet Explorer and run a BitDefender Online scan

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts: 13452
Joined: 2009-09-07
Operating System: Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: When doing a Google Search...I get redirected to Ad sites...Needs Help!

Post by vangk15 on Tue 17 Nov 2009, 5:53 pm

Here's my log from BitDefener.

See the results of the current computer scan
No viruses were found on your computer
500331 analized, 0 threat(s) found, 0 threats eliminated

I deleted the files you stated as keygens. But despite all the scans so far the virus is still affecting my computer. Where do I go from here?

vangk15

Newbie Surfer
Newbie Surfer

Posts: 11
Joined: 2009-11-16
Operating System: Vista

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


Permissions in this forum:
You cannot reply to topics in this forum