Search-Daily redirect + others [CLOSED]

First off, a thanks is in order. I cant thank you guys/gals enough for the free help you provide.

It appears I have the "search-daily" redirect playing havoc with my google searches. I've tried the AVG, SuperAntiSpyware and a few others to no avail. They did find other issues that needed to be resolved, but unfortunately it didn't clean up the search-daily crap that is infecting my computer.

This is my first time in quite a few years that my computer has been infected to a point that I was unable to clean it up myself with the help of AVG or similar product. I've read the instructions from the "You Must Read This Before Posting a Hijackthis log" and hope I've done all that is required before posting....here is a run down....

Used ATF Cleaner

Performed System Restore

Ran AVG

Ran SuperAntiSpyware

Panda Activescan did not work on my computer

Performed Windows Update

Performed the Reboot test

still no luck...so here is my Hijackthis log....

Logfile of Trend Micro HijackThis

v2.0.2
Scan saved at 6:45:41 PM, on 2/18/2008
Platform: Windows XP SP2 (WinNT

5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG

Anti-Spyware 7.5\guard.exe
C:\Program Files\Common

Files\Microsoft

Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared

files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program

Files\Creative\SBAudigy\Surround

Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe
C:\Program

Files\HighCriteria\TotalRecorder\TotRe

cSched.exe
C:\Program

Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ady.exe
C:\Program Files\ATI

Technologies\ATI.ACE\Core-Static\MOM.E

XE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft

ActiveSync\wcescomm.exe
C:\Program

Files\Google\GoogleToolbarNotifier\Goo

gleToolbarNotifier.exe
C:\WINDOWS\system32\msiconf.exe
C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital

Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI

Technologies\ATI.ACE\Core-Static\ccc.e

xe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Internet

Explorer\iexplore.exe
C:\Program Files\Internet

Explorer\iexplore.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet

Connection Wizard,ShellNext =

http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper

-

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -

{3480778D-B578-4DAF-9DA6-27625E7E15B2}

- c:\windows\system32\consoleq.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

- C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7}

- c:\program

files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO

-

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

- C:\Program

Files\Google\GoogleToolbarNotifier\2.0

.1121.2472\swg.dll
O2 - BHO: (no name) -

{B6083A15-A7A6-8E7C-D97C-F8ADA9907491}

- C:\WINDOWS\system32\yunovlph.dll

(file missing)
O2 - BHO: (no name) -

{F316E1B8-4906-4FDB-9630-30A1495C7B59}

- C:\WINDOWS\system32\dbnmpntwp.dll
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5CD4F}

- c:\program

files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched]

"C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe

"
O4 - HKLM\..\Run: [QuickTime Task]

"C:\Program

Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [CTSysVol]

C:\Program

Files\Creative\SBAudigy\Surround

Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32

P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg]

C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Software Update]

C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe
O4 - HKLM\..\Run:

[TotalRecorderScheduler] "C:\Program

Files\HighCriteria\TotalRecorder\TotRe

cSched.exe"
O4 - HKLM\..\Run: [StartCCC]

C:\Program Files\ATI

Technologies\ATI.ACE\Core-Static\CLISt

art.exe
O4 - HKLM\..\Run: [RemoteControl]

"C:\Program

Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut]

"C:\Program

Files\CyberLink\PowerDVD\Language\Lang

uage.exe"
O4 - HKLM\..\Run: [ady]

C:\WINDOWS\system32\ady.exe
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection

Agent] "C:\Program Files\Microsoft

ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\Goo

gleToolbarNotifier.exe
O4 - HKCU\..\Run: [Tien]

"C:\DOCUME~1\xp\MYDOCU~1\APPATC~1\ping

.exe" -vt ndrv
O4 - HKCU\..\Run: [Vbf] "C:\Program

Files\Common

Files\A?pPatch\dexplore.exe"
O4 - HKCU\..\Run: [ady]

C:\WINDOWS\system32\ady.exe
O4 - HKCU\..\Run: [msiconf.exe]

msiconf.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware]

C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpywar

e.exe
O4 - HKUS\S-1-5-18\..\Run:

[DWQueuedReporting]

"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtr

ig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run:

[DWQueuedReporting]

"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtr

ig20.exe" -t (User 'Default user')
O4 - Startup: Magic Holdem.lnk =

C:\Program Files\Magic

Holdem\MagicHoldem.exe
O4 - Global Startup: Adobe Reader

Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital

Imaging Monitor.lnk = C:\Program

Files\HP\Digital

Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport

to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EX

CEL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java

Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile

Favorite -

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}

- C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) -

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}

- C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create

Mobile Favorite... -

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}

- C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Bodog Poker -

{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}

- C:\Program Files\Bodog

Poker\BPGame.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF:

{17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation

Tool) -

http://go.microsoft.com/fwlink/?linkid

=39204
O16 - DPF:

{2B323CD9-50E3-11D3-9466-00A0C9700498}

-

http://jcs.chat.dcn.yahoo.com/v45/yacs

com.cab
O16 - DPF:

{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}

(FilePlanet Download Control Class) -

http://www.fileplanet.com/fpdlmgr/cabs

/FPDC_1_0_0_44.cab
O16 - DPF:

{54823A9D-6BAE-11D5-B519-0050BA2413EB}

(ChkDVDCtl Class) -

http://www.cyberlink.com/winxp/CheckDV

D.cab
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/

v5consumer/V5Controls/en/x86/client/wu

web_site.cab?1102707620671
O16 - DPF:

{67DABFBF-D0AB-41FA-9C46-CC0F21721616}

(DivXBrowserPlugin Object) -

http://go.divx.com/plugin/DivXBrowserP

lugin.cab
O16 - DPF:

{7D1E9C49-BD6A-11D3-87A8-009027A35D73}

- http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF:

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

(ActiveScan Installer Class) -

http://acs.pandasoftware.com/activesca

n/as5free/asinst.cab
O16 - DPF:

{E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD}

-

http://download.abacast.com/download/f

iles/abasetup161.cab
O20 - Winlogon Notify: !SASWinLogon -

C:\Program

Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: erilmwcz -

C:\WINDOWS\SYSTEM32\consoleq.dll
O23 - Service: Ad-Aware 2007 Service

(aawservice) - Lavasoft AB -

C:\Program Files\Lavasoft\Ad-Aware

2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI

Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown

owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard

- GRISOFT s.r.o. - C:\Program

Files\Grisoft\AVG Anti-Spyware

7.5\guard.exe
O23 - Service: Google Updater Service

(gusvc) - Google - C:\Program

Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown

owner -

C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo

Service(CRVS) (RichVideo) - Unknown

owner - C:\Program

Files\CyberLink\Shared

files\RichVideo.exe
O23 - Service: TrueVector Internet

Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8577 bytes

If I've missed a step or there is something else I need to do before helping, please let me know...and thank you for your time.

Hello

Open notepad, click Format, uncheck wordwrap

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum

Click on "New Topic"
Put your name, e-mail address, and this as the title: "C:\WINDOWS\SYSTEM32\consoleq.dll"
Put a link to this topic in the description box.
Then next to the file box, at the bottom, click the browse button, then navigate to this file:
- C:\WINDOWS\SYSTEM32\consoleq.dll
Click Open.
Click Post.

Thank you!

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

#1
Jahminded

Posted 18 February 2008 - 08:55 PM

Advertisements

#2
Rorschach112

Posted 19 February 2008 - 06:58 AM

#3
Jahminded

Posted 21 February 2008 - 01:43 AM

#4
Rorschach112

Posted 21 February 2008 - 06:36 AM

#5
Rorschach112

Posted 25 February 2008 - 07:10 PM

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us