Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Search-Daily redirect + others [CLOSED]


  • This topic is locked This topic is locked

#1
Jahminded

Jahminded

    New Member

  • Member
  • Pip
  • 2 posts
First off, a thanks is in order. I cant thank you guys/gals enough for the free help you provide.

It appears I have the "search-daily" redirect playing havoc with my google searches. I've tried the AVG, SuperAntiSpyware and a few others to no avail. They did find other issues that needed to be resolved, but unfortunately it didn't clean up the search-daily crap that is infecting my computer.

This is my first time in quite a few years that my computer has been infected to a point that I was unable to clean it up myself with the help of AVG or similar product. I've read the instructions from the "You Must Read This Before Posting a Hijackthis log" and hope I've done all that is required before posting....here is a run down....

Used ATF Cleaner

Performed System Restore

Ran AVG

Ran SuperAntiSpyware

Panda Activescan did not work on my computer

Performed Windows Update

Performed the Reboot test

still no luck...so here is my Hijackthis log....


Logfile of Trend Micro HijackThis

v2.0.2
Scan saved at 6:45:41 PM, on 2/18/2008
Platform: Windows XP SP2 (WinNT

5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG

Anti-Spyware 7.5\guard.exe
C:\Program Files\Common

Files\Microsoft

Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared

files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program

Files\Creative\SBAudigy\Surround

Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe
C:\Program

Files\HighCriteria\TotalRecorder\TotRe

cSched.exe
C:\Program

Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ady.exe
C:\Program Files\ATI

Technologies\ATI.ACE\Core-Static\MOM.E

XE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft

ActiveSync\wcescomm.exe
C:\Program

Files\Google\GoogleToolbarNotifier\Goo

gleToolbarNotifier.exe
C:\WINDOWS\system32\msiconf.exe
C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital

Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI

Technologies\ATI.ACE\Core-Static\ccc.e

xe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Internet

Explorer\iexplore.exe
C:\Program Files\Internet

Explorer\iexplore.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet

Connection Wizard,ShellNext =

http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper

-

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -

{3480778D-B578-4DAF-9DA6-27625E7E15B2}

- c:\windows\system32\consoleq.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

- C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7}

- c:\program

files\google\googletoolbar6.dll
O2 - BHO: Google Toolbar Notifier BHO

-

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

- C:\Program

Files\Google\GoogleToolbarNotifier\2.0

.1121.2472\swg.dll
O2 - BHO: (no name) -

{B6083A15-A7A6-8E7C-D97C-F8ADA9907491}

- C:\WINDOWS\system32\yunovlph.dll

(file missing)
O2 - BHO: (no name) -

{F316E1B8-4906-4FDB-9630-30A1495C7B59}

- C:\WINDOWS\system32\dbnmpntwp.dll
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5CD4F}

- c:\program

files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched]

"C:\Program

Files\Java\jre1.6.0_03\bin\jusched.exe

"
O4 - HKLM\..\Run: [QuickTime Task]

"C:\Program

Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [CTSysVol]

C:\Program

Files\Creative\SBAudigy\Surround

Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32

P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg]

C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [HP Software Update]

C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe
O4 - HKLM\..\Run:

[TotalRecorderScheduler] "C:\Program

Files\HighCriteria\TotalRecorder\TotRe

cSched.exe"
O4 - HKLM\..\Run: [StartCCC]

C:\Program Files\ATI

Technologies\ATI.ACE\Core-Static\CLISt

art.exe
O4 - HKLM\..\Run: [RemoteControl]

"C:\Program

Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut]

"C:\Program

Files\CyberLink\PowerDVD\Language\Lang

uage.exe"
O4 - HKLM\..\Run: [ady]

C:\WINDOWS\system32\ady.exe
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection

Agent] "C:\Program Files\Microsoft

ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\Goo

gleToolbarNotifier.exe
O4 - HKCU\..\Run: [Tien]

"C:\DOCUME~1\xp\MYDOCU~1\APPATC~1\ping

.exe" -vt ndrv
O4 - HKCU\..\Run: [Vbf] "C:\Program

Files\Common

Files\A?pPatch\dexplore.exe"
O4 - HKCU\..\Run: [ady]

C:\WINDOWS\system32\ady.exe
O4 - HKCU\..\Run: [msiconf.exe]

msiconf.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware]

C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpywar

e.exe
O4 - HKUS\S-1-5-18\..\Run:

[DWQueuedReporting]

"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtr

ig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run:

[DWQueuedReporting]

"C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtr

ig20.exe" -t (User 'Default user')
O4 - Startup: Magic Holdem.lnk =

C:\Program Files\Magic

Holdem\MagicHoldem.exe
O4 - Global Startup: Adobe Reader

Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital

Imaging Monitor.lnk = C:\Program

Files\HP\Digital

Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport

to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EX

CEL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java

Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\Program

Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile

Favorite -

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}

- C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) -

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}

- C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create

Mobile Favorite... -

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}

- C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Bodog Poker -

{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}

- C:\Program Files\Bodog

Poker\BPGame.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF:

{17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation

Tool) -

http://go.microsoft.com/fwlink/?linkid

=39204
O16 - DPF:

{2B323CD9-50E3-11D3-9466-00A0C9700498}

-

http://jcs.chat.dcn.yahoo.com/v45/yacs

com.cab
O16 - DPF:

{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}

(FilePlanet Download Control Class) -

http://www.fileplanet.com/fpdlmgr/cabs

/FPDC_1_0_0_44.cab
O16 - DPF:

{54823A9D-6BAE-11D5-B519-0050BA2413EB}

(ChkDVDCtl Class) -

http://www.cyberlink.com/winxp/CheckDV

D.cab
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/

v5consumer/V5Controls/en/x86/client/wu

web_site.cab?1102707620671
O16 - DPF:

{67DABFBF-D0AB-41FA-9C46-CC0F21721616}

(DivXBrowserPlugin Object) -

http://go.divx.com/plugin/DivXBrowserP

lugin.cab
O16 - DPF:

{7D1E9C49-BD6A-11D3-87A8-009027A35D73}

- http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF:

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

(ActiveScan Installer Class) -

http://acs.pandasoftware.com/activesca

n/as5free/asinst.cab
O16 - DPF:

{E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD}

-

http://download.abacast.com/download/f

iles/abasetup161.cab
O20 - Winlogon Notify: !SASWinLogon -

C:\Program

Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: erilmwcz -

C:\WINDOWS\SYSTEM32\consoleq.dll
O23 - Service: Ad-Aware 2007 Service

(aawservice) - Lavasoft AB -

C:\Program Files\Lavasoft\Ad-Aware

2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI

Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown

owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard

- GRISOFT s.r.o. - C:\Program

Files\Grisoft\AVG Anti-Spyware

7.5\guard.exe
O23 - Service: Google Updater Service

(gusvc) - Google - C:\Program

Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown

owner -

C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo

Service(CRVS) (RichVideo) - Unknown

owner - C:\Program

Files\CyberLink\Shared

files\RichVideo.exe
O23 - Service: TrueVector Internet

Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8577 bytes


If I've missed a step or there is something else I need to do before helping, please let me know...and thank you for your time.
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Open notepad, click Format, uncheck wordwrap

CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "C:\WINDOWS\SYSTEM32\consoleq.dll"
  • Put a link to this topic in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:


    • C:\WINDOWS\SYSTEM32\consoleq.dll

  • Click Open.
  • Click Post.
Thank you!



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#3
Jahminded

Jahminded

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Rorschach.....

Thank you very much for the reply to my plea. I thought my post had gone unnoticed so I began searching for threads with the similar "search daily" redirect issue. I found one and began following the steps outlined...

Combofix seems to have rid me of the redirect, but the program did hang at the end forcing me to restart my computer. I tried this twice with the same results.

It looks like Combofix removed the "C:\WINDOWS\SYSTEM32\consoleq.dll" file, among others, and stored it in a folder on my desktop...the folder is named "catchme.zip".

What would you recommend at this point to ensure my computer is clean? I apologize for jumping the gun and not waiting for proper instructions...I was desperate.

Again, thank you for your time and I look forward to hearing back from you.

Jahminded
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Go ahead and run DSS and Kaspersky there
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP