Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search Engine Hijack, please help!

Started by skylark820 , Dec 29 2008 03:34 PM

  • Please log in to reply

#1
skylark820
Posted 29 December 2008 - 03:34 PM

skylark820

    New Member

  • Member
  • Pip
  • 6 posts
It doesn't matter what I'm using..Firefox, IE...or which search engine I'm using, when I search for something, and I click on any and every link on the search results page, I get redirected to some other spam site. But when I use "Advanced Search", the proper URLs are displayed and it works fine.

Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:46, on 2008/12/29
Platform: Windows XP SP3 (WinNT

5.01.2600)
MSIE: Internet Explorer v6.00 SP3

(6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program

Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common

Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\Program

Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Symantec

AntiVirus\DefWatch.exe
C:\Program

Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program

Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common

Files\NMSAccessU.exe
C:\Program

Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\StacSV.exe
C:\PROGRA~1\COMMON~1

\Stardock\SDMCP.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec

AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program

Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Java\jre6

\bin\jusched.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program

Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program

Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems

Corp\Services

Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Wave Systems

Corp\SecureUpgrade.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common

Files\InstallShield\UpdateService\issch.e

xe
C:\Program

Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\CyberLink\PowerDVD

DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec

Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program

Files\Google\GoogleToolbarNotifier\Go

ogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI

RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Digital Line

Detect\DLG.exe
C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla

Firefox\firefox.exe
C:\Program Files\HP\Digital

Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital

Imaging\bin\hpqSTE08.exe
C:\Program

Files\iPod\bin\iPodService.exe
C:\Documents and

Settings\Reina\Desktop\hijackthis\Hijack

This.exe

O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program

Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHel

per.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-

9908-00400523e39a} - C:\Program

Files\Siber Systems\AI

RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper -

{761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program

Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-

CF10577473F7} - c:\program

files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO -

{AF69DE43-7D58-4638-B6FA-

CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\3.1

.807.1746\swg.dll
O2 - BHO: Browser Address Error

Redirector - {CA6319C0-31B7-401E-A518-

A07C3DB8F777} - C:\Program

Files\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-

9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -

{E7E6F031-17CE-4C07-BC86-

EABFE594F69C} - C:\Program

Files\Java\jre6

\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-

11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85

-11d4-9908-00400523e39a} - C:\Program

Files\Siber Systems\AI

RoboForm\roboform.dll
O4 - HKLM\..\Run: [Apoint] C:\Program

Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray]

C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]

C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence]

C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched]

"C:\Program Files\Java\jre6

\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig]

"C:\Program

Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless]

"C:\Program

Files\Intel\Wireless\Bin\ifrmewrk.exe"

/tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp]

stsystra.exe
O4 - HKLM\..\Run: [Document Manager]

C:\Program Files\Wave Systems

Corp\Services

Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [SecureUpgrade]

C:\Program Files\Wave Systems

Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [KADxMain]

C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup]

C:\PROGRA~1\COMMON~1\INSTAL~1

\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler]

"C:\Program Files\Common

Files\InstallShield\UpdateService\issch.e

xe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc]

"C:\Program Files\Roxio\Drag-to-

Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv]

"C:\Program Files\CyberLink\PowerDVD

DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1]

"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE"

/Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002]

C:\WINDOWS\system32

\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync]

C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A]

C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program

Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1

\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [HP Software Update]

C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper]

"C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed

Launcher] "C:\Program

Files\Adobe\Reader 8.0

\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\Go

ogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [Tunebite] C:\Program

Files\RapidSolution\Tunebite\Tunebite.ex

e -tray
O4 - HKCU\..\Run: [RoboForm]

"C:\Program Files\Siber Systems\AI

RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\CTFMON.EXE

(User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\CTFMON.EXE

(User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper

and Launcher.lnk = C:\Program

Files\Microsoft Office\Office12

\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk

= C:\Program Files\Digital Line

Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging

Monitor.lnk = C:\Program

Files\HP\Digital

Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart

Premier Fast Start.lnk = C:\Program

Files\HP\Digital

Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Customize

Menu - file://C:\Program Files\Siber

Systems\AI

RoboForm\RoboFormComCustomizeIEMen

u.html
O8 - Extra context menu item: E&xport to

Microsoft Excel - res://C:\PROGRA~1

\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm

Toolbar - file://C:\Program Files\Siber

Systems\AI

RoboForm\RoboFormComShowToolbar.ht

ml
O8 - Extra context menu item: Save Forms -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html
O9 - Extra button: Send to OneNote -

{2670000A-7350-4f3c-8081-

5663EE0C6C49} - C:\PROGRA~1

\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to

OneNote - {2670000A-7350-4f3c-8081-

5663EE0C6C49} - C:\PROGRA~1

\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-

6646-11D3-ABEE-C5DBF3571F46} -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms -

{320AF880-6646-11D3-ABEE-

C5DBF3571F46} - file://C:\Program

Files\Siber Systems\AI

RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-

11D3-ABEE-C5DBF3571F49} -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms -

{320AF880-6646-11D3-ABEE-

C5DBF3571F49} - file://C:\Program

Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-

0d85-11d4-9908-00400523e39a} -

file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.ht

ml
O9 - Extra 'Tools' menuitem: RoboForm

Toolbar - {724d43aa-0d85-11d4-9908-

00400523e39a} - file://C:\Program

Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.ht

ml
O9 - Extra button: Research - {92780B25-

18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11

\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-

d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,

-20001 - {e2e2dd38-d088-4134-82b7-

f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-

F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows

Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-

0E3A5CAA8CD8} (Office Genuine

Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?

linkid=58813
O16 - DPF: {0CCA191D-13A6-4E29-B746-

314DEE697D83} (Facebook Photo

Uploader 5) -

http://upload.facebook.com/controls/Fa

cebookPhotoUploader5.cab
O18 - Protocol: skype4com - {FFC8B962-

9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1

\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wxvault.dll

C:\PROGRA~1\Google\GOOGLE~1

\GOEC62~1.DLL,wbsys.dll
O23 - Service: Apple Mobile Device - Apple,

Inc. - C:\Program Files\Common

Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS

Mailbox Monitor (ASFIPmon) - Broadcom

Corporation - C:\Program

Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Symantec Event Manager

(ccEvtMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Password

Validation (ccPwdSvc) - Symantec

Corporation - C:\Program Files\Common

Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager

(ccSetMgr) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition

Watcher (DefWatch) - Symantec

Corporation - C:\Program Files\Symantec

AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless

Event Log (EvtEng) - Intel Corporation -

C:\Program

Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service

(gusvc) - Google - C:\Program

Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager

(IDriverT) - Macrovision Corporation -

C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel

32\IDriverT.exe
O23 - Service: iPod サービス (iPod Service) -

Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter

(JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. -

C:\Program

Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMSAccessU - Unknown

owner - C:\Program Files\Common

Files\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless

Registry Service (RegSrvc) - Intel

Corporation - C:\Program

Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless

Service (S24EventMonitor) - Intel

Corporation - C:\Program

Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) -

symantec - C:\Program Files\Symantec

AntiVirus\SavRoam.exe
O23 - Service: SecureStorageService - Wave

Systems Corp. - C:\Program Files\Wave

Systems Corp\Secure Storage

Manager\SecureStorageService.exe
O23 - Service: Symantec Network Drivers

Service (SNDSrvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc

(SPBBCSvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service

(STacSV) - SigmaTel, Inc. -

C:\WINDOWS\system32\StacSV.exe
O23 - Service: stllssvr - MicroVision

Development, Inc. - C:\Program

Files\Common Files\SureThing

Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus -

Symantec Corporation - C:\Program

Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS

(tcsd_win32.exe) - Unknown owner -

C:\Program Files\NTRU

Cryptosystems\NTRU TCG Software

Stack\bin\tcsd_win32.exe
O23 - Service: Intel® PROSet/Wireless

SSO Service (WLANKEEPER) - Intel®

Corporation - C:\Program

Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13349 bytes


Please help!!
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP