Register Members List Social Groups Search Today's Posts Mark Forums Read  
Computer Forums

Member Login

Remember Me? Sign Up! | Forgot Password
 
Slogan
 
Computer Forums > The World Wide Web > Virus - Spyware Protection / Detection » Google Redirect Virus! All Search Results are being re-directed to spam websites!!
Closed Thread
LinkBack Thread Tools Display Modes
 
Old 11-22-2007, 07:12 AM   #1 (permalink)
 
Super Techie

Join Date: Jan 2007

Posts: 312

King$nake is on a distinguished road
Default Google Redirect Virus! All Search Results are being re-directed to spam websites!!
Ok, I did a search online, and realize the first thing I needed to do was a HiJack This log. I should note that FireFox works completely fine. Its just IE. I am also getting all kinds of pop-ups that I never used to get before in IE (I have popup blockers installed too). Would these two problems be the same virus/malware?

So, here it is:

Logfile of HijackThis v1.99.1
Scan saved at 4:10:58 AM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\J. Sloan\Desktop\HJT\HijackThis.exe
C:\WINDOWS\system32\HPZinw12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Breaking News | Latest News | Current News - FOXNews.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe,
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AsusServiceProvider] "C:\Program Files\ASUS\AASP\1.00.01\aaCenter.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n028p/EN/install/gtdownlr.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/...lMgr_v01_6.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1170912289568
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe


Can anyone find the problem?
Thanks
Joe
__________________
Enermax Black Aluminum ATX Mid Tower Case
Intel Core 2 Duo E8500 Wolfdale 3.16Ghz - OC'd at 4.13Ghz Stable
ASUS P5B Deluxe P965 Motherboard
Zalman 750W Modular Power Supply w/ Heatpipe Cooling
Zalman 110MM 2 Ball CPU Cooler
eVGA GeForce GTX285 1GB Graphics Card
G.SKILL 6GB DDR2 SDRAM DDR2 800
Logitech THX Z-5300e 280 Watts RMS 5.1 Speakers
SCEPTRE 22" Widescreen HDTV LCD
Wireless Logitech Keyboard and Mouse
Creative Sound Blaster X-Fi XtremeGamer 7.1
SAMSUNG SpinPoint 320GB 7200 RPM SATA 3.0Gb/s
Last edited by King$nake; 11-22-2007 at 07:18 AM.
King$nake is offline  
Old 11-25-2007, 10:28 PM   #2 (permalink)
Osiris's Avatar
 

Join Date: Jan 2005

Location: Kentucky

Posts: 32,098

Osiris is a jewel in the roughOsiris is a jewel in the roughOsiris is a jewel in the rough

Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris Send a message via Skype™ to Osiris
Default Re: Google Redirect Virus! All Search Results are being re-directed to spam websites
make sure system restore is disabled, run ccleaner and cleanup and post a new log
__________________
Osiris is offline  
Old 11-26-2007, 12:57 AM   #3 (permalink)
 
Super Techie

Join Date: Jan 2007

Posts: 312

King$nake is on a distinguished road
Default Re: Google Redirect Virus! All Search Results are being re-directed to spam websites
What are those programs, and what do they do?

I should also note that I am getting all kinds of toolbar popups saying I have misc. Viruses, like "Malware Found", etc etc
__________________
Enermax Black Aluminum ATX Mid Tower Case
Intel Core 2 Duo E8500 Wolfdale 3.16Ghz - OC'd at 4.13Ghz Stable
ASUS P5B Deluxe P965 Motherboard
Zalman 750W Modular Power Supply w/ Heatpipe Cooling
Zalman 110MM 2 Ball CPU Cooler
eVGA GeForce GTX285 1GB Graphics Card
G.SKILL 6GB DDR2 SDRAM DDR2 800
Logitech THX Z-5300e 280 Watts RMS 5.1 Speakers
SCEPTRE 22" Widescreen HDTV LCD
Wireless Logitech Keyboard and Mouse
Creative Sound Blaster X-Fi XtremeGamer 7.1
SAMSUNG SpinPoint 320GB 7200 RPM SATA 3.0Gb/s
Last edited by King$nake; 11-26-2007 at 01:07 AM.
King$nake is offline  
Old 11-26-2007, 08:17 AM   #4 (permalink)
Osiris's Avatar
 

Join Date: Jan 2005

Location: Kentucky

Posts: 32,098

Osiris is a jewel in the roughOsiris is a jewel in the roughOsiris is a jewel in the rough

Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris Send a message via Skype™ to Osiris
Default Re: Google Redirect Virus! All Search Results are being re-directed to spam websites
CCleaner - Home

www.stevengould.org - CleanUp! Home


after you run those, post a new log


also go thru add/remove and remove any unwanted programs and toolbars
__________________
Osiris is offline  
 
Closed Thread

« What is the best? | QuickTime streaming media exploit targets unpatched bug »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Google search list cmulvill Search Engines & Internet Traffic 9 04-11-2008 10:20 AM
online stores/ads in search results raverx3m Computer Networking & Internet Access 1 06-05-2007 09:46 PM
Virus Writers Taint Google Ad Links Osiris Virus - Spyware Protection / Detection 0 04-26-2007 08:38 PM

Contact Us - Computer Technology Forums - Archive - Top

 

All times are GMT -5. The time now is 03:00 AM.
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.3.2 Copyright ©2002-2009, Tech-Forums.net
vBulletin skin created by Baez & Baez Computers Inc.   |   Contact Management Software and AAOutlook 		Log Out Unregistered