Jump to content

Recommended Posts

Hi there! I have been trying many of the solutions put forwards in the forum and have not been able to get rid of this dodgy google redirecting hijack thing. It affects me both on IE and Firefox, and I'm not sure how many other things it might be doing. Mainly, after a few moments all the links in google turn into google.com/go?##### (where # is a number), and they will redirect to advert pages and popups (daily 7 news, this and that, etc.). I have tried rkill followed by tdsskiller and malwarebytes which removed some trojans but not the google redirecting. The most effective I've found is when an hour and a half ago I ran an updated eset, which found all the following, but didn't solve the problem either:

C:\Documents and Settings\Joni Karanka\Application Data\Sun\Java\Deployment\cache\6.0\10\70e832ca-483b839a multiple threats deleted - quarantined

C:\Documents and Settings\Joni Karanka\Application Data\Sun\Java\Deployment\cache\6.0\11\1291e14b-6a2ae122 Java/TrojanDownloader.Agent.NCM trojan deleted - quarantined

C:\Documents and Settings\Joni Karanka\Application Data\Sun\Java\Deployment\cache\6.0\35\4fec48e3-6d32c3c5 multiple threats deleted - quarantined

C:\Documents and Settings\Joni Karanka\Application Data\Sun\Java\Deployment\cache\6.0\36\662108a4-1f40139e multiple threats deleted - quarantined

C:\Documents and Settings\Joni Karanka\Application Data\Sun\Java\Deployment\cache\6.0\46\c0c3ae-3a9e254b a variant of Win32/Kryptik.ZUD trojan cleaned by deleting - quarantined

C:\Documents and Settings\Joni Karanka\Application Data\Sun\Java\Deployment\cache\6.0\56\e803ff8-40561262 multiple threats deleted - quarantined

C:\Documents and Settings\Joni Karanka\Application Data\Sun\Java\Deployment\cache\6.0\60\33d9e4bc-7cd903f4 multiple threats deleted - quarantined

C:\Documents and Settings\Joni Karanka\Application Data\Sun\Java\Deployment\cache\6.0\60\6deaabfc-7fc22488 multiple threats deleted - quarantined

C:\Documents and Settings\Joni Karanka\Application Data\Sun\Java\Deployment\cache\6.0\62\2bc3143e-73d8ded1 a variant of Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined

C:\Documents and Settings\Joni Karanka\Local Settings\Temp\13F.tmp a variant of Win32/Kryptik.ZUD trojan cleaned by deleting - quarantined

C:\Documents and Settings\Joni Karanka\Local Settings\Temp\A4.tmp Win32/PSW.Agent.NTN trojan cleaned by deleting - quarantined

C:\Documents and Settings\Joni Karanka\Local Settings\Temp\A5.tmp a variant of Win32/Kryptik.AABF trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\02.02.2012_19.43.24\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\02.02.2012_19.43.24\tdlfs0000\tsk0003.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\02.02.2012_19.43.24\tdlfs0000\tsk0005.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\02.02.2012_19.43.24\tdlfs0000\tsk0008.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\02.02.2012_19.43.24\tdlfs0000\tsk0009.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\02.02.2012_20.07.42\tdlfs0000\tsk0001.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\02.02.2012_20.07.42\tdlfs0000\tsk0003.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\02.02.2012_20.07.42\tdlfs0000\tsk0005.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\02.02.2012_20.07.42\tdlfs0000\tsk0008.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined

C:\TDSSKiller_Quarantine\02.02.2012_20.07.42\tdlfs0000\tsk0009.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined

C:\WINDOWS\Temp\jar_cache7876533811439770172.tmp Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined

Link to post
Share on other sites

This are the DDS results, any help much appreciated, I bet there's somebody else in my own situation!

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Run by Joni Karanka at 13:59:16 on 2012-02-04

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.231 [GMT 0:00]

.

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nokia\PC Internet Access\NPCIA.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\PROGRA~1\samsung\SAB60E~1\SUPNOT~1.EXE

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.uk/

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [NokiaPCInternetAccess] "c:\program files\nokia\pc internet access\NPCIA.exe" /b

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\joni karanka\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [<NO NAME>]

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe

mRun: [batteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe

mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe

mRun: [sUPBackground] c:\program files\samsung\samsung update plus\SUPBackground.exe

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f

dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f

StartupFolder: c:\docume~1\jonika~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{29F31B5D-5ABD-4BB7-95D3-ACA52596D06E} : DhcpNameServer = 192.168.1.1

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 94.63.240.133 www.google.com

Hosts: 94.63.240.134 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\joni karanka\application data\mozilla\firefox\profiles\odvsfon7.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://flvtubesearch.co/?prt=02ff&clid=&subid=&Keywords=

FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll

FF - plugin: c:\documents and settings\joni karanka\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\joni karanka\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\joni karanka\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\documents and settings\joni karanka\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.http.accept-encoding -

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-5-24 64512]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-1-30 239168]

R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-1-30 338880]

R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2012-1-30 656320]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-30 55152]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-23 2152152]

R3 RTL819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl819xp.sys [2009-7-30 517504]

R3 VMC33F;Vimicro Camera Service VMC33F;c:\windows\system32\drivers\VMC33F.sys [2009-7-30 237952]

S0 rjcsgdc;rjcsgdc;c:\windows\system32\drivers\ihhkxpj.sys --> c:\windows\system32\drivers\ihhkxpj.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-23 136176]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-7-30 1684736]

S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-7 533360]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-23 136176]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-23 15232]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2012-1-30 366840]

S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2012-1-30 1150936]

.

=============== Created Last 30 ================

.

2012-02-04 13:47:16 388096 ----a-r- c:\documents and settings\joni karanka\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-02-04 13:47:15 -------- d-----w- c:\program files\Trend Micro

2012-02-04 11:49:28 -------- d-----w- c:\program files\ESET

2012-02-03 23:54:16 102400 ----a-w- c:\windows\RegBootClean.exe

2012-02-02 21:06:57 -------- d-----w- c:\documents and settings\joni karanka\local settings\application data\Sunbelt Software

2012-02-02 21:03:37 -------- d-----w- c:\documents and settings\joni karanka\local settings\application data\adaware

2012-02-02 21:03:34 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection

2012-02-02 21:03:29 -------- d-----w- c:\program files\Toolbar Cleaner

2012-02-02 21:03:18 -------- d-----w- c:\documents and settings\joni karanka\application data\adawaretb

2012-02-02 21:03:16 -------- d-----w- c:\program files\adawaretb

2012-02-02 19:45:27 -------- d-----w- C:\TDSSKiller_Quarantine

2012-01-30 10:05:19 -------- d-----w- c:\documents and settings\joni karanka\application data\GetRightToGo

2012-01-30 10:02:35 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys

2012-01-30 10:02:35 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys

2012-01-30 10:02:34 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2012-01-30 10:02:29 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2012-01-30 10:02:29 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2012-01-30 10:02:13 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys

2012-01-30 10:01:57 -------- d-----w- c:\program files\PC Tools Security

2012-01-30 10:01:57 -------- d-----w- c:\program files\common files\PC Tools

2012-01-30 10:01:57 -------- d-----w- c:\documents and settings\joni karanka\application data\PC Tools

2012-01-30 09:58:17 -------- d-----w- c:\documents and settings\all users\application data\PC Tools

2012-01-30 02:24:55 6139760 ----a-w- C:\WindowsUpdateAgent30-x86.exe

.

==================== Find3M ====================

.

2012-02-02 21:12:15 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-12-23 07:12:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-12-10 15:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-06 11:05:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll

2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll

.

============= FINISH: 14:00:24.89 ===============

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.