Jump to content

Infected - Yahoo and Google Searches Redirected


Recommended Posts

All of my Yahoo and Google web searches produce results but when I click on one, I am always redirected to a forbidden site or an advertising site. I have ran Super antispyware, Malwarebytes, AVG virus scan and Spybot Search and Destroy with them all coming up clean. Attached are my Hijack This log and Malwarebytes log. Any help would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:53:58 PM, on 8/24/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Citrix\GoToMyPC\g2svc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Citrix\GoToMyPC\g2comm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Citrix\GoToMyPC\g2pre.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Citrix\GoToMyPC\g2tray.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\pvsw\bin\W3DBSMGR.EXE

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Citrix\GoToMyPC\g2mainh.exe

C:\Program Files\Citrix\GoToMyPC\g2host.exe

C:\Program Files\Citrix\GoToMyPC\g2printh.exe

C:\Program Files\Citrix\GoToMyPC\g2audioh.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O1 - Hosts: 74.125.45.100 test1111.com

O1 - Hosts: 74.125.45.100 test1112.com

O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com

O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 secure-plus-payments.com

O1 - Hosts: 74.125.45.100 getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com

O1 - Hosts: 74.125.45.100 www.getavplusnow.com

O1 - Hosts: 74.125.45.100 securesoftwarebill.com

O1 - Hosts: 206.53.61.77 google.ae

O1 - Hosts: 206.53.61.77 google.at

O1 - Hosts: 206.53.61.77 google.az

O1 - Hosts: 206.53.61.77 google.ba

O1 - Hosts: 206.53.61.77 google.be

O1 - Hosts: 206.53.61.77 google.bg

O1 - Hosts: 206.53.61.77 google.bs

O1 - Hosts: 206.53.61.77 google.ca

O1 - Hosts: 206.53.61.77 google.cd

O1 - Hosts: 206.53.61.77 google.com.gh

O1 - Hosts: 206.53.61.77 google.com.hk

O1 - Hosts: 206.53.61.77 google.com.jm

O1 - Hosts: 206.53.61.77 google.com.mx

O1 - Hosts: 206.53.61.77 google.com.my

O1 - Hosts: 206.53.61.77 google.com.na

O1 - Hosts: 206.53.61.77 google.com.nf

O1 - Hosts: 206.53.61.77 google.com.ng

O1 - Hosts: 206.53.61.77 google.ch

O1 - Hosts: 206.53.61.77 google.com.np

O1 - Hosts: 206.53.61.77 google.com.pr

O1 - Hosts: 206.53.61.77 google.com.qa

O1 - Hosts: 206.53.61.77 google.com.sg

O1 - Hosts: 206.53.61.77 google.com.tj

O1 - Hosts: 206.53.61.77 google.com.tw

O1 - Hosts: 206.53.61.77 google.dj

O1 - Hosts: 206.53.61.77 google.de

O1 - Hosts: 206.53.61.77 google.dk

O1 - Hosts: 206.53.61.77 google.dm

O1 - Hosts: 206.53.61.77 google.ee

O1 - Hosts: 206.53.61.77 google.fi

O1 - Hosts: 206.53.61.77 google.fm

O1 - Hosts: 206.53.61.77 google.fr

O1 - Hosts: 206.53.61.77 google.ge

O1 - Hosts: 206.53.61.77 google.gg

O1 - Hosts: 206.53.61.77 google.gm

O1 - Hosts: 206.53.61.77 google.gr

O1 - Hosts: 206.53.61.77 google.ht

O1 - Hosts: 206.53.61.77 google.ie

O1 - Hosts: 206.53.61.77 google.im

O1 - Hosts: 206.53.61.77 google.in

O1 - Hosts: 206.53.61.77 google.it

O1 - Hosts: 206.53.61.77 google.ki

O1 - Hosts: 206.53.61.77 google.la

O1 - Hosts: 206.53.61.77 google.li

O1 - Hosts: 206.53.61.77 google.lv

O1 - Hosts: 206.53.61.77 google.ma

O1 - Hosts: 206.53.61.77 google.ms

O1 - Hosts: 206.53.61.77 google.mu

O1 - Hosts: 206.53.61.77 google.mw

O1 - Hosts: 206.53.61.77 google.nl

O1 - Hosts: 206.53.61.77 google.no

O1 - Hosts: 206.53.61.77 google.nr

O1 - Hosts: 206.53.61.77 google.nu

O1 - Hosts: 206.53.61.77 google.pl

O1 - Hosts: 206.53.61.77 google.pn

O1 - Hosts: 206.53.61.77 google.pt

O1 - Hosts: 206.53.61.77 google.ro

O1 - Hosts: 206.53.61.77 google.ru

O1 - Hosts: 206.53.61.77 google.rw

O1 - Hosts: 206.53.61.77 google.sc

O1 - Hosts: 206.53.61.77 google.se

O1 - Hosts: 206.53.61.77 google.sh

O1 - Hosts: 206.53.61.77 google.si

O1 - Hosts: 206.53.61.77 google.sm

O1 - Hosts: 206.53.61.77 google.sn

O1 - Hosts: 206.53.61.77 google.st

O1 - Hosts: 206.53.61.77 google.tl

O1 - Hosts: 206.53.61.77 google.tm

O1 - Hosts: 206.53.61.77 google.tt

O1 - Hosts: 206.53.61.77 google.us

O1 - Hosts: 206.53.61.77 google.vu

O1 - Hosts: 206.53.61.77 google.ws

O1 - Hosts: 206.53.61.77 google.co.ck

O1 - Hosts: 206.53.61.77 google.co.id

O1 - Hosts: 206.53.61.77 google.co.il

O1 - Hosts: 206.53.61.77 google.co.in

O1 - Hosts: 206.53.61.77 google.co.jp

O1 - Hosts: 206.53.61.77 google.co.kr

O1 - Hosts: 206.53.61.77 google.co.ls

O1 - Hosts: 206.53.61.77 google.co.ma

O1 - Hosts: 206.53.61.77 google.co.nz

O1 - Hosts: 206.53.61.77 google.co.tz

O1 - Hosts: 206.53.61.77 google.co.ug

O1 - Hosts: 206.53.61.77 google.co.uk

O1 - Hosts: 206.53.61.77 google.co.za

O1 - Hosts: 206.53.61.77 google.co.zm

O1 - Hosts: 206.53.61.77 google.com

O1 - Hosts: 206.53.61.77 google.com.af

O1 - Hosts: 206.53.61.77 google.com.ag

O1 - Hosts: 206.53.61.77 google.com.ar

O1 - Hosts: 206.53.61.77 google.com.au

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)

O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 9624 bytes

Malwarebytes log:

Malwarebytes' Anti-Malware 1.40

Database version: 2690

Windows 5.1.2600 Service Pack 3

8/24/2009 2:39:28 PM

mbam-log-2009-08-24 (14-39-28).txt

Scan type: Quick Scan

Objects scanned: 100429

Time elapsed: 7 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.