Jump to content

Recommended Posts

When I go to google or yahoo and search for something and click on search results a searchontop.com url will display and then I'm taken to another site with ads on it or to some rougue antivirus site.

Here is malwarebytes log:

Malwarebytes' Anti-Malware 1.31

Database version: 1497

Windows 6.0.6001 Service Pack 1

12/13/2008 5:32:46 PM

mbam-log-2008-12-13 (17-32-46).txt

Scan type: Quick Scan

Objects scanned: 43400

Time elapsed: 3 minute(s), 49 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

-------------------------------------------------------------------------------------------------------

Here is panda log:

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-13 17:52:08

PROTECTIONS: 1

MALWARE: 17

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

Windows Defender 1.1.4205.0 No No

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Cookies\danilo@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Cookies\danilo@atdmt[2].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Cookies\danilo@com[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Cookies\danilo@com[2].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Cookies\danilo@xiti[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Cookies\danilo@ad.yieldmanager[2].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Cookies\danilo@apmebf[1].txt

00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Cookies\danilo@serving-sys[1].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Cookies\danilo@bs.serving-sys[3].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Cookies\danilo@www.burstbeacon[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Cookies\danilo@ads.pointroll[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Cookies\danilo@ads.pointroll[1].txt

00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Cookies\danilo@terra.com[1].txt

00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Cookies\danilo@terra.com[2].txt

00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Cookies\danilo@uol.com[1].txt

00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Cookies\danilo@uol.com[3].txt

00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Cookies\danilo@adrevolver[2].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Cookies\danilo@target[3].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Cookies\danilo@target[1].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Cookies\danilo@atwola[1].txt

00471477 HackTool/NTIllusion.A HackTools Yes 0 Yes No C:\Users\Danilo\Desktop\0C3D30CB9B45283B\0C3D30CB9B45283B.x86

03738686 Generic Malware Virus/Trojan No 0 No No C:\Users\Danilo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1NQA2W7\brind[1].exe[32788R22FWJFW\catchme.cfexe]

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location guA C5

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description guA C5

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

--------------------------------------------------------------------------------------------------------------------------------

Here is hijack this:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:56:00 PM, on 12/13/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\sttray.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=T-1616

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=T-1616

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=T-1616

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [linkmsn] C:\Windows\system32\linkmsn.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...20Installer.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB

O17 - HKLM\System\CCS\Services\Tcpip\..\{EEF3E885-3F83-4EDD-81D6-E8E7D4B5D0BE}: NameServer = 68.237.161.12 71.243.0.12

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--

End of file - 6708 bytes

---------------------------------------------------------------------------------------------------------------------

Thanks for any assistance.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.