Google Links Not Working - Malware? Help!

Dev Shed Forums Sponsor:

September 25th, 2011, 07:01 PM

mmcandrews

Registered User

Join Date: Sep 2011

Posts: 6

Time spent in forums: 1 h 3 m 53 sec
Reputation Power: 0

Google Links Not Working - Malware? Help!

Hello good people,

I believe my netbook is infected.

When I have a google search, many of the results links take me to garbage sites. I have tested this with other search engines as well. If I copy and paste the link to sites, they come right up.

Also - I noticed my Citibank Virtual Account Number software had grown HUGE. 2.5+ gigs. This is usually a very small program. I uninstalled it. This makes me a little nervous.

Finally, before I realized I was infected, gmail asked me to delete all my cookies before I could read my mail. This had never happened to me before, but I did it, and I could get into gmail.

Before I came upon this forum, I ran a full search using Avast, which had been running. It found some malware and destroyed them, but the problems persist. I also downloaded the free AVG and ran a full scan, and it found a bunch of tracking links, but no more malware.

I followed the instructions on the "If you have infection issues start here first.. " post. The following replies will be the report logs from the different scans.

Thank you for your assistance!

September 25th, 2011, 07:05 PM

mmcandrews

Registered User

Join Date: Sep 2011

Posts: 6

Time spent in forums: 1 h 3 m 53 sec
Reputation Power: 0

Malware Bytes Log

Malwarebytes' Anti-Malware 1.51.2.1300

Database version: 7797

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/25/2011 6:20:33 PM
mbam-log-2011-09-25 (18-20-33).txt

Scan type: Quick scan
Objects scanned: 159015
Time elapsed: 9 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

September 25th, 2011, 07:06 PM

mmcandrews

Registered User

Join Date: Sep 2011

Posts: 6

Time spent in forums: 1 h 3 m 53 sec
Reputation Power: 0

Super anti-spyware log

SUPERAntiSpyware Scan Log

Generated 09/25/2011 at 07:06 PM

Application Version : 5.0.1118

Core Rules Database Version : 7725
Trace Rules Database Version: 5537

Scan type : Complete Scan
Total Scan Time : 00:25:49

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 489
Memory threats detected : 0
Registry items scanned : 35440
Registry threats detected : 0
File items scanned : 19690
File threats detected : 1

Adware.Tracking Cookie
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BE2UYHTT ]

September 25th, 2011, 07:29 PM

mmcandrews

Registered User

Join Date: Sep 2011

Posts: 6

Time spent in forums: 1 h 3 m 53 sec
Reputation Power: 0

Bit Defender

The bit defender log is here:

pastebin dot com /CsUG38rc

September 25th, 2011, 07:33 PM

mmcandrews

Registered User

Join Date: Sep 2011

Posts: 6

Time spent in forums: 1 h 3 m 53 sec
Reputation Power: 0

Hijack This Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:08:38 PM, on 9/25/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
D:\program files\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\explorer.exe
D:\Program Files\SASCORE.EXE
D:\Program Files\SUPERAntiSpyware.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbam.xe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = (address blocked: See forum rules)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = (address blocked: See forum rules)=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = (address blocked: See forum rules)=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = (address bocked: See forum rules)=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = (address blocked: See forum rules)=69157
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [TkBellExe] "D:\program files\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Temp Update] C:\Documents and Settings\Matt\Local Settings\Application Data\Temp\TempUpdate\Tempupdt32.exe
O4 - HKCU\..\Run: [MicrosoftNotifierNotifier] rundll32.exe "C:\Documents and Settings\All Users\Application Data\MicrosoftNotifierNotifier.dll",DllRegisterServer
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Temp Update] C:\Documents and Settings\Matt\Local Settings\Application Data\Temp\TempUpdate\Tempupdt32.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Temp Update] C:\Documents and Settings\Matt\Local Settings\Application Data\Temp\TempUpdate\Tempupdt32.exe (User 'NETWORK SERVICE')
O4 - Global Startup: AutoRun OSCleaner.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - (address blocked: See forum rules)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - (adress blocked: See forum rules)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - D:\Program Files\SASCORE.EXE
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 9158 bytes

September 25th, 2011, 07:37 PM

mmcandrews

Registered User

Join Date: Sep 2011

Posts: 6

Time spent in forums: 1 h 3 m 53 sec
Reputation Power: 0

HiJack This Uninstall List

µTorrent
7-Zip 4.57
Adabas D 13.01.00
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Asus ACPI Driver
Asus OS Cleaner
ASUSUpdate for Eee PC
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
avast! Free Antivirus
AVG 2012
AVG 2012
AVG 2012
Azurewave Wireless LAN
Canon MF4360-4390
CCleaner (remove only)
Eee Instant Key
FATE
Foxit Reader
Google Talk Plugin
HiJackThis
HP Deskjet 6900 series
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
Java(TM) 6 Update 22
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.22)
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 8 (KB969897)
Skype™ 3.6
StarOffice 8 ASUS Edition
Super Hybrid Engine
SUPERAntiSpyware
TBS WMP Plug-in
Update for Windows Internet Explorer 8 (KB971180)
VLC media player 0.9.9
WIDCOMM Bluetooth Software
WildTangent Games
WildTangent Games App
Windows Internet Explorer 8
Windows Live installer
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Writer
Yahoo! Messenger
YoStore