#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2011
    Posts
    6
    Rep Power
    0

    Unhappy Google Links Not Working - Malware? Help!


    Hello good people,

    I believe my netbook is infected.

    When I have a google search, many of the results links take me to garbage sites. I have tested this with other search engines as well. If I copy and paste the link to sites, they come right up.

    Also - I noticed my Citibank Virtual Account Number software had grown HUGE. 2.5+ gigs. This is usually a very small program. I uninstalled it. This makes me a little nervous.

    Finally, before I realized I was infected, gmail asked me to delete all my cookies before I could read my mail. This had never happened to me before, but I did it, and I could get into gmail.

    Before I came upon this forum, I ran a full search using Avast, which had been running. It found some malware and destroyed them, but the problems persist. I also downloaded the free AVG and ran a full scan, and it found a bunch of tracking links, but no more malware.

    I followed the instructions on the "If you have infection issues start here first.. " post. The following replies will be the report logs from the different scans.

    Thank you for your assistance!
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2011
    Posts
    6
    Rep Power
    0

    Malware Bytes Log


    Malwarebytes' Anti-Malware 1.51.2.1300


    Database version: 7797

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    9/25/2011 6:20:33 PM
    mbam-log-2011-09-25 (18-20-33).txt

    Scan type: Quick scan
    Objects scanned: 159015
    Time elapsed: 9 minute(s), 6 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2011
    Posts
    6
    Rep Power
    0

    Super anti-spyware log


    SUPERAntiSpyware Scan Log

    Generated 09/25/2011 at 07:06 PM

    Application Version : 5.0.1118

    Core Rules Database Version : 7725
    Trace Rules Database Version: 5537

    Scan type : Complete Scan
    Total Scan Time : 00:25:49

    Operating System Information
    Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 489
    Memory threats detected : 0
    Registry items scanned : 35440
    Registry threats detected : 0
    File items scanned : 19690
    File threats detected : 1

    Adware.Tracking Cookie
    msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\BE2UYHTT ]
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2011
    Posts
    6
    Rep Power
    0

    Bit Defender


    The bit defender log is here:

    pastebin dot com /CsUG38rc
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2011
    Posts
    6
    Rep Power
    0

    Hijack This Log


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:08:38 PM, on 9/25/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    D:\program files\update\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    D:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\explorer.exe
    D:\Program Files\SASCORE.EXE
    D:\Program Files\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    D:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    D:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
    D:\Program Files\Malwarebytes' Anti-Malware\mbam.xe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\notepad.exe
    D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = (address blocked: See forum rules)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = (address blocked: See forum rules)=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = (address blocked: See forum rules)=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = (address bocked: See forum rules)=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = (address blocked: See forum rules)=69157
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [TkBellExe] "D:\program files\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Matt\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Temp Update] C:\Documents and Settings\Matt\Local Settings\Application Data\Temp\TempUpdate\Tempupdt32.exe
    O4 - HKCU\..\Run: [MicrosoftNotifierNotifier] rundll32.exe "C:\Documents and Settings\All Users\Application Data\MicrosoftNotifierNotifier.dll",DllRegisterServer
    O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Temp Update] C:\Documents and Settings\Matt\Local Settings\Application Data\Temp\TempUpdate\Tempupdt32.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Temp Update] C:\Documents and Settings\Matt\Local Settings\Application Data\Temp\TempUpdate\Tempupdt32.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: AutoRun OSCleaner.lnk = ?
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: SuperHybridEngine.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - (address blocked: See forum rules)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - (adress blocked: See forum rules)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - D:\Program Files\SASCORE.EXE
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    --
    End of file - 9158 bytes
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2011
    Posts
    6
    Rep Power
    0

    HiJack This Uninstall List


    µTorrent
    7-Zip 4.57
    Adabas D 13.01.00
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Asus ACPI Driver
    Asus OS Cleaner
    ASUSUpdate for Eee PC
    Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
    avast! Free Antivirus
    AVG 2012
    AVG 2012
    AVG 2012
    Azurewave Wireless LAN
    Canon MF4360-4390
    CCleaner (remove only)
    Eee Instant Key
    FATE
    Foxit Reader
    Google Talk Plugin
    HiJackThis
    HP Deskjet 6900 series
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    Intel(R) Graphics Media Accelerator Driver
    InterVideo WinDVD
    Java(TM) 6 Update 22
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 1.1 Hotfix (KB929729)
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.22)
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    Security Update for Windows Internet Explorer 8 (KB969897)
    Skype™ 3.6
    StarOffice 8 ASUS Edition
    Super Hybrid Engine
    SUPERAntiSpyware
    TBS WMP Plug-in
    Update for Windows Internet Explorer 8 (KB971180)
    VLC media player 0.9.9
    WIDCOMM Bluetooth Software
    WildTangent Games
    WildTangent Games App
    Windows Internet Explorer 8
    Windows Live installer
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Toolbar
    Windows Live Writer
    Yahoo! Messenger
    YoStore

IMN logo majestic logo threadwatch logo seochat tools logo