"Redirected Searches"

  • 3 Replies
  • 1612 Views
*

Offline jaggster

  • Bronze Member
  • 3
"Redirected Searches"
« on: July 03, 2009, 04:09:10 PM »
Hi all. I had to redo my original post with a proper name and Word Wrap turned off. I hope this works. My log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:58 PM, on 7/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS.0\system32\devldr32.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\wuauclt.exe
D:\Old_Maxtor\Audio\CakeWalk Pro Audio\cwpa.exe
C:\WINDOWS.0\system32\notepad.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS.0\system32\notepad.exe
C:\WINDOWS.0\system32\notepad.exe
C:\Program Files\Propellerhead\Reason\Reason.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS.0\system32\notepad.exe
C:\WINDOWS.0\system32\notepad.exe
C:\Program Files\AIM6\anotify.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O10 - Unknown file in Winsock LSP: c:\windows.0\system32\nwprovau.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/leads/cabs/as2stubie.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6111 bytes

*

Offline Maurice Naggar

  • Malware Removal Staff
  • Gold Member
  • 1205
Re: "Redirected Searches"
« Reply #1 on: July 05, 2009, 07:21:55 AM »
Hello jaggster,

I'm very concerned that your log does NOT show the system having an antivirus program. My recommendation would be that you wipe the system and load Windows as a new (fresh) install. The next immediate step after that, is to setup/install an antivirus program.

See this article Malware Removal: When to Flatten and Reinstall

See Steps to Clean Install XP by Michael Stevens

If the reason for not having antivirus program is the cost, if this is a home system and for personal use, you may get the Avira AntiVir free edition  http://www.free-av.com/en/download/index.html

Some other additional observations:
Your log shows BitTorrent DNA
See http://spywarehammer.com/simplemachinesforum/index.php?topic=110.0

More than that, of concern, is that it appears you have either done a repair install or a parallel instal of Windows XP
as your log shows C:\WINDOWS.0  as the Windows system folder
A repair-install of Windows will NOT cure malware infections. One must do a clean install.

Given all these circumstances, be aware that I will not be assiting you in malware cleanups here. Good luck in the future.

Some general tips for better pc safety in the future:
  • Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  • Check in at Windows Update and install any Critical Updates offered.

  • Download and Install Windows Defender by Microsoft (free) if you do not already have it:

http://www.microsoft.com/downloads/details.aspx?FamilyId=435BFCE7-DA2B-4A6A-AFA4-F7F14E605A0D

  • Make certain that Automatic Updates is enabled.

How to configure and use Automatic Updates in WinXP:
http://support.microsoft.com/kb/306525


See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
That would help to keep your browser away from known spyware/malware sites.

~Maurice Naggar
MS-MVP (October 2002 - September 2010)

*

Offline jaggster

  • Bronze Member
  • 3
Re: "Redirected Searches"
« Reply #2 on: July 06, 2009, 05:49:26 AM »
Thanks for your detailed reply and thanks for sharing your knowledge.

*

Offline Maurice Naggar

  • Malware Removal Staff
  • Gold Member
  • 1205
Re: "Redirected Searches"
« Reply #3 on: July 07, 2009, 04:20:21 AM »
You are welcome. I do wish you well.
I am closing this thread.
~Maurice Naggar
MS-MVP (October 2002 - September 2010)