 Google Redirects, when click on google search result it goes to some porn webpage |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal > Misplaced HJT Logs  |
 Feb 13 2008, 04:58 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 8 Joined: 13-February 08 Member No.: 190,004  |
I have problem I can`t find any solution by searching on google. The problem is that when clicking on search engine result it automatically opens some porn or top-10 homepage. I scaned with multiple programs ad-aware cureit mcafee but nothing is found. Hope that this could help. I had a pop up messages that PC is infected and a blue desktop with warning ... before but then i deled C:\WINDOWS\system32\rxjddnvj.exe and some more files and then those dissapear Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:22:31, on 13.2.2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe c:\program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\CCM\CLICOMP\RemCtrl\Wuser32.exe C:\WINDOWS\System32\CCM\CcmExec.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\PROGRA~1\TILDES~1\Pianists.exe C:\WINDOWS\System32\regsvr32.exe C:\PROGRA~1\TILDES~1\MDICTION.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\WINDOWS\System32\igfxpers.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\System32\regsvr32.exe C:\WINDOWS\System32\igfxsrvc.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwihgrpsrv002:8080 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe, O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file) O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file) O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file) O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file) O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file) O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: (no name) - {85035bc6-1dd2-11b2-9b88-e993d0b05ff8} - C:\WINDOWS\qhifuhgv.dll O2 - BHO: Tilde Find Engine - {8692FED1-9267-4624-96B9-3B94946A0524} - C:\Program Files\Tildes Birojs 2002\TLFindAddIn.dll O2 - BHO: (no name) - {9840a3b2-1dd1-11b2-8803-bdc7e57c9217} - C:\WINDOWS\xengloxk.dll (file missing) O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file) O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file) O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file) O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file) O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file) O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file) O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file) O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pianists] C:\PROGRA~1\TILDES~1\Pianists.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [nylshkjk] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\nylshkjk.dll" O4 - HKLM\..\Run: [mdiction] C:\PROGRA~1\TILDES~1\MDICTION.EXE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [hanefono] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hanefono.dll" O4 - HKLM\..\Run: [EasySpywareCleaner] C:\Program Files\EasySpywareCleaner\EasySpywareCleaner.exe O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [CheckCU] "C:\PROGRA~1\TILDES~1\CheckCU.exe" {E32B4F2B-5CED-45F1-8B94-55394553F1F0} Tildes Birojs 2002 O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - S-1-5-19 Startup: .protected (User 'LOCAL SERVICE') O4 - S-1-5-18 Startup: .protected (User 'SYSTEM') O4 - .DEFAULT Startup: .protected (User 'Default user') O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O8 - Extra context menu item: &Translate with Tilde Computer Dictionary - res://C:\Program Files\Tildes Birojs 2002\TDVLauncher.DLL /201 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Tildes Meklētājs - {11FD30F4-F186-4ebe-A384-E22965FDEC7A} - C:\Program Files\Tildes Birojs 2002\TLFindAddIn.dll O9 - Extra 'Tools' menuitem: Tildes &Meklētājs - {11FD30F4-F186-4ebe-A384-E22965FDEC7A} - C:\Program Files\Tildes Birojs 2002\TLFindAddIn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O14 - IERESET.INF: START_PAGE_URL=http://wwihgrpsrv004 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wihuri.local O17 - HKLM\Software\..\Telephony: DomainName = wihuri.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wuri.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wuri.local O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = wuri.local O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = wuri.local O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Internet Connection Sharing Firewall Service (AccessSharing) - Unknown owner - C:\WINDOWS\system\wcntfysvc.exe (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: Network DDE NetDDEIDriverT (NetDDEIDriverT) - Unknown owner - C:\WINDOWS\System32\acelpdece.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10722 bytes |
 |
 
|
|
Feb 13 2008, 07:35 PM
Post
#2
|
|
 Bleepin' Animin Group: Site Admin Posts: 6,428 Joined: 18-August 05 From: Now On... Member No.: 31,547 |
I have moved your Topic that includes a HijackThis log here to the Misplaced HJT Logs forum. You posted your log in a forum not intended for HijackThis logs analysis and probably missed the directions we provide to those who require assistance. We can only allow topics with such logs in the HijackThis Logs and Malware Removal forum. This restriction is to ensure you get the best help available, from those who specialize in malware anlaysis and removal. It also should prevent you from receiving ineffective or even potentially dangerous advice, whether well meaning or not.
Prior to posting a HJT log, we ask that you please read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log. Following the steps in this Guide will allow the HJT Team to quickly help you with specific fixes for what may remain on your system. Please complete all the steps in the Guide. If you have performed some of them already, then just continue with the next. If you can't perform a step, then skip it and continue with the next. The last step will include downloading and using the most current version of HijackThis if the first line of your log does not appear as follows: Logfile of Trend Micro HijackThis v2.0.2 Please note that it is important that HijackThis be run and a log created while in normal mode. If you run it and create your log while in safe mode, you will be asked to redo it again properly. When you have completed those steps, start a new topic in the HijackThis Logs and Malware Removal forum as directed in the Guide to post a new log. Please DO NOT post any more logs to this topic, or post a log again in the wrong forum. The Misplaced HJT Logs forum is strictly a holding area where the BC Staff can assist you with preparations for and to properly post your log. If you have a question or encounter a problem in the Prep Guide, please do post back to this topic; that is what it is here for. When your new HJT log is posted in the proper forum, please reply to this topic with a link to your new topic. Once that is done, a Member of the HJT Team will analyze your log and assist you with step by step instructions to clean your computer or otherwise advise what needs to be done. Thanks for your cooperation and good luck. The BC Staff/Animal -------------------- The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life. Andrew Brown  "On the keyboard of life, always keep one finger on the escape key." Scott Adams. |
|
|
|
|
Feb 14 2008, 07:06 AM
Post
#3
|
|
|
New Member Group: Members Posts: 8 Joined: 13-February 08 Member No.: 190,004 |
Hope that now I made the post right where it should be.
http://www.bleepingcomputer.com/forums/topic131065.html |
|
|
|
|
Feb 14 2008, 07:35 AM
Post
#4
|
|
 BC 1st Responder Group: Moderator Posts: 5,880 Joined: 21-October 04 From: South Carolina - USA Member No.: 3,905 |
I have moved your Topic that includes a HijackThis log here to the Misplaced HJT Logs forum. You posted your log in a forum not intended for HijackThis logs analysis and probably missed the directions we provide to those who require assistance. We can only allow topics with such logs in the HijackThis Logs and Malware Removal forum. This restriction is to ensure you get the best help available, from those who specialize in malware anlaysis and removal. It also should prevent you from receiving ineffective or even potentially dangerous advice, whether well meaning or not.
Prior to posting a HJT log, we ask that you please read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log. Following the steps in this Guide will allow the HJT Team to quickly help you with specific fixes for what may remain on your system. Please complete all the steps in the Guide. If you have performed some of them already, then just continue with the next. If you can't perform a step, then skip it and continue with the next. The last step will include downloading and using the most current version of HijackThis if the first line of your log does not appear as follows: Logfile of Trend Micro HijackThis v2.0.2 Please note that it is important that HijackThis be run and a log created while in normal mode. If you run it and create your log while in safe mode, you will be asked to redo it again properly. When you have completed those steps, start a new topic in the HijackThis Logs and Malware Removal forum as directed in the Guide to post a new log. Please DO NOT post any more logs to this topic, or post a log again in the wrong forum. The Misplaced HJT Logs forum is strictly a holding area where the BC Staff can assist you with preparations for and to properly post your log. If you have a question or encounter a problem in the Prep Guide, please do post back to this topic; that is what it is here for. When your new HJT log is posted in the proper forum, please reply to this topic with a link to your new topic. Once that is done, a Member of the HJT Team will analyze your log and assist you with step by step instructions to clean your computer or otherwise advise what needs to be done. Thanks for your cooperation and good luck. The BC Staff -------------------- "In a world where you can be anything, be yourself." ~ unknown
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th January 2009 - 08:03 AM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.