laptop infected

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal > Misplaced HJT Logs

laptop infected, search engine links are being redirected

Options

kjohn View Member Profile	Jun 18 2009, 10:43 PM Post #1
New Member Group: Members Posts: 2 Joined: 18-June 09 Member No.: 343,405	search engine links are being redirected and i cant run certain files what shall i do? please help thankyou Here is my hijackthis logfile: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:33:22 AM, on 6/18/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe C:\DOCUME~1\pwj\LOCALS~1\Temp\b.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\BacsTray.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Verizon\VSP\VerizonServicepoint.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spider.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Verizon\Verizon Internet Security Suite\RPS.exe C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaMonitor.exe C:\Program Files\Trend Micro\HijackThis\something.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [bascstray] BascsTray.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [bacstray] BacsTray.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\pwj\LOCALS~1\Temp\b.exe O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1244350855385 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{084BBF9E-4CB6-42BC-8EB7-0C002F97F380}: NameServer = 85.255.112.208,85.255.112.79 O17 - HKLM\System\CCS\Services\Tcpip\..\{23E44C0C-9F98-4102-A01F-810F721FB6E8}: NameServer = 85.255.112.208,85.255.112.79 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.208,85.255.112.79 O17 - HKLM\System\CS1\Services\Tcpip\..\{084BBF9E-4CB6-42BC-8EB7-0C002F97F380}: NameServer = 85.255.112.208,85.255.112.79 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.208,85.255.112.79 O17 - HKLM\System\CS2\Services\Tcpip\..\{084BBF9E-4CB6-42BC-8EB7-0C002F97F380}: NameServer = 85.255.112.208,85.255.112.79 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.112.208,85.255.112.79 O17 - HKLM\System\CS3\Services\Tcpip\..\{084BBF9E-4CB6-42BC-8EB7-0C002F97F380}: NameServer = 85.255.112.208,85.255.112.79 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.208,85.255.112.79 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe O23 - Service: Verizon Internet Security Suite SafeConnectAgent (RadialpointSafeConnectAgent) - Sana Security - C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 7811 bytes

Orange Blossom View Member Profile	Jun 18 2009, 10:45 PM Post #2
OBleepin Investigator Group: Moderator Posts: 17,435 Joined: 14-July 06 From: Bloomington, IN Member No.: 76,150	Hello, We don't analyze HiJack This logs in the XP forum, so I have moved your Topic to the Misplaced HJT Logs forum so we can help you get the proper logs posted in the proper location. We only allow topics with such logs in the HijackThis Logs and Malware Removal forum so that you get the best help available from those who specialize in malware anlaysis and removal. It should also prevent you from receiving ineffective or even potentially dangerous advice whether well meaning or not. Please read and follow all instructions in this guide: Preparation Guide For Use Before Posting A Hijackthis Log. Following the steps in this Guide will allow the HJT Team to quickly help you with specific fixes for what may remain on your system. Please complete all the steps in the Guide. If you can't perform a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Psuedo HJT Report as part of its log. When you have completed those steps, please start a new topic in the HijackThis Logs and Malware Removal forum as directed in the Prep Guide to post a new log. If you have problems creating the DDS logs, please post back here and you will receive additional instructions. When your new DDS/HJT log is posted in the proper forum, please reply to this topic with a link to your new topic. Once that is done, a Member of the HJT Team will analyze your log and assist you with step by step instructions to clean your computer or otherwise advise what needs to be done. Thank you for your cooperation and good luck. The BC Staff -------------------- Orange Blossom An ounce of prevention is worth a pound of cure ESET NOD32, SuperAntiSpyware Pro, SpywareBlaster, Spybot 1.6.2.46, WinPatrol Plus, Sunbelt Personal Firewall - Full, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

Orange Blossom View Member Profile	Jun 18 2009, 11:36 PM Post #3
OBleepin Investigator Group: Moderator Posts: 17,435 Joined: 14-July 06 From: Bloomington, IN Member No.: 76,150	Hello Ah, good. I see you have the DDS logs posted now in the right place. Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer. From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean. Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond. Please be patient. It may take a while (perhaps over a week, maybe less; it's hard to say) to get a response but your log will be reviewed and answered as soon as possible To avoid confusion, I am closing this topic. Good luck with your log. The BC Staff -------------------- Orange Blossom An ounce of prevention is worth a pound of cure ESET NOD32, SuperAntiSpyware Pro, SpywareBlaster, Spybot 1.6.2.46, WinPatrol Plus, Sunbelt Personal Firewall - Full, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

« Next Oldest · Misplaced HJT Logs · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 7th November 2009 - 09:03 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides