Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google searches redirected through clickcheck.ru, tried Ad-Aware, MalwareBytes, Comodo, Logs Attached


  • This topic is locked This topic is locked
3 replies to this topic

#1 L89126079C

L89126079C

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 09 May 2009 - 06:26 PM

Computer running Comodo Internet Security. Searches for the last week have been redirecting through clickcheck.ru to other sites on google search. Other search engines like live.com work fine. Thanks you for your help.

Edit: I did some research online and found a link where a user has a similar problem. http://howbits.com/prevent-firefox-google-search/. The key point that the author pointed out was that the problem is limited to the use of the firefox toolbar. If I go to google.com through the address bar the searches are clean. I tested this by performing the same searching and opening up the first 8 links in tabs. With the search bar I got redirected but with google.com itself I wasn't getting redirected. Does this mean it's some kind of malware that's been installed into firefox somehow? I will try uninstalling and reinstalling firefox and will post if that clears it up.

Edit 2 : I uninstalled and reinstalled firefox and the problem was not resolved.

[Hijack This Log]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:29:11 PM, on 5/9/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\CSR\Vista Profile Pack\BtHidUi.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\CSR\Vista Profile Pack\HidSw.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [BtHidUi] C:\Program Files\CSR\Vista Profile Pack\BtHidUi.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {E62A8B6B-D91C-457C-B1FB-20CC2D96B4EC} (Comodo AV Scanner ActiveX) - http://www.personalfirewall.comodo.com/sca...doAVScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs:
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bluetooth Feature Support (BthFilterHelper) - CSR, plc - C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8338 bytes

[Ad-Aware]
Logfile created: 5/9/2009 13:32:13
Lavasoft Ad-Aware version: 8.0.4
Extended engine version: 8.1

*********************** Definitions database information ***********************
Lavasoft definition file: 148.26
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Smart Scan (ID: smart)
Objects scanned: 49823
Objects detected: 37


Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 37
Browser hijacks.: 0
MRU objects.....: 0



Removed items:
Description: *ad.yieldmanager* Family Name: Cookies Clean status: Success Item ID: 409172 Family ID: 0
Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0
Description: *.lycos* Family Name: Cookies Clean status: Success Item ID: 408930 Family ID: 0
Description: *casalemedia* Family Name: Cookies Clean status: Success Item ID: 409152 Family ID: 0
Description: *real* Family Name: Cookies Clean status: Success Item ID: 408817 Family ID: 0
Description: *realmedia* Family Name: Cookies Clean status: Success Item ID: 409139 Family ID: 0
Description: www.new* Family Name: Cookies Clean status: Success Item ID: 409109 Family ID: 0
Description: *apmebf* Family Name: Cookies Clean status: Success Item ID: 409163 Family ID: 0
Description: *fastclick* Family Name: Cookies Clean status: Success Item ID: 408869 Family ID: 0
Description: *adbrite* Family Name: Cookies Clean status: Success Item ID: 409218 Family ID: 0
Description: *statcounter* Family Name: Cookies Clean status: Success Item ID: 409185 Family ID: 0
Description: *advertis* Family Name: Cookies Clean status: Success Item ID: 408918 Family ID: 0
Description: *advertising* Family Name: Cookies Clean status: Success Item ID: 409017 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Clean status: Success Item ID: 409130 Family ID: 0
Description: *specificclick* Family Name: Cookies Clean status: Success Item ID: 408807 Family ID: 0
Description: *.zedo* Family Name: Cookies Clean status: Success Item ID: 409030 Family ID: 0
Description: *trafficmp* Family Name: Cookies Clean status: Success Item ID: 408787 Family ID: 0
Description: *adserver* Family Name: Cookies Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Clean status: Success Item ID: 408921 Family ID: 0
Description: *adtech* Family Name: Cookies Clean status: Success Item ID: 409018 Family ID: 0
Description: *adserve* Family Name: Cookies Clean status: Success Item ID: 409020 Family ID: 0
Description: *questionmarket* Family Name: Cookies Clean status: Success Item ID: 408819 Family ID: 0
Description: *247realmedia* Family Name: Cookies Clean status: Success Item ID: 408945 Family ID: 0
Description: *.bridgetrack* Family Name: Cookies Clean status: Success Item ID: 409095 Family ID: 0
Description: *mediaplex* Family Name: Cookies Clean status: Success Item ID: 408991 Family ID: 0
Description: *pointroll* Family Name: Cookies Clean status: Success Item ID: 408826 Family ID: 0
Description: *ads.pointroll* Family Name: Cookies Clean status: Success Item ID: 408927 Family ID: 0
Description: *kontera* Family Name: Cookies Clean status: Success Item ID: 409363 Family ID: 0
Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
Description: *hitbox* Family Name: Cookies Clean status: Success Item ID: 408858 Family ID: 0
Description: *.hitbox* Family Name: Cookies Clean status: Success Item ID: 409072 Family ID: 0
Description: *adultfriendfinder* Family Name: Cookies Clean status: Success Item ID: 409164 Family ID: 0
Description: *server.iad.liveperson* Family Name: Cookies Clean status: Success Item ID: 409131 Family ID: 0
Description: *7search* Family Name: Cookies Clean status: Success Item ID: 408939 Family ID: 0
Description: *ehg-nokiafin.hitbox* Family Name: Cookies Clean status: Success Item ID: 409148 Family ID: 0

Scan and cleaning complete: Finished correctly after 70 seconds

*********************************** Settings ***********************************

Scan profile:
ID: smart, enabled:1, value: Smart Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value:
ID: scanrootkits, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: displaystatus, enabled:1, value: false
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: autodetectproxy, enabled:1, value: false
ID: useautoconfigscript, enabled:1, value: false
ID: autoconfigurl, enabled:0, value:
ID: useproxy, enabled:1, value: false
ID: proxyserver, enabled:0, value:
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Mon May 04 23:05:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Mon May 04 23:05:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true
ID: loadatstartup, enabled:1, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: strict, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant


****************************** System information ******************************

Processor name: Intel® Core™2 Duo CPU T7300 @ 2.00GHz
Processor identifier: x86 Family 6 Model 15 Stepping 10
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3850, number of processors 2
Physical memory available: 1187799040 bytes
Physical memory total: 2136473600 bytes
Virtual memory available: 1999691776 bytes
Virtual memory total: 2147352576 bytes
Memory load: 44%
Microsoft Windows Vista Business Edition, 32-bit (build 6000)
Windows startup mode:

Running processes:
PID: 436 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 508 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 548 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY
PID: 560 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 596 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 608 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 616 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY
PID: 700 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 812 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 868 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 932 name: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1012 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1028 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1096 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1136 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1152 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1392 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1460 name: C:\Windows\System32\SLsvc.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1496 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1980 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2016 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1852 name: C:\Windows\System32\dwm.exe owner: domain:
PID: 348 name: C:\Windows\explorer.exe owner: domain:
PID: 1724 name: C:\Program Files\Windows Defender\MSASCui.exe owner: domain:
PID: 1680 name: C:\Program Files\Apoint\Apoint.exe owner: domain:
PID: 1880 name: C:\Windows\System32\hkcmd.exe owner: domain:
PID: 248 name: C:\Windows\System32\igfxpers.exe owner: domain:
PID: 612 name: C:\Windows\sttray.exe owner: domain:
PID: 1900 name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe owner: domain:
PID: 1220 name: C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe owner: domain:
PID: 1512 name: C:\Program Files\Wave Systems Corp\SecureUpgrade.exe owner: domain:
PID: 1292 name: C:\Program Files\CSR\Vista Profile Pack\BtHidUi.exe owner: domain:
PID: 2052 name: C:\Windows\System32\igfxsrvc.exe owner: domain:
PID: 2060 name: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe owner: domain:
PID: 2136 name: C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe owner: domain:
PID: 2228 name: C:\Program Files\COMODO\COMODO Internet Security\cfp.exe owner: domain:
PID: 2256 name: C:\Program Files\Digital Line Detect\DLG.exe owner: domain:
PID: 2268 name: C:\Program Files\Logitech\SetPoint\SetPoint.exe owner: domain:
PID: 2332 name: C:\Program Files\Apoint\ApMsgFwd.exe owner: domain:
PID: 2400 name: C:\Program Files\Apoint\hidfind.exe owner: domain:
PID: 2528 name: C:\Program Files\Apoint\ApntEx.exe owner: domain:
PID: 2588 name: C:\Program Files\CSR\Vista Profile Pack\HidSw.exe v
PID: 2632 name: C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe owner: domain:
PID: 3060 name: C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3096 name: C:\Program Files\CSR\Vista Profile Pack\BthFilterHelper.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3112 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3136 name: C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3180 name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3208 name: C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3256 name: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3288 name: C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3340 name: C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe owner: domain:
PID: 3420 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3460 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 3492 name: C:\Windows\System32\rpcnet.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3596 name: C:\Windows\System32\stacsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3692 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3732 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3776 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3832 name: C:\Windows\System32\drivers\XAudio.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3860 name: C:\Program Files\Dell\QuickSet\NicConfigSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4020 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2280 name: C:\Windows\System32\taskeng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2648 name: C:\Windows\System32\taskeng.exe owner: domain:
PID: 4904 name: C:\Windows\System32\wbem\unsecapp.exe owner: domain:
PID: 4536 name: C:\Program Files\Mozilla Firefox\firefox.exe owner: domain:
PID: 5144 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 5416 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3152 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: domain:
PID: 5840 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: domain:

Startup items:
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: Windows Defender
imagepath: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
Name: Apoint
imagepath: C:\Program Files\Apoint\Apoint.exe
Name: IgfxTray
imagepath: C:\Windows\system32\igfxtray.exe
Name: HotKeysCmds
imagepath: C:\Windows\system32\hkcmd.exe
Name: Persistence
imagepath: C:\Windows\system32\igfxpers.exe
Name: SigmatelSysTrayApp
imagepath: sttray.exe
Name: IAAnotif
imagepath: "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
Name: WavXMgr
imagepath: C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
Name: SecureUpgrade
imagepath: C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
Name: BtHidUi
imagepath: C:\Program Files\CSR\Vista Profile Pack\BtHidUi.exe
Name:
Name: GrooveMonitor
imagepath: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
Name: Kernel and Hardware Abstraction Layer
imagepath: KHALMNPR.EXE
Name: SSBkgdUpdate
imagepath: "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
Name: PaperPort PTD
imagepath: "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
Name: IndexSearch
imagepath: "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
Name: PPort11reminder
imagepath: "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
Name: BrMfcWnd
imagepath: C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
Name: ControlCenter3
imagepath: C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
Name: COMODO Internet Security
imagepath: "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
Name: Ad-Watch
imagepath: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Name:
imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
imagepath: C:\Program Files\Digital Line Detect\DLG.exe
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
imagepath: C:\Program Files\Logitech\SetPoint\SetPoint.exe
Name:
location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
imagepath: C:\Windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico
Name:
imagepath: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete

Running services:
Name: AeLookupSvc
displayname: Application Experience
Name: ASFIPmon
displayname: Broadcom ASF IP and SMBIOS Mailbox Monitor
Name: AudioEndpointBuilder
displayname: Windows Audio Endpoint Builder
Name: Audiosrv
displayname: Windows Audio
Name: BFE
displayname: Base Filtering Engine
Name: BITS
displayname: Background Intelligent Transfer Service
Name: BthFilterHelper
displayname: Bluetooth Feature Support
Name: BthServ
displayname: Bluetooth Support Service
Name: cmdAgent
displayname: COMODO Internet Security Helper Service
Name: CryptSvc
displayname: Cryptographic Services
Name: CscService
displayname: Offline Files
Name: CVPND
displayname: Cisco Systems, Inc. VPN Service
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: DPS
displayname: Diagnostic Policy Service
Name: EapHost
displayname: Extensible Authentication Protocol
Name: EMDMgmt
displayname: ReadyBoost
Name: Eventlog
displayname: Windows Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FDResPub
displayname: Function Discovery Resource Publication
Name: gpsvc
displayname: Group Policy Client
Name: hidserv
displayname: Human Interface Device Access
Name: IAANTMON
displayname: Intel® Matrix Storage Event Monitor
Name: IKEEXT
displayname: IKE and AuthIP IPsec Keying Modules
Name: iphlpsvc
displayname: IP Helper
Name: KeyIso
displayname: CNG Key Isolation
Name: KtmRm
displayname: KtmRm for Distributed Transaction Coordinator
Name: LanmanServer
displayname: Server
Name: LanmanWorkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: lmhosts
displayname: TCP/IP NetBIOS Helper
Name: LVCOMSer
displayname: LVCOMSer
Name: LVPrcSrv
displayname: Process Monitor
Name: MDM
displayname: Machine Debug Manager
Name: MMCSS
displayname: Multimedia Class Scheduler
Name: MpsSvc
displayname: Windows Firewall
Name: Netman
displayname: Network Connections
Name: netprofm
displayname: Network List Service
Name: nicconfigsvc
displayname: Dell Internal Network Card Power Management
Name: NlaSvc
displayname: Network Location Awareness
Name: nsi
displayname: Network Store Interface Service
Name: PcaSvc
displayname: Program Compatibility Assistant Service
Name: PlugPlay
displayname: Plug and Play
Name: Pml Driver HPZ12
displayname: Pml Driver HPZ12
Name: PolicyAgent
displayname: IPsec Policy Agent
Name: ProfSvc
displayname: User Profile Service
Name: RasMan
displayname: Remote Access Connection Manager
Name: Rpcnet
displayname: Remote Procedure Call (RPC) Net
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: SCardSvr
displayname: Smart Card
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification Service
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: slsvc
displayname: Software Licensing
Name: Spooler
displayname: Print Spooler
Name: SSDPSRV
displayname: SSDP Discovery
Name: STacSV
displayname: SigmaTel Audio Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: SysMain
displayname: Superfetch
Name: TabletInputService
displayname: Tablet PC Input Service
Name: TapiSrv
displayname: Telephony
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: upnphost
displayname: UPnP Device Host
Name: UxSms
displayname: Desktop Window Manager Session Manager
Name: W32Time
displayname: Windows Time
Name: WdiSystemHost
displayname: Diagnostic System Host
Name: WebClient
displayname: WebClient
Name: WerSvc
displayname: Windows Error Reporting Service
Name: WinDefend
displayname: Windows Defender
Name: Winmgmt
displayname: Windows Management Instrumentation
Name: Wlansvc
displayname: WLAN AutoConfig
Name: WPDBusEnum
displayname: Portable Device Enumerator Service
Name: WSearch
displayname: Windows Search
Name: wuauserv
displayname: Windows Update
Name: wudfsvc
displayname: Windows Driver Foundation - User-mode Driver Framework
Name: XAudioService
displayname: XAudioService

[MalwareBytes Log]
Malwarebytes' Anti-Malware 1.36
Database version: 2090
Windows 6.0.6000

5/9/2009 3:49:07 PM
mbam-log-2009-05-09 (15-49-07).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 197411
Time elapsed: 2 hour(s), 7 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by L89126079C, 10 May 2009 - 12:33 AM.


BC AdBot (Login to Remove)

 


#2 L89126079C

L89126079C
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 10 May 2009 - 12:31 AM

I hope this wont' be treated as an attempt to bump my post but I found a partial workaround.

I added "http://clickcheck.ru/check.php" to my blacklist sites with the "Blocksite" add on and it stops the redirected pages from loading.

Edited by L89126079C, 10 May 2009 - 12:32 AM.


#3 L89126079C

L89126079C
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 10 May 2009 - 01:29 AM

Resolved.

I tried removing Firefox but this time I removed all my preferences and user customizations. After a complete reinstall and a reboot the problem has disappeared. I tried to find a redirect a whole bunch of times and it has not reappeared.

NB: The problem never showed up in IE at all so I'm starting to think it might have been hiding in the Firefox User Preferences / Customization info that you can choose to retain on an uninstall.

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:07:53 AM

Posted 13 May 2009 - 03:45 PM

Thanks for informing us.

Good luck.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users