Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Same Problem: Search Results Being Redirected


  • Please log in to reply
14 replies to this topic

#1 surfries

surfries

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 27 December 2009 - 03:07 AM

I read where I am not suppose to post my hijack log unless I am asked.

So, I will just let you know what I have done so far to fix the problem and wait to be asked to post my hijack log.

I have spent days trying to fix this by running every possible scan using AVG - Malwarebytes - Spyware Doctor - SS&D - ADware.

Of course none of the programs found any problems and all said I had no infections..

Not only are my search results being redirected I sometimes can not access Google and Gmail. I have tried Firefox - IE8 - Chrome - Windows Safari.

Same problem all the time.

Thanks for reading and I am confident that my problem will be solved now that I posted here.

Jasen...

BC AdBot (Login to Remove)

 


#2 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 AM

Posted 27 December 2009 - 02:29 PM

Hello and welcome to Bleeping Computer. My name is Computer Pro and I will be helping you with your problems.

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. Then bullet the immediate notification bubble. Finally, press submit.



Please download Dr. Web the free version & save it to your desktop. DO NOT perform a scan yet.

Scan with Dr. Web Cureit as follows:
Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders).
If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
When complete, click Select All, then choose Cure > Move incurable.
(This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
Now put a check next to Complete scan to scan all local disks and removable media.
In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
In the top menu, click file and choose save report list.
Save the DrWeb.csv report to your desktop.
Exit Dr.Web Cureit when done.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Edited by Computer Pro, 27 December 2009 - 02:29 PM.

Computer Pro

#3 surfries

surfries
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 28 December 2009 - 05:13 AM

Ok, here it goes...

BTW I no longer have Norton AntiVirus. I uninstalled that a couple months ago and have been using AVG Anti-Virus.

Process in memory: C:\WINDOWS\system32\svchost.exe:1124;;BackDoor.Tdss.565;Eradicated.;
iaStor.sys;C:\WINDOWS\system32\drivers;BackDoor.Tdss.1365;Cured.;
iastor.sys;c:\windows\system32\drivers;BackDoor.Tdss.1365;Cured.;
007E2214.tmp\creditcard_trash.htm.com;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\007E2214.tmp;Win32.HLLM.Netsky.based;;
007E2214.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
00F71D90.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
02FE38E2.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
03191737.tmp\creditcard_trash.htm.com;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03191737.tmp;Win32.HLLM.Netsky.based;;
03191737.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
04FD63C5.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
05CE5972.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
078D5185.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
0A081808.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
0A8B2779.tmp\more.rtf.scr;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A8B2779.tmp;Win32.HLLM.Netsky.based;;
0A8B2779.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
0B000EF7.tmp\naked2.rtf.pif;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B000EF7.tmp;Win32.HLLM.Netsky.based;;
0B000EF7.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
0B694E84.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
0BCB3A19.tmp\mail2_details.htm.com;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BCB3A19.tmp;Win32.HLLM.Netsky.based;;
0BCB3A19.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
0BDE3603.tmp\story_bill.rtf.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BDE3603.tmp;Win32.HLLM.Netsky.based;;
0BDE3603.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
0BEF07F1.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
0C402197.tmp\secrets_more.htm.scr;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C402197.tmp;Win32.HLLM.Netsky.based;;
0C402197.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
0CBC5D0F.tmp\undefinied.rtf.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CBC5D0F.tmp;Win32.HLLM.Netsky.based;;
0CBC5D0F.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
0CCD2EFD.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
0D381886.tmp\me.htm.scr;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D381886.tmp;Win32.HLLM.Netsky.based;;
0D381886.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
0D536869.tmp\information_textfile.rtf.scr;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D536869.tmp;Win32.HLLM.Netsky.based;;
0D536869.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
0ECB78A6.tmp\letter.doc.scr;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0ECB78A6.tmp;Win32.HLLM.Netsky.based;;
0ECB78A6.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
117362C6.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
170E7C1E.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
180A60CF.tmp\secrets.txt.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\180A60CF.tmp;Win32.HLLM.Netsky.based;;
180A60CF.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
1B200CA6.tmp\mails.htm.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B200CA6.tmp;Win32.HLLM.Netsky.based;;
1B200CA6.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
1C9F1367.tmp\card.scr;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C9F1367.tmp;Win32.HLLM.Netsky.based;;
1C9F1367.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
257E2D02.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.MyDoom.based;Deleted.;
2CFA74A8.tmp\pic_party.txt.scr;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2CFA74A8.tmp;Win32.HLLM.Netsky.based;;
2CFA74A8.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
2DBA7463.tmp\information_moonlight.scr;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DBA7463.tmp;Win32.HLLM.Netsky.based;;
2DBA7463.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
30376FA6.tmp\pic_poster.doc.scr;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30376FA6.tmp;Win32.HLLM.Netsky.based;;
30376FA6.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
30F71CD2.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
310D7F48.tmp\secrets.txt.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\310D7F48.tmp;Win32.HLLM.Netsky.based;;
310D7F48.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
31321091.tmp\update_undefinied.com;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31321091.tmp;Win32.HLLM.Netsky.based;;
31321091.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
32030FAB.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
32861F1C.tmp\associal.scr;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32861F1C.tmp;Win32.HLLM.Netsky.based;;
32861F1C.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
32E560B3.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
33D359AD.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Klez.4;Deleted.;
3448412C.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Klez.4;Deleted.;
347D60F2.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Klez.4;Deleted.;
34A60455.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.MyDoom.based;Deleted.;
35CD4580.tmp\misc.doc.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35CD4580.tmp;Win32.HLLM.Netsky.based;;
35CD4580.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
35FE1D18.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
368D7AE1.wmf;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Exploit.MS05-053;Deleted.;
36C61D54.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
37344FF5.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
37CE054C.tmp\website_masturbation.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37CE054C.tmp;Win32.HLLM.Netsky.based;;
37CE054C.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
38F77205.tmp\card.txt.pif;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38F77205.tmp;Win32.HLLM.Netsky.based;;
38F77205.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
39730F4B.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
399D311C.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
39A42346.tmp\object.htm.pif;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39A42346.tmp;Win32.HLLM.Netsky.based;;
39A42346.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
39D824DB.tmp\description.htm.pif;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39D824DB.tmp;Win32.HLLM.Netsky.based;;
39D824DB.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
39F948B7.tmp\undefinied_naked2.txt.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39F948B7.tmp;Win32.HLLM.Netsky.based;;
39F948B7.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
3A060EDB.tmp\mails_msg2.htm.pif;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A060EDB.tmp;Win32.HLLM.Netsky.based;;
3A060EDB.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
3B1855AD.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
3B312721.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
3BAB370B.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.MyDoom.54464;Deleted.;
3CA757F6.tmp\more.htm.com;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CA757F6.tmp;Win32.HLLM.Netsky.based;;
3CA757F6.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
3E291333.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
3EDC3789.tmp\note_freaky.com;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3EDC3789.tmp;Win32.HLLM.Netsky.based;;
3EDC3789.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
3FC04A6E.tmp\your_stuff_id.scr;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FC04A6E.tmp;Win32.HLLM.Netsky.based;;
3FC04A6E.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
415C5CC8.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
41B44A67.tmp\friend.htm.scr;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41B44A67.tmp;Win32.HLLM.Netsky.based;;
41B44A67.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
42066D51.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
433652EF.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
449C39DE.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
461D194C.tmp\information_incest.com;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\461D194C.tmp;Win32.HLLM.Netsky.based;;
461D194C.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
4723404E.tmp\your_stuff_id.scr;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4723404E.tmp;Win32.HLLM.Netsky.based;;
4723404E.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
47B94BA8.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
4FB823F9.tmp\part2.doc.com;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4FB823F9.tmp;Win32.HLLM.Netsky.based;;
4FB823F9.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
52E54D2F.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
56167ACE.tmp\schock.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56167ACE.tmp;Win32.HLLM.Netsky.based;;
56167ACE.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
5BB76C66.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Generic.391;Deleted.;
5C767BC9.tmp\schock.exe;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C767BC9.tmp;Win32.HLLM.Netsky.based;;
5C767BC9.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
6D1B21AA.tmp\concert.rtf.pif;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D1B21AA.tmp;Win32.HLLM.Netsky.based;;
6D1B21AA.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
6EF845AC.tmp\letter.doc.scr;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EF845AC.tmp;Win32.HLLM.Netsky.based;;
6EF845AC.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
70EF748E.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.MyDoom.based;Deleted.;
72AF007D.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
735200D4.tmp\concert.rtf.pif;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\735200D4.tmp;Win32.HLLM.Netsky.based;;
735200D4.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
74FA721A.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.MyDoom.based;Deleted.;
75A45A46.tmp\concert.rtf.pif;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75A45A46.tmp;Win32.HLLM.Netsky.based;;
75A45A46.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
7ABC59C3.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
7E95047D.tmp\letter.doc.scr;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E95047D.tmp;Win32.HLLM.Netsky.based;;
7E95047D.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Archive contains infected objects;Moved.;
7F796D35.tmp;C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine;Win32.HLLM.Netsky.based;Deleted.;
STOPzilla_Setup.exe;C:\Documents and Settings\dMode\Desktop\Protection;Trojan.DownLoad.40428;Deleted.;
inetchk.exe;C:\Program Files\music_now;Trojan.Click.2093;Deleted.;
aolcinst.exe\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\Aol\United States\AOL90\comps\coach\aolcinst.exe;Adware.Gdown;;
aolcinst.exe;C:\Program Files\Online Services\Aol\United States\AOL90\comps\coach;Archive contains infected objects;Moved.;
qt.exe\unvised_2.bin;C:\Program Files\Online Services\Aol\United States\AOL90\comps\qt\qt.exe;Tool.Reboot;;
qt.exe;C:\Program Files\Online Services\Aol\United States\AOL90\comps\qt;Archive contains infected objects;Moved.;
aolcinst.exe\core.cab\GTDOWNAO_106.ocx;C:\Program Files\Online Services\Aol\United States\AOL90E\comps\coach\aolcinst.exe;Adware.Gdown;;
aolcinst.exe;C:\Program Files\Online Services\Aol\United States\AOL90E\comps\coach;Archive contains infected objects;Moved.;
qt.exe\unvised_2.bin;C:\Program Files\Online Services\Aol\United States\AOL90E\comps\qt\qt.exe;Tool.Reboot;;
qt.exe;C:\Program Files\Online Services\Aol\United States\AOL90E\comps\qt;Archive contains infected objects;Moved.;
SP31524.exe/musicnow1.exe\data008;C:\SWSETUP\AOLMN\SP31524.exe/musicnow1.exe;Trojan.Click.2093;;
\musicnow1.exe;C:\SWSETUP\AOLMN;Archive contains infected objects;;
SP31524.exe;C:\SWSETUP\AOLMN;Archive contains infected objects;Moved.;
iaStor.sys;C:\WINDOWS\system32\drivers;BackDoor.Tdss.1365;Cured.;

Edited by surfries, 28 December 2009 - 05:25 AM.


#4 surfries

surfries
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 28 December 2009 - 05:49 AM

Also when I hover over a google search link it will display the normal url (e.g. www.nbc.com) but when clicked it will show...

{http://www.google.com/url?sa=t&source=web&ct=res&cd=1&ved=0CAsQFjAA&url=http%3A%2F%2Fwww.nbc.com%2F&rct=j&q=nbc.com&ei=cIw4S8G5EpKYtgeQ1vyACQ&usg=AFQjCNHUiWo9QfjkPMdRAL-w6HYhD2NhrA]http://www.google.com/url?sa=t&source=...RAL-w6HYhD2NhrA}

Edited by surfries, 28 December 2009 - 05:50 AM.


#5 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 AM

Posted 28 December 2009 - 05:35 PM

Lets run TDSS Killer by Kaspersky.

-Download TDSS Killer and save to your Desktop. Also print out those instructions on the same page for running the scan.

-Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

-Go to Start ->Run. Type/Copy and Paste the following text into the prompt:

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\report.txt -v

-Click OK.
-If malicious services or files have been detected, the utility will prompt to reboot the PC in order to complete the disinfection procedure. Please reboot when prompted.

-After reboot, the driver will delete malicious registry keys and files as well as remove itself from the services list.
-A log file named report.txtt should have been created and saved to the root directory (usually C:\report.txt).
Copy and paste the contents of that report in your next reply.

Edited by Computer Pro, 28 December 2009 - 05:36 PM.

Computer Pro

#6 surfries

surfries
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 28 December 2009 - 07:06 PM

Performed TDSSKiller and it found problems and then asked me to reboot which I did.

After reboot there was no report.txt to be found. I looked in the root and it's not there. So,
I ran the TDSSKiller again and this time is found no problems but still no report.txt.

Did I miss something?

#7 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 AM

Posted 28 December 2009 - 07:33 PM

Don't worry about it. Are you still having the redirecting problem?
Computer Pro

#8 surfries

surfries
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 28 December 2009 - 07:52 PM

No redirecting so far... Looking good.

How about the google search links changing to...

{http://www.google.com/url?sa=t&source=web&ct=res&cd=1&ved=0CAsQFjAA&url=http%3A%2F%2Fwww.nbc.com%2F&rct=j&q=nbc.com&ei=cIw4S8G5EpKYtgeQ1vyACQ&usg=AFQjCNHUiWo9QfjkPMdRAL-w6HYhD2NhrA]http://www.google.com/url?sa=t&source=...RAL-w6HYhD2NhrA}

when I click on them. In IE or Chrome google search links don't do this only in firefox.

#9 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 AM

Posted 28 December 2009 - 08:05 PM

Please update, and then run a Malwarebytes quick scan. Then post back the log.
Computer Pro

#10 surfries

surfries
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 28 December 2009 - 08:39 PM

Doesn't look like it found anything but still getting the weird url strings.. Only in firefox though...

Malwarebytes' Anti-Malware 1.42
Database version: 3446
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/28/2009 8:32:15 PM
mbam-log-2009-12-28 (20-32-15).txt

Scan type: Quick Scan
Objects scanned: 159123
Time elapsed: 9 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#11 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 AM

Posted 28 December 2009 - 08:40 PM

I actually recommend to use Internet Explorer 8 anyway because it is safer than Firefox.
Computer Pro

#12 surfries

surfries
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 28 December 2009 - 08:49 PM

Ok, I will try that and keep you posted if anything else pops up...

Looks like something is tracking the searches I do in google firefox.

I can't thank you enough for all your help.. I wish I would of posted here
a week ago would of saved me a lot of headache.

Thanks again...

#13 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 AM

Posted 28 December 2009 - 09:26 PM

Please post back tomorrow letting me know of the situation.
Computer Pro

#14 surfries

surfries
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 28 December 2009 - 10:19 PM

Quick question for you...

I noticed in your profile you are using Kaspersky internet security.

If I wanted to use that should I uninstall my..

AVG Anti-Virus Free
Malwarebytes
Spyware Doctor
SS&D
Stopzilla

I have all of those on my computer. Which ones should I keep?

I would like to use Kaspersky internet security 2010.

Thanks again for all your help...

Jasen...

#15 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 AM

Posted 28 December 2009 - 10:23 PM

You would only have to uninstall AVG
Computer Pro




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users