Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I keep on getting redirected


  • Please log in to reply
1 reply to this topic

#1 deanetrue

deanetrue

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:01 AM

Posted 15 January 2011 - 12:07 PM

I keep on getting redirected to

"http://www.theclickcheck.com/?sub=2020083460&rm=aHR0cDovLzI4XzIwMjAwODM0NjAuYWRtYXJrZXRwbGFjZS5jb20%3D&pub=28&cid=1338297470&ds=aHR0cDovL3d3dy55ZWxsb3dwYWdlcy5jb20vbm9nZW8vRW1wbG95bWVudC1BZ2VuY2llcz9mcm9t%0APWFtcF9ud19lbXBsb3ltZW50X2FnZW5jaWVz"

so decided to do hijackthis log to see if I actually have some type of infection. both spybot search and destroy and avg antivirus shows Nothing!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:06:34 PM, on 1/15/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Common Files\Java\Java Update\jusched.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
H:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
H:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\AVG\AVG10\avgwdsvc.exe
H:\Program Files\AVG\AVG10\avgam.exe
H:\Program Files\AVG\AVG10\avgrsx.exe
H:\Program Files\AVG\AVG10\avgcsrvx.exe
H:\Program Files\AVG\AVG10\avgchsvx.exe
H:\Program Files\AVG\AVG10\avgnsx.exe
H:\Program Files\AVG\AVG10\avgfws.exe
H:\Program Files\AVG\AVG10\avgemcx.exe
H:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
H:\Program Files\AVG\AVG10\avgcsrvx.exe
H:\Program Files\AVG\AVG10\avgtray.exe
H:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
H:\WINDOWS\system32\rundll32.exe
H:\Documents and Settings\deane\Local Settings\Application Data\Wakoopa\Wakoopa.exe
H:\Fraps\fraps.exe
H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Java\jre6\bin\java.exe
H:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
H:\Program Files\Mozilla Firefox\plugin-container.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2304157
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - H:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - H:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - H:\Program Files\XfireXO\tbXfir.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - H:\Program Files\XfireXO\tbXfir.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - H:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "H:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] H:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [StartCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "H:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LWS] H:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [AVG_TRAY] H:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Logitech Vid] "H:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKCU\..\Run: [PRR7d5] control.exe "H:\Program Files\98tk1OmkpgNiG\PRR7d5.cpl",0,1
O4 - HKCU\..\Run: [Wakoopa] H:\Documents and Settings\deane\Local Settings\Application Data\Wakoopa\Wakoopa.exe --background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] H:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Logitech . Product Registration.lnk = H:\Program Files\Logitech\Ereg\eReg.exe
O4 - Startup: Xfire.lnk = H:\Program Files\Xfire\Xfire.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - H:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - H:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - H:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - H:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - H:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

--
End of file - 6651 bytes

question for analyzers, how long before ANY response that your gonna look at it?

EDIT: Please be patient. There are over 190 unanswered topics in this forum at present and the current average wait time to receive help is 7 days. ~BP

Attached Files


Edited by Budapest, 16 January 2011 - 04:16 PM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:01 PM

Posted 18 January 2011 - 09:41 AM

Download DDS by sUBs and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your Desktop and post them in your next reply



We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users