1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I still can't search on Google.....

Discussion in 'Virus & Other Malware Removal' started by nic007, Oct 17, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. nic007

    nic007 Thread Starter

    Joined:
    Jul 18, 2003
    Messages:
    19
    ...I posted a long time ago a same kind of post and gave my hijack log but the problem still remained. Whenever I search on Google the first page of search results comes up as ads and when I click the link for page 2 it shows page 1's results if the ads weren't there. I've seen your posts on the Trojan.QHosts and downloaded symantec's removal tool but it says i dont have it. Please help me i've been living with it for about 3 months and now its just grown unbearable. This forum is an amazing help to young people like me. Thanks.
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
    post a new hijack log using the latest version of hijackthis
    go to http://www.spywareinfo.com/~merijn/files/hijackthis.zip , and download 'Hijack This!'.
    Unzip, doubleclick HijackThis.exe, and hit "Scan".

    When the scan is finished, the "Scan" button will change into a "Save Log" button.
    Press that, save the log somewhere, and please copy & paste its contents to the forum.

    It will possibly show issues deserving our attention, but most of what it lists will be harmless or

    even required, so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.
     
  3. nic007

    nic007 Thread Starter

    Joined:
    Jul 18, 2003
    Messages:
    19
    Here we go..

    Logfile of HijackThis v1.97.3
    Scan saved at 8:20:40 PM, on 17/10/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\csrss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    F:\WINDOWS\System32\ctfmon.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    F:\Program Files\Norton Internet Security Professional\NISUM.EXE
    F:\WINDOWS\System32\alg.exe
    F:\Program Files\Norton Internet Security Professional\ccPxySvc.exe
    F:\Program Files\Navnt\navapsvc.exe
    F:\Program Files\Navnt\AdvTools\NPROTECT.EXE
    F:\WINDOWS\System32\nvsvc32.exe
    F:\PROGRA~1\Telstra\TELSTR~1\app\pppoeservice.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\System32\MsPMSPSv.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\SOUNDMAN.EXE
    F:\WINDOWS\System32\taskswitch.exe
    F:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    F:\Program Files\Microsoft Hardware\Mouse\point32.exe
    F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    F:\Program Files\Messenger Plus! 2\MsgPlus.exe
    F:\Program Files\Common Files\Symantec Shared\ccApp.exe
    F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    F:\Program Files\QuickTime\qttask.exe
    F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    F:\Program Files\Greetings Workshop\GWREMIND.EXE
    F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    F:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    F:\Program Files\Internet Explorer\iexplore.exe
    F:\Program Files\MSN Messenger\msnmsgr.exe
    F:\WINDOWS\system32\NOTEPAD.EXE
    F:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    F:\DOCUME~1\Nic\LOCALS~1\Temp\HijackThis.exe

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Navnt\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Navnt\NavShExt.dll
    O4 - HKLM\..\Run: [SiSUSBRG] F:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [CoolSwitch] F:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [IntelliType] "F:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [MessengerPlus2] "F:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [THGuard] "F:\Program Files\TrojanHunter 3.7\THGuard.exe"
    O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] F:\PROGRA~1\Navnt\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus2] "F:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - Startup: Greetings Workshop Reminders.lnk = F:\Program Files\Greetings Workshop\GWREMIND.EXE
    O4 - Global Startup: hp psc 2000 Series.lnk = F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: officejet 6100.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37567.9877546296
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{352E0FC4-39F1-4738-AAE0-2C42322BB10E}: NameServer = 61.9.208.14 61.9.208.15
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
    I can't see anything that might cause this

    can you take a screenshot & paste it into your next post, that might give us some ideas
     
  5. nic007

    nic007 Thread Starter

    Joined:
    Jul 18, 2003
    Messages:
    19
    Here is the screenie....
     

    Attached Files:

  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
    I can see the problem now , but still can't see what is causing it

    I will ask a few other people to look at this thread and see if they have any wonderful ideas
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,196
    First Name:
    Derek
    even tough I can't see any sign in the log try this

    open IE/tools/options/connections/ click on your connection & settings

    make sure both boxes about automatic configuration script & automatically detect settings are unticked, see if that does anything

    and
    tools/options/programs/ press reset web settings

    then post a new hijackthis log
     
  8. nic007

    nic007 Thread Starter

    Joined:
    Jul 18, 2003
    Messages:
    19
    I did nothing to the two boxes for they were unticked but I reset web settings. Someone tried to send me a deepthroat Trojan but Norton blocked it but could you please tell me a bit about it. Judging by Symantec's report once it's on your computer it's the starter for people to destroy your system. Is that correct? This forum is really helpful and i've recommended it to tons of people. Here's my hijack log...

    Logfile of HijackThis v1.97.3
    Scan saved at 10:21:04 AM, on 19/10/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\csrss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\System32\ctfmon.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    F:\Program Files\Norton Internet Security Professional\NISUM.EXE
    F:\WINDOWS\System32\alg.exe
    F:\Program Files\Norton Internet Security Professional\ccPxySvc.exe
    F:\Program Files\Navnt\navapsvc.exe
    F:\Program Files\Navnt\AdvTools\NPROTECT.EXE
    F:\WINDOWS\System32\nvsvc32.exe
    F:\PROGRA~1\Telstra\TELSTR~1\app\pppoeservice.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\System32\MsPMSPSv.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\SOUNDMAN.EXE
    F:\WINDOWS\System32\taskswitch.exe
    F:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    F:\Program Files\Microsoft Hardware\Mouse\point32.exe
    F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    F:\Program Files\Messenger Plus! 2\MsgPlus.exe
    F:\Program Files\Common Files\Symantec Shared\ccApp.exe
    F:\Program Files\QuickTime\qttask.exe
    F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    F:\Program Files\Greetings Workshop\GWREMIND.EXE
    F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    F:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    F:\Program Files\MSN Messenger\msnmsgr.exe
    F:\Program Files\Internet Explorer\iexplore.exe
    F:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WinZip\winzip32.exe
    F:\DOCUME~1\Nic\LOCALS~1\Temp\HijackThis.exe

    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Program Files\Navnt\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Program Files\Navnt\NavShExt.dll
    O4 - HKLM\..\Run: [SiSUSBRG] F:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [CoolSwitch] F:\WINDOWS\System32\taskswitch.exe
    O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [IntelliType] "F:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [MessengerPlus2] "F:\Program Files\Messenger Plus! 2\MsgPlus.exe"
    O4 - HKLM\..\Run: [THGuard] "F:\Program Files\TrojanHunter 3.7\THGuard.exe"
    O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "F:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] F:\PROGRA~1\Navnt\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus2] "F:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: Greetings Workshop Reminders.lnk = F:\Program Files\Greetings Workshop\GWREMIND.EXE
    O4 - Global Startup: hp psc 2000 Series.lnk = F:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
    O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: officejet 6100.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
    O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
    O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37567.9877546296
    O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{352E0FC4-39F1-4738-AAE0-2C42322BB10E}: NameServer = 61.9.208.14 61.9.208.15
     
  9. nic007

    nic007 Thread Starter

    Joined:
    Jul 18, 2003
    Messages:
    19
    am i alone?? dvk01 please help!
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/172560

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice