search2find.biz redirect

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

mtruluck

Thread Starter
Joined
Nov 1, 2007
Messages
1
I have pc-cillin and it found the following problems on my system.

"Virus Scan Logs","2007/10/30","TRULUCK"
"Time","Security Feature","Source Type","Virus Name","File Name","First Action","Second Action"
"09:59","File Monitor","File","HTML_IESLICE.JS","C:\Documents and Settings\MARK TRULUCK\Local Settings\Temporary Internet Files\Content.IE5\HIXC18OI\data1[1].htm","Quarantine Fail",""
"09:59","File Monitor","File","HTML_IESLICE.JS","C:\Documents and Settings\MARK TRULUCK\Local Settings\Temporary Internet Files\Content.IE5\HIXC18OI\data1[1].htm","Quarantine Success",""
"12:04","Manual Scan","File","JAVA_BYTEVER.BJ","MagicApplet.class (C:\Documents and Settings\MARK TRULUCK\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-23c3ab22-649f5a04.zip)","Quarantine Fail",""
"12:04","Manual Scan","File","JAVA_BYTEVER.DL","OwnClassLoader.class (C:\Documents and Settings\MARK TRULUCK\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-23c3ab22-649f5a04.zip)","Quarantine Fail",""
"12:04","Manual Scan","File","JAVA_BYTEVER.DK","ProxyClassLoader.class (C:\Documents and Settings\MARK TRULUCK\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-23c3ab22-649f5a04.zip)","Quarantine Fail",""
"12:04","Manual Scan","File","---","C:\Documents and Settings\MARK TRULUCK\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-23c3ab22-649f5a04.zip","Quarantine Success",""
"12:05","Manual Scan","File","EXPL_ANICMOO.GEN","C:\Documents and Settings\MARK TRULUCK\Local Settings\Temporary Internet Files\Content.IE5\QXOGTLV7\324123[1].htm","Quarantine Success",""
"13:11","File Monitor","File","TROJ_DLOADER.QLP","C:\Documents and Settings\MARK TRULUCK\Local Settings\Temporary Internet Files\Content.IE5\G2SP4OWF\hlpsrv[1].exe","Quarantine Success",""
"13:13","File Monitor","File","TROJ_DLOADER.QLP","C:\Documents and Settings\MARK TRULUCK\Local Settings\Temporary Internet Files\Content.IE5\QXOGTLV7\hlpsrv[1].exe","Quarantine Fail",""
"13:13","File Monitor","File","TROJ_DLOADER.QLP","C:\Program Files\hlpsrv.exe","Quarantine Success",""
"13:17","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\MARK TRULUCK\Local Settings\Temporary Internet Files\Content.IE5\QZPAWQ7G\ucleaner_setup[1].exe","Quarantine Fail",""
"13:25","Manual Scan","File","PAK_Generic.001","C:\Documents and Settings\MARK TRULUCK\Local Settings\Temporary Internet Files\Content.IE5\QZPAWQ7G\ucleaner_setup[1].exe","Quarantine Success",""
"19:31","File Monitor","File","EXPL_ANICMOO.GEN","C:\Documents and Settings\MARK TRULUCK\Local Settings\Temporary Internet Files\Content.IE5\G2SP4OWF\324123[1].htm","Quarantine Fail",""


This is when the search2find.biz redirect started. The system has also been slugish since then. Here is the startuplog

StartupList report, 11/1/2007, 8:00:06 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16544)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\MARK TRULUCK\Desktop\Windows-KB890830-V1.34.exe
c:\d6532403f86aee3912e966a48d775c\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
WG111v2 Smart Wizard Wireless Setting.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
pccguide.exe = "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

[MRI_DISABLED]
MSKAGENTEXE = c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - (no file) - MRI_DISABLED
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
e404 helper - C:\Program Files\E404 Helper\e404.v1.dll - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB}

--------------------------------------------------

Enumerating Task Scheduler jobs:

HP DArC Task #Hewlett-Packard#hp psc 2400 series#1082927422.job
WebReg 20040425171130.job

--------------------------------------------------

Enumerating Download Program Files:

[Office Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\OGACheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=67633

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Snapfish Activia]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx
CODEBASE = http://www2.snapfish.com/SnapfishActivia.cab

[Windows Live Safety Center Base Module]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll
CODEBASE = http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

[{D27CDB6E-AE6D-11CF-96B8-444553548000}]
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 6,587 bytes
Report generated in 0.937 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Any help would be greatly appreciated.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top