1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

search2find.biz redirect

Discussion in 'Virus & Other Malware Removal' started by mtruluck, Nov 1, 2007.

Thread Status:
Not open for further replies.
  1. mtruluck

    mtruluck Thread Starter

    Joined:
    Nov 1, 2007
    Messages:
    1
    I have pc-cillin and it found the following problems on my system.

    "Virus Scan Logs","2007/10/30","TRULUCK"
    "Time","Security Feature","Source Type","Virus Name","File Name","First Action","Second Action"
    "09:59","File Monitor","File","HTML_IESLICE.JS","C:\Documents and Settings\MARK TRULUCK\Local Settings\Temporary Internet Files\Content.IE5\HIXC18OI\data1[1].htm","Quarantine Fail",""
    "09:59","File Monitor","File","HTML_IESLICE.JS","C:\Documents and Settings\MARK TRULUCK\Local Settings\Temporary Internet Files\Content.IE5\HIXC18OI\data1[1].htm","Quarantine Success",""
    "12:04","Manual Scan","File","JAVA_BYTEVER.BJ","MagicApplet.class (C:\Documents and Settings\MARK TRULUCK\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-23c3ab22-649f5a04.zip)","Quarantine Fail",""
    "12:04","Manual Scan","File","JAVA_BYTEVER.DL","OwnClassLoader.class (C:\Documents and Settings\MARK TRULUCK\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-23c3ab22-649f5a04.zip)","Quarantine Fail",""
    "12:04","Manual Scan","File","JAVA_BYTEVER.DK","ProxyClassLoader.class (C:\Documents and Settings\MARK TRULUCK\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-23c3ab22-649f5a04.zip)","Quarantine Fail",""
    "12:04","Manual Scan","File","---","C:\Documents and Settings\MARK TRULUCK\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms03011.jar-23c3ab22-649f5a04.zip","Quarantine Success",""
    "12:05","Manual Scan","File","EXPL_ANICMOO.GEN","C:\Documents and Settings\MARK TRULUCK\Local Settings\Temporary Internet Files\Content.IE5\QXOGTLV7\324123[1].htm","Quarantine Success",""
    "13:11","File Monitor","File","TROJ_DLOADER.QLP","C:\Documents and Settings\MARK TRULUCK\Local Settings\Temporary Internet Files\Content.IE5\G2SP4OWF\hlpsrv[1].exe","Quarantine Success",""
    "13:13","File Monitor","File","TROJ_DLOADER.QLP","C:\Documents and Settings\MARK TRULUCK\Local Settings\Temporary Internet Files\Content.IE5\QXOGTLV7\hlpsrv[1].exe","Quarantine Fail",""
    "13:13","File Monitor","File","TROJ_DLOADER.QLP","C:\Program Files\hlpsrv.exe","Quarantine Success",""
    "13:17","File Monitor","File","PAK_Generic.001","C:\Documents and Settings\MARK TRULUCK\Local Settings\Temporary Internet Files\Content.IE5\QZPAWQ7G\ucleaner_setup[1].exe","Quarantine Fail",""
    "13:25","Manual Scan","File","PAK_Generic.001","C:\Documents and Settings\MARK TRULUCK\Local Settings\Temporary Internet Files\Content.IE5\QZPAWQ7G\ucleaner_setup[1].exe","Quarantine Success",""
    "19:31","File Monitor","File","EXPL_ANICMOO.GEN","C:\Documents and Settings\MARK TRULUCK\Local Settings\Temporary Internet Files\Content.IE5\G2SP4OWF\324123[1].htm","Quarantine Fail",""


    This is when the search2find.biz redirect started. The system has also been slugish since then. Here is the startuplog

    StartupList report, 11/1/2007, 8:00:06 PM
    StartupList version: 1.52.2
    Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
    Detected: Windows XP SP2 (WinNT 5.01.2600)
    Detected: Internet Explorer v7.00 (7.00.6000.16544)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
    C:\Program Files\Greetings Workshop\GWREMIND.EXE
    C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\MARK TRULUCK\Desktop\Windows-KB890830-V1.34.exe
    c:\d6532403f86aee3912e966a48d775c\mrtstub.exe
    C:\WINDOWS\system32\MRT.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    WG111v2 Smart Wizard Wireless Setting.lnk = ?

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    pccguide.exe = "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
    QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
    TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
    SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    [MRI_DISABLED]
    MSKAGENTEXE = c:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=*Registry value not found*
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    (no name) - (no file) - MRI_DISABLED
    (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
    (no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890}
    (no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    e404 helper - C:\Program Files\E404 Helper\e404.v1.dll - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    HP DArC Task #Hewlett-Packard#hp psc 2400 series#1082927422.job
    WebReg 20040425171130.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Office Genuine Advantage Validation Tool]
    InProcServer32 = C:\WINDOWS\system32\OGACheckControl.DLL
    CODEBASE = http://go.microsoft.com/fwlink/?linkid=67633

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [Snapfish Activia]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx
    CODEBASE = http://www2.snapfish.com/SnapfishActivia.cab

    [Windows Live Safety Center Base Module]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll
    CODEBASE = http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx
    CODEBASE = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    [{D27CDB6E-AE6D-11CF-96B8-444553548000}]
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\system32\webcheck.dll
    SysTray: C:\WINDOWS\System32\stobject.dll
    WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

    --------------------------------------------------
    End of report, 6,587 bytes
    Report generated in 0.937 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only

    Any help would be greatly appreciated.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - search2find redirect
  1. OncomingStorm
    Replies:
    5
    Views:
    200
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/646607

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice