AshTheGamer Posted May 18, 2009 Share Posted May 18, 2009 I am not sure this is the right place to post in but never mind.I have had this problem on my PC for a while now, When ever I search something on Google and click on it, It takes me to a completely different website to do with what I search.I have tried Super Anti Spy ware but that didn't fix it.Please help me,- Ash. Link to comment Share on other sites More sharing options...
Administrator Lite Posted May 18, 2009 Administrator Share Posted May 18, 2009 Moved to the correct place. Also please use more meaningful topic titles - a little information is handy.The first thing i would do is check your HOSTS file (open with notepad). Which is located here: Windows Vista/XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETCWindows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETCAre there any entries not going to 127.0.0.1 or 0.0.0.0?If there is remove those entries. If that doesn't help post a HijackThis! log file so i can take a look at it so i can see any possible issues. Link to comment Share on other sites More sharing options...
Jota.Ce Posted May 18, 2009 Share Posted May 18, 2009 Yeah, HOSTS file or trojan catching your links and redirecting... Link to comment Share on other sites More sharing options...
bearoninternet Posted May 18, 2009 Share Posted May 18, 2009 Just curious; what AV do you use? I remember my days with norton :whistle: . Link to comment Share on other sites More sharing options...
Toshiro Posted May 19, 2009 Share Posted May 19, 2009 Moved to the correct place. Also please use more meaningful topic titles - a little information is handy.The first thing i would do is check your HOSTS file (open with notepad). Which is located here: Windows Vista/XP = C:\WINDOWS\SYSTEM32\DRIVERS\ETCWindows 2K = C:\WINNT\SYSTEM32\DRIVERS\ETCAre there any entries not going to 127.0.0.1 or 0.0.0.0?If there is remove those entries. If that doesn't help post a HijackThis! log file so i can take a look at it so i can see any possible issues.Yeah That right. Btw, Are you a pro @ Hijackthis, or just a person who know things about hijackthis(like me)? Ontopic:Uhm, I would recommend scanning with MalwareBytes' It should find these kind of problems. (IF they are related to malware/spyware)Don't forget to put a mark @ Options >> Shut Down IE when deleting ......gl :lol: Link to comment Share on other sites More sharing options...
AshTheGamer Posted May 19, 2009 Author Share Posted May 19, 2009 MalwareBytes does not open for me...And the host file has nothing in it. Link to comment Share on other sites More sharing options...
Toshiro Posted May 19, 2009 Share Posted May 19, 2009 MalwareBytes does not open for me...And the host file has nothing in it.Yeah.. Uhm, got a error? Something.. more info plz.. Link to comment Share on other sites More sharing options...
AshTheGamer Posted May 19, 2009 Author Share Posted May 19, 2009 Nope no error, I double click on the Desktop Icon and nothing happens I have also tried all in All programs and nothing happens.... Link to comment Share on other sites More sharing options...
Toshiro Posted May 19, 2009 Share Posted May 19, 2009 So you can't open .exe files? Uhm Kinda problem.. There was a fix for it.. check google..*searching*Found ithttp://support.microsoft.com/default.aspx?...p;Product=winxp Link to comment Share on other sites More sharing options...
AshTheGamer Posted May 19, 2009 Author Share Posted May 19, 2009 No I can open .exe's just not that software for some reason.... Link to comment Share on other sites More sharing options...
Administrator Lite Posted May 19, 2009 Administrator Share Posted May 19, 2009 Its clear there is some settings and/or process running on your system that isn't allowing the execution of certain apps and redirecting your search.HijackThis! log? Link to comment Share on other sites More sharing options...
AshTheGamer Posted May 19, 2009 Author Share Posted May 19, 2009 Doing it now....Done here:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:41:20, on 19/05/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\DigitalPersona\Bin\DPWinLct.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CPUCooL\CooLSrv.exeC:\Program Files\DigitalPersona\Bin\DpHost.exeC:\Program Files\RDS4\svcagnt.exeC:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exeC:\Program Files\Easy-Hide-IP\services\EasyHideIp.exeC:\Program Files\Easy-Hide-IP\services\EasyHideIP-Server2\Easy-Hide-IPS2.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Easy-Hide-IP\services\EasyHideIP-Server2\EasyHideIP-Server2.exeC:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXEC:\Program Files\Easy-Hide-IP\services\EasyHideIP-Server1\EasyHideIP-Server1.exeC:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXEC:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exeC:\xampp\mysql\bin\mysqld.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\System32\PAStiSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\DigitalPersona\Bin\DPFUSMgr.exeC:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\WINDOWS\regx32.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Xfire\Xfire.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Windows Live\Contacts\wlcomm.exeC:\Program Files\iTunes\iTunes.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Steam\Steam.exeC:\Program Files\Pidgin\pidgin.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wuauclt.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie8R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.comO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Google plugin - {684EE1DB-CD52-4ca9-9CCF-93D5F6B419BA} - kmsvc32.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [TrialReset] C:\WINDOWS\regx32.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noserviceO4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startupO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\762b9479-06a3-4a3d-af3d-2e9e761b03d5.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exeO8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTMO8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTMO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTMO8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTMO9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dllO9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: PDF Suite - {EE8D6672-6616-43E6-B42D-2EEBE3A090A7} - C:\Program Files\PDF Suite\IE_Plugin.dll (HKCU)O9 - Extra 'Tools' menuitem: Convert with PDF Suite - {EE8D6672-6616-43E6-B42D-2EEBE3A090A7} - C:\Program Files\PDF Suite\IE_Plugin.dll (HKCU)O17 - HKLM\System\CCS\Services\Tcpip\..\{6EF53E39-7656-46AB-B0BA-593384AA88A2}: NameServer = 85.255.112.155,85.255.112.153O17 - HKLM\System\CCS\Services\Tcpip\..\{E4F716F1-7E5D-44AC-B736-FCC5A736C651}: NameServer = 85.255.112.155,85.255.112.153O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.155,85.255.112.153O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.155,85.255.112.153O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.155,85.255.112.153O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dllO20 - Winlogon Notify: __c007671E - C:\WINDOWS\O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exeO23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exeO23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exeO23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exeO23 - Service: Windows Desktop Security (dtsagntsvc) - Unknown owner - C:\Program Files\RDS4\svcagnt.exeO23 - Service: EasyHideIP - Unknown owner - C:\Program Files\Easy-Hide-IP\services\EasyHideIp.exeO23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXEO23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXEO23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exeO23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exeO23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exeO23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exeO23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exeO23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exeO23 - Service: XAMPP Service (XAMPP) - Unknown owner - c:\xampp\service.exe--End of file - 11232 bytes Link to comment Share on other sites More sharing options...
Administrator Lite Posted May 19, 2009 Administrator Share Posted May 19, 2009 Had a quick look over it:Send me a copy of these files: (PM them to me)C:\WINDOWS\regx32.exeC:\Program Files\RDS4\svcagnt.exe <-- Adware: http://www.emsisoft.com/en/malware/?Adware...ote+Desktop+Spy (use add/remove programs)I'd reccomend getting rid of "Easy-Hide-IP" aswell. (Use add/ remove programs)These are domain hijackers from "Trusted DNS": http://sunbeltblog.blogspot.com/2009/05/tr...rustworthy.html (so can be removed)O17 - HKLM\System\CCS\Services\Tcpip\..\{6EF53E39-7656-46AB-B0BA-593384AA88A2}: NameServer = 85.255.112.155,85.255.112.153O17 - HKLM\System\CCS\Services\Tcpip\..\{E4F716F1-7E5D-44AC-B736-FCC5A736C651}: NameServer = 85.255.112.155,85.255.112.153O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.155,85.255.112.153O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.155,85.255.112.153O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.155,85.255.112.153 Link to comment Share on other sites More sharing options...
Toshiro Posted May 19, 2009 Share Posted May 19, 2009 Open Hijackthis.. Scan...Mark the following: O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Google plugin - {684EE1DB-CD52-4ca9-9CCF-93D5F6B419BA} - kmsvc32.dll (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{6EF53E39-7656-46AB-B0BA-593384AA88A2}: NameServer = 85.255.112.155,85.255.112.153 O17 - HKLM\System\CCS\Services\Tcpip\..\{E4F716F1-7E5D-44AC-B736-FCC5A736C651}: NameServer = 85.255.112.155,85.255.112.153 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.155,85.255.112.153 O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.155,85.255.112.153 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.155,85.255.112.153 O23 - Service: EasyHideIP - Unknown owner - C:\Program Files\Easy-Hide-IP\services\EasyHideIp.exe-Shut down opened programms..-Hit the Fix(checked) Button..--Woops Lite was first.. Link to comment Share on other sites More sharing options...
AshTheGamer Posted May 19, 2009 Author Share Posted May 19, 2009 Do I need to restart after doing this? Link to comment Share on other sites More sharing options...
Administrator Lite Posted May 19, 2009 Administrator Share Posted May 19, 2009 Yes you will need to reboot your system after running HJT. Did you uninstall the apps i said via Add/Remove programs aswell?regx32.exe is related to some ESET fix you have installed.The others can be removed.Post another log once you've cleared the things above. Link to comment Share on other sites More sharing options...
AshTheGamer Posted May 19, 2009 Author Share Posted May 19, 2009 Nope still has not worked.I just tried searching Ikea as an example and came up with this = http://www.youtube.com/watch?v=POCyr1yYbO0 :/Um and the log is below:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:12:04, on 19/05/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\DigitalPersona\Bin\DPWinLct.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CPUCooL\CooLSrv.exeC:\Program Files\DigitalPersona\Bin\DpHost.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exeC:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXEC:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXEC:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exeC:\xampp\mysql\bin\mysqld.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeC:\WINDOWS\System32\PAStiSvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\DigitalPersona\Bin\DPFUSMgr.exeC:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wuauclt.exeC:\Program Files\ESET\ESET NOD32 Antivirus\egui.exeC:\WINDOWS\regx32.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\RTHDCPL.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Xfire\Xfire.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie8R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customi...arch.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com;www.plimus.com;regnow.com;www.regnow.comO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [TrialReset] C:\WINDOWS\regx32.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noserviceO4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startupO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\762b9479-06a3-4a3d-af3d-2e9e761b03d5.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exeO8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTMO8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTMO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTMO8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTMO9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dllO9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: PDF Suite - {EE8D6672-6616-43E6-B42D-2EEBE3A090A7} - C:\Program Files\PDF Suite\IE_Plugin.dll (HKCU)O9 - Extra 'Tools' menuitem: Convert with PDF Suite - {EE8D6672-6616-43E6-B42D-2EEBE3A090A7} - C:\Program Files\PDF Suite\IE_Plugin.dll (HKCU)O20 - Winlogon Notify: DPWLN - C:\WINDOWS\system32\DPWLEvHd.dllO20 - Winlogon Notify: __c007671E - C:\WINDOWS\O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exeO23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exeO23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exeO23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exeO23 - Service: Windows Desktop Security (dtsagntsvc) - Unknown owner - C:\Program Files\RDS4\svcagnt.exe (file missing)O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exeO23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeO23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXEO23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXEO23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exeO23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exeO23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeO23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exeO23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exeO23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exeO23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exeO23 - Service: XAMPP Service (XAMPP) - Unknown owner - c:\xampp\service.exe--End of file - 9846 bytes Link to comment Share on other sites More sharing options...
Toshiro Posted May 19, 2009 Share Posted May 19, 2009 Hmm Strange.. Do you have the same problem @ exp. YahooSearch?And do you get any specific site? Or is it just random?Btw, Log looks clean.. Link to comment Share on other sites More sharing options...
AshTheGamer Posted May 19, 2009 Author Share Posted May 19, 2009 Yup on all search engines, And its at random and really annoying... Link to comment Share on other sites More sharing options...
Rock Lee Posted May 19, 2009 Share Posted May 19, 2009 & you said you cant run exe's right? Try Trojan Remover. If that doesnt work I'll look for the portable version of MBAM & you should then be able to use it.EDIT: This way is sure-fire but there is a catch. Make sure system restore is on first. Use ComboFix. If that doesnt fix your problem then there arent a lot of other programs that will... Link to comment Share on other sites More sharing options...
AshTheGamer Posted May 19, 2009 Author Share Posted May 19, 2009 Um this don't sound good O.o Link to comment Share on other sites More sharing options...
Rock Lee Posted May 19, 2009 Share Posted May 19, 2009 Did you do it? Link to comment Share on other sites More sharing options...
mara- Posted May 19, 2009 Share Posted May 19, 2009 Try to run Malwarebytes' Anti-Malware in Safe Mode.Cheers :hi: Link to comment Share on other sites More sharing options...
Administrator Lite Posted May 19, 2009 Administrator Share Posted May 19, 2009 So you know what "PDF Suite" is? If not all entries related to that can be removed.Also this can be removed: O23 - Service: Windows Desktop Security (dtsagntsvc) - Unknown owner - C:\Program Files\RDS4\svcagnt.exe (file missing).There is one entry on the HJT log i'm unsure about:O20 - Winlogon Notify: __c007671E - C:\WINDOWS\As suggested previously i'd reccomend running a scan in Safe Mode with MBAM and/or A2. Link to comment Share on other sites More sharing options...
Sonar Posted May 20, 2009 Share Posted May 20, 2009 Tried different browser's not just search engines?I'm guessing your using IE? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.