weird google links virus? Also refuses to open any page that is antivirus relat

[iambluefairyxx]

Okay, I have a weird issue.

I somehow got a virus on this computer and have no idea how.  (I don't usually click many links if any that I do not know really well).

Anyway, first thing I noticed was whenever I did a google search the links would come up like normal.  I'd click them....it'd flash directing to go.googlesomethingsomething then instead of going to the correct site it would bring me to http://www.shopasearch.com/search44.php?keyword=whatever subject of search is (not the real link it was supposed to be).  If I go to a lesser known search engine like www.alltheweb.com  all the links are correct when I click them (although I still cannot go to norton or anything because it is also giving the "cannot be found" error when clicked as a link from there.

ALSO-this virus must be a little jerk because I'll type in norton's website manually-it'll come up with page cannot be loaded...I'll try hijackthis's website- cannot be loaded.  Friends sent me aim antivirus links and those still will not open.

Anyway, I've currently got NOD32 antivirus-did have AVG- ran spybot and adaware...I have no clue how to get rid of this thing.

If anyone can help me I will be so grateful! (btw running XP on a HP desktop that has never given me problems before)

Oh, I also tried it on firefox and IE and both had the problem

[Carbon Dudeoxide]

I suggest starting here:
http://www.computerhope.com/forum/index.php/topic,46313.0.html
We need the three logs.

If you cannot download anything, try the alternative mirror links and/or move on to the next step.

If that still doesn't work, try downloading them, in Safe Mode With Networking.

[kpac]

If that still doesn't work, try downloading them, in Safe Mode With Networking.

Or use another computer and flash drive to transfer them.

[iambluefairyxx]

I'm currently installing them on the infected computer (had to use a different computer since it just wouldn't let me on the other one).  I will post logs once I do all the steps. Thanks

[kpac]

No problem. We'll be waiting.

[iambluefairyxx]

alright, scanning in progress....already did the cccleaner now doing the superantivirus....

so far it's found a few things, one being a browser hijacker which honestly sounds like it's part of the problem I'm having haha.

(I used to have spybot but for some reason it'd either crash out or miss this thing), anywhoo, I'll do the whole thing, how do I save logs of the scans?  I don't see one while it's in progress, maybe it'll show up after.

[iambluefairyxx]

okay this is the antispyware log- did the remove and reboot thing, still have the problems, I'm gunna run the malware now then post that log if I can


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/22/2008 at 05:25 PM

Application Version : 4.21.1004

Core Rules Database Version : 3576
Trace Rules Database Version: 1564

Scan type       : Quick Scan
Total Scan Time : 00:17:00

Memory items scanned      : 332
Memory threats detected   : 0
Registry items scanned    : 412
Registry threats detected : 12
File items scanned        : 11035
File threats detected     : 25

Browser Hijacker.Internet Explorer Zone Hijack
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imagesrvr.com
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imagesrvr.com#*
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.com
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.com#*
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mediatickets.net
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mediatickets.net#*
   HKU\S-1-5-21-2023423985-2238445444-4200361857-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imagesrvr.com
   HKU\S-1-5-21-2023423985-2238445444-4200361857-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imagesrvr.com#*
   HKU\S-1-5-21-2023423985-2238445444-4200361857-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.com
   HKU\S-1-5-21-2023423985-2238445444-4200361857-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\media-motor.com#*
   HKU\S-1-5-21-2023423985-2238445444-4200361857-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mediatickets.net
   HKU\S-1-5-21-2023423985-2238445444-4200361857-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mediatickets.net#*

Adware.Tracking Cookie
   C:\Documents and Settings\HLWhite\Cookies\hlwhite@cgi-bin[2].txt
   .atwola.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dhm31wlp.default\cookies.txt ]
   .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dhm31wlp.default\cookies.txt ]
   .insightexpressai.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dhm31wlp.default\cookies.txt ]
   .nextag.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dhm31wlp.default\cookies.txt ]
   .nextag.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dhm31wlp.default\cookies.txt ]
   adserving.cpxinteractive.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\dhm31wlp.default\cookies.txt ]
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
   C:\Documents and Settings\Guest\Cookies\guest@atwola[1].txt
   C:\Documents and Settings\Guest\Cookies\guest@nextag[2].txt
   C:\Documents and Settings\Guest\Cookies\guest@partner2profit[2].txt
   C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
   C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atwola[1].txt
   .ads.addynamix.com [ C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\nzatdbzx.default\cookies.txt ]
   .ads.addynamix.com [ C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\nzatdbzx.default\cookies.txt ]
   .ads.addynamix.com [ C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\nzatdbzx.default\cookies.txt ]
   C:\WINDOWS\system32\config\systemprofile\Cookies\system@2o7[2].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\system@crackle[2].txt
   C:\WINDOWS\system32\config\systemprofile\Cookies\system@qksrv[2].txt

Adware.MediaMotor
   C:\WINDOWS\System32\safe.tlb

Adware.Elite Media
   C:\WINDOWS\em06y.ini

Trojan.StoneDrv
   C:\WINDOWS\system32\inistone.ini

Trojan.Unknown Origin
   C:\WINDOWS\SYSTEM32\BANG-006.ICO

[iambluefairyxx]

Malwarebytes' Anti-Malware 1.28
Database version: 1194
Windows 5.1.2600 Service Pack 2

9/23/2008 6:40:00 AM
mbam-log-2008-09-23 (06-39-55).txt

Scan type: Full Scan (C:\|D:\|L:\|)
Objects scanned: 224999
Time elapsed: 52 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> No action taken.
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe (Adware.PurityScan) -> No action taken.



this scan/removal seems to have fixed the problem, should I still do the hijack this one?

[Carbon Dudeoxide]

this scan/removal seems to have fixed the problem, should I still do the hijack this one?

Yep, just so our Malware Specialists can tie up some loose ends. 

[evilfantasy]

Update MBAM and run a new scan then remove everything found before running the HJT scan.