Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: My search engines get rerouted. Posted my HJT log  (Read 4186 times)

0 Members and 1 Guest are viewing this topic.

magic9669

    Topic Starter


    Starter

    My search engines get rerouted. Posted my HJT log
    « on: July 08, 2009, 08:21:34 AM »
    Everytime I do a search from google it reroutes me to random sites.  Also, when I go to yahoo, it redirects me to m.yahoo.com.

    Please help.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:38:54 PM, on 7/7/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\mpktnpah.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\LMI7.tmp\lmi_rescue.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\rpcnet.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\LMI7.tmp\lmi_rescue.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Trend Micro\HijackThis\sniper.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061017
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061017
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    O1 - Hosts: 105.1.11.5 seahq_exchange
    O1 - Hosts: 105.1.11.6 seahq_exchange2
    O1 - Hosts: 105.1.11.7 seahq_exchange3
    O1 - Hosts: 105.1.11.12 seusa seusa.net
    O1 - Hosts: 105.1.11.19 pilot pilot.sdsosc.co.kr #acube communication server
    O1 - Hosts: 105.1.11.24 sds.samsung.com sds
    O1 - Hosts: 105.1.11.229 foxhound
    O1 - Hosts: 105.1.11.233 hawker
    O1 - Hosts: 105.1.15.80 edcmon
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autoclose
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\RunOnce: [*LogMeInRescue_2581696517] "C:\WINDOWS\LMI7.tmp\lmi_rescue.exe" -runonce reboot
    O4 - HKLM\..\Policies\Explorer\Run: [SpywareGuard] "C:\mpktnpah.exe"
    O4 - Global Startup: SAMSUNG NETWORKS VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O15 - Trusted Zone: http://*.samsung.net
    O15 - Trusted Zone: *.samsungportal.com
    O15 - Trusted IP range: http://70.2.140.140
    O15 - Trusted IP range: http://70.20.10.140
    O16 - DPF: {08BCD971-A13B-4D6E-A2A5-E9B2324FC00D} (ClientEXE Class) - http://service.samsungportal.com/EP/web/common/cabfiles/CM_ClientEXE.cab
    O16 - DPF: {2DAAD547-FA98-498C-8FB7-63A7FCBDC0AF} (MenuCtrl Class) - http://70.20.10.140:8011/sdscc/cabs/pdss40.cab
    O16 - DPF: {2FF8F8B7-1B3F-4E5F-93B1-FEF1D703C0F4} (LocalTree.LocalXMLTree) - http://w2.samsung.net/cabs/LocalFolder2004/Cab/mySingleLocal_U.cab
    O16 - DPF: {34B5A473-9696-4F9A-9BA1-41B8185A9798} (EpFTP3 Control) - http://w2.samsung.net/cabs/EpFTP3/EpFTP3_U.cab
    O16 - DPF: {37DEC207-782F-40F5-803C-18ACEDA1ABA6} (PersonalCache Control) - http://203.254.195.140/portalWeb/cabs/mySinglePersonalCache.cab
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1200941689187
    O16 - DPF: {714E667D-360C-4BFB-8C1A-E4812B608CC1} (ACUBETrustChecker Control) - http://70.20.10.140:8000/EP/web/common/cabfiles/ACUBETrustChecker.cab
    O16 - DPF: {859A7EB3-35E6-434B-A82B-08B4F8DDE1B6} (NamoWeCtl 6.0 for samsung_mysingle) - http://w2.samsung.net/cabs/Namo/NamoWec.cab
    O16 - DPF: {88DDFD7D-14F7-4E89-8F85-737B90B1A0D0} (mySingleTrust.ClsMain) - http://203.254.195.140/cabs/LocalFolder2004/Cab/mySingle_Trust.CAB
    O16 - DPF: {9D67EBF0-AF1A-4BCE-BAC9-C84A9383E0B3} (SSOCheck Class) - https://service.samsungportal.com//EP/web/common/cabfiles/UniSSOCheck.cab
    O16 - DPF: {C4D88B8E-352B-11D6-BF77-0080C740A177} (Setup Class) - http://service.samsungportal.com/EP/web/common/cabfiles/ActiveXSetup.cab
    O16 - DPF: {C63E3330-049F-4C31-B47E-425C84A5A725} (EpAdm2 Control) - http://203.254.195.140/cabs/Tray/EpAdm2.cab
    O16 - DPF: {DE6ABA6A-095B-43E3-BEBB-879868DC5C8A} (SSLinks Control) - http://203.254.195.140/cabs/messenger/SSLinks.cab
    O16 - DPF: {E1D1DACA-5BA2-4376-89AD-3A213B916779} (IBLeaders IBSheet For Unicode Control) - http://70.20.1.100:7081/ghr/common/sheet/IBSheet4Unicode.CAB
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://206.67.236.179/dana-cached/setup/JuniperSetupSP1.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sea.samsung.com
    O17 - HKLM\Software\..\Telephony: DomainName = sea.samsung.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7BD95933-CE86-4F62-9DF3-3F5AC5ADF1D6}: NameServer = 105.1.11.4,105.1.11.5,206.67.236.3,206.67.236.20
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = sea.samsung.com
    O17 - HKLM\System\CS1\Services\Tcpip\..\{7BD95933-CE86-4F62-9DF3-3F5AC5ADF1D6}: NameServer = 105.1.11.4,105.1.11.5,206.67.236.3,206.67.236.20
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec  Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    BatchFileBasics



      Hopeful

      Thanked: 18
      Re: My search engines get rerouted. Posted my HJT log
      « Reply #1 on: July 08, 2009, 08:44:16 AM »
      Well please don't forget you need your MBAM and SUPERantispyware logs. we can see just little of what is wrong with your computer right now, but it sounds like you have malware.

      Also, many replies on google are stating that MBAM and SUPERantispyware has fixed the same problem you have.
      When the power of love overcomes the love of power the world will know peace - Jimi Hendrix.