Jump to content
xisto Community
mrdee

Spyware Attack? Browser sends me to weird places

Recommended Posts

Hi,for a few days now, something very annoying has been happening to me when surfing:When I type (In both Firefox and IE) a question in the Google search box, the google page opens with possible answers to my question, but when I click on one of the answers, most of the time, instead of being sent to the page on whose link I clicked, I get sent to advertising sites, or in the beat case, to ask.com, where my original question re-appears and, like on Google, yields a number of possible answers.Another thing that sometimes happens too is that, when I surf to a certain site, when the page opens, a new page opens automatically too, and yes, obviously, in that new window there is an advertising site opening.Is my machine being hijacked by spyware, or viruses?Every AVG virus scan comes back clear, I have ran Spybot Search and Destroy a number of times, and on one occasion quite a list of infections was removed, but after that, Spybot only found one, and that was cleared every time.Has anyone had any similar experiences?Can anyone advise me on how to fix this problem, as it is very annoying that I can't search in Google properly anymore?If anyone knows a remedy, please let me know, as this is driving me up the wall.Thank you in advance.

Edited by mrdee (see edit history)

Share this post


Link to post
Share on other sites

I would recommend downloading HijackThis and disabling anything that looks suspicious. Since it happens in both Firefox and Internet Explorer, it seems like you have some kind of protocol sniffer. I haven't had this happen to me, so i can't offer any definite solutions.

Share this post


Link to post
Share on other sites

Thanks, truefusion.However, HijackThis is a program that just lists the present settings, with no help on what is good or bad, and you have to be quite advanced in order to remove things safely.Another thing I noticed regarding my problem: it seems like Windows Update is not working properly either.By the way, I use Windows 7 Ultimate.

Share this post


Link to post
Share on other sites

i suggest you to do a full scan system but in SAFE MOOD, restart your computer and enter the safe mood and start full system scan. this trick will catch viruses or spyware within system files. i tried it myself and got viruses not showing in my normal scan.or delete both of your browsers and installed them again, it is easy for firefox but for internet explorer reinstall it from your system cd. i don't use windows 7 yet so i can't give you specific information about that.

Share this post


Link to post
Share on other sites

In case someone is able to help me with this (the problem is, I don't know what is good or bad), here is the HiJackThis log file:

Logfile of Trend Micro HijackThis v2.0.4Scan saved at 05:42:46, on 08/05/2010Platform: Windows 7  (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Trusteer\Rapport\bin\RapportService.exeC:\Program Files\Logitech\Logitech WebCam Software\LWS.exeC:\Program Files\AVG\AVG9\avgtray.exeC:\Program Files\Syncrosoft\POS\H2O\cledx.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exeC:\Program Files\HP\HP Software Update\hpwuschd2.exeC:\Windows\Samsung\PanelMgr\SSMMgr.exeC:\Program Files\UVC Video Camera\UVCSti.exeC:\Program Files\UVC Video Camera\EffectDir\UVCTray.exeC:\Windows\System32\DeltaIITray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exeC:\Program Files\Logitech\Logitech Vid\Vid.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\Smileycons\smileycons.exeC:\Program Files\WinSent Messenger\winsent.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\FreePOPs\freepopsd.exeC:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exeC:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exeC:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.msn.com/en-ca/?ocid=NEFLS000 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.xisto.com/no_longer_exists/ - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/en-ca/?ocid=NEFLS000 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.msn.com/en-ca/?ocid=NEFLS000 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.msn.com/en-ca/?ocid=NEFLS000 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/en-ca/?ocid=NEFLS000 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: Bandoo IE Plugin - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dllO2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hideO4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exeO4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [uSBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exeO4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorunO4 - HKLM\..\Run: [uVCSti] "C:\Program Files\UVC Video Camera\UVCSti.exe"O4 - HKLM\..\Run: [RunUVC] "C:\Program Files\UVC Video Camera\EffectDir\UVCtray.exe"O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\Windows\system32\DeltaIITray.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exeO4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbyloginO4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStartO4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmodeO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quietO4 - HKCU\..\Run: [smileycons] C:\Program Files\Smileycons\smileycons.exeO4 - HKCU\..\Run: [WinSent Messenger] "C:\Program Files\WinSent Messenger\winsent.exe"O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O4 - Startup: FreePOPs.lnk = C:\Program Files\FreePOPs\freepopsd.exeO4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\gprs.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: Append Link Target to Existing PDF - re http://forums.xisto.com/ Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - re http://forums.xisto.com/O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO15 - Trusted Zone: http://forums.xisto.com/no_longer_exists/ - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://forums.xisto.com/no_longer_exists/ - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://forums.xisto.com/no_longer_exists/ - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://forums.xisto.com/no_longer_exists/ - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/errors/not_found.html - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://forums.xisto.com/no_longer_exists/ - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://forums.xisto.com/no_longer_exists/ - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\Skype4COM.dllO20 - AppInit_DLLs: avgrsstx.dll c:\progra~1\bandoo\bndhook.dll O21 - SSODL: GenericFilter - {c2888b90-56de-4f88-97d8-37029f2204f0} - C:\Program Files\Common Files\GenericFilter\GenericFilter.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exeO23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exeO23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exeO23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeO23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exeO23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exeO23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe--End of file - 11372 bytes

The thing is, I cleaned up with Spybot, with Ad-Aware, even in safe mode, but still Google links send me to advertising sites, and I still keep getting an error 90072EFE while trying to download Windows Updates.Could someone please help?Thank you so much.

Notice from rvalkass:
Added Code tags around the log file.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.