All search results are masked by ad sites -Help!
A few days ago, my husband was playing a game on pogo.com or on another site that he cannot remember. After that every time I look something up, I can see in the search result description that what I found is supposed to be located on an actual site, but the site that actually shows up when you click it, is always an ad site, such as lowpriceshopper.com, info.com, etc. So, it will not let me see the actual site that I am trying to get to. Please, any help you can give us would be appreciated. Thanks so much in advance!
Here is what I have done to attempt to fix the problem.
I read and followed all steps in the malware sticky.
I have also run a regrun control cleaner which removed a webhelper.dll.
Here are each of the logs:
1. Super Anti Spyware
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 12/29/2008 at 10:15 PM
Application Version : 4.24.1004
Core Rules Database Version : 3688
Trace Rules Database Version: 1664
Scan type : Complete Scan
Total Scan Time : 02:57:06
Memory items scanned : 576
Memory threats detected : 0
Registry items scanned : 6883
Registry threats detected : 5
File items scanned : 118545
File threats detected : 0
Registry Cleaner Trial
HKCR\Install.Install
HKCR\Install.Install\CLSID
HKCR\Install.Install\CurVer
HKCR\Install.Install.1
HKCR\Install.Install.1\CLSID
2.MBAM Log
Malwarebytes’ Anti-Malware 1.31
Database version: 1574
Windows 5.1.2600 Service Pack 3
12/30/2008 10:23:01 AM
mbam-log-2008-12-30 (10-23-01).txt
Scan type: Full Scan (C:\|)
Objects scanned: 178348
Time elapsed: 1 hour(s), 13 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
3. HiJack This Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:28 AM, on 12/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM1 2.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\SNIPER.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY…ION&pf=desktop
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY…ION&pf=desktop
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY…ION&pf=desktop
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY…ION&pf=desktop
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY…ION&pf=desktop
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY…ION&pf=desktop
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY…ION&pf=desktop
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: NCO 2.0 IE BHO – {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} – C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 – BHO: Symantec Intrusion Prevention – {6D53EC84-6AAE-4787-AEEE-F4628F01010C} – C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 – BHO: (no name) – {724d43a9-0d85-11d4-9908-00400523e39a} – C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 – BHO: Java(tm) Plug-In SSV Helper – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre6\bin\ssv.dll
O2 – BHO: Adobe PDF Conversion Toolbar Helper – {AE7CD045-E861-484f-8273-0445EE161910} – C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 – Toolbar: Adobe PDF – {47833539-D0C5-4125-9FA8-0819E2EAAC93} – C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 – Toolbar: &RoboForm – {724d43a0-0d85-11d4-9908-00400523e39a} – C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 – Toolbar: Show Norton Toolbar – {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} – C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 – HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 – HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 – HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 – HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 – HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 – HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 – HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 – .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User ‘Default user’)
O4 – Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O8 – Extra context menu item: Convert link target to Adobe PDF – res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 – Extra context menu item: Convert link target to existing PDF – res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 – Extra context menu item: Convert selected links to Adobe PDF – res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 – Extra context menu item: Convert selected links to existing PDF – res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 – Extra context menu item: Convert selection to Adobe PDF – res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 – Extra context menu item: Convert selection to existing PDF – res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 – Extra context menu item: Convert to Adobe PDF – res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 – Extra context menu item: Convert to existing PDF – res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 – Extra context menu item: Customize Menu – file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Fill Forms – file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 – Extra context menu item: RoboForm Toolbar – file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 – Extra context menu item: Save Forms – file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 – Extra button: Fill Forms – {320AF880-6646-11D3-ABEE-C5DBF3571F46} – file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 – Extra ‘Tools’ menuitem: Fill Forms – {320AF880-6646-11D3-ABEE-C5DBF3571F46} – file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 – Extra button: Save – {320AF880-6646-11D3-ABEE-C5DBF3571F49} – file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 – Extra ‘Tools’ menuitem: Save Forms – {320AF880-6646-11D3-ABEE-C5DBF3571F49} – file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 – Extra button: RoboForm – {724d43aa-0d85-11d4-9908-00400523e39a} – file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 – Extra ‘Tools’ menuitem: RoboForm Toolbar – {724d43aa-0d85-11d4-9908-00400523e39a} – file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Internet Connection Help – {E2D4D26B-0180-43a4-B05F-462D6D54C789} – C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 – Extra ‘Tools’ menuitem: Internet Connection Help – {E2D4D26B-0180-43a4-B05F-462D6D54C789} – C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) – http://utilities.pcpitstop.com/da/PCPitStop.CAB
O16 – DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) – http://www.worldwinner.com/games/v47…amesLoader.cab
O16 – DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) – http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 – DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) – http://aolsvc.aol.com/onlinegames/fr…b.1.0.0.13.cab
O16 – DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) – http://www.worldwinner.com/games/v46…/bejeweled.cab
O16 – DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) – https://webdl.symantec.com/activex/symdlmgr.cab
O16 – DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) – http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 – DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) – http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 – DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) – http://aolsvc.aol.com/onlinegames/gh…ylomplayer.cab
O16 – DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} (DinerDash Control) – http://www.worldwinner.com/games/v50…/dinerdash.cab
O16 – DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) – https://pit2notes.eckert.escm.com/dwa7W.cab
O20 – Winlogon Notify: !SASWinLogon – C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 – Service: Lavasoft Ad-Aware Service (aawservice) – Lavasoft – C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: Automatic LiveUpdate Scheduler – Symantec Corporation – C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: Symantec Lic NetConnect service (CLTNetCnService) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: COM Host (comHost) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: LightScribeService Direct Disc Labeling Service (LightScribeService) – Hewlett-Packard Company – C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 – Service: LiveUpdate – Symantec Corporation – C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 – Service: LiveUpdate Notice – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: Macromedia Licensing Service – Unknown owner – C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM1 2.EXE
O23 – Service: PC Tools Auxiliary Service (sdAuxService) – PC Tools – C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 – Service: PC Tools Security Service (sdCoreService) – PC Tools – C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 – Service: Symantec Core LC – Unknown owner – C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
–
End of file – 12897 bytes