I picked up this old computer for the gf and wanted to clean it up and check for issues. Im getting redirected to spam webpages.
running: windows live essesials and xp
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:50:23 AM, on 1/21/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\Ati2evxx.exe
C:\\WINDOWS\\system32\\svchost.exe
c:\\Program Files\\Microsoft Security Client\\MsMpEng.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\ACS.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Microsoft\\BingDesktop\\BingDesktopUpdater.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\TOSHIBA\\Power Management\\CeEPwrSvc.exe
C:\\Program Files\\TOSHIBA\\ConfigFree\\CFSvcs.exe
C:\\WINDOWS\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe
C:\\WINDOWS\\system32\\DVDRAMSV.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
C:\\Program Files\\Common Files\\Microsoft Shared\\VS7Debug\\mdm.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\system32\\SearchIndexer.exe
C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe
C:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe
C:\\Program Files\\TOSHIBA\\Power Management\\CePMTray.exe
C:\\Program Files\\Apoint2K\\Apoint.exe
C:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe
C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe
C:\\Program Files\\Microsoft Security Client\\msseces.exe
C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\Apoint2K\\Apntex.exe
C:\\Documents and Settings\\Alma\\Local Settings\\Application Data\\TheWeatherNetwork\\WeatherEye\\WeatherEye.exe
C:\\WINDOWS\\system32\\RAMASST.exe
C:\\Program Files\\Windows Desktop Search\\WindowsSearch.exe
C:\\WINDOWS\\system32\\wuauclt.exe
C:\\Documents and Settings\\Alma\\Desktop\\HijackThis.exe
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.mavideniz.gen.tr
R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\SearchURL,(Default) = http://ca.search.yahoo.com/search?fr=mcafee&p=%s
O1 - Hosts: 94.76.227.20 www.google.com.tr
O1 - Hosts: 94.76.227.20 www.google.ca
O1 - Hosts: 94.76.227.20 www.google.com.br
O1 - Hosts: 94.76.227.20 www.google.co.il
O1 - Hosts: 94.76.227.20 www.google.com.ar
O1 - Hosts: 94.76.227.20 www.google.com.my
O1 - Hosts: 94.76.227.20 www.google.gr
O1 - Hosts: 94.76.227.20 www.google.com.ph
O1 - Hosts: 94.76.227.20 www.google.com.tw
O1 - Hosts: 94.76.227.20 www.google.co.id
O1 - Hosts: 94.76.227.20 www.google.co.in
O1 - Hosts: 94.76.227.20 www.google.com.au
O1 - Hosts: 94.76.227.20 www.google.co.nz
O1 - Hosts: 94.76.227.20 www.google.com.pk
O1 - Hosts: 94.76.227.20 www.google.dk
O1 - Hosts: 94.76.227.20 www.google.pt
O1 - Hosts: 94.76.227.20 www.google.es
O1 - Hosts: 94.76.227.20 www.google.se
O1 - Hosts: 94.76.227.20 www.google.de
O1 - Hosts: 94.76.227.20 www.google.com.hk
O1 - Hosts: 94.76.227.20 www.google.fr
O1 - Hosts: 94.76.227.20 www.google.co.jp
O1 - Hosts: 94.76.227.20 www.google.com.mx
O1 - Hosts: 94.76.227.20 www.google.com.sa
O1 - Hosts: 94.76.227.20 www.google.com.sg
O1 - Hosts: 94.76.227.20 www.google.cn
O1 - Hosts: 94.76.227.20 www.google.com.eg
O1 - Hosts: 94.76.227.20 www.google.com.ba
O1 - Hosts: 94.76.227.20 www.google.com.at
O1 - Hosts: 94.76.227.20 www.google.be
O1 - Hosts: 94.76.227.20 www.google.ch
O1 - Hosts: 94.76.227.20 www.google.no
O1 - Hosts: 94.76.227.20 www.google.sk
O1 - Hosts: 94.76.227.20 www.google.fi
O1 - Hosts: 94.76.227.20 search.yahoo.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll
O4 - HKLM\\..\\Run: [ATIPTA] C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe
O4 - HKLM\\..\\Run: [CeEKEY] C:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe
O4 - HKLM\\..\\Run: [CeEPOWER] C:\\Program Files\\TOSHIBA\\Power Management\\CePMTray.exe
O4 - HKLM\\..\\Run: [Apoint] C:\\Program Files\\Apoint2K\\Apoint.exe
O4 - HKLM\\..\\Run: [TPNF] C:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe
O4 - HKLM\\..\\Run: [PadTouch] C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe
O4 - HKLM\\..\\Run: [PrinTray] C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\2\\printray.exe
O4 - HKLM\\..\\Run: [MSC] \"c:\\Program Files\\Microsoft Security Client\\msseces.exe\" -hide -runkey
O4 - HKLM\\..\\Run: [BingDesktop] C:\\Program Files\\Microsoft\\BingDesktop\\BingDesktop.exe /fromkey
O4 - HKCU\\..\\Run: [TOSCDSPD] C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe
O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe
O4 - HKCU\\..\\Run: [WeatherEye] C:\\Documents and Settings\\Alma\\Local Settings\\Application Data\\TheWeatherNetwork\\WeatherEye\\WeatherEye.exe
O4 - HKCU\\..\\Run: [msnmsgr] \"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background
O4 - HKUS\\S-1-5-18\\..\\Run: [DWQueuedReporting] \"c:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t (User \'SYSTEM\')
O4 - HKUS\\.DEFAULT\\..\\Run: [DWQueuedReporting] \"c:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t (User \'Default user\')
O4 - Global Startup: RAMASST.lnk = C:\\WINDOWS\\system32\\RAMASST.exe
O4 - Global Startup: Windows Search.lnk = C:\\Program Files\\Windows Desktop Search\\WindowsSearch.exe
O6 - HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present
O6 - HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present
O7 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office10\\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre6\\bin\\jp2iexp.dll
O9 - Extra \'Tools\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre6\\bin\\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra \'Tools\' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\\Program Files\\Windows Live\\Writer\\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\OFFICE11\\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra \'Tools\' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1358748985796
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://142.176.20.26/islandcam/AxisCamControl.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\\WINDOWS\\system32\\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\\WINDOWS\\system32\\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\\WINDOWS\\system32\\ACS.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\\WINDOWS\\system32\\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\\Program Files\\TOSHIBA\\Power Management\\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\\Program Files\\TOSHIBA\\ConfigFree\\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\\WINDOWS\\system32\\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\\Program Files\\Common Files\\InstallShield\\Driver\\11\\Intel 32\\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
--
End of file - 9581 bytes
ttt
I have sence noticed that ie and firefox will not go to any google site or google search result site. It will be redirected to the same spam site or have a connection error message. Problem is only on google sites.
ok so heres an update:
I finally found my comuter has a Trojan Vondo virus,,, i tryed useing Malwarebytes to remove it,,, and it says it removed it,, but im still getting redirected from my browser. I dont think it totaly cleaned it off. i ran it again and i still get some fixes,,,, so i assume the virus is still working.
Very sorry, been in a work camp with no Internet for over a week...
Do you still need a hand?