Thread: Google links are being redirected(RESOLVED)
View Single Post
  #5 (permalink)  
Old 19-10-2006, 04:36 PM
WereHound WereHound is offline
Newbie
D-A-L Newbie
  
Join Date: Oct 2006
Posts: 3
WereHound Is a beginner here at D-A-L
Thumbs up
BitDefender Online Scanner



Scan report generated at: Thu, Oct 19, 2006 - 05:32:20





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
02:36:51

Files
641694

Folders
7824

Boot Sectors
3

Archives
20899

Packed Files
47356




Results

Identified Viruses
2

Infected Files
20

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
20




Engines Info

Virus Definitions
477449

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\hp\bin\Terminator.exe
Infected with: Trojan.Killapp.30208.A

C:\hp\bin\Terminator.exe
Disinfection failed

C:\hp\bin\Terminator.exe
Deleted

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP103\A0039106.exe
Infected with: Trojan.Downloader.Mohbpork.A

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP103\A0039106.exe
Disinfection failed

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP103\A0039106.exe
Deleted

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP103\A0039110.exe
Infected with: Trojan.Downloader.Mohbpork.A

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP103\A0039110.exe
Disinfection failed

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP103\A0039110.exe
Deleted

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP107\A0039673.exe
Infected with: Trojan.Killapp.30208.A

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP107\A0039673.exe
Disinfection failed

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP107\A0039673.exe
Deleted

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP83\A0036356.exe
Infected with: Trojan.Downloader.Mohbpork.A

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP83\A0036356.exe
Disinfection failed

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP83\A0036356.exe
Deleted

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP86\A0037356.exe
Infected with: Trojan.Downloader.Mohbpork.A

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP86\A0037356.exe
Disinfection failed

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP86\A0037356.exe
Deleted

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP86\A0037588.exe
Infected with: Trojan.Downloader.Mohbpork.A

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP86\A0037588.exe
Disinfection failed

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP86\A0037588.exe
Deleted

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP86\A0037624.exe
Infected with: Trojan.Downloader.Mohbpork.A

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP86\A0037624.exe
Disinfection failed

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP86\A0037624.exe
Deleted

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP86\A0037821.exe
Infected with: Trojan.Downloader.Mohbpork.A

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP86\A0037821.exe
Disinfection failed

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP86\A0037821.exe
Deleted

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP86\A0037832.exe
Infected with: Trojan.Downloader.Mohbpork.A

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP86\A0037832.exe
Disinfection failed

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP86\A0037832.exe
Deleted

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP88\A0038075.exe
Infected with: Trojan.Downloader.Mohbpork.A

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP88\A0038075.exe
Disinfection failed

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP88\A0038075.exe
Deleted

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP88\A0038136.exe
Infected with: Trojan.Downloader.Mohbpork.A

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP88\A0038136.exe
Disinfection failed

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP88\A0038136.exe
Deleted

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP88\A0038208.exe
Infected with: Trojan.Downloader.Mohbpork.A

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP88\A0038208.exe
Disinfection failed

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP88\A0038208.exe
Deleted

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP88\A0038336.exe
Infected with: Trojan.Downloader.Mohbpork.A

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP88\A0038336.exe
Disinfection failed

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP88\A0038336.exe
Deleted

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP90\A0038476.exe
Infected with: Trojan.Downloader.Mohbpork.A

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP90\A0038476.exe
Disinfection failed

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP90\A0038476.exe
Deleted

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP93\A0038824.exe
Infected with: Trojan.Downloader.Mohbpork.A

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP93\A0038824.exe
Disinfection failed

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP93\A0038824.exe
Deleted

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP93\A0038832.exe
Infected with: Trojan.Downloader.Mohbpork.A

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP93\A0038832.exe
Disinfection failed

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP93\A0038832.exe
Deleted

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP94\A0038859.exe
Infected with: Trojan.Downloader.Mohbpork.A

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP94\A0038859.exe
Disinfection failed

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP94\A0038859.exe
Deleted

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP99\A0038960.exe
Infected with: Trojan.Downloader.Mohbpork.A

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP99\A0038960.exe
Disinfection failed

C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP99\A0038960.exe
Deleted

C:\WINDOWS\system32\csulk.exe
Infected with: Trojan.Downloader.Mohbpork.A

C:\WINDOWS\system32\csulk.exe
Disinfection failed

C:\WINDOWS\system32\csulk.exe
Deleted












Logfile of HijackThis v1.99.1
Scan saved at 8:30:45 AM, on 10/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\AOL\1156716397\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe " -boot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1156716397\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...lscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1154684392186
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...71/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe







The link issue seems to be solved
The links don't lead off to some random web site anymore.

Thank you so much Neal

Does anything else seem to be wrong in the logs??
Reply With Quote