What the Tech logo
Welcome! Register for a free account (or login) > How does it work?
  1. Quickly register. It will only take 60 seconds.
  2. Start a new topic. Ask your question. Wait for an email reply.
  3. Is your system infected? Begin reading the malware removal guide.
 register button
Closed TopicStart new topic
> [Resolved] Google Search Redirects, Clickover.cn, etc...
fatalplus
post Jul 28 2009, 08:58 PM
Post #1


Authentic Member
**

Group: Authentic Member
Posts: 20
Joined: 28-July 09
Member No.: 86,999
Operating System: XP
Clicking search results from Google randomly(read:occasionally, sometimes more often than not, and not always even the same link) redirects me to another page, Clickover.cn/longunintelligiblestring. Does the same thing in Firefox and Chrome. NoScript stops the page from loading, but I'd still like to figure out what's causing it, as scans from Avast!, Spybot and Malwarebytes are all showing my system as clean. A quick search for anything pertaining to clickover.cn leaves me empty-handed. So, any thoughts? Thanks in advance.


Heres my HijackThis logfile to get things started.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:48 PM, on 7/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182131443798
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182131395142
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C672E896-7E75-43CE-BB9E-053766318D7F}: NameServer = 192.168.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 5892 bytes
Go to the top of the page
 
+Quote Post
 
 Start new topic
Replies
CatByte
post Aug 1 2009, 05:40 AM
Post #2


Classroom Administrator
Group Icon

Group: Classroom Admin
Posts: 9,645
Joined: 18-November 04
From: Canada
Member No.: 18,614
Operating System: xp sp3
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Go to the top of the page
 
+Quote Post

Posts in this topic
- fatalplus   [Resolved] Google Search Redirects, Clickover.cn, etc...   Jul 28 2009, 08:58 PM
- - CatByte   Hi and Welcome, NOTE:Malware removal is NOT insta...   Jul 29 2009, 10:48 AM
- - fatalplus   Thanks for the quick reply Catbyte. GMER 1.0.15....   Jul 29 2009, 02:15 PM
- - CatByte   can you post the combofix log that you ran already...   Jul 29 2009, 02:21 PM
- - fatalplus   I downloaded it, but I don't think I ever ran ...   Jul 29 2009, 02:45 PM
- - CatByte   Hi, delete the copy of ComboFix that you have (ri...   Jul 29 2009, 04:05 PM
- - fatalplus   Combo-Fix log ComboFix 09-07-29.03 - FatalPlus 07...   Jul 29 2009, 05:12 PM
- - CatByte   Hi, QUOTE Overlay aborted ... Please run ComboFix...   Jul 29 2009, 06:27 PM
- - fatalplus   Woops, guess I should have read through it better....   Jul 29 2009, 07:26 PM
- - CatByte   Hi, Please do the following: Very Important...   Jul 29 2009, 07:58 PM
- - fatalplus   ComboFix 09-07-29.03 - FatalPlus 07/29/2009 22:12....   Jul 29 2009, 09:13 PM
- - CatByte   Hi, Please do the following: 1. Please download ...   Jul 29 2009, 09:27 PM
- - fatalplus   Logfile of The Avenger Version 2.0, © by Swan...   Jul 29 2009, 09:47 PM
- - CatByte   QUOTE doesn't look too promising... No, it do...   Jul 29 2009, 10:21 PM
- - fatalplus   ComboFix 09-07-29.04 - FatalPlus 07/30/2009 9:10....   Jul 30 2009, 07:24 AM
- - CatByte   Hi, Please do the following: Go to Start->Ru...   Jul 30 2009, 07:36 AM
- - fatalplus   From the .bat file ---AFTER---- C:\WINDOWS...   Jul 30 2009, 07:48 AM
- - CatByte   Please run the sysprot scanner as well thanks, it...   Jul 30 2009, 07:51 AM
- - fatalplus   New SysProt log SysProt AntiRootkit v1.0.1.0 by ...   Jul 30 2009, 07:57 AM
- - CatByte   Hi, Please do the following: Please delete the c...   Jul 30 2009, 11:00 AM
- - fatalplus   Results of the new gmer scan:   Jul 30 2009, 01:15 PM
- - CatByte   Hi, I have attached a batch fix for you to run on...   Jul 30 2009, 01:53 PM
- - fatalplus   ---BEFORE---- C:\WINDOWS\System32...   Jul 30 2009, 02:08 PM
- - CatByte   How is your computer running - any issues?   Jul 30 2009, 02:27 PM
- - fatalplus   Seems to be all set now Thanks a bunch for th...   Jul 30 2009, 02:46 PM
- - CatByte   haha..I'm not done with you yet...sorry... ye...   Jul 30 2009, 03:49 PM
- - CatByte   Hi, I was going back over the thread and somethin...   Jul 30 2009, 06:59 PM
- - fatalplus   MBAM and Kapersky scan logs. Malwarebytes' An...   Jul 30 2009, 07:00 PM
- - CatByte   Hi, did you read my previous post as i think we we...   Jul 30 2009, 07:00 PM
- - fatalplus   I did, and wdmaudd.sys no longer exists   Jul 30 2009, 07:04 PM
- - CatByte   OK, that's great then, the items found by Kasp...   Jul 30 2009, 07:08 PM
- - fatalplus   Here you are, good sir.   Jul 30 2009, 07:15 PM
- - CatByte   Hi, they didn't attach, if you could copy/pas...   Jul 30 2009, 07:18 PM
- - fatalplus   DDS (Ver_09-07-30.01) - NTFSx86 Run by FatalPlus...   Jul 30 2009, 07:21 PM
- - CatByte   Hi, couple of things still left over in the log, ...   Jul 30 2009, 07:34 PM
- - fatalplus   Error 403 - Forbidden You tried to access a docum...   Jul 30 2009, 07:39 PM
- - CatByte   Ok, do it this way then (I got the same error the...   Jul 30 2009, 07:40 PM
- - fatalplus   Combofix log, and I completed the other steps. Co...   Jul 30 2009, 08:02 PM
- - CatByte   Hi, Please do the following: Go to Start->Run...   Jul 30 2009, 08:09 PM
- - fatalplus   Awesome. Thanks for the diligence and speedy posti...   Jul 30 2009, 08:19 PM
- - CatByte   There's a donation button in my signature. Tha...   Jul 30 2009, 08:20 PM
- - CatByte   Since this issue appears to be resolved ... this T...   Aug 1 2009, 05:40 AM

« Next Oldest · Infections Removal · Next Newest »
 

Closed TopicStart new topic

 
RSS Time is now: 19th March 2010 - 08:22 PM
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
Powered By IP.Board © 2010  IPS, Inc.