« previous next »
Pages: [1]   Go Down

Author Topic: Computer search engine problem  (Read 5532 times)

0 Members and 1 Guest are viewing this topic.

gekededa

  • Guest
Computer search engine problem
« on: December 30, 2009, 11:16:04 AM »
Lately after searching for things on google.com or any other search engine i get the following message after clicking on the link:
The webpage "newserversearch.com" cannot be found
DNS error occurred. Server cannot be found. The link may be broken.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:51 AM, on 12/30/2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\Online Backup\Auto Update\OnlineBackup.UpdateSystemTray.exe
C:\Program Files\Verizon\Online Backup\vewatch.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\aol\1231197754\ee\aolsoftware.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\bfgclient\bfggameservices.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll
O3 - Toolbar: (no name) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [Online Backup Auto Update] "C:\Program Files\Verizon\Online Backup\Auto Update\OnlineBackup.UpdateSystemTray.exe"
O4 - HKLM\..\Run: [Vault Explorer Cache Watcher] C:\Program Files\Verizon\Online Backup\vewatch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.1; AOLBuild 4334.34; Windows NT 6.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://cb.ktrmr.com/scripts/MRWEBPL.DLL?ACTION"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'Default user')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Filesystem Watcher (FilesystemWatcher) - DigiData Corp. - C:\Program Files\Verizon\Online Backup\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files\iWin Games\iWinTrusted.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Online Backup Scheduler (OnlineBackupSchedulerService) - Unknown owner - C:\Program Files\Verizon\Online Backup\Scheduler\OnlineBackup.SchedulerService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9255 bytes
Logged

YoKenny

  • Guest
Re: Computer search engine problem
« Reply #1 on: December 30, 2009, 01:54:42 PM »
Welcome gekededa

Vista SP1 has been available since April 2008:
http://technet.microsoft.com/en-us/windows/bb738089.aspx?wt.svl=leftnav

Vista SP2 has been available since May and provides Critical Updates and performance improvements:
http://support.microsoft.com/kb/948465

You need to start Internet Explorer then go to Tools then Windows Update and download all of the available updates.

Also you should enable Automatic Updates or at least be notified that Updates are available.

Go to Control Panel then Automatic Updates then select Automatic (recommended) or at least Notify me but don't automatically download or install them.

IE8 is more secure than IE7 and has a lot better performance:
http://www.microsoft.com/windows/Internet-explorer/default.aspx

Go to Secunia Online Software Inspector then run it to see what other applications are vulnerable:
http://secunia.com/vulnerability_scanning/online
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: Computer search engine problem
« Reply #2 on: December 30, 2009, 08:35:08 PM »
Hi gekededa,

Analysis of your HJT logfile and your active system tasks gave the following items to check
and eventually fix.
Check on these items and if malicious or suspicious fix using HJT

Fix C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe Safe Neutral (3.37 / 5.00)
*suspicious unwanted executable see further down why...
Fix C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe Safe Neutral (3.37 / 5.00)
*suspicious unwanted executable see further down why...

Fix O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file) Nasty
Unknown application. Unnecessary (deactivated) entry that can be fixed.

O3 - Toolbar: (no name) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - (no file)
Unknown application. Unnecessary (deactivated) entry that can be fixed.

Fix O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
Safe Neutral (3.37 / 5.00)
*suspicious unwanted executable see further down why...

O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN

It seems that the name of this program is the same as the name of the file.
In the most cases this is the result of trojans. To be sure, you should check this file at virustotal.com

Fix O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
Neutral Must be fixed! Spyware component related to DownloadWare and found in Program FilesKFH

  
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103470 -
"Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.1; AOLBuild 4334.34; Windows NT 6.0;
FunWebProducts; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)"
-"http://cb.ktrmr.com/scripts/MRWEBPL.DLL?ACTION" Neutral (3.43 / 5.00)

Leave Do Not Fix checked and safe:
O4 - HKUS\S-1-5-19\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup"
(User 'LOCAL SERVICE') Safe application. http://www.fileinspect.com/fileinfo/gplayer-exe/

O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup"
(User 'SYSTEM') Safe application. http://www.fileinspect.com/fileinfo/gplayer-exe/
  
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup"
(User 'Default user') Neutral (3.1 / 5.00) http://www.fileinspect.com/fileinfo/gplayer-exe/

O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe
Safe known service. (CSHelper.exe) consider info: http://www.neuber.com/taskmanager/process/cthelper.exe.html

Survey of active tasks on your computer:

Dwm.exe   
System task

Desktop Window Manager

Explorer.EXE   
System task

Microsoft Windows Explorer

taskeng.exe   
System task

Task Scheduler Engine

MSASCui.exe   
Anti Add/Spyware software

Microsoft Windows Defender Antispyware

igfxtray.exe   
Application

Intel Graphics configuration and diagnostic application

hkcmd.exe   
Application

Intel multimedia devices

igfxpers.exe   
Driver

Intel Common User Interface Module

igfxsrvc.exe   
Driver

Intel(R) Common User Interface

avgtray.exe   
Background task

avgtray.exe

Fix NielsenOnline.exe   
Suspicious task

Fix NielsenOnline.exe

Check VerizonServicepoint.exe   
Background task

Verizon Servicepoint

McciTrayApp.exe   
If you don't use it, and it uses a lot of CPU,
then I would simply remove it from the startup.
Use msconfig or Startup Inspector ( http://www.windowsstartup.com/startupinspector.php )
to remove the item from startup (uncheck it, not delete).


OnlineBackup.UpdateSystemTray.exe
File name:   OnlineBackup.UpdateSystemTray.exe
File size:   40 KB (40960 bytes)
Md5:   7c2c36d48e1bf054543c98baf364ef72
Product information
Product name:    Unknown
Company name:    Unknown
Program name:    Unknown

Loading point information
Execution type:    REGISTRY
Registry section:    HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
Entry:    Online Backup Auto Update check on virustotal.com


vewatch.exe

Exe name: vewatch.exe Program name: Vault Explorer Cache Watcher Company: DigiData Corp.
Background task

sidebar.exe   
Background task

Vista sidebar

ehtray.exe   
Background task

Microsoft Media Center Tray Icon

wmpnscfg.exe   
Background task

Windows Media Player Network Sharing Service Confi

Fix * NielsenOnline.exe   
Suspicious task, check at virustotal.com

Fix * NielsenOnline.exe Required No   Process Name / Details   Startup File
associated with   
NetMeter
NetRatings software by Opistat. "OpiStat measures Internet usage anonymously
and surveys participants according to their profiles and online habits".
This software has been reported to get downloaded and installed automatically
after a Grokster install.
It anonymously collects your use of the Internet protocols (sites visited, Web pages,
advertisements seen, electronic commerce, streaming). To be avoided!
NielsenOnline.exe = unwanted executable

ehmsas.exe   
Systeem taak

Microsoft Media Center State Aggregator Service

mobsync.exe   
System task

Microsoft Synchronization Manager

aolsoftware.exe   
Background task

AOL Service Libraries

wuauclt.exe   
System task

AutoUpdate Client

taskeng.exe   
System task

Task Scheduler Engine

bfggameservices.exe   
Background task Achtergrondtaak

bfggameservices Re: http://spywarefiles.prevx.com/RRGABB44719876/BFGGAMESERVICES.EXE.EXE.html

firefox.exe   
Application

Mozilla Firefox

waol.exe   
Application

America Online UI

shellmon.exe   
Application

AOL Shellmon

SUPERAntiSpyware.exe   
Anti Add/Spyware software

SUPERAntiSpyware

HijackThis.exe   
Application

Hijackthis 2.02

Check SearchFilterHost.exe   Can use up to 35 - 75% of CPU
System task check at virustotalcom if not a pest (depends on location on the OS)

Microsoft® Windows® Operating System

polonus
« Last Edit: December 30, 2009, 08:41:30 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

gekededa

  • Guest
Re: Computer search engine problem
« Reply #3 on: December 31, 2009, 07:32:38 AM »
i'm sorry but i'm not really computer savvy. What exactly would i have to do?
Logged

Offline .: L' arc :.

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1780
  • Thinking with Portals
Re: Computer search engine problem
« Reply #4 on: December 31, 2009, 12:16:57 PM »
Welcome to the forums gekededa,

Please reopen HijackThis and select Do a system scan only. After the scan, put a check beside these entries:

O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: (no name) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - (no file)
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

Afterwards, click Fix checked. Post a new Hijack This log.

By the way, you don't seem to have avast installed but AVG?
« Last Edit: December 31, 2009, 12:19:39 PM by .: L' arc :. »
Logged
Windows 7 (64-bit) Home Premium SP1
avast! 9 RC1
Pages: [1]   Go Up
« previous next »