Link History

[VARN]

Sometimes when I click on a link to a page in some forums, (not this one) I get about 24 sites added to my back button; most of them are called boostfinder, a pay per click search engine these show up in my history also. What causes this is it a banner ad or something?

[Sy_Accursed]

Using forums that are dodgey and most probably trying to keylog you.

[The Observer]

Using forums that are dodgey and most probably trying to keylog you.

 

I've got to agree here.

 

Most sites (like forums) try to minimize the disruption to their users. So, unfortunately that's probably the case.

 

If no one else who uses the same site have similar problems it could be a problem on your end such as ad-ware.

[VARN]

About a week ago I got a MSN message from a trusted contact that asked if a picture was of me I clicked on it. I have since scanned with spybot, now uninstalled; malwarebytes, currently installed; panda scan, my AV; some program called clean virus msn and I have uninstalled msn and installed the newest version. After all that do you think I could still be infected?

[Laura]

Sounds like that trojan that is going around on Facebook. :unsure:

 

Might want to post a HijackThis log just to safe.

Edited November 11, 2010 by Laura

[VARN]

[hide=Logfile of Trend Micro HijackThis v2.0.2]

Scan saved at 3:38:06 PM, on 11/12/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.7930.16406)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain[Caution: Executable File]

C:\Program Files (x86)\Snarfware\Snarfer\snarfer[Caution: Executable File]

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr[Caution: Executable File]

C:\Program Files (x86)\Windows Live\Mesh\WLSync[Caution: Executable File]

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM[Caution: Executable File]

C:\Program Files (x86)\Analog Devices\Core\smax4pnp[Caution: Executable File]

C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn[Caution: Executable File]

C:\Program Files\FileBX\Fbx32helper[Caution: Executable File]

C:\Program Files (x86)\Windows Live\Mesh\MOE[Caution: Executable File]

C:\Program Files (x86)\Windows Live\Contacts\wlcomm[Caution: Executable File]

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate[Caution: Executable File]

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat[Caution: Executable File]

C:\Program Files (x86)\TrueCrypt\TrueCrypt[Caution: Executable File]

C:\Program Files (x86)\Windows Media Player\wmplayer[Caution: Executable File]

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis[Caution: Executable File]

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.runescape.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {6ECF15F0-468D-4E25-8997-1C710E80F5CD} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp[Caution: Executable File]

O4 - HKLM\..\Run: [Panda Security Toolbar Antiphishing] C:\ProgramData\Panda Security Toolbar Antiphishing\panda2_0dn[Caution: Executable File]

O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain[Caution: Executable File]" /Traybar

O4 - HKCU\..\Run: [snarfer] C:\Program Files (x86)\Snarfware\Snarfer\Snarfer[Caution: Executable File] /startminimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr[Caution: Executable File]" /background

O4 - HKCU\..\Run: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync[Caution: Executable File]" /background

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar[Caution: Executable File] /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32[Caution: Executable File] oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar[Caution: Executable File] /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files (x86)\Picasa2\PicasaMediaDetector[Caution: Executable File] (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files (x86)\Picasa2\PicasaMediaDetector[Caution: Executable File] (User 'Default user')

O4 - Global Startup: FileBox eXtender.lnk = C:\Program Files\FileBX\FileBX[Caution: Executable File]

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL[Caution: Executable File]/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: IESessions - {32FF09D3-2F66-4814-AA2C-835D5D2BF0FD} - (no file)

O9 - Extra 'Tools' menuitem: IESessions - {32FF09D3-2F66-4814-AA2C-835D5D2BF0FD} - (no file)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel[Caution: Executable File]

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel[Caution: Executable File]

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O13 - Gopher Prefix:

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F6D540D2-7B9F-4353-9228-17D0820A8494}: NameServer = 24.226.10.193,24.226.1.94

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - AppInit_DLLs: acaptuser32.dll

O20 - Winlogon Notify: avgwlx64 - C:\Windows\

O23 - Service: @%SystemRoot%\system32\Alg[Caution: Executable File],-112 (ALG) - Unknown owner - C:\Windows\System32\alg[Caution: Executable File] (file missing)

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent[Caution: Executable File]

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService[Caution: Executable File]

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64[Caution: Executable File]

O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService[Caution: Executable File]

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass[Caution: Executable File] (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc[Caution: Executable File] (file missing)

O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost[Caution: Executable File]

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService[Caution: Executable File]

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass[Caution: Executable File] (file missing)

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService[Caution: Executable File] (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc[Caution: Executable File] (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass[Caution: Executable File] (file missing)

O23 - Service: @%systemroot%\system32\Locator[Caution: Executable File],-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator[Caution: Executable File] (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass[Caution: Executable File] (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc[Caution: Executable File],-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc[Caution: Executable File] (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap[Caution: Executable File],-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap[Caution: Executable File] (file missing)

O23 - Service: @%systemroot%\system32\spoolsv[Caution: Executable File],-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv[Caution: Executable File] (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr[Caution: Executable File]

O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet[Caution: Executable File] (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect[Caution: Executable File],-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect[Caution: Executable File] (file missing)

O23 - Service: @%SystemRoot%\system32\vds[Caution: Executable File],-100 (vds) - Unknown owner - C:\Windows\System32\vds[Caution: Executable File] (file missing)

O23 - Service: @%systemroot%\system32\vssvc[Caution: Executable File],-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc[Caution: Executable File] (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv[Caution: Executable File],-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv[Caution: Executable File] (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk[Caution: Executable File],-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk[Caution: Executable File] (file missing)

O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService[Caution: Executable File]

 

--

End of file - 11582 bytes[/hide]