Another victim of search engine hijacking

By AustinSchnitzel
Oct 6, 2009
Topic Status:
Not open for further replies.
  1. Earlier today I was randomly browsing through google in hopes of finding a method to bring my four-year-old desktop back up to speed. The longer I have my machine on, the slower everything runs. Not just loading - it struggles to move, resize and tab between windows, internet and otherwise.

    I found some advice on removing unnecessary startup processes and the power of defragmenting while in safe mode, but suddenly I noticed my search results shunting me to some OTHER search engine who-knows-where. I tried a system restore to two days ago and it helped by giving me the proper links in right-clicking, while left-clicking remained unreliable. I have a guess at which webpage is the culprit, but seeing as I've already cleaned my history, cache and cookies, that's all water under the bridge.

    I've gone through the eight steps outlined above, logs are below. My case is nearly identical to countless threads outlined on this other forum: help.lockergnome.com/general/HijackThis-Logs-forum-48.html

    Kind of a bummer (not gonna say ironic) and I wind up bogging down my computer further while seeking out ways to streamline its processing.
  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 20,732   +156

    You need to get your Windows Updates up to date... SP3 and IE8. Select custom and get SP3 first
  3. AustinSchnitzel

    AustinSchnitzel Newcomer, in training Topic Starter Posts: 38

    Downloaded SP3, but can't install it because it thinks "atapi.sys is currently open or being used by another program, please close it and click Retry." Checked Services, it's not in the list. Found the file, but can't move, rename or delete it because it's "in use."

    According to my research, it's normally associated with either Alcohol 120% or Daemon Tools, neither of which I have. At one point I MAY have installed Alcohol because of a friend's recommendation, (it might have been onto my laptop) but I couldn't figure out how to use it effectively and shortly removed it.

    Looks like I've hit a brick wall. Can we take this in another direction?
  4. momok

    momok Newcomer, in training Posts: 2,272

    apparently your hijackthis log shows you are still infected, and you need a reboot for MBAM to be automatically run again and complete its cleaning process.


    Reboot and let mbam do its job. keep the log.

    Next run hijackthis and fix these (if they are still there):

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {BCB63C32-A3AA-AB0B-FA3B-F0EA1EB57A9E} - C:\WINDOWS\system32\jlvkpad.dll (file missing)
    O4 - HKLM\..\Run: [xmuasob] c:\windows\system32\xmuasob.exe
    O4 - HKLM\..\Run: [a6T9IQ] c:\documents and settings\hp_owner\local settings\temp\a6T9IQ.exe
    O4 - HKLM\..\Run: [sXPRcs] c:\windows\system32\sXPRcs.exe
    O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\system32\PcfK.exe
    O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe (file missing)
    O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\system32\maxspeed.exe (file missing)
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)

    O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O15 - Trusted Zone: http://download.lavadomefive.com
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

    After that, reboot again, and post a fresh hijackthis log and the mbam log.
  5. AustinSchnitzel

    AustinSchnitzel Newcomer, in training Topic Starter Posts: 38

    By "completing the cleaning process" you mean removing whatever landed in Quarantine, right? Otherwise, it probably took care of itself when I rebooted a couple hours ago for good measure.

    In any case, I've rebooted (a second time), removed what you specified and am about to reboot again. Unless I need more posts to be allowed to EDIT my posts, I'll update here with the fresh logs.
  6. momok

    momok Newcomer, in training Posts: 2,272

    I noted that because I saw a startup entry in hijackthis for mbam:
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

    which was why I advised you to reboot. no worries about double posting, you can post a new one after mine for your logs. =)
  7. AustinSchnitzel

    AustinSchnitzel Newcomer, in training Topic Starter Posts: 38

    And now I've gone and made a glaring tactical error. Creating a log through HJT takes all of 20 seconds, but the first full scan with MBAM took upwards of an hour. By the time I can generate another one, you could be off to other parts of the Internet, or even off to bed... assuming you're one of those rare programmers who bothers to sleep.

    Maybe it will be faster the second time around, or I could have gone with a Quick Scan... but following the instructions to the letter is most important, right? Difference between lightning and a lightning bug and all that?
  8. momok

    momok Newcomer, in training Posts: 2,272

    Your log looks pretty clean to me now. I wouldnt skip the mbam scan though, so try to let it run once u have the time.

    When you're done w that, try to download ccleaner and run it. Its a nifty little tool to clear unwanted stuff and I highly recommend it.

    Next, turn off, and turn on system restore. This removes unwanted malware in your previous restore points.

    Your hjt log does show an awful alot of startup entries. My advice to u is to streamline them n remove what you dont need. they slow down your system startup and create too many unnecessary running processes in the background. removing some should improve the performance of your system.

    and nope, I dont sleep yet since its 10am here and im at work =)
  9. AustinSchnitzel

    AustinSchnitzel Newcomer, in training Topic Starter Posts: 38

    It's good that my HJT log looks fine, but the problem still persists.

    I already picked up CCleaner and ran it once, before I started the 8 steps from this forum. Come to think of it, I think CCleaner was mentioned on the webpage that landed me in this mess in the first place. It was just a forum, much like this one, but the text generated to replace "(name) said..." when someone else was replying was REALLY insulting. Above and beyond the Something Awful forums!

    A-ha! Found it! Um... enter at your own risk? (dubya dubya dubya dot) velocityreviews.com/forums/t227181-is-windows-xp-becoming-sluggish-natural.html

    Then again, I was clicking around pretty fast... it could have been any other of the half-dozen pages I skimmed at the time.

    Anyway, I'll follow those other steps you mentioned once this Full Scan is over. As for figuring out which startup processes are unnecessary, I made a bit of progress before discovering my search engine issue, and the System Restore sent be back to Square One. Is there a subforum where I could list my processes and get advice on that matter?
  10. momok

    momok Newcomer, in training Posts: 2,272

    You may seek advice over at the Windows OS subforum.

    Just additional info btw for a related good read -> Guide for making your Windows run faster

    On ccleaner, its the first time i actually heard negative feedback on it. Nevertheless, I still maintain my high recommendation on its regular use =)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.