TechSpot

Help: redirect links in google search results

By szhang10
Oct 13, 2009
  1. Hello,
    I know this is a notorious virus and tried to figure it out myself but failed. Here I followed the 8-step instruction. I got the Malwarebytes' Anti-Malware log and HijackThis log. I didn't have SuperAntiSpyware log, since my download softare said it was affected by virus.
    If it is very necessary, please let me know, I will try again. Thanks.
    Please see the attached logs.
    View attachment 52604

    View attachment 52605
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Can you please give me some idea of how you are using the SharePoint Portal Server?

    Also, are any of these working?
    O18 - Protocol: ipp - (no CLSID) - (no file) Internet Printing Protocol (IPP)
    O18 - Protocol: msdaipp - (no CLSID) - (no file)
    The Microsoft OLE DB Provider for Internet Publishing (MSDAIPP), also known as Internet Publishing Provider (IPP), can be used to access data in an Exchange Server Web Store.

    Remote Access Memory Buffer Controller
    Cisco Systems, Inc. VPN Service
    Juniper Network Connect Service (dsNcService)>> This application uses ports to connect to a LAN or Internet.

    O23 - Service: Remote Access Memory Buffer Controller (ambc) - Unknown owner - C:\Program Files\duhese\fazsea.exe (file missing)

    The HijackThis log is not dis[laying correctly which may be do to configuration or malware.

    Let's see if you can run this:
    Please download ComboFix HERE:
    • With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
    • Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
    • Run Combo-Fix.exe and follow the prompts.
      (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
    • Wait for the scan to be completed.
    • If it requires a reboot, please do it.
    • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

    Notes:

    • 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
      2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
      3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
      4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    When you are finished, rescan with HJT. Include Combofix report and new HJT log.
     
  3. szhang10

    szhang10 TS Rookie Topic Starter

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You did not answer my question about using all the connections showing- but you went ahead and removed/stopped them. I did not tell you to do that.

    Due to the presence of a second language, there are some processes I can't identify. The HijackThis log is still not showing what is 'normal' on a scan. There is no homepage or search page.

    Why are you running !KillBox in the background?

    Can you tell me what these processes are for?

    c:\documents and settings\Shouliang Zhang\Tracing
    c:\documents and settings\RESCUE\Tracing
    c:\program files\Common Files\Shiqiang
    Remote Access Memory Buffer Controller (ambc) - Unknown owner - C:\Program Files\duhese\fazsea.exe

    Are you running Bonjour at this time? Do you have an internet connection?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...