hijacked by linkbucks.com

Solved
Thread Status:
Not open for further replies.
  1. alvin123

    alvin123 Member PCHF $Donator Bronze Member

    Joined:
    Aug 7, 2013
    Posts:
    35
    Likes Received:
    1
    Local time:
    02:09
    My System
    Loading...

    it happened since yesterday. when i open links that i visit frequently, ex. facebook, it redirects to linkbucks.com.
    i'm confused right now. i don't know how to remove it :(

    Attached Files:

  2. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    4,104
    Likes Received:
    12
    Location:
    Victoria, Australia
    Local time:
    05:09
    My System
    Loading...

    Please download AdwCleaner by Xplode onto your desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Clean.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[R1].txt as well.
    ===========================

    Please download Malwarebytes Anti-Malware from Malwarebytes.org
    Alternate link: Download Mirror

    (Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

    Double Click mbam-setup.exe to install the application.

    (Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
    Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    If an update is found, it will download and install the latest version.
    Once the program has loaded, select "Perform Full Scan", then click Scan.
    The scan may take some time to finish,so please be patient.
    When the scan is complete, click OK, then Show Results to view the results.
    Make sure that everything is checked, and click Remove Selected.
    When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
    Please save the log to a location you will remember.
    The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Copy and paste the entire report in your next reply.
    If Malwarebytes fails to download please use the following link:

    http://malwarebytes.org/mbam-download-exe-random.php
  3. alvin123

    alvin123 Member PCHF $Donator Bronze Member

    Joined:
    Aug 7, 2013
    Posts:
    35
    Likes Received:
    1
    Local time:
    02:09
    My System
    Loading...

    sorry for late reply..

    here's the log.
    AdwCleaner

    # AdwCleaner v3.014 - Report created 06/12/2013 at 08:05:44
    # Updated 01/12/2013 by Xplode
    # Operating System : Microsoft Windows XP Service Pack 2 (32 bits)
    # Username : USER - USER-842E92B843
    # Running from : C:\Documents and Settings\USER\My Documents\Downloads\adwcleaner(1).exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Found C:\Documents and Settings\USER\Application Data\iSafe
    Folder Found C:\Program Files\iSafe

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v6.0.2900.2180


    -\\ Mozilla Firefox v25.0.1 (en-US)

    [ File : C:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\ff4j4q47.default-1386268088234\prefs.js ]


    -\\ Google Chrome v32.0.1700.41

    [ File : C:\Documents and Settings\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [823 octets] - [31/08/2013 22:10:57]
    AdwCleaner[R1].txt - [1447 octets] - [06/12/2013 00:27:05]
    AdwCleaner[R2].txt - [1343 octets] - [06/12/2013 07:59:05]
    AdwCleaner[R3].txt - [1144 octets] - [06/12/2013 08:05:44]
    AdwCleaner[S0].txt - [883 octets] - [31/08/2013 22:13:26]
    AdwCleaner[S1].txt - [1516 octets] - [06/12/2013 00:27:38]
    AdwCleaner[S2].txt - [373 octets] - [06/12/2013 08:00:10]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1382 octets] ##########
    =================================================================================
    Malwarebytes

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.12.06.01

    Windows XP Service Pack 2 x86 NTFS
    Internet Explorer 6.0.2900.2180
    USER :: USER-842E92B843 [administrator]

    Protection: Enabled

    12/6/2013 10:48:03 AM
    mbam-log-2013-12-06 (10-48-03).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 302415
    Time elapsed: 1 hour(s), 17 minute(s), 36 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\System Volume Information\_restore{05C7AD32-5017-4DFD-A566-453F9C8D8359}\RP32\A0005495.exe (PUP.Optional.Installrex) -> No action taken.

    (end)
    =================================================================================
    i forgot to check the results.. so i did a re-scan
    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.12.06.01

    Windows XP Service Pack 2 x86 NTFS
    Internet Explorer 6.0.2900.2180
    USER :: USER-842E92B843 [administrator]

    Protection: Enabled

    12/6/2013 12:06:52 PM
    mbam-log-2013-12-06 (12-06-52).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 282474
    Time elapsed: 1 hour(s), 2 minute(s), 7 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\System Volume Information\_restore{05C7AD32-5017-4DFD-A566-453F9C8D8359}\RP32\A0005495.exe (PUP.Optional.Installrex) -> Quarantined and deleted successfully.

    (end)
  4. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    4,104
    Likes Received:
    12
    Location:
    Victoria, Australia
    Local time:
    05:09
    My System
    Loading...

    There is no signs of malware here.... Have you checked in Add/Remove or in you browser add on for this
  5. alvin123

    alvin123 Member PCHF $Donator Bronze Member

    Joined:
    Aug 7, 2013
    Posts:
    35
    Likes Received:
    1
    Local time:
    02:09
    My System
    Loading...

    yes, i had checked both, but no suspicious name there.
    the redirect still remains here..
  6. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    4,104
    Likes Received:
    12
    Location:
    Victoria, Australia
    Local time:
    05:09
    My System
    Loading...

    Ok.Lets give this a run...


    Download Combofix from any of the links below, and save it to your desktop.
    Link 1
    Link 2
    When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.

    Refer to this image:
    To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
    • Close any open windows and double click PCHelpForum.exe to run it.
      You will see the following image:
    [​IMG]

    Click I Agree to start the program.
    ComboFix will then extract the necessary files and you will see this:

    [​IMG]

    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
    It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    If you did not have it installed, you will see the prompt below. Choose YES.

    [​IMG]

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    Click on Yes, to continue scanning for malware.
    When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
  7. alvin123

    alvin123 Member PCHF $Donator Bronze Member

    Joined:
    Aug 7, 2013
    Posts:
    35
    Likes Received:
    1
    Local time:
    02:09
    My System
    Loading...

    here's the log.

    ComboFix 13-12-06.01 - USER 12/07/2013 1:25.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3564.2748 [GMT 7:00]
    Running from: c:\documents and settings\USER\Desktop\PcHelpForum.exe.exe
    AV: Kaspersky PURE 3.0 *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Kaspersky PURE 3.0 *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-11-06 to 2013-12-06 )))))))))))))))))))))))))))))))
    .
    .
    2013-12-06 03:45 . 2013-12-06 03:45 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-12-05 20:56 . 2013-12-05 20:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-12-05 20:56 . 2013-04-04 07:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-12-05 20:43 . 2013-12-05 20:43 -------- d-----w- c:\program files\CCleaner
    2013-12-05 20:31 . 2013-12-05 20:31 -------- d-----w- c:\documents and settings\USER\Application Data\eCyber
    2013-12-05 20:00 . 2013-12-05 20:26 -------- d-----w- c:\windows\SxsCaPendDel
    2013-12-05 17:52 . 2013-12-05 17:52 -------- d-----w- c:\documents and settings\USER\Application Data\Malwarebytes
    2013-12-05 17:52 . 2013-12-05 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2013-12-02 05:30 . 2013-12-05 20:46 -------- d-----w- c:\documents and settings\USER\Application Data\inkscape
    2013-12-02 05:28 . 2013-12-02 05:30 -------- d-----w- c:\program files\Inkscape
    2013-12-02 05:21 . 2013-12-02 05:22 -------- d-----w- c:\documents and settings\USER\Application Data\PhotoScape
    2013-11-30 03:08 . 2013-11-30 03:08 -------- d-----w- c:\documents and settings\USER\Application Data\Unity
    2013-11-21 06:44 . 2013-11-28 07:01 -------- d-----w- c:\documents and settings\USER\Application Data\HpUpdate
    2013-11-21 06:44 . 2013-11-21 06:44 -------- d-----w- c:\windows\Hewlett-Packard
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-10-17 00:53 . 2012-09-03 11:23 24672 ----a-w- c:\windows\system32\drivers\klmouflt.sys
    2013-10-17 00:53 . 2012-09-03 10:56 24160 ----a-w- c:\windows\system32\drivers\klkbdflt.sys
    2013-10-17 00:53 . 2013-10-12 18:06 74336 ----a-w- c:\windows\system32\drivers\klflt.sys
    2013-10-17 00:53 . 2012-06-19 10:28 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
    2013-10-12 19:05 . 2012-10-18 07:50 44000 ----a-w- c:\windows\system32\drivers\kltdi.sys
    2013-10-12 19:05 . 2012-08-13 09:49 145040 ----a-w- c:\windows\system32\drivers\kneps.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
    @="{dd230880-495a-11d1-b064-008048ec2fc5}"
    [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
    2012-12-20 11:20 459784 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2012-09-18 20117136]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]
    "NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]
    "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2012-06-28 74752]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-10 958576]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2013-10-17 356128]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-04-30 421888]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
    .
    c:\documents and settings\USER\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-27 98632]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2013-10-09 02:19 1813928 ----a-w- c:\program files\Steam\Steam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Steam Client Service"=3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "d:\\Megaxus\\Grand Chase\\main.exe"=
    "c:\\Program Files\\Winamp\\winamp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "d:\\Warcraft III\\NusaReconnect.exe"=
    "d:\\Warcraft III\\War3.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "d:\\Dota2\\SteamApps\\common\\dota 2 beta\\dota.exe"=
    .
    R0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\drivers\CSCrySec.sys [10/13/2013 1:08 AM 88632]
    R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\drivers\CSVirtualDiskDrv.sys [10/13/2013 1:08 AM 39736]
    R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [10/18/2012 2:50 PM 44000]
    R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [8/13/2012 4:49 PM 145040]
    R2 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [12/21/2012 2:32 PM 819040]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/6/2013 3:56 AM 418376]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/6/2013 3:56 AM 701512]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [8/13/2013 7:00 AM 270080]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [6/27/2012 2:09 PM 35672]
    R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [9/3/2012 5:56 PM 24160]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [9/3/2012 6:23 PM 24672]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/6/2013 3:56 AM 22856]
    R3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [8/13/2013 7:00 AM 55104]
    R3 XDva401;XDva401;\??\c:\windows\system32\XDva401.sys --> c:\windows\system32\XDva401.sys [?]
    S1 iSafeNetFilter;iSafeNetFilter;\??\c:\program files\iSafe\iSafeNetFilter.sys --> c:\program files\iSafe\iSafeNetFilter.sys [?]
    S2 iSafeService;iSafeService;c:\program files\iSafe\iSafeSvc.exe --> c:\program files\iSafe\iSafeSvc.exe [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/13/2013 7:00 AM 1691480]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 iSafeKrnl;iSafeKrnl;\??\c:\program files\iSafe\iSafeKrnl.sys --> c:\program files\iSafe\iSafeKrnl.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/6/2013 10:45 AM 40776]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-12-05 02:53 1211344 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.41\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-12 14:08]
    .
    2013-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-08-13 00:30]
    .
    2013-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-08-13 00:30]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = hxxp://voice.yahoo.com/r.php?pg=5&intl=us
    IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 149.210.142.101 202.134.0.155
    FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\ff4j4q47.default-1386268088234\
    FF - ExtSQL: 2013-10-17 07:54; anti_banner@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
    FF - ExtSQL: 2013-10-17 07:54; content_blocker@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
    FF - ExtSQL: 2013-10-17 07:54; online_banking@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
    FF - ExtSQL: 2013-10-17 07:54; url_advisor@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
    FF - ExtSQL: 2013-10-17 07:54; virtual_keyboard@kaspersky.com; c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
    FF - ExtSQL: 2013-12-06 03:42; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\ff4j4q47.default-1386268088234\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    FF - ExtSQL: !HIDDEN! 2013-08-13 03:12; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-12-07 01:29
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(11384)
    c:\windows\system32\msi.dll
    .
    Completion time: 2013-12-07 01:30:32
    ComboFix-quarantined-files.txt 2013-12-06 18:30
    ComboFix2.txt 2013-12-05 21:19
    .
    Pre-Run: 22,470,459,392 bytes free
    Post-Run: 22,473,121,792 bytes free
    .
    - - End Of File - - BA2B0C1717E9D5925E9B4C3F192D8B74
    8F558EB6672622401DA993E1E865C861
  8. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    4,104
    Likes Received:
    12
    Location:
    Victoria, Australia
    Local time:
    05:09
    My System
    Loading...

    What browser are you using.?

    Check to see if you have these files and delete them
    %CommonAppData%\pcdfdata\ Linkbucks.com
    %CommonAppData%\pcdfdata\app.ico\ Linkbucks.com

    ===========================
    Copy the text in the code box to notepad. Save it as fixreg.reg to your desktop.
    Be sure the "Save as" type is set to "all files"
    Once you have saved it double click it and allow it to merge with the registry.

  9. alvin123

    alvin123 Member PCHF $Donator Bronze Member

    Joined:
    Aug 7, 2013
    Posts:
    35
    Likes Received:
    1
    Local time:
    02:09
    My System
    Loading...

    mozilla firefox 25.0.1
    i have tried another browser, like chrome and IE, and i still can find the redirect ..
  10. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    4,104
    Likes Received:
    12
    Location:
    Victoria, Australia
    Local time:
    05:09
    My System
    Loading...

    I have edited post #8.Try that.
  11. alvin123

    alvin123 Member PCHF $Donator Bronze Member

    Joined:
    Aug 7, 2013
    Posts:
    35
    Likes Received:
    1
    Local time:
    02:09
    My System
    Loading...

    i got this error message.
    "Cannot import C:\Documents and Settings\USER\Desktop\fixreg.reg: The specified file is not a registry script.
    You can only import binary registry files from within the registry editor."

    [​IMG]
  12. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    4,104
    Likes Received:
    12
    Location:
    Victoria, Australia
    Local time:
    05:09
    My System
    Loading...

    Try this...

    Copy the text in the code box to notepad. Save it as fixreg.reg to your desktop.
    Be sure the "Save as" type is set to "all files"
    Once you have saved it double click it and allow it to merge with the registry.

  13. alvin123

    alvin123 Member PCHF $Donator Bronze Member

    Joined:
    Aug 7, 2013
    Posts:
    35
    Likes Received:
    1
    Local time:
    02:09
    My System
    Loading...

    registry success. what to do after that?
  14. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    4,104
    Likes Received:
    12
    Location:
    Victoria, Australia
    Local time:
    05:09
    My System
    Loading...

    Have you done a search for Linksbuck.com files on your computer.From my research there could be also many changes to the registry so you will have to search there to.
  15. alvin123

    alvin123 Member PCHF $Donator Bronze Member

    Joined:
    Aug 7, 2013
    Posts:
    35
    Likes Received:
    1
    Local time:
    02:09
    My System
    Loading...

    i just have done searching linkbucks file on my computer. but no results.
Similar Threads
Forum Title Date
System Security Hijacked/Re-routed/DiscDrive Edited Oct 5, 2013
System Security Computer hijacked. Virus taunting me via text. Aug 20, 2013
System Security PC is being hijacked with adds and suspect more Aug 1, 2013
System Security I need to know if my laptop has been hijacked by a virus. May 24, 2013

Thread Status:
Not open for further replies.