1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Avast keeps detecting cikh71ynks66.com

Discussion in 'Windows - Virus and spyware problems' started by kvn8907, Dec 15, 2010.

  1. kvn8907

    kvn8907 Member

    Joined:
    May 16, 2006
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    16
    There was a previous entry on this forum about this problem, http://keskustelu.afterdawn.com/t.cfm/f-151/avast_blocked_access_to_malicious_site-870357 but it was all in Finnish, so anyway here's my problem.

    When I connect to the internet, Avast keeps saying that it blocked a malicious url, which starts with cikh71ynks66.com but continues in what seems to be a long stream of random characters.

    http://i4.photobucket.com/albums/y104/ervty/message2.jpg

    I'm also having a similar, but I'm not sure if related problem, where if I search something on Yahoo!, if I click a link, it pauses a second then redirects me to one of several crappy spam sites, like shopcompareus.com, www.ftd.com, www.localhometown.com, etc. you get the picture.

    My computer's getting over a virus that I accidently opened last Sunday, which originally disabled Windows Defender, Task Manager, System Restore, and Regedit, but after several virus scans was able to be removed, allowing the afforementioned programs to start running again, but leaving spyware and adware embedded in Internet Explorer and Firefox which so far haven't been able to be removed with AdAware or Spybot Search and Destroy.

    Also, I checked with my school and they're not allowed to do OS reinstalls anymore, so unless I want to go to a computer repair shop, my only choice right now is to try whatever I can to fix these problems on my own.

    Sorry for the long post. Please respond with any suggestions or questions.
     
  2. AfterDawn

    AfterDawn Advertisement

  3. kvn8907

    kvn8907 Member

    Joined:
    May 16, 2006
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    16
    P.S. I tested it a bit more, and the redirect problem occurs both in Internet Explorer and Firefox, and both Yahoo and Google.
     
  4. 2oldGeek

    2oldGeek Regular member

    Joined:
    Jun 16, 2005
    Messages:
    3,142
    Likes Received:
    1
    Trophy Points:
    48
    post a HijackThis Log..
     
  5. kvn8907

    kvn8907 Member

    Joined:
    May 16, 2006
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    16
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:54:23 PM, on 12/15/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v7.00 (7.00.6002.18005)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Program DJ\Wireless Switch\wlss.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Program DJ\Wow Video&Audio\WVAMain.exe
    C:\Program Files\Compal\Smart Battery\SMBTray.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [WLSS] C:\Program Files\Program DJ\Wireless Switch\WLSS.exe
    O4 - HKLM\..\Run: [FPTools] C:\Program Files\LTT\FingerLogon\FingerLogon.exe 1
    O4 - HKLM\..\Run: [CleanEncReg] C:\Windows\system32\CleanEncReg.exe
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Wow Video&Audio] C:\Program Files\Program DJ\Wow Video&Audio\WVAMain.exe
    O4 - HKLM\..\Run: [SMBTray] C:\Program Files\Compal\Smart Battery\SMBTray.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Free YouTube Download - C:\Users\Kevin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O15 - Trusted Zone: http://asia.msi.com.tw
    O15 - Trusted Zone: http://global.msi.com.tw
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
    O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/plugins/activex/YoYo.cab
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Lightuning Encrypt Watching Service (LTT_ENCRYPT_WATCHING) - Unknown owner - C:\Windows\system32\EncryptWatchingService.exe
    O23 - Service: Lightuning UAC Controller Service (LTT_UAC_CTRL) - Unknown owner - C:\Windows\system32\SVC_LTT.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 10009 bytes
     
  6. 2oldGeek

    2oldGeek Regular member

    Joined:
    Jun 16, 2005
    Messages:
    3,142
    Likes Received:
    1
    Trophy Points:
    48
    I can find nothing in your Log..

    Have you tried a restore to a point before this started? You should try that first.
     
  7. kvn8907

    kvn8907 Member

    Joined:
    May 16, 2006
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    16
    Yep. Did a system restore yesterday after the main virus was removed (sorry, I don't have the log of which virus it was, since it was done at the library help desk and I don't know if they kept a log) to last Friday, two days before I got my virus on Sunday.
     
  8. 2oldGeek

    2oldGeek Regular member

    Joined:
    Jun 16, 2005
    Messages:
    3,142
    Likes Received:
    1
    Trophy Points:
    48
    If you still have the problem, try this:

    Run Malwarebytes Antimalware in the Safe mode..
    Then run SuperAntiSpyware in regular mode and post both logs letting me know what problems you still have.

    2oG
     
    Last edited: Dec 16, 2010
  9. kvn8907

    kvn8907 Member

    Joined:
    May 16, 2006
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    16
    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5348

    Windows 6.0.6002 Service Pack 2 (Safe Mode)
    Internet Explorer 7.0.6002.18005

    12/18/2010 1:31:17 PM
    Malwarebytes' Anti-Malware scan

    Scan type: Full scan (C:\|)
    Objects scanned: 534954
    Time elapsed: 1 hour(s), 13 minute(s), 58 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Kevin\downloads\not folder\appplication\vdownloader1.12_setup.exe (Adware.ADON) -> No action taken.
     
  10. kvn8907

    kvn8907 Member

    Joined:
    May 16, 2006
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    16
    With the slowdowns, the search redirects, the Host Processes failing, and the cikh malicious url, no help from Spybot Search and Destroy, Ad-Aware, Avast, CCleaner, or Malware Bytes, plus another problem that was in scvhost.exe, I decided to just re-install Vista, which was easier said than done, and for a while it looked like I'd have to take it to a professional. But with some help from by father and brother, I sucessfully reinstalled Vista, and that solved all my problems. And it was just a re-install, with everything else going to Windows.old, plus a portable hard drive backup just in case, I didn't lose a bit of important data.

    For anyone else with this problem and coming to this thread, sorry. No help here save reinstalling your operating system.
     

Share This Page