Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with google redirect virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 John.L

John.L

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 27 December 2009 - 04:37 PM

My computer is slow, and google hyperlinks redirect to alternate websites other than what is listed.


DDS (Ver_09-12-01.01) - NTFSx86
Run by John Lorimor at 16:11:24.51 on Sun 12/27/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1271.386 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\igfxtray.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\John Lorimor\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Google Update] "c:\documents and settings\john lorimor\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [DrvLsnr] c:\program files\analog devices\soundmax\DrvLsnr.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AuditMode] c:\sysprep\factory.exe -logon
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [PC Pitstop Optimize Reminder] c:\program files\pcpitstop\optimize3\Reminder-Optimize3.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -systray -startup
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &Search - ?p=GRman000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256346563203
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: lubalela.dll c:\windows\system32\hahohetu.dll
SSODL: dalanuvis - {09f9ec87-bb81-48ac-bc7b-5fcc90064b96} - c:\windows\system32\zinotofa.dll
SSODL: vudevoros - {2119d16b-29c1-42d7-bf0a-2cd6aa03d51e} - c:\windows\system32\hahohetu.dll
STS: tokatiluy: {09f9ec87-bb81-48ac-bc7b-5fcc90064b96} - c:\windows\system32\zinotofa.dll
STS: kupuhivus: {2119d16b-29c1-42d7-bf0a-2cd6aa03d51e} - c:\windows\system32\hahohetu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli lafubeye.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-20 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-26 207792]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-12-26 359624]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-12-26 1141712]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-12-20 90352]

=============== Created Last 30 ================

2009-12-26 18:31:49 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-12-26 18:31:49 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-26 18:31:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-26 18:31:31 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-12-26 18:31:31 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-12-26 18:31:31 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-26 18:31:18 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-12-26 18:31:18 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-12-26 18:30:48 0 d-----w- c:\program files\Spyware Doctor
2009-12-26 18:30:48 0 d-----w- c:\program files\common files\PC Tools
2009-12-26 18:30:48 0 d-----w- c:\docume~1\johnlo~1\applic~1\PC Tools
2009-12-26 18:30:48 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-12-22 18:05:15 0 d-----w- c:\program files\PopCap Games
2009-12-21 02:48:34 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-21 00:42:32 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-21 00:40:31 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-21 00:39:27 0 d-----w- c:\program files\Lavasoft
2009-12-20 23:56:26 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop
2009-12-20 23:56:25 0 d-----w- c:\program files\PCPitstop
2009-12-11 00:45:58 0 d-----w- c:\docume~1\johnlo~1\applic~1\Office Genuine Advantage
2009-12-05 03:58:49 4788 ----a-w- c:\windows\wininit.ini
2009-12-04 18:06:30 0 d-----w- c:\program files\Shared

==================== Find3M ====================

2009-12-26 02:51:17 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-23 04:50:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-02 15:33:03 6 ----a-w- C:\DeleteContent.bat
2009-09-04 08:29:00 91648 --sha-w- c:\windows\system32\fagoyuzu.dll

============= FINISH: 16:13:38.64 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 John.L

John.L
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 28 December 2009 - 07:56 PM

Ran TFC followed by Combofix and my issue seems resolved. You may close this request. Thanks.

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 53,743 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:41 PM

Posted 29 December 2009 - 03:53 AM

Closed upon users request.
regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."


banner.png

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users