BleepingComputer.com: Google Search Results Redirected to Random Sites

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Google Search Results Redirected to Random Sites

#1 User is offline   FoxIX 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 09-August 11

Posted 11 August 2011 - 06:08 AM

When I am using search engines, the correct results are displayed however, when I click on any of the links I am forwarded to random sites such as unknown search engines or sites which are full of advertising. This does not happen all the time rather it is random but happens more often that getting the correct websites as displayed on the search engine.


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_26
Run by foxy at 10:45:12 on 2011-08-10
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.2814.1429 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
c:\xampp\mysql\bin\mysqld.exe
C:\Users\foxy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\BOINC\boinctray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\foxy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KiesTrayAgent.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Users\foxy\AppData\Local\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\CHECKP~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\foxy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\foxy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\foxy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\foxy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\foxy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\foxy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\foxy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [Google Update] "c:\users\foxy\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [E17934635A58A26536CEDD41415485602BAB3292._service_run] "c:\users\foxy\appdata\local\google\chrome\application\chrome.exe" --type=service
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
StartupFolder: c:\users\foxy\appdata\roaming\microsoft\windows\start menu\programs\startup\AdobeARM.exe
StartupFolder: c:\users\foxy\appdata\roaming\micros~1\windows\startm~1\programs\startup\boincm~1.lnk - c:\program files\boinc\boincmgr.exe
StartupFolder: c:\users\foxy\appdata\roaming\micros~1\windows\startm~1\programs\startup\boinct~1.lnk - c:\program files\boinc\boinctray.exe
StartupFolder: c:\users\foxy\appdata\roaming\micros~1\windows\startm~1\programs\startup\cs55se~1.lnk - c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe
StartupFolder: c:\users\foxy\appdata\roaming\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google desktop search\GoogleDesktop.exe
StartupFolder: c:\users\foxy\appdata\roaming\micros~1\windows\startm~1\programs\startup\google~2.lnk - c:\users\foxy\appdata\local\google\update\GoogleUpdate.exe
StartupFolder: c:\users\foxy\appdata\roaming\micros~1\windows\startm~1\programs\startup\jusche~1.lnk - c:\program files\common files\java\java update\jusched.exe
StartupFolder: c:\users\foxy\appdata\roaming\microsoft\windows\start menu\programs\startup\KiesTrayAgent.exe
StartupFolder: c:\users\foxy\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\users\foxy\appdata\roaming\micros~1\windows\startm~1\programs\startup\qttask~1.lnk - c:\program files\quicktime\QTTask.exe
StartupFolder: c:\users\foxy\appdata\roaming\micros~1\windows\startm~1\programs\startup\switch~1.lnk - c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E91CFC52-FDBC-42FB-93C3-74B1306CA02E} : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\foxy\appdata\roaming\mozilla\firefox\profiles\o9ylmb44.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\firefox 5\plugins\npdeployJava1.dll
FF - plugin: c:\program files\firefox 5\plugins\npwachk.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\foxy\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 SMR200;Symantec SMR Utility Service 2.0.0;c:\windows\system32\drivers\SMR200.SYS [2011-8-9 83064]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-14 11352]
R1 SASDIFSV;SASDIFSV;c:\users\foxy\appdata\local\temp\sas_selfextract\sasdifsv.sys [2011-7-12 12880]
R1 SASKUTIL;SASKUTIL;c:\users\foxy\appdata\local\temp\sas_selfextract\saskutil.sys [2011-7-12 67664]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-5-14 21504]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-7-25 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-7-25 493184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-6 366640]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2011-3-14 350248]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-6 22712]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-7-15 197224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-5-25 3930112]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-5-20 36608]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-8-4 27192]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 UCharger;Energizer Usb Charger Driver;c:\windows\system32\drivers\UCharger.sys [2007-5-15 13765]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-7-28 30192]
S4 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-6-13 2337144]
.
=============== Created Last 30 ================
.
2011-08-09 13:48:28 -------- d-----w- c:\users\foxy\appdata\roaming\VideoBooth
2011-08-09 13:48:18 -------- d-----w- c:\program files\VideoBooth
2011-08-09 12:52:33 83064 ----a-w- c:\windows\system32\drivers\SMR200.SYS
2011-08-09 12:52:19 -------- d-----w- c:\users\foxy\appdata\local\NPE
2011-08-09 12:52:19 -------- d-----w- c:\programdata\Norton
2011-08-09 10:24:39 -------- d-----w- c:\users\foxy\appdata\roaming\SUPERAntiSpyware.com
2011-08-09 10:24:39 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-08 14:41:51 -------- d-----w- c:\users\foxy\appdata\roaming\Artisteer
2011-08-08 14:34:55 -------- d-----w- c:\program files\Artisteer 2
2011-08-08 11:54:56 9216 ----a-w- c:\windows\system32\agrsmsvc.exe
2011-08-08 11:54:56 50752 ----a-w- c:\windows\agrsmdel.exe
2011-08-08 11:54:56 13312 ----a-w- c:\windows\system32\agrscoin.dll
2011-08-08 11:54:56 1163616 ----a-w- c:\windows\system32\drivers\AGRSM.sys
2011-08-07 11:39:44 -------- d-----w- c:\windows\Internet Logs
2011-08-07 11:05:07 -------- d-----w- c:\users\foxy\appdata\roaming\CheckPoint
2011-08-07 11:03:26 -------- d-----w- c:\program files\zonealarm_security_suite
2011-08-07 10:43:19 -------- d-----w- c:\program files\CheckPoint
2011-08-07 10:34:30 -------- d-----w- c:\programdata\Kaspersky SDK
2011-08-07 10:29:17 -------- d-----w- c:\users\foxy\appdata\roaming\MailFrontier
2011-08-07 10:17:10 72704 ----a-w- c:\windows\zllsputility.exe
2011-08-07 10:15:41 -------- d-----w- c:\programdata\CheckPoint
2011-08-07 10:01:04 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-08-07 00:08:28 -------- d-----w- c:\programdata\CrypKey
2011-08-07 00:06:47 23360 ----a-w- c:\windows\system32\Ckldrv.sys
2011-08-07 00:06:47 165888 ----a-r- c:\windows\Ckconfig.exe
2011-08-07 00:06:47 126976 ----a-w- c:\windows\system32\Crypserv.exe
2011-08-07 00:06:47 11776 ----a-w- c:\windows\Ckrfresh.exe
2011-08-07 00:06:42 -------- d-----w- c:\program files\AceReader Pro Deluxe Plus
2011-08-07 00:06:41 -------- d-----w- c:\programdata\AceReader Pro Deluxe Plus
2011-08-06 10:26:49 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-06 10:26:45 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-06 10:26:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-05 01:13:57 -------- d-----w- c:\program files\common files\DAZ
2011-08-05 01:11:37 -------- d-----w- c:\program files\DAZ 3D
2011-08-05 00:33:01 -------- d--h--w- c:\program files\InstallJammer Registry
2011-08-04 13:52:15 -------- d-----w- c:\users\foxy\appdata\roaming\Malwarebytes
2011-08-04 13:52:07 -------- d-----w- c:\programdata\Malwarebytes
2011-08-04 11:47:32 64512 --sha-r- c:\windows\system32\certprop9.dll
2011-08-04 11:31:11 -------- d-----w- c:\program files\IObit
2011-08-04 10:47:24 -------- d-----w- c:\users\foxy\appdata\local\VS Revo Group
2011-08-04 10:47:20 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-08-04 10:47:18 -------- d-----w- c:\program files\VS Revo Group
2011-08-01 09:12:08 -------- d-----w- c:\users\foxy\appdata\local\Turbine
2011-08-01 08:53:57 -------- d-----w- c:\users\foxy\appdata\local\ApplicationHistory
2011-08-01 08:51:35 -------- d-----w- c:\windows\system32\URTTEMP
2011-08-01 08:31:49 -------- d-----w- c:\program files\Turbine
2011-07-31 20:22:44 -------- d-----w- c:\users\foxy\appdata\local\PMB Files
2011-07-31 20:22:42 -------- d-----w- c:\programdata\PMB Files
2011-07-31 20:22:10 -------- d-----w- c:\program files\Pando Networks
2011-07-30 17:11:04 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-07-30 17:10:05 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-07-30 17:07:54 -------- d-----w- c:\users\foxy\appdata\local\Microsoft Help
2011-07-30 13:18:18 -------- d-----w- c:\program files\SeaMonkey
2011-07-30 13:13:12 -------- d-----w- c:\users\foxy\appdata\local\Netscape
2011-07-30 13:13:02 -------- d-----w- c:\program files\Netscape
2011-07-29 21:07:34 -------- d-----w- c:\windows\pss
2011-07-29 21:06:34 3373968 ----a-w- c:\users\foxy\appdata\roaming\microsoft\windows\start menu\programs\startup\KiesTrayAgent.exe
2011-07-29 20:59:33 937920 ----a-w- c:\users\foxy\appdata\roaming\microsoft\windows\start menu\programs\startup\AdobeARM.exe
2011-07-27 11:31:28 -------- d-----w- c:\programdata\Blumentals
2011-07-27 10:07:10 69632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP8R.DLL
2011-07-27 10:07:10 27136 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD8R.DLL
2011-07-27 10:05:28 216064 ----a-w- c:\windows\system32\CNMLM8R.DLL
2011-07-26 21:46:23 94536 ----a-w- c:\windows\system32\UDBDef.exe
2011-07-25 12:41:21 -------- d-----w- C:\xampp
2011-07-25 12:26:55 -------- d-----w- c:\program files\Crossword Compiler 7
2011-07-25 11:54:46 -------- d-----w- c:\program files\Crossword Weaver
2011-07-25 09:42:06 -------- d-----w- c:\users\foxy\Mother
2011-07-20 06:11:17 -------- d-----w- c:\users\foxy\appdata\local\Thunderbird
2011-07-19 23:20:33 -------- d-----w- c:\program files\NCH Software
2011-07-19 23:20:21 -------- d-----w- c:\users\foxy\appdata\local\Conduit
2011-07-19 23:19:56 -------- d-----w- c:\program files\NCH Swift Sound
2011-07-17 13:27:10 -------- d-----w- c:\users\foxy\Films
2011-07-17 11:37:55 758784 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-07-16 16:04:26 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-07-15 02:38:34 -------- d-----w- c:\windows\system32\sda
2011-07-15 02:37:25 197224 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2011-07-15 02:37:24 9888360 ----a-w- c:\windows\system32\RtsUStoricon.dll
2011-07-15 02:37:24 313960 ----a-w- c:\windows\system32\RtsUStor.dll
2011-07-15 02:08:51 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2011-07-15 01:53:06 -------- d-----w- c:\program files\Synaptics
2011-07-15 00:57:15 -------- d-----w- c:\windows\system32\RTCOM
2011-07-15 00:53:52 359768 ----a-w- c:\windows\system32\RTEEP32A.dll
2011-07-15 00:52:41 1740352 ----a-w- c:\windows\system32\FMAPO.dll
2011-07-15 00:47:11 -------- d-----w- c:\program files\Realtek
2011-07-15 00:46:45 -------- d--h--w- c:\program files\Temp
2011-07-15 00:16:04 -------- d-----w- c:\programdata\IObit
2011-07-14 23:50:38 -------- d-----w- c:\users\foxy\appdata\roaming\IObit
2011-07-14 23:43:37 -------- d-----w- c:\program files\ATI
2011-07-14 23:27:32 1698408 ----a-w- c:\windows\RtlExUpd.dll
2011-07-13 23:26:02 -------- d-----w- c:\program files\Xenu
2011-07-13 01:26:51 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 01:26:46 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-13 01:26:46 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-12 13:30:05 -------- d-----w- c:\users\foxy\appdata\local\Microsoft Corporation
2011-07-12 13:12:18 334008 ----a-r- c:\users\foxy\appdata\roaming\microsoft\installer\{128880ff-2049-4b5e-a14d-63c49823621f}\BOINCMGRLink_B65C4A4D2B2A46CCA2D918164C6297B8.exe
2011-07-12 13:12:18 334008 ----a-r- c:\users\foxy\appdata\roaming\microsoft\installer\{128880ff-2049-4b5e-a14d-63c49823621f}\ARPPRODUCTICON.exe
2011-07-12 13:12:15 -------- d-----w- c:\program files\BOINC
2011-07-12 12:41:02 -------- d-----w- c:\users\foxy\appdata\local\MozSwing
2011-07-12 12:36:16 -------- d-----w- c:\program files\SEO PowerSuite
2011-07-11 18:56:42 -------- d-----w- c:\program files\DiskTrix
.
==================== Find3M ====================
.
2011-07-25 08:17:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-15 00:54:51 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-07-07 18:46:16 2189928 ----a-w- c:\windows\system32\RtkPgExt.dll
2011-07-07 16:39:06 3531176 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2011-07-07 14:50:02 1483264 ----a-w- c:\windows\system32\RCoRes.dat
2011-07-06 20:42:46 4187240 ----a-w- c:\windows\system32\RtkAPO.dll
2011-07-06 12:27:00 76392 ----a-w- c:\windows\system32\RtkCoInst.dll
2011-07-01 13:05:42 1264232 ----a-w- c:\windows\system32\RtkApoApi.dll
2011-06-30 15:14:54 1497704 ----a-w- c:\windows\system32\RTSndMgr.cpl
2011-06-27 13:53:36 3327320 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll
2011-06-27 13:53:30 1725784 ----a-w- c:\windows\system32\WavesGUILib.dll
2011-06-13 11:49:22 840880 ----a-w- c:\windows\boinc.scr
2011-06-10 16:35:28 357200 ----a-w- c:\windows\system32\KAAPORT.dll
2011-06-07 10:13:44 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-05-31 08:42:06 654952 ----a-w- c:\windows\system32\DTSBassEnhancementDLL.dll
2011-05-31 08:42:06 631400 ----a-w- c:\windows\system32\DTSSymmetryDLL.dll
2011-05-31 08:42:06 601704 ----a-w- c:\windows\system32\DTSVoiceClarityDLL.dll
2011-05-31 08:42:06 458344 ----a-w- c:\windows\system32\DTSNeoPCDLL.dll
2011-05-31 08:42:06 389736 ----a-w- c:\windows\system32\DTSGainCompensatorDLL.dll
2011-05-31 08:42:06 375400 ----a-w- c:\windows\system32\DTSLimiterDLL.dll
2011-05-31 08:42:06 218728 ----a-w- c:\windows\system32\DTSGFXAPONS.dll
2011-05-31 08:42:06 218728 ----a-w- c:\windows\system32\DTSGFXAPO.dll
2011-05-31 08:42:06 218216 ----a-w- c:\windows\system32\DTSLFXAPO.dll
2011-05-31 08:42:06 1509480 ----a-w- c:\windows\system32\DTSS2SpeakerDLL.dll
2011-05-31 08:42:06 1292904 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL.dll
2011-05-31 08:42:06 1220200 ----a-w- c:\windows\system32\DTSBoostDLL.dll
2011-05-28 06:08:58 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10:26 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-25 03:07:48 688128 ----a-w- c:\windows\system32\aticfx32.dll
2011-05-25 02:24:36 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-05-25 02:24:16 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2011-05-24 22:44:26 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-05-24 22:44:10 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-24 22:43:50 12798976 ----a-w- c:\windows\system32\amdocl.dll
2011-05-24 18:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-20 15:45:54 1251840 ----a-w- c:\windows\system32\drivers\athr.sys
2011-05-14 15:11:42 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-05-14 15:11:41 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-05-12 16:16:31 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-05-12 16:14:20 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-05-12 16:14:20 36864 ----a-w- c:\windows\system32\drivers\en-us\http.sys.mui
2011-05-12 16:14:20 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-05-12 16:14:20 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-05-12 16:02:27 0 ----a-w- c:\windows\ativpsrm.bin
2011-05-12 15:46:13 23552 ----a-w- c:\windows\system32\lpk.dll
2011-05-12 15:46:13 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-05-12 15:40:30 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-05-12 15:40:29 272896 ----a-w- c:\windows\system32\polstore.dll
2011-05-12 15:32:09 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-05-12 15:32:09 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-05-12 15:32:08 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-05-12 15:32:08 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-05-12 15:32:08 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-05-12 15:32:08 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-05-12 15:32:08 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-05-12 15:32:08 10240 ----a-w- c:\windows\system32\finger.exe
2011-05-12 15:26:11 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-05-12 15:26:10 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-05-12 15:26:10 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-05-12 15:26:10 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-05-12 15:26:10 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-05-12 15:26:10 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-05-12 15:26:04 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2011-05-12 15:24:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-05-12 15:24:43 2048 ----a-w- c:\windows\system32\msxml3r.dll
2011-05-12 15:24:42 2048 ----a-w- c:\windows\system32\msxml6r.dll
2011-05-12 15:23:21 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-05-12 15:17:20 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-05-12 15:17:19 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-05-12 15:17:19 2048 ----a-w- c:\windows\system32\mferror.dll
2011-05-12 15:07:57 71680 ----a-w- c:\windows\system32\atl.dll
2011-05-12 14:56:50 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-05-12 14:55:24 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-05-12 14:55:23 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-05-12 14:49:16 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-05-12 14:35:34 623616 ----a-w- c:\windows\system32\localspl.dll
2011-05-12 14:28:31 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-05-12 14:26:15 9728 ----a-w- c:\windows\system32\lsass.exe
2011-05-12 14:26:15 72704 ----a-w- c:\windows\system32\secur32.dll
2011-05-12 14:26:15 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-05-12 14:26:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-05-12 14:26:15 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-05-12 14:26:15 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-05-12 14:21:59 4495360 ----a-w- c:\windows\system32\NlsData0416.dll
2011-05-12 14:21:58 4495360 ----a-w- c:\windows\system32\NlsData0816.dll
2011-05-12 14:21:57 6917120 ----a-w- c:\windows\system32\NlsLexicons0c1a.dll
2011-05-12 14:21:57 1965056 ----a-w- c:\windows\system32\NlsData081a.dll
2011-05-12 14:21:56 1965056 ----a-w- c:\windows\system32\NlsData0c1a.dll
2011-05-12 14:17:30 6656 ----a-w- c:\windows\system32\kbd106n.dll
2011-05-12 14:14:50 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-05-12 14:14:50 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-05-12 14:11:40 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2011-05-12 14:11:40 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-05-12 14:11:40 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
.
============= FINISH: 10:47:18.58 ===============

EDIT: My searches now only result in one thing and that is forwarding to a page 'attempting' to solve a computer error. Unless I type in the address directly in the address bar, I am automatically redirected to a Microsoft issue page.

Attached File(s)

  • Attached File  attach.txt (6.44K)
    Number of downloads: 0
  • Attached File  ark.txt (187.57K)
    Number of downloads: 0

This post has been edited by FoxIX: 11 August 2011 - 09:40 PM

#2 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 15 August 2011 - 01:29 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK

    Do not re-enable these drivers until otherwise instructed.


Download DDS:

    Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt

    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply


Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

information and logs:

    In your next post I need the following

    • .logs from DDS
    • log from RKUnHooker
    • let me know of any problems you may have had


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#3 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 17 August 2011 - 11:40 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#4 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 22 August 2011 - 04:28 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users