Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirected searches


  • This topic is locked This topic is locked
4 replies to this topic

#1 Rybkin

Rybkin

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 16 January 2009 - 11:17 PM

Every time I use search engine I am being redirected to some unrelated websites. I removed all virus and spyware programs to install new ones and now can't even access microsoft for updates. If there anyone can help me it would be geately appreciated.


DDS (Ver_09-01-07.01) - NTFSx86
Run by CPMPAQ at 21:36:15.85 on Fri 01/16/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.40 [GMT 3:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\D-Link\Wireless G WNA-1330\acs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\D-Link\Wireless G WNA-1330\wirelesscm.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CPMPAQ\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\wireless g wna-1330\wirelesscm.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S4 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [1980-1-4 23856]

=============== Created Last 30 ================


==================== Find3M ====================

2008-11-26 18:02 75,776 a------- c:\windows\system32\drivers\msqpdxwqwevxvk.sys
2008-11-26 18:02 55,296 a------- c:\windows\system32\msqpdxdibitafq.dll
2008-10-29 01:36 823,296 a------- c:\windows\system32\divx_xx0c.dll
2008-10-29 01:36 823,296 a------- c:\windows\system32\divx_xx07.dll
2008-10-29 01:35 815,104 a------- c:\windows\system32\divx_xx0a.dll
2008-10-29 01:35 802,816 a------- c:\windows\system32\divx_xx11.dll
2008-10-29 01:35 684,032 a------- c:\windows\system32\DivX.dll
2008-06-04 00:53 17,920 a------- c:\docume~1\cpmpaq\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 21:36:47.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Deacon10

Deacon10

  • Members
  • 240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa Area Florida
  • Local time:01:28 PM

Posted 17 January 2009 - 12:46 PM

"Welcome to BleepingComputer.com"

I'm Deacon10 or Larry if you prefer and will be working with you to resolve your problems. I am reviewing your log which requires an amount of research, so please be patient.
Just a few notes I tell everybody I work with:
  • Please reply to this thread. Do not start a new topic.
  • If you have any questions or don't understand something please stop and ask before you proceed.
  • Please set aside enough time to complete all the steps in each post and follow these instructions in the order stated.
  • Please don't run any extra "scans or fix" programs not requested by me, it could change the results in the reports I request.
  • If you have circumstances that you are aware of that will delay your response, then please let me know. This is to insure that your topic remains open.
  • Please continue here with me until I tell you your system is free from malware. :thumbup2:
    Just because a symptom disappears does not mean your system is clean.
  • The following fix is specifically designed for this users post and this machine only!

Deacon10

"Hindsight explains the injury that foresight would have prevented”

#3 Rybkin

Rybkin
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 17 January 2009 - 03:38 PM

Hi Larry, thank you for relying to my post. I am sorry for not to reply to your message immediately. I did not have a chance to get to my computer. I have read your recomendations above and sure will try to follow your future recomendations, as close as I can. Thank you, Alex

#4 Deacon10

Deacon10

  • Members
  • 240 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tampa Area Florida
  • Local time:01:28 PM

Posted 19 January 2009 - 02:04 PM

Hi,

:step1:
I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitTorrent

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. This practice may be the source of your current malware infestation.
I strongly recommend you remove this program.

Go to Start -> Control Panel -> Add/Remove Programs -> uninstall BitTorrent or any variations of these programs.



:)
Spyware Destructor is a new rogue anti-spyware program, one of the many roaming the net today. It seems to be a clone of AntiSpywareExpert and a few other rogues.

Go to Start -> Control Panel -> Add/Remove Programs -> uninstall Spyware Destructor or AntiSpywareExpert or any variations of these programs.

:thumbup2:
I see that you have no Anti-Virus program ("AV") present on your system.
Please install an Anti-Virus program.
AntiVir® -or- Avast are good FREE Anti-Virus programs.
Never install more than one Anti-Virus scanner on your system! Having more than one AV installed will likely cause your system to become unstable and seriously decrease the reliable detection of any malware.
After installing the AV program, have it perform a complete scan, and let it delete everything it finds.


:step4:
Download Malwarebytes' Anti-Malware from HERE or from HERE

Double-click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware; then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform full scan"; then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad. You may be prompted to Restart (See Extra Note).
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

:step5:
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt will be maximized and info.txt will be minimized)
Please post back with:
MBAM log
RSIT log.txt
RSIT info.txt

Deacon10

"Hindsight explains the injury that foresight would have prevented”

#5 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:28 PM

Posted 24 January 2009 - 10:23 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users