Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have a redirect malware


  • This topic is locked This topic is locked
4 replies to this topic

#1 Xenon

Xenon

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 25 January 2009 - 07:34 PM

For over a month I have had a malware of some sort in my computer that redirects the first 2 pages of my internet search results (google, yahoo...etc). I have scanned my computer with (Ad-Aware, Malwarebytes, Spybot S&D & Super anti spyware) further, I also scanned with (Norton anti virus, Avast & AVG) however, the problem still persists. I posted here before but did not get any replies. Please, I need your help. thanks in advance.

DDS (Ver_09-01-19.01) - NTFSx86
Run by gn00039 at 19:14:16.50 on 2009-01-25
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1309 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Equant\Dialer\EACSvrMngr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mnmsrvc.exe
c:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\system32\StacSV.exe
c:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ON Technology\ON Command Remote Host\ph32svc.exe
c:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\SmsSysTray.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\gn00039\My Documents\MISC\Security\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = frd-proxy.emea.zf-world.com:8080
uInternet Settings,ProxyOverride = <local>
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SmsSysTray] SmsSysTray.exe
mRun: [SnoopFreeUI] SnoopFreeUI.exe
uPolicies-explorer: NoSimpleNetIDList = 1 (0x1)
mPolicies-explorer: NoStrCmpLogical = 1 (0x1)
mPolicies-explorer: PerInstanceIconHandlerForOffline = 1 (0x1)
mPolicies-explorer: UseDesktopIniCache = 1 (0x1)
dPolicies-explorer: NoSimpleNetIDList = 1 (0x1)
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_06-win.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\sappc\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\sappc\sapgui\SAPHTMLP.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: mfdgbf.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,, digeste.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gn00039\applic~1\mozilla\firefox\profiles\hf8m4o8z.default\
FF - component: c:\program files\webex\productivity tools\components\OCFF.dll

============= SERVICES / DRIVERS ===============

R0 SnoopFree;SnoopFree Driver;c:\windows\system32\drivers\SnopFree.sys [2009-1-23 9472]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2008-1-21 24521]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-1-7 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090120.003\naveng.sys [2009-1-21 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090120.003\navex15.sys [2009-1-21 876112]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R4 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
R4 SnoopFreeSvc;SnoopFree Service;System32\SnoopFreeSvc.exe --> System32\SnoopFreeSvc.exe [?]
R4 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2008-1-21 155216]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2008-1-21 58240]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2009-01-25 19:14 <DIR> --d----- c:\temp\RarSFX0
2009-01-25 18:22 388,608 a------- c:\temp\CF12624.exe
2009-01-25 18:21 388,608 a------- c:\windows\system32\CF12464.exe
2009-01-23 17:44 221,184 a------- c:\windows\SnoopFreeUI.exe
2009-01-23 17:44 90,112 a------- c:\windows\system32\SnoopFreeSvc.exe
2009-01-23 17:44 45,056 a------- c:\windows\SnoopFreeDll.dll
2009-01-23 17:44 9,472 a------- c:\windows\system32\drivers\SnopFree.sys
2009-01-19 20:31 <DIR> --d----- c:\program files\CCleaner
2009-01-14 15:45 66,082 ac------ c:\windows\system32\dllcache\c_10004.nls
2009-01-14 15:45 66,082 a------- c:\windows\system32\c_10004.nls
2009-01-12 16:23 388,608 a------- c:\windows\system32\CF24193.exe
2009-01-12 12:27 388,608 a------- c:\windows\system32\CF10740.exe
2009-01-12 12:20 388,608 a------- c:\windows\system32\CF9281.exe
2009-01-11 20:45 250 a------- c:\windows\gmer.ini
2009-01-07 23:04 552 a------- c:\windows\system32\d3d8caps.dat
2009-01-07 12:49 54,156 a---h--- c:\windows\QTFont.qfn
2009-01-07 12:49 1,409 a------- c:\windows\QTFont.for
2009-01-07 12:04 0 a------- c:\windows\vpc32.INI
2009-01-07 11:20 110,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-07 11:20 48,768 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-07 11:20 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-07 11:20 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-07 11:19 <DIR> --d----- c:\program files\Symantec AntiVirus
2009-01-07 10:59 <DIR> --d----- c:\program files\NoNAV
2009-01-07 10:29 <DIR> --d----- C:\SymNoNav
2009-01-07 10:11 573,440 a------- c:\windows\system32\slAgent.exe
2009-01-07 10:07 268 a---h--- C:\sqmdata00.sqm
2009-01-07 10:07 244 a---h--- C:\sqmnoopt00.sqm
2009-01-04 21:39 <DIR> --d----- c:\documents and settings\gn00039\.housecall6.6
2009-01-03 11:49 <DIR> --d----- c:\program files\Trend Micro
2009-01-02 22:59 <DIR> --d----- c:\program files\AVG
2009-01-01 00:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-01 00:53 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-01 00:53 <DIR> --d----- c:\docume~1\gn00039\applic~1\SUPERAntiSpyware.com
2008-12-29 15:06 <DIR> --d----- c:\program files\common files\Vbox
2008-12-29 15:06 72,192 a------- c:\windows\unlite3.exe
2008-12-29 15:06 <DIR> --d----- c:\program files\Bradbury
2008-12-29 15:06 <DIR> --d----- c:\program files\Macromedia
2008-12-29 09:20 120 ---sh--- c:\windows\system32\kjpslwng.ini

==================== Find3M ====================

2008-12-21 01:51 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-29 10:51 685,056 a------- c:\windows\is-B3DC1.exe
2008-03-26 09:08 28,672 a------- c:\documents and settings\gn00039\atwbxdet.dll

============= FINISH: 19:14:35.21 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Xenon

Xenon
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 28 January 2009 - 01:54 PM

Any help you can give will be much appreciated. I'm still having the search result redirect problem.
Also, I just noticed that my last post had a response.... but by then I had given up!!

#3 Xenon

Xenon
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 01 February 2009 - 12:44 PM

Help........ Please......

#4 Xenon

Xenon
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 05 February 2009 - 12:37 AM

I finally fixed the problem using Combofix . Thanks for posting it on your website.

Please close this thread.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:46 PM

Posted 05 February 2009 - 05:55 AM

Since this issue appears resolved ... this Topic is closed.


Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users