Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All Search Engines Redirecting


  • This topic is locked This topic is locked
2 replies to this topic

#1 pizzamiglio

pizzamiglio

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 20 February 2009 - 03:15 PM

I posted this in the wrong forum at first....sorry. =) I should be in the right place now.

All of my search engine results are redirecting to alternate pages and most ads have been replaced with male enhancement pill ads. Thanks in advance for any assistance you might be able to offer. =)


DDS (Ver_09-02-01.01) - NTFSx86
Run by M.pizzamiglio at 15:05:33.19 on Fri 02/20/2009
Internet Explorer: 7.0.6000.16448
Microsoft® Windows Vista™ Business 6.0.6000.0.1252.1.1033.18.1022.252 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbengine.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\M.Pizzamiglio\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bleepingcomputer.com/forums/topic205059.html
mSearchAssistant = hxxp://www.google.com/ie
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [EPSON Artisan 700(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiena.exe /fu "c:\windows\temp\E_SECED.tmp" /EF "HKCU"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [<NO NAME>]
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://cbc-server/connectcomputer/nshelp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} -
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-18 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
R2 MSSQL$OASIS;SQL Server (OASIS);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2007-2-10 29178224]
R2 MSSQL$SQL_LSIDB;SQL Server (SQL_LSIDB);c:\program files\microsoft sql server\mssql.3\mssql\binn\sqlservr.exe [2007-2-10 29178224]

=============== Created Last 30 ================

2009-02-20 13:15 <DIR> --d----- C:\ComboFix
2009-02-20 13:15 320,000 a------- c:\windows\system32\CF13790.exe
2009-02-20 13:10 320,000 a------- c:\windows\system32\CF12794.exe
2009-02-20 11:46 320,000 a------- c:\windows\system32\CF29041.exe
2009-02-19 20:44 56,832 a------- c:\windows\system32\gaopdxhfjpvori.dll
2009-02-19 15:17 <DIR> --d----- C:\RootkitNO
2009-02-19 15:16 2 a--shrot c:\windows\winstart.bat
2009-02-19 15:15 <DIR> --d----- c:\program files\UnHackMe
2009-02-19 15:04 320,000 a------- c:\windows\system32\CF15092.exe
2009-02-19 14:58 320,000 a------- c:\windows\system32\CF13923.exe
2009-02-19 14:47 320,000 a------- c:\windows\system32\CF11425.exe
2009-02-19 14:35 320,000 a------- c:\windows\system32\CF9342.exe
2009-02-19 14:21 320,000 a------- c:\windows\system32\CF6586.exe
2009-02-19 14:05 320,000 a------- c:\windows\system32\CF3552.exe
2009-02-19 13:54 <DIR> --d----- C:\!KillBox
2009-02-19 13:54 320,000 a------- c:\windows\system32\CF1286.exe
2009-02-19 13:34 320,000 a------- c:\windows\system32\CF30207.exe
2009-02-19 13:27 320,000 a------- c:\windows\system32\CF28842.exe
2009-02-19 13:16 320,000 a------- c:\windows\system32\CF26778.exe
2009-02-19 11:31 250 a------- c:\windows\gmer.ini
2009-02-19 09:25 <DIR> --d----- c:\users\mb175~1.piz\appdata\roaming\Malwarebytes
2009-02-19 09:25 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-19 09:25 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-19 09:25 <DIR> --d----- c:\programdata\Malwarebytes
2009-02-19 09:25 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-19 09:25 <DIR> --d----- c:\progra~2\Malwarebytes
2009-02-19 09:07 320,000 a------- c:\windows\system32\CF10683.exe
2009-02-18 09:42 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-18 09:15 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-18 09:14 <DIR> -cd-h--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-18 09:14 <DIR> -cd-h--- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-18 09:14 <DIR> --d----- c:\programdata\Lavasoft
2009-02-18 09:14 <DIR> --d----- c:\program files\Lavasoft
2009-02-18 09:08 <DIR> --d----- c:\program files\SpywareBlaster
2009-02-17 16:38 <DIR> --d----- c:\program files\RapidSolution
2009-02-17 16:21 <DIR> --d----- c:\programdata\RapidSolution
2009-02-17 16:21 <DIR> --d----- c:\progra~2\RapidSolution
2009-02-17 13:45 <DIR> --d----- c:\program files\Trend Micro
2009-02-13 14:14 <DIR> --d----- c:\users\mb175~1.piz\appdata\roaming\DAEMON Tools Pro
2009-02-13 14:13 <DIR> --d----- c:\programdata\DAEMON Tools Lite
2009-02-13 14:13 <DIR> --d----- c:\progra~2\DAEMON Tools Lite
2009-02-13 14:13 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-02-13 14:08 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-02-13 14:08 <DIR> --d----- c:\users\mb175~1.piz\appdata\roaming\DAEMON Tools Lite
2009-02-13 13:56 <DIR> --d----- c:\program files\Managed DirectX (0900)
2009-02-13 13:32 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-02-13 12:57 4 a------- c:\windows\system32\gaopdxcounter
2009-02-12 18:51 <DIR> --d----- c:\programdata\Azureus
2009-02-12 18:51 <DIR> --d----- c:\progra~2\Azureus
2009-02-12 18:51 <DIR> --d----- c:\users\mb175~1.piz\appdata\roaming\Azureus
2009-02-12 18:48 <DIR> --d----- c:\program files\Vuze
2009-02-09 20:38 <DIR> --d----- c:\programdata\Maxtor
2009-02-09 20:38 <DIR> --d----- c:\progra~2\Maxtor
2009-02-09 20:38 441,760 a------- c:\windows\system32\drivers\timntr.sys
2009-02-09 20:38 44,384 a------- c:\windows\system32\drivers\tifsfilt.sys
2009-02-09 20:37 132,224 a------- c:\windows\system32\drivers\snapman.sys
2009-02-09 20:37 368,480 a------- c:\windows\system32\drivers\tdrpman.sys
2009-01-24 10:19 <DIR> --d----- C:\NeverwinterNights

==================== Find3M ====================

2009-02-19 14:51 86,016 a------- c:\windows\inf\infstrng.dat
2009-02-19 14:51 86,016 a------- c:\windows\inf\infstor.dat
2009-02-19 14:51 51,200 a------- c:\windows\inf\infpub.dat
2009-01-12 11:55 983,040 a------- c:\windows\system32\LCOPT2UL.dll
2009-01-03 12:57 622,080 a------- c:\windows\system32\icardagt.exe
2009-01-03 12:57 97,800 a------- c:\windows\system32\infocardapi.dll
2009-01-03 12:57 11,264 a------- c:\windows\system32\icardres.dll
2009-01-03 12:57 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-01-03 12:57 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-01-03 12:57 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-01-03 12:57 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-01-03 12:36 96,760 a------- c:\windows\system32\dfshim.dll
2009-01-03 12:36 41,984 a------- c:\windows\system32\netfxperf.dll
2009-01-03 12:36 282,112 a------- c:\windows\system32\mscoree.dll
2009-01-03 12:36 158,720 a------- c:\windows\system32\mscorier.dll
2009-01-03 12:36 83,968 a------- c:\windows\system32\mscories.dll
2008-12-10 19:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-10 19:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-10 11:02 60,744 a------- c:\users\m.pizzamiglio\g2mdlhlpx.exe
2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll
2008-11-25 11:48 1,007,616 a------- c:\windows\system32\LCAULWL.dll
2008-06-19 08:52 28,672 a------- c:\users\m.pizzamiglio\atwbxdet.dll
2007-12-03 20:52 63,839,744 a------- c:\program files\common files\TaxWise Workstation.msi
2007-06-06 08:59 665,600 a------- c:\windows\inf\drvindex.dat
2007-03-07 03:48 1,369 a------- c:\users\m.pizzamiglio\layout.bin
2006-11-02 07:50 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2006-10-31 09:58 56 a--shr-- c:\windows\system32\31B9430105.sys
2008-09-23 08:05 1,838 a--sh--- c:\windows\system32\KGyGaAvL.sys
2006-11-22 09:54 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 15:06:44.04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:31 PM

Posted 01 March 2009 - 07:13 AM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Also, seems that you had run ComboFix by your own (never recommended!). Please find old ComboFix.txt file on your c: drive and post back its contents.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:31 PM

Posted 07 March 2009 - 11:36 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users