Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Searches being redirected in both IE and Firefox


  • Please log in to reply
5 replies to this topic

#1 Stephen Hannant

Stephen Hannant

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 20 March 2009 - 12:37 AM

Hi All. I've been having issues when I perform a search through Google. When I click on a link, I am taken to another search site. I have done some limited research and this seems to be more of a common problem than I realised. I installed Firefox thinking that maybe the issue was related to IE only, but this is happening on both softwares. I have hopefully followed the rules for this site, and I am posting below the results of the DDS.txt file.
S
I hope that someone can shed some light on what may or may not be correct on my laptop. Please note that this is first and foremost a work computer, so it does have Symantic Antivirus installed.


DDS (Ver_09-03-16.01) - NTFSx86
Run by SHannant at 22:22:24.47 on 03/19/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1201 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Citrix\PNAgent\ssonsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Symantec\Ghost\ngtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Juniper Networks\Network Connect 6.0.0\dsNetworkConnect.exe
svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\HijackThis\HiJackThis_v2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Documents and Settings\shannant.CNS\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://home.eentertainment.com/
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://home.eentertainment.com/
uInternet Settings,ProxyOverride = *.eonline.com;*.comcastnets.com;*.eentertainment.com;*.mystyle.com;*.comcast.com;*.teamcomcast.com;phobos.apple.com;ax.phobos.apple.*;localhost;127.0.0.1;10.*;192.168.243.*;208.78.120.*;12.46.7.*;*.cable.comcast.com;*.adphc.com;ccc.hostedeet.com;<local>;*.local
uInternet Settings,ProxyServer = proxy.comcastnets.com:80
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DataVault Bar: {0d792cb2-2654-4e99-a597-7fc317f04d61} - c:\program files\datavault\ie.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [IMJPMIG9.0] c:\progra~1\common~1\micros~1\ime\imjp9\IMJPMIG.EXE /Preload /Migration32
mRun: [imekrmig7.0] "c:\program files\common files\microsoft shared\ime\imkr7\IMEKRMIG.EXE"
mRun: [NGTray] "c:\program files\symantec\ghost\ngtray.exe"
mRun: [Ycujitigokidon] rundll32.exe "c:\windows\otoziyequkive.dll",e
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08da -f video -m logitech -d 11.1.0.2016
uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-system: SetVisualStyle =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Save to DataVault - file://c:\program files\datavault\iemenuext.htm
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: teamcomcast.com
Trusted Zone: teamcomcast.com\hcmstage
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196189577009
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://pilatmedia.webex.com/client/T26L/webex/ieatgpc.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://portal.comcastnets.com/dana-cached/setup/JuniperSetupSP1.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: ckpNotify - ckpNotify.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shannant.cns\applic~1\mozilla\firefox\profiles\c6inn3ot.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {FC351C5B-EB31-47AE-8BB6-FD908E7E2C5B} - c:\documents and settings\shannant.cns\local settings\application data\{FC351C5B-EB31-47AE-8BB6-FD908E7E2C5B}

============= SERVICES / DRIVERS ===============

R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2008-7-5 2234320]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2005-11-29 36768]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-24 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-24 169632]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2008-7-5 36400]
R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\symantec\ghost\ngctw32.exe [2008-9-5 673160]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-6-15 115952]
R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2008-12-10 88576]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-6-15 1805552]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-10 24652]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2008-7-5 109072]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2008-7-5 671472]
R2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\drivers\WebCamDV.sys [2004-9-17 212608]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-26 101936]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2007-4-14 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-10-21 36352]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090318.006\naveng.sys [2009-3-19 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090318.006\navex15.sys [2009-3-19 876144]
R3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys [2004-9-17 12672]
S0 GhMon;GhostMountMonitor - Boot Phase Driver;c:\windows\system32\drivers\ghmon.sys --> c:\windows\system32\drivers\ghmon.sys [?]
S0 GhPostConfig;GhostPostConfig - Boot Phase Driver;c:\windows\system32\drivers\ghpcw2k.sys --> c:\windows\system32\drivers\ghpcw2k.sys [?]
S2 DVDRIVER;DVdriver;c:\windows\system32\drivers\dvdriver.sys [2007-10-19 30296]
S2 GhPostConfig_Auto;GhostPostConfig - Auto Phase Driver;c:\windows\system32\drivers\ghpcw2k.sys --> c:\windows\system32\drivers\ghpcw2k.sys [?]

=============== Created Last 30 ================

2009-03-19 22:22 <DIR> --d----- c:\temp\RarSFX0
2009-03-19 22:08 <DIR> --d----- c:\temp\plugtmp
2009-03-19 09:17 <DIR> --d----- c:\program files\iPod
2009-03-19 09:16 <DIR> --d----- c:\program files\iTunes
2009-03-19 09:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-19 09:09 <DIR> --d----- c:\program files\Bonjour
2009-03-16 23:11 <DIR> --d----- c:\documents and settings\shannant.cns\Tracing
2009-03-16 23:06 <DIR> --d----- c:\temp\0316230600000fdc7fs4ntp2f2
2009-03-16 23:06 <DIR> --d----- c:\program files\Microsoft
2009-03-16 23:05 <DIR> --d----- c:\temp\0316230500000fdcfwae7tujeb
2009-03-16 23:05 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-03-16 23:03 <DIR> --d----- c:\program files\common files\Windows Live
2009-02-24 09:08 22 a------- c:\temp\get_nls.bat
2009-02-22 05:28 28 a------- c:\temp\ExchangePerflog_8484fa31dc5b645e315586ef.dat

==================== Find3M ====================

2009-02-16 22:56 388,608 a------- c:\windows\system32\CF5563.exe
2009-02-06 18:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-02-06 12:41 3,608 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-02-06 12:41 88 ---shr-- c:\docume~1\alluse~1\applic~1\5D92B26E0C.sys
2009-02-02 12:31 3,916 a------- c:\windows\system32\tmp.reg
2009-01-29 01:12 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-01-29 01:12 0 a------- c:\windows\system32\drivers\logiflt.iad
2008-12-23 02:35 131,584 a------- c:\windows\otoziyequkive.dll
2008-12-19 23:44 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-10 21:46 256 a------- c:\documents and settings\shannant.cns\pool.bin

============= FINISH: 22:22:48.50 ===============

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:07 PM

Posted 24 March 2009 - 04:57 PM

Hello Stephen and welcome to Bleeping Computer,

1. Please download GooredFix and save it to your Desktop.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.

2. Please read this tutorial carefully to download ComboFix from one of the locations specified, and save it to your Desktop.
Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbup2:

If you have any questions along the way, STOP and ask them before proceeding !!

If ComboFix does run it's full circle, the please try to install Avira Antivir as well, update and run a full system scan.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Stephen Hannant

Stephen Hannant
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 24 March 2009 - 05:32 PM

Hi Thunder,

Many thanks for the welcome. I am posting below the results of the 2 scans:

**GooredLog.txt**

GooredFix v1.92 by jpshortstuff
Log created at 15:03 on 24/03/2009 running Option #2 (shannant)
Firefox version 3.0.7 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{FC351C5B-EB31-47AE-8BB6-FD908E7E2C5B}"="C:\Documents and Settings\shannant.CNS\Local Settings\Application Data\{FC351C5B-EB31-47AE-8BB6-FD908E7E2C5B}"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\shannant.CNS\Local Settings\Application Data\{FC351C5B-EB31-47AE-8BB6-FD908E7E2C5B}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"datavault@ascendo.inc"="C:\Program Files\DataVault\firefox"




**ComboFix.txt**

ComboFix 09-03-23.01 - shannant 2009-03-24 15:19:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1357 [GMT -7:00]
Running from: c:\documents and settings\shannant.CNS\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\IE4 Error Log.txt
c:\windows\system32\tmp.reg

----- BITS: Possible infected sites -----

hxxp://or1-cns-wsus-01
.
((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))
.

2009-03-24 15:21 . 2009-03-24 15:21 53,248 --a------ c:\temp\catchme.dll
2009-03-24 08:54 . 2009-03-24 08:54 <DIR> d-------- c:\temp\WPDNSE
2009-03-22 21:41 . 2009-03-22 23:55 <DIR> d-------- c:\temp\plugtmp-1
2009-03-21 23:58 . 2009-03-21 23:58 <DIR> d-------- c:\windows\system32\XPSViewer
2009-03-21 23:58 . 2009-03-21 23:58 <DIR> d-------- c:\program files\Reference Assemblies
2009-03-21 23:58 . 2009-03-21 23:58 <DIR> d-------- c:\program files\MSBuild
2009-03-21 23:58 . 2009-03-21 23:58 <DIR> d-------- C:\d38daf2a8d7d110a03abcf8a
2009-03-21 23:58 . 2008-07-06 05:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-03-21 23:58 . 2008-07-06 05:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-21 23:58 . 2008-07-06 03:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-21 23:58 . 2008-07-06 05:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-03-21 23:58 . 2008-07-06 05:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-21 23:58 . 2008-07-06 05:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-03-21 23:58 . 2008-07-06 05:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-21 23:44 . 2009-03-21 23:44 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-03-21 23:41 . 2009-03-21 23:42 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-03-21 23:40 . 2009-03-21 23:45 <DIR> d-------- c:\temp\IXP000.TMP
2009-03-21 23:40 . 2009-03-21 23:40 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-21 22:37 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-03-21 22:10 . 2009-03-21 22:10 <DIR> d-------- c:\temp\plugtmp
2009-03-19 22:22 . 2009-03-19 22:23 <DIR> d-------- c:\temp\RarSFX0
2009-03-19 09:17 . 2009-03-19 09:17 <DIR> d-------- c:\program files\iPod
2009-03-19 09:16 . 2009-03-19 09:17 <DIR> d-------- c:\program files\iTunes
2009-03-19 09:16 . 2009-03-19 09:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-19 09:13 . 2009-03-19 09:13 <DIR> d-------- c:\program files\QuickTime
2009-03-19 09:09 . 2009-03-19 09:09 <DIR> d-------- c:\program files\Bonjour
2009-03-16 23:11 . 2009-03-24 08:54 <DIR> d-------- c:\documents and settings\shannant.CNS\Tracing
2009-03-16 23:06 . 2009-03-24 15:21 <DIR> d-------- c:\temp\0316230600000fdc7fs4ntp2f2
2009-03-16 23:06 . 2009-03-16 23:06 <DIR> d-------- c:\program files\Microsoft
2009-03-16 23:05 . 2009-03-24 15:21 <DIR> d-------- c:\temp\0316230500000fdcfwae7tujeb
2009-03-16 23:05 . 2009-03-16 23:05 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-03-16 23:03 . 2009-03-16 23:03 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-03-09 13:45 . 2009-03-09 13:45 0 --a------ c:\windows\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 17:05 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-24 16:38 --------- d-----w c:\documents and settings\shannant.CNS\Application Data\FileZilla
2009-03-24 15:54 --------- d-----w c:\program files\Symantec AntiVirus
2009-03-22 05:16 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-21 17:14 --------- d-----w c:\documents and settings\shannant.CNS\Application Data\Juniper Networks
2009-03-19 16:16 --------- d-----w c:\program files\Common Files\Apple
2009-03-17 06:05 --------- d-----w c:\program files\Windows Live
2009-03-10 16:10 --------- d-----w c:\program files\Microsoft Silverlight
2009-03-04 17:14 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-04 04:50 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-24 20:05 --------- d-----w c:\documents and settings\shannant.CNS\Application Data\Skype
2009-02-17 22:33 --------- d-----w c:\program files\Titlevision
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-02-07 01:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 19:41 88 --sh--r c:\documents and settings\All Users\Application Data\5D92B26E0C.sys
2009-02-06 19:41 3,608 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-01-29 08:12 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-01-29 08:12 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2008-12-11 04:46 256 ----a-w c:\documents and settings\shannant.CNS\pool.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-19 50528]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-19 68856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 815104]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-01-15 131072]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-06-08 131072]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"IMJPMIG9.0"="c:\progra~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE" [2007-04-19 125792]
"imekrmig7.0"="c:\program files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2007-04-19 25440]
"NGTray"="c:\program files\Symantec\Ghost\ngtray.exe" [2008-09-05 218504]
"Ycujitigokidon"="c:\windows\otoziyequkive.dll" [2008-12-23 131584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-21 148888]
"IMSCMig"="c:\progra~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE" [2007-04-02 17248]
"CJIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [2007-03-22 66400]
"PHIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [2007-03-22 98656]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2008-07-26 439568]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2006-04-09 20:59 24674 c:\windows\system32\ckpNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autos.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\autos.exe
backup=c:\windows\pss\autos.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^shannant^Start Menu^Programs^Startup^infos.exe]
path=c:\documents and settings\shannant\Start Menu\Programs\Startup\infos.exe
backup=c:\windows\pss\infos.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-06-08 09:31 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-06-19 09:53 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-08-16 08:56 236016 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Symantec\\Ghost\\ngctw32.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2008-07-05 2234320]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2005-11-29 36768]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2008-07-05 36400]
R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\Symantec\Ghost\ngctw32.exe [2008-09-05 673160]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-06-15 115952]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2008-12-10 88576]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-10-10 24652]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2008-07-05 109072]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2008-07-05 671472]
R2 WebCamDV;WebCamDV DV to Webcam Converter;c:\windows\system32\drivers\WebCamDV.sys [2004-09-17 212608]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [2009-02-26 101936]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2007-04-14 88192]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-10-21 36352]
R3 WCDV_Aud;WevCamDV WDM Virtual Audio Device;c:\windows\system32\drivers\wcdvaud.sys [2004-09-17 12672]
S0 GhMon;GhostMountMonitor - Boot Phase Driver;c:\windows\system32\Drivers\ghmon.sys --> c:\windows\system32\Drivers\ghmon.sys [?]
S0 GhPostConfig;GhostPostConfig - Boot Phase Driver;c:\windows\system32\Drivers\ghpcw2k.sys --> c:\windows\system32\Drivers\ghpcw2k.sys [?]
S2 DVDRIVER;DVdriver;c:\windows\system32\drivers\dvdriver.sys [2007-10-19 30296]
S2 GhPostConfig_Auto;GhostPostConfig - Auto Phase Driver;c:\windows\system32\Drivers\ghpcw2k.sys --> c:\windows\system32\Drivers\ghpcw2k.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GUSVC
.
Contents of the 'Scheduled Tasks' folder

2009-03-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 09:04]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Undefined - c:\windows\system32\winter.exe
MSConfigStartUp-Verizon Custom Uninstall Tracking - c:\temp\InstallHelper.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://home.eentertainment.com/
uInternet Settings,ProxyOverride = *.eonline.com;*.comcastnets.com;*.eentertainment.com;*.mystyle.com;*.comcast.com;*.teamcomcast.com;phobos.apple.com;ax.phobos.apple.*;localhost;127.0.0.1;10.*;192.168.243.*;208.78.120.*;12.46.7.*;*.cable.comcast.com;*.adphc.com;ccc.hostedeet.com;;*.local;<local>
uInternet Settings,ProxyServer = proxy.comcastnets.com:80
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save to DataVault - file://c:\program files\DataVault\iemenuext.htm
Trusted Zone: teamcomcast.com
Trusted Zone: teamcomcast.com\hcmstage
FF - ProfilePath - c:\documents and settings\shannant.CNS\Application Data\Mozilla\Firefox\Profiles\c6inn3ot.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-24 15:21:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1144)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\wbem\fastprox.dll

- - - - - - - > 'lsass.exe'(1204)
c:\program files\Bonjour\mdnsNSP.dll
.
Completion time: 2009-03-24 15:23:38
ComboFix-quarantined-files.txt 2009-03-24 22:23:09
ComboFix2.txt 2007-10-31 18:44:09

Pre-Run: 66,996,617,216 bytes free
Post-Run: 67,084,460,032 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

227 --- E O F --- 2009-03-23 15:59:55

Attached Files



#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:07 PM

Posted 27 March 2009 - 01:51 PM

Hello Stephen,

Your logs look better now. :thumbup2:

Are you still having problems ?

You can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 Stephen Hannant

Stephen Hannant
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 27 March 2009 - 07:25 PM

Hi Thunder,

Unfortunately yes. I'm still finding that my search results in Google are being hijacked and redirected to what seems to be other search sites. Unfortunately, there doesn't seem to be a straightforward answer that I can find on the internet. The guys at work have looked and can't find anything that sticks out as a virus/malware that is causing this, and all other search hooks apparently don't let you even get to the google page, so it's not that.

Would appreciate any insight that you may have as to where to look for information regarding this.

Cheers,

Stephen

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:07 PM

Posted 28 March 2009 - 02:07 PM

Hello Stephen,

Let's try this first :

Please download and save to your Desktop : ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)
Reboot into safe modeDouble-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Restart your PC.

Go to Start > Run, and type cmd and hit OK
In the command window that opens : type ipconfig /flushdns (that space between g and / is needed)
then hit Enter, type Exit and hit Enter to close the window.

Still getting redirected ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users