Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus. need major help!


  • This topic is locked This topic is locked
1 reply to this topic

#1 shahenh

shahenh

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 26 March 2009 - 04:02 PM

I have a redirect virus on my computer. Every time I click on a link via a search on google or yahoo it redirects me to a random website. Soooo annoying. I've tried a HJT scan and no fixes fixed the problem. I've scanned with adaware, which found malware and I deleted it but nothing happened, and I've scanned with NOD but nothing came up.

PLEASE I need help, any help would be greatly appreciated. Here is my log with DDS, and I have an attachement:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Shahenh at 13:56:59.76 on Thu 03/26/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.978 [GMT -7:00]

AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Shahenh\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Billeo: {465e08e7-f005-4389-980f-1d8764b3486c} - c:\program files\billeo\billeo.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: D: {c811befe-d480-3d25-a35a-4c9deed289d1} - c:\windows\system32\xwr74530.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Billeo: {6adb0f93-1aa5-4bcf-9df4-cea689a3c111} - c:\program files\billeo\billeo.dll
EB: Billeo: {6576ebaa-b570-4345-98e4-96153c77cf24} - c:\program files\billeo\billeo.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\imon.dll
Trusted Zone: att.net
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com\clientapps
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193704631888
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193704773682
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shahenh\applic~1\mozilla\firefox\profiles\24q4p2qh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - plugin: c:\documents and settings\shahenh\application data\mozilla\firefox\profiles\24q4p2qh.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071102000005.dll
FF - plugin: c:\program files\divx2\divx player\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\divx2\divx web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-11-1 15424]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2007-11-1 552064]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-30 24652]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-5-16 102400]
RUnknown szkg5;szkg5; [x]
S2 gupdate1c98d64319896d0;Google Update Service (gupdate1c98d64319896d0);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-3-16 16512]
S3 ATICDSDr;ATICDSDr;\??\c:\dell\vga\bin\atiicdxx.sys --> c:\dell\vga\bin\atiicdxx.sys [?]
S3 Bulk;HDJBulk;c:\windows\system32\drivers\HDJBulk.sys [2009-3-25 29312]
S3 HDJAsioK;HDJAsioK;c:\windows\system32\drivers\HDJAsioK.sys [2009-3-25 131200]
S3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\system32\drivers\HDJMidi.sys [2009-3-25 77056]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-10-29 280344]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\memeo\autosync\MemeoService.exe [2007-7-6 31768]

=============== Created Last 30 ================

2009-03-26 12:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-03-25 23:25 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{C79A30AF-08C1-49CF-8F27-526F179A478D}
2009-03-25 23:25 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{C59C4281-5384-43B2-9E48-2FA6F8967AB1}
2009-03-25 23:24 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{902029B2-957E-4066-85FA-30DA31731718}
2009-03-25 23:24 <DIR> --d----- c:\program files\common files\Native Instruments
2009-03-25 20:28 435 ---shr-- C:\autorun.inf
2009-03-25 20:18 176,128 a------- c:\windows\system32\xwr74530.dll
2009-03-25 20:18 176,128 a------- c:\windows\system32\wr74530.dll
2009-03-25 20:17 101,361,768 a------- c:\windows\system32\xa3926896.exe
2009-03-25 20:17 101,361,768 a------- c:\windows\system32\xa3913096.exe
2009-03-25 20:10 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EC447F3E-64FC-40CF-B263-C3F48D4CC4D4}
2009-03-25 20:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Native Instruments
2009-03-25 14:02 131,200 a------- c:\windows\system32\drivers\HDJAsioK.sys
2009-03-25 14:02 73,728 a------- c:\windows\system32\HDJAsioCpl.dll
2009-03-25 14:02 54,784 a------- c:\windows\system32\HDJAsiou.dll
2009-03-25 14:01 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_HDJBulk_01005.Wdf
2009-03-25 14:01 29,312 a------- c:\windows\system32\drivers\HDJBulk.sys
2009-03-25 14:00 80,384 a------- c:\windows\system32\HerculesDJDevices.dll
2009-03-25 14:00 102,400 a------- c:\windows\system32\HDJSeries.cpl
2009-03-25 14:00 <DIR> --d----- c:\program files\Hercules
2009-03-25 13:58 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-03-25 13:58 21,504 a------- c:\windows\system32\hidserv.dll
2009-03-25 13:24 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_HDJAsioK_01005.Wdf
2009-03-25 13:24 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-03-25 13:23 1,419,232 a------- c:\windows\system32\WdfCoInstaller01005.dll
2009-03-25 13:22 77,056 a------- c:\windows\system32\drivers\HDJMidi.sys
2009-03-25 13:20 <DIR> --d----- c:\program files\Guillemot
2009-03-25 13:20 106,496 a------- c:\windows\system32\HRFDongle.dll
2009-03-25 13:20 27,136 a------- c:\windows\system32\HDJSAPI.dll
2009-03-25 13:20 159,744 a------- c:\windows\system32\HDJAPI.dll
2009-03-25 13:18 60,032 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-03-25 13:18 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-03-11 23:39 <DIR> --d----- c:\program files\Play65
2009-03-08 01:30 0 a------- c:\windows\OpPrintServer.INI
2009-03-08 01:29 <DIR> --d----- c:\program files\Canon
2009-03-07 20:21 <DIR> --d----- c:\program files\DiskInternals
2009-03-07 18:40 224 a------- c:\windows\system32\9B13A86D.plf
2009-03-07 18:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Cached Installations
2009-03-07 18:17 <DIR> --d----- c:\windows\system32\NtmsData

==================== Find3M ====================

2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-01-21 11:26 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

============= FINISH: 13:57:30.67 ===============

Attached Files


Edited by shahenh, 27 March 2009 - 01:18 AM.


BC AdBot (Login to Remove)

 


#2 dvk01

dvk01

  • Malware Response Team
  • 128 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 PM

Posted 27 March 2009 - 02:28 PM

I am helping you at http://thespykiller.co.uk/index.php/topic,8088.0.html

this topic is now closed & I have closed your other 2 topics about the same problem




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users