Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect and ipod not seen


  • This topic is locked This topic is locked
2 replies to this topic

#1 kowboy

kowboy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:21 AM

Posted 19 May 2009 - 09:47 PM

Many of my searches are being redirected. Seems to be using a site called google-redirect.com. Also, my Ipod is not seen in My Computer or Itunes.

Any assistance greatly appreciated.


DDS (Ver_09-05-14.01) - NTFSx86
Run by David Rosenthal at 22:06:41.56 on Tue 05/19/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.319 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

{FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
\\?\globalroot\systemroot\system32\rundll32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WD\WD Anywhere Backup\MemeoBackup.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David Rosenthal\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
BHO: {C2BA40A1-74F3-42BD-F434-12345A2C8953} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat

6.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program

files\google\google toolbar\GoogleToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat

6.0\acrobat\AcroIEFavClient.dll
EB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - c:\program

files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -

1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR

2.0.50727; .NET CLR 3.0.04506.30; InfoPath.1; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022;

3P_UVRM 1.00.1)" -"http://www.miniclip.com/games/stunt-driver/en/"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe
mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe

/inspect
mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [Diagnostic Manager] c:\windows\temp\565166072.exe
dRun: [autochk] rundll32.exe c:\docume~1\networ~1\protect.dll,_IWMPEvents@16
StartupFolder: c:\documents and settings\david rosenthal\start

menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\davidr~1\startm~1\programs\startup\chkdisk.lnk -

c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdanyw~1.lnk -

c:\windows\installer\{47566d9f-6ed6-47c6-8a92-b5c01c44edb4}

\NewShortcut4_3A95A0BFA90C41A28DFACEDE7630C4FB.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} -

c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} -

c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} -

mscoree.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -

c:\progra~1\spybot~1\SDHelper.dll
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} -

hxxp://meeting.courseavenue.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -

hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-

9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -

hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-

f7252adaa4f2/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} -

hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} -

hxxp://activex.camfrogweb.com/advanced/cfweb_activex.camfrogweb.com-

advanced_instmodule.exe
DPF: {4534D6E2-AF52-40FE-8915-7BC325254E9E} -

hxxps://na5.salesforce.com/setup/outlook/setups2/install.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?

1166211119265
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -

hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab

?1218863270312
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9437EF71-9276-432D-AA74-CF8DA12EF11B} -

hxxps://na5.salesforce.com/dwnld/mailmerge/AXMailMerge.cab
DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - hxxp://155.212.86.66:800/plugin/h263ctrl.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -

hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-

1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-

1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-

1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_07-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} -

hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5

/installer.exe
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

hxxps://outstart.webex.com/client/T23L/event/ieatgpc.cab
DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxp://livenj01.custhelp.com/8102-

b424h/rnl/java/RntX.cab
TCP: {D7313EFD-7F78-4371-9246-FD2CF9806CA6} = 192.168.100.20,192.168.0.122
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google

toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: OneCard - c:\program files\hpq\iam\bin\AsWlnPkg.dll
Notify: xxywTJCu - xxywTJCu.dll
AppInit_DLLs: karna.dat kozuxf.dll cuhdxx.dll tslxfn.dll dwzlka.dll gqubvp.dll zsqtje.dll

c:\windows\system32\wegahuwe.dll c:\windows\system32\kawibagu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32

\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} -

c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\hgGayawu
LSA: Notification Packages = scecli AsWlnPkg

============= SERVICES / DRIVERS ===============

R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2007-4-3 91136]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance

[2004-8-4 14336]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec

shared\ccSetMgr.exe [2006-7-19 169632]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\wd\wd anywhere

backup\MemeoBackgroundService.exe [2008-7-10 25824]
R2 MSSQL$ACT7;MSSQL$ACT7;c:\program files\microsoft sql server\mssql$act7

\binn\sqlservr.exe -sact7 --> c:\program files\microsoft sql server\mssql$act7

\binn\sqlservr.exe -sACT7 [?]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program

files\viewpoint\common\ViewpointService.exe [2007-4-3 24652]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3

13592]
R3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec

shared\ccEvtMgr.exe [2006-7-19 192160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec

shared\eengine\EraserUtilRebootDrv.sys [2009-5-17 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090112.003\naveng.sys [2009-1-13

89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090112.003\navex15.sys [2009-

1-13 876112]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2007-4-3 23180]
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);c:\windows\system32

\drivers\camdrl20.sys --> c:\windows\system32\drivers\CamDrL20.sys [?]
S3 SQLAgent$ACT7;SQLAgent$ACT7;c:\program files\microsoft sql server\mssql$act7

\binn\sqlagent.exe -i act7 --> c:\program files\microsoft sql server\mssql$act7

\binn\sqlagent.EXE -i ACT7 [?]
S3 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe

[2006-9-27 1813232]

=============== Created Last 30 ================

2009-05-19 17:35 812,344 a------- c:\temp\HJTInstall.exe
2009-05-19 16:35 23,552 a--sh--- c:\documents and settings\david

rosenthal\protect.dll
2009-05-19 16:35 23,552 a--sh--- c:\windows\system32\autochk.dll
2009-05-19 16:34 28,672 a------- c:\windows\system32\lmn_setup.exe
2009-05-19 15:51 3,311,152 a------- c:\temp\RegistryEasy.exe
2009-05-16 19:24 104,960 a------- c:\windows\system32\dllcache\userinit.exe
2009-04-24 11:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MemeoCommon
2009-04-24 11:50 <DIR> --d----- c:\docume~1\davidr~1\applic~1\WD
2009-04-24 11:42 <DIR> --d----- c:\program files\Western Digital
2009-04-24 11:41 <DIR> --ds---- c:\docume~1\alluse~1\applic~1\WD
2009-04-24 11:41 <DIR> --d----- c:\program files\common files\eSellerate
2009-04-24 11:41 <DIR> --d----- c:\program files\WD

==================== Find3M ====================

2009-05-16 23:48 2,046 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-05-16 19:24 104,960 a------- c:\windows\system32\userinit.exe
2009-04-06 15:32 38,496 a------- c:\windows\system32

\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-02 13:48 142,848 a--sh--- c:\windows\system32\zsqtje.dll
2009-03-02 13:48 142,848 a--sh--- c:\windows\system32\rugakeju.dll
2008-10-13 09:30 60,744 a------- c:\documents and settings\david

rosenthal\g2mdlhlpx.exe
2007-05-11 17:50 565,248 a------- c:\documents and settings\david

rosenthal\HPAsset.exe
2007-05-11 17:50 73,728 a------- c:\documents and settings\david

rosenthal\zlib.dll
2007-05-11 17:50 65,536 a------- c:\documents and settings\david

rosenthal\idvectra.exe
2007-05-11 17:50 40,960 a------- c:\documents and settings\david

rosenthal\hpmonZ.exe
2007-05-11 17:50 36,208 a------- c:\documents and settings\david

rosenthal\Dscan16.dll
2007-05-11 17:50 24,576 a------- c:\documents and settings\david

rosenthal\shortcut.exe
2007-05-11 17:50 17,477 a------- c:\documents and settings\david

rosenthal\Smstub16.exe
2007-05-11 17:50 2,855 a------- c:\documents and settings\david

rosenthal\Smstub16.pif
2006-12-15 16:08 56 ---shr-- c:\windows\system32\925C185B15.sys

============= FINISH: 22:08:10.09 ===============

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:21 AM

Posted 01 June 2009 - 04:24 PM

Hello kowboy,


If you still need help then download and Run RSIT
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Select Files and Folders created in last 1 month
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
    info.txt can also be found at c:\RSIT\info.txt

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:21 AM

Posted 16 June 2009 - 09:44 PM

Due to inactivity, this thread will now be closed.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users