Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google results return me to random sites


  • This topic is locked This topic is locked
2 replies to this topic

#1 valadas

valadas

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 09 October 2009 - 07:57 PM

When I search for something on Google, when I click the link, I get sent to any ramdom website.

Thanks for your help.


DDS (Ver_09-09-29.01) - NTFSx86
Run by HIFI at 20:19:11,39 on 2009-10-09
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professionnel 5.1.2600.2.1252.2.1036.18.991.688 [GMT -4:00]

AV: COMODO Antivirus *On-access scanning enabled* (Outdated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\msb.exe
C:\Program Files\Intuit\QuickBooks Succès PME Pro\qbw32.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\HIFI\LOCALS~1\Temp\b.exe
C:\Documents and Settings\HIFI\Bureau\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
BHO: XML Class: {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [HIFI] c:\documents and settings\hifi\HIFI.exe
uRun: [PopRock] c:\docume~1\hifi\locals~1\temp\b.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\agentq~1.lnk - c:\program files\fichiers communs\intuit\quickbooks\qbupdate\qbupdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1255103714497
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - c:\program files\fichiers communs\intuit\intu-res.dll
AppInit_DLLs: c:\windows\system32\guard32.dll

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-10-9 132296]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-10-9 25160]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-10-9 723632]

=============== Created Last 30 ================

2009-10-09 19:19 153 a------- c:\windows\cavscan.INI
2009-10-09 18:51 160,768 a------- c:\windows\msb.exe
2009-10-09 18:49 75,248 a------- c:\windows\system32\drivers\sfi.dat
2009-10-09 18:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-10-09 18:46 179,792 a------- c:\windows\system32\guard32.dll
2009-10-09 18:46 132,296 a------- c:\windows\system32\drivers\cmdguard.sys
2009-10-09 18:46 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-10-09 18:46 <DIR> --d----- c:\program files\COMODO
2009-10-09 17:34 160,768 a------- c:\windows\msa.exe
2009-10-09 17:33 222,212 a------- c:\windows\system32\msxml71.dll
2009-10-09 17:33 61,440 ---shr-- c:\documents and settings\hifi\dieja.exe
2009-10-09 16:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Azureus
2009-10-09 16:03 <DIR> --d----- c:\docume~1\hifi\applic~1\Azureus
2009-10-09 16:02 <DIR> --d----- c:\program files\fichiers communs\i4j_jres
2009-10-09 15:11 26,496 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-10-09 14:53 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-10-09 14:53 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-10-09 14:51 <DIR> --d----- c:\program files\hp LaserJet 1000
2009-10-09 14:21 <DIR> --d----- c:\windows\system32\PreInstall
2009-10-09 14:21 <DIR> --d-h--- c:\windows\$hf_mig$
2009-10-09 14:10 202,240 a------- c:\windows\patchw32.dll
2009-10-09 13:55 202 a------- c:\windows\WinHelp.ini
2009-10-09 13:54 1,712,201 a------- c:\windows\system32\InetClnt.dll
2009-10-09 13:54 <DIR> --d----- c:\program files\fichiers communs\AnswerWorks 4.0
2009-10-09 13:53 <DIR> --d----- c:\program files\fichiers communs\Intuit
2009-10-09 13:53 1,062,704 a------- c:\windows\system32\mscomctl.ocx
2009-10-09 13:53 <DIR> --d----- c:\program files\Intuit
2009-10-09 13:51 <DIR> --d----- c:\windows\Intuit
2009-10-09 13:51 <DIR> --d----- c:\program files\fichiers communs\InstallShield
2009-10-09 13:31 140,204 a----r-- c:\windows\VGAsetup.ini
2009-10-09 13:31 262,144 a----r-- c:\windows\system32\SiSParse.dll
2009-10-09 13:31 172,032 a----r-- c:\windows\system32\SiSInst.dll
2009-10-09 13:31 49,152 a----r-- c:\windows\system32\SiSBase.dll
2009-10-09 13:31 5,632 a----r-- c:\windows\system32\instFunc.dll
2009-10-09 13:31 1,086,080 ac------ c:\windows\system32\dllcache\sisgrv.dll
2009-10-09 13:31 1,858,226 a----r-- c:\windows\system32\sisgl.dll
2009-10-09 13:31 1,086,080 a----r-- c:\windows\system32\sisgrv.dll
2009-10-09 13:31 49,152 a----r-- c:\windows\system32\sis740.bin
2009-10-09 13:31 49,152 a----r-- c:\windows\system32\sis650.bin
2009-10-09 13:31 402,560 ac------ c:\windows\system32\dllcache\sisgrp.sys
2009-10-09 13:31 402,560 a----r-- c:\windows\system32\drivers\sisgrp.sys
2009-10-09 13:18 <DIR> --d----- c:\windows\system32\wbem\AutoRecover
2009-10-09 13:07 316,640 a------- c:\windows\WMSysPr9.prx
2009-10-09 13:06 <DIR> --d----- c:\windows\provisioning
2009-10-09 13:06 <DIR> --d----- c:\windows\peernet
2009-10-09 13:04 <DIR> --d----- c:\windows\ServicePackFiles
2009-10-09 13:01 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-10-09 13:00 22,752 a------- c:\windows\system32\spupdsvc.exe
2009-10-09 12:58 <DIR> --d----- c:\windows\EHome
2009-10-09 12:44 <DIR> --ds---- c:\windows\system32\Microsoft
2009-10-09 12:40 241,664 a------- c:\windows\system32\srrstr.dll
2009-10-09 12:39 25,600 a------- c:\windows\system32\xpsp1hfm.exe
2009-10-09 12:39 <DIR> -cd-h--- c:\windows\$xpsp1hfm$
2009-10-09 12:37 11,776 -------- c:\windows\system32\spnpinst.exe
2009-10-09 12:37 7,208 -------- c:\windows\system32\secupd.sig
2009-10-09 12:37 4,569 -------- c:\windows\system32\secupd.dat
2009-10-09 12:17 259 a------- c:\windows\system32\VGAunistlog.ini
2009-10-09 11:59 <DIR> --d----- c:\windows\system32\bits
2009-10-09 11:58 351,232 a------- c:\windows\system32\winhttp.dll
2009-10-09 11:58 18,944 a------- c:\windows\system32\qmgrprxy.dll
2009-10-09 11:58 8,192 -------- c:\windows\system32\bitsprx2.dll
2009-10-09 11:58 7,168 -------- c:\windows\system32\bitsprx3.dll
2009-10-09 11:57 213,528 a------- c:\windows\system32\wuaucpl.cpl
2009-10-09 11:57 35,864 a------- c:\windows\system32\wucltui.dll.mui
2009-10-09 11:57 27,672 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-10-09 11:57 27,672 a------- c:\windows\system32\wuapi.dll.mui
2009-10-09 11:57 19,992 a------- c:\windows\system32\wuaueng.dll.mui
2009-10-09 11:55 <DIR> --ds---- c:\documents and settings\hifi\UserData
2009-10-09 07:10 261 a------- c:\windows\system32\$winnt$.inf
2009-10-09 06:12 <DIR> --d----- c:\program files\fichiers communs\ODBC
2009-10-09 06:12 <DIR> --d----- c:\program files\fichiers communs\SpeechEngines
2009-10-09 06:11 <DIR> --d-h--- c:\documents and settings\all users\Modèles
2009-10-09 06:11 <DIR> --d--r-- c:\documents and settings\all users\Menu Démarrer
2009-10-09 06:11 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-10-09 06:11 <DIR> --d----- c:\documents and settings\all users\Favoris
2009-10-09 06:11 <DIR> --d----- c:\documents and settings\all users\Bureau
2009-10-09 05:30 <DIR> --d-h--- c:\documents and settings\hifi\Voisinage réseau
2009-10-09 05:30 <DIR> --d-h--- c:\documents and settings\hifi\Voisinage d'impression
2009-10-09 05:30 <DIR> --d-h--- c:\documents and settings\hifi\Modèles
2009-10-09 05:30 <DIR> --d--r-- c:\documents and settings\hifi\Mes documents
2009-10-09 05:30 <DIR> --d--r-- c:\documents and settings\hifi\Menu Démarrer
2009-10-09 05:30 <DIR> --d--r-- c:\documents and settings\hifi\Favoris
2009-10-09 05:30 <DIR> --d----- c:\documents and settings\hifi\Bureau
2009-10-09 05:23 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-10-09 05:21 <DIR> --d----- c:\program files\fichiers communs\MSSoap
2009-10-09 05:19 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-10-09 05:19 <DIR> --d----- c:\program files\Services en ligne
2009-10-09 05:19 <DIR> --d----- c:\program files\Messenger
2009-10-09 05:19 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-10-09 05:19 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-10-09 13:20 367,658 a------- c:\windows\system32\perfh00C.dat
2009-10-09 13:20 48,616 a------- c:\windows\system32\perfc00C.dat
2009-10-09 13:10 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-10-09 05:20 21,892 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 20:23:10,67 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:29 PM

Posted 21 October 2009 - 03:53 PM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:29 PM

Posted 29 October 2009 - 11:43 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users