Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirectign Malware


  • This topic is locked This topic is locked
3 replies to this topic

#1 Samus

Samus

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 22 October 2009 - 11:54 AM

I need abit of help, when i click a link in the google search engine it redirects me to a random page how'd I get help fixing that?

Also I see the Administrator and my own account in :c\documents and settings but dont see it on startup or in account settings, it denies me permission to open the administrator account and i'm the only admin using this pc so i'm not sure what happened there either.

Lastly, I have these firefox pop ups at the beginning of startup, it happens alot but seems to stop after about half an hour.

It'll bring up a random new page in firefox in it's own seperate page and it'll bring up another one on a tab on the current page.

I'm not sure whether I am to be posting Three different problems but if it's something like 1 problem per thread then i'd like the google one to be solved first. :D

Looking forward to your replies.


Here's the DDS log:


DDS (Ver_09-10-13.01) - NTFSx86
Run by topsboy15 at 17:37:48.17 on 22/10/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.33.1033.18.247.67 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Trend Micro Internet Security *On-access scanning enabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Cobian Backup 6\CobBU.exe
C:\Program Files\Cobian Backup 6\cobui.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\topsboy15\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT2405275
uSearch Page = hxxp://search.live.com
uWindow Title = Microsoft Internet Explorer provided by Orange
uSearch Bar = hxxp://search.live.com/sphome.aspx
uDefault_Page_URL = about:blank
mDefault_Page_URL = hxxp://www.orange.co.uk
mDefault_Search_URL = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
mSearch Page = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
mStart Page = hxxp://uk.yahoo.com
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
BHO: {0000a7b8-2ef6-408f-a1aa-22a7faca9693} - c:\windows\system32\dmutil3232.dll
BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
BHO: 1 (0x1): {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {42e8cf0e-948c-4fbe-b0cb-a39ad4304c28} - Internet Explorer Plugin
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {994b5fb4-0103-44a6-b6b3-c73572b362bc} - adzgalore
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
TB: {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - No File
TB: {44BE0690-5429-47f0-85BB-3FFD8020233E} - No File
TB: {11A69AE4-FBED-4832-A2BF-45AF82825583} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [A00FCB209C.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00FCB209C.exe
uRun: [A00F249DC78.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F249DC78.exe
uRun: [A00F985ED.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F985ED.exe
uRun: [A00F113F58.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F113F58.exe
uRun: [A00F9AB19.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F9AB19.exe
uRun: [A00F108BD7.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F108BD7.exe
uRun: [A00F41605.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F41605.exe
uRun: [A00F7349A.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F7349A.exe
uRun: [A00F34C8F08.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F34C8F08.exe
uRun: [A00FD449B.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00FD449B.exe
uRun: [A00F5136795.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F5136795.exe
uRun: [A00F543B1B4.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F543B1B4.exe
uRun: [A00F5E3A1.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F5E3A1.exe
uRun: [A00F262263.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F262263.exe
uRun: [A00F917D1.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F917D1.exe
uRun: [A00F911E6.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F911E6.exe
uRun: [A00F565D6.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F565D6.exe
uRun: [A00F37D3CF2.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F37D3CF2.exe
uRun: [A00F85ADA.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F85ADA.exe
uRun: [A00F201A1BF.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F201A1BF.exe
uRun: [A00F127661.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F127661.exe
uRun: [A00F107FF0.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F107FF0.exe
uRun: [A00F9F7D1.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F9F7D1.exe
uRun: [A00F6CE10.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F6CE10.exe
uRun: [A00FBCEA4.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00FBCEA4.exe
uRun: [A00FE7441.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00FE7441.exe
uRun: [A00FAA2A8.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00FAA2A8.exe
uRun: [A00F12BAAB8.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F12BAAB8.exe
uRun: [A00F13FDBC.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F13FDBC.exe
uRun: [A00FBBAEE.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00FBBAEE.exe
uRun: [A00F127085.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F127085.exe
uRun: [A00FE55FB.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00FE55FB.exe
uRun: [A00FAAD46.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00FAAD46.exe
uRun: [A00FDA3F1.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00FDA3F1.exe
uRun: [A00F1380AD.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F1380AD.exe
uRun: [A00F15BFFE.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F15BFFE.exe
uRun: [A00FD4A67.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00FD4A67.exe
uRun: [A00F26908F.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F26908F.exe
uRun: [A00FF8033.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00FF8033.exe
uRun: [A00F1922E0.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F1922E0.exe
uRun: [A00F7F7228.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F7F7228.exe
uRun: [A00F914E1E.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F914E1E.exe
uRun: [A00F12F787.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F12F787.exe
uRun: [Uniblue ProcessQuickLink 2] "c:\program files\uniblue\processquicklink 2\ProcessQuickLink2.exe" /autostart
uRun: [A00F163FFB.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F163FFB.exe
uRun: [A00F136C3A.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F136C3A.exe
uRun: [A00F18E01A.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F18E01A.exe
uRun: [A00FFB57C.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00FFB57C.exe
uRun: [A00F1B923A.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F1B923A.exe
uRun: [A00F7E2ECB.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F7E2ECB.exe
uRun: [A00FA9A0DD.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00FA9A0DD.exe
uRun: [A00F1291C8.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F1291C8.exe
uRun: [A00FA35E4.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00FA35E4.exe
uRun: [A00FA15FB4.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00FA15FB4.exe
uRun: [A00F85433.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F85433.exe
uRun: [A00F80DC4.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F80DC4.exe
uRun: [A00FB9276.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00FB9276.exe
uRun: [A00F751C7.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F751C7.exe
uRun: [A00F163B87.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F163B87.exe
uRun: [A00F22D02D9.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F22D02D9.exe
uRun: [A00FFC896.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00FFC896.exe
uRun: [A00F4995D4.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F4995D4.exe
uRun: [A00FAE147.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00FAE147.exe
uRun: [A00F8A9B6.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F8A9B6.exe
uRun: [A00F37DCC60.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F37DCC60.exe
uRun: [A00F2B60772.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F2B60772.exe
uRun: [A00FDEE58.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00FDEE58.exe
uRun: [A00F8ABC3C.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F8ABC3C.exe
uRun: [A00F6B846.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F6B846.exe
uRun: [A00F83496.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F83496.exe
uRun: [A00F85CEE.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F85CEE.exe
uRun: [A00F72B05.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F72B05.exe
uRun: [A00F595B2E.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F595B2E.exe
uRun: [A00F248A7.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F248A7.exe
uRun: [A00F5D4CC.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F5D4CC.exe
uRun: [A00F6D63E.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F6D63E.exe
uRun: [A00F61129.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F61129.exe
uRun: [A00F72BF0.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F72BF0.exe
uRun: [A00F3E8AB.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F3E8AB.exe
uRun: [A00F1B8AE7.exe] c:\docume~1\topsbo~1\locals~1\temp\_A00F1B8AE7.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_03\bin\jusched.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [NSSInstallation] c:\windows\system32\adobe\shockwave 11\nssstub.exe /RunOnce
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
dRunOnce: [RunNarrator]
dPolicies-explorer: NofolderOptions = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - hxxp://cdn.drivecleaner.com/installdrivecleanerstart.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {B5DD9A64-5C4B-4A48-BE56-97C1A8F85708} - hxxp://www.kjdhendieldiouyu.com/sw/fvp.cab
DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - hxxp://locator1.cdn.imagesrvr.com/sites/errorsafe.com/www/pages/scanner/ErrorSafeNewReleaseInstall.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F84E0B64-1E86-4640-8094-5B38CEB28C1E} - hxxps://skyfex.com/download/SkyFexClient.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: 4cfa8c83669 - c:\windows\system32\initpki32.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: winrip32 - winrip32.dll
Notify: yrmiydsc - yrmiydsc.dll
Notify: __c004FE33 - c:\windows\system32\__c004FE33.dat
Notify: __c005603A - c:\windows\system32\__c005603A.dat
Notify: __c00575B6 - c:\windows\system32\__c00575B6.dat
Notify: __c0099080 - c:\windows\system32\__c0099080.dat
Notify: __c009F084 - c:\windows\system32\__c009F084.dat
Notify: __c00ADAFE - c:\windows\system32\__c00ADAFE.dat
Notify: __c00C0189 - c:\windows\system32\__c00C0189.dat
Notify: __c00D893 - c:\windows\system32\__c00D893.dat
Notify: __c00EA4A5 - c:\windows\system32\__c00EA4A5.dat
Notify: __c00F6C52 - c:\windows\system32\__c00F6C52.dat
Notify: __c00F9B59 - c:\windows\system32\__c00F9B59.dat
AppInit_DLLs: c:\windows\system32\initpki32.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\topsbo~1\applic~1\mozilla\firefox\profiles\kf5zqvj7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405275&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic-Eng3 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405275&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405275&SearchSource=2&q=
FF - component: c:\documents and settings\topsboy15\application data\mozilla\firefox\profiles\kf5zqvj7.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - component: c:\documents and settings\topsboy15\application data\mozilla\firefox\profiles\kf5zqvj7.default\extensions\{e501575c-88ce-4751-acf5-769680a1e59f}\components\FFExternalAlert.dll
FF - plugin: c:\documents and settings\topsboy15\local settings\application data\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPEyeCheck.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-22 16:09 <DIR> --d----- c:\program files\Cobian Backup 6
2009-10-22 13:33 <DIR> --dsh--- c:\windows\system32\LocalService
2009-10-22 13:32 202,240 a------- c:\windows\system32\dmutil3232.dll
2009-10-22 13:32 615 a------- c:\windows\system32\PCfPZ.vbs
2009-10-21 21:48 <DIR> --d----- c:\windows\Performance
2009-10-21 21:45 <DIR> --d----- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-10-21 21:30 28,672 a------- c:\windows\system32\__c0075D80.dat
2009-10-21 21:30 202,240 a------- c:\windows\system32\davclnt32.dll
2009-10-21 21:30 615 a------- c:\windows\system32\KsSUkIeQMCHcvw8.vbs
2009-10-21 21:04 202,240 a------- c:\windows\system32\confmsp32.dll
2009-10-21 21:04 28,672 a------- c:\windows\system32\__c0031261.dat
2009-10-21 21:04 615 a------- c:\windows\system32\CZeJIs8mnHkNX.vbs
2009-10-21 15:49 28,672 a------- c:\windows\system32\__c005BB4A.dat
2009-10-21 15:49 202,240 a------- c:\windows\system32\dpnmodem32.dll
2009-10-21 15:49 615 a------- c:\windows\system32\vaqZtbhEC9cG7RM.vbs
2009-10-20 17:04 28,672 a------- c:\windows\system32\__c00C70F2.dat
2009-10-20 17:03 202,240 a------- c:\windows\system32\dmutil32.dll
2009-10-20 17:03 615 a------- c:\windows\system32\U3TYyFRxHIOLZcQ.vbs
2009-10-20 15:54 28,672 a------- c:\windows\system32\__c001BAC4.dat
2009-10-20 15:51 202,240 a------- c:\windows\system32\ialmgicd32.dll
2009-10-20 15:51 615 a------- c:\windows\system32\sdcUw.vbs
2009-10-19 21:12 28,672 a------- c:\windows\system32\__c009FAD9.dat
2009-10-19 21:12 615 a------- c:\windows\system32\PgFavkdxVnF1WKs.vbs
2009-10-18 20:57 28,672 a------- c:\windows\system32\__c0044199.dat
2009-10-18 20:56 200,192 a------- c:\windows\system32\iepeers3232.dll
2009-10-18 20:56 615 a------- c:\windows\system32\F3rEHn5tAnoJILR.vbs
2009-10-18 15:57 28,672 a------- c:\windows\system32\__c00D895E.dat
2009-10-18 15:57 200,192 a------- c:\windows\system32\eventlog32.dll
2009-10-18 15:57 615 a------- c:\windows\system32\q0BZcsP.vbs
2009-10-18 14:27 28,672 a------- c:\windows\system32\__c0066282.dat
2009-10-18 14:27 200,192 a------- c:\windows\system32\dxtrans32.dll
2009-10-18 14:27 615 a------- c:\windows\system32\w2nafLjUNCfhM.vbs
2009-10-18 12:41 28,672 a------- c:\windows\system32\__c00F85A.dat
2009-10-18 12:40 200,192 a------- c:\windows\system32\dpnlobby32.dll
2009-10-18 12:40 615 a------- c:\windows\system32\202Rkfn.vbs
2009-10-18 10:22 523,264 a--sh--- c:\windows\system32\1F7.tmp
2009-10-17 14:27 28,672 a------- c:\windows\system32\__c000.dat
2009-10-17 14:27 200,192 a------- c:\windows\system32\dmocx32.dll
2009-10-17 14:27 615 a------- c:\windows\system32\N2R1zYWNJDdMj.vbs
2009-10-17 07:33 28,672 a------- c:\windows\system32\__c001C062.dat
2009-10-17 07:33 200,192 a------- c:\windows\system32\getuname32.dll
2009-10-17 07:33 615 a------- c:\windows\system32\rOsdb.vbs
2009-10-16 18:13 28,672 a------- c:\windows\system32\__c0068C79.dat
2009-10-16 18:13 200,192 a------- c:\windows\system32\comsnap32.dll
2009-10-16 18:13 615 a------- c:\windows\system32\W3CtKmFmHp7JmbT.vbs
2009-10-16 15:57 28,672 a------- c:\windows\system32\__c003FA.dat
2009-10-16 15:56 200,192 a------- c:\windows\system32\iepeers32.dll
2009-10-16 15:56 615 a------- c:\windows\system32\3CcR1m1.vbs
2009-10-16 07:57 28,672 a------- c:\windows\system32\__c00B7290.dat
2009-10-16 07:57 200,192 a------- c:\windows\system32\infocardapi32.dll
2009-10-16 07:57 615 a------- c:\windows\system32\VHj3sTZ.vbs
2009-10-15 07:55 28,672 a------- c:\windows\system32\__c00996D6.dat
2009-10-15 07:55 200,192 a------- c:\windows\system32\iassam32.dll
2009-10-15 07:55 615 a------- c:\windows\system32\WzCx2gitO6KKo.vbs
2009-10-14 15:48 116,736 a------- c:\windows\system32\INKED32.dll
2009-10-14 15:47 25,600 a------- c:\windows\system32\__c002C0F5.dat
2009-10-14 15:47 615 a------- c:\windows\system32\2omsO.vbs
2009-10-13 15:54 116,736 a------- c:\windows\system32\drmclien32.dll
2009-10-13 15:53 25,600 a------- c:\windows\system32\__c005DFA8.dat
2009-10-13 15:53 615 a------- c:\windows\system32\fTOwuzc.vbs
2009-10-12 17:19 25,600 a------- c:\windows\system32\__c006B2F7.dat
2009-10-12 17:18 116,736 a------- c:\windows\system32\fde3232.dll
2009-10-12 17:18 615 a------- c:\windows\system32\7RLmfSKvM3rLBji.vbs
2009-10-12 16:16 25,600 a------- c:\windows\system32\__c0023624.dat
2009-10-12 16:15 116,736 a------- c:\windows\system32\esent32.dll
2009-10-12 16:15 615 a------- c:\windows\system32\IsTu8nc.vbs
2009-10-12 16:09 26,176 a---h--- c:\windows\system32\hamachi.sys
2009-10-12 16:00 <DIR> --d----- c:\program files\LogMeIn Hamachi
2009-10-12 15:57 0 a------- C:\xcrashdump.dat
2009-10-12 15:56 27,648 a------- c:\windows\system32\__c00F6C52.dat
2009-10-12 15:56 28,160 a------- c:\windows\system32\__c00EA4A5.dat
2009-10-12 15:56 28,160 a------- c:\windows\system32\__c00D893.dat
2009-10-12 15:56 28,160 a------- c:\windows\system32\__c0099080.dat
2009-10-12 15:56 28,160 a------- c:\windows\system32\__c005603A.dat
2009-10-12 15:56 28,160 a------- c:\windows\system32\__c004FE33.dat
2009-10-12 15:56 27,648 a------- c:\windows\system32\__c00F9B59.dat
2009-10-12 15:56 25,600 a------- c:\windows\system32\__c00575B6.dat
2009-10-12 15:56 28,160 a------- c:\windows\system32\__c00ADAFE.dat
2009-10-12 15:56 28,160 a------- c:\windows\system32\__c009F084.dat
2009-10-12 15:56 28,160 a------- c:\windows\system32\__c00C0189.dat
2009-10-11 20:07 25,600 a------- c:\windows\system32\__c00FC9A6.dat
2009-10-11 20:06 116,736 a------- c:\windows\system32\dsprop32.dll
2009-10-11 20:06 615 a------- c:\windows\system32\OXr0CYEE0nrCk7H.vbs
2009-10-11 10:19 25,600 a------- c:\windows\system32\__c00AF4A5.dat
2009-10-11 10:18 116,736 a------- c:\windows\system32\fde32.dll
2009-10-11 10:18 615 a------- c:\windows\system32\uyCYkT1SyoRsfvp.vbs
2009-10-11 09:58 27,648 a------- c:\windows\system32\__c00F4F8E.dat
2009-10-11 09:58 27,648 a------- c:\windows\system32\__c00CDC.dat
2009-10-11 09:58 27,648 a------- c:\windows\system32\__c0064000.dat
2009-10-10 16:09 25,600 a------- c:\windows\system32\__c0033CE5.dat
2009-10-10 16:09 116,736 a------- c:\windows\system32\dgsetup32.dll
2009-10-10 16:09 615 a------- c:\windows\system32\e9THQ.vbs
2009-10-09 20:40 9,498 a------- c:\windows\system32\__c0096509.exe
2009-10-09 17:25 25,600 a------- c:\windows\system32\__c0067AFE.dat
2009-10-09 15:51 25,600 a------- c:\windows\system32\__c00AE9FC.dat
2009-10-09 15:50 116,736 a------- c:\windows\system32\dxdiagn32.dll
2009-10-09 15:50 615 a------- c:\windows\system32\xdO3G1qUGPYF4.vbs
2009-10-08 16:10 28,160 a------- c:\windows\system32\__c0064E3F.dat
2009-10-07 22:38 722,416 a------- c:\windows\system32\drivers\sptd.sys
2009-10-07 22:38 <DIR> --d----- c:\docume~1\topsbo~1\applic~1\DAEMON Tools Pro
2009-10-07 19:57 <DIR> --d----- c:\docume~1\topsbo~1\applic~1\Azureus
2009-10-07 19:56 <DIR> --d----- c:\program files\Vuze
2009-10-07 18:41 28,160 a------- c:\windows\system32\__c00FF4B1.dat
2009-10-07 15:55 28,160 a------- c:\windows\system32\__c005A9CF.dat
2009-10-07 07:26 28,160 a------- c:\windows\system32\__c002BD33.dat
2009-10-06 18:48 28,160 a------- c:\windows\system32\__c005C324.dat
2009-10-06 18:01 28,160 a------- c:\windows\system32\__c0030171.dat
2009-10-06 16:13 28,160 a------- c:\windows\system32\__c0058BC4.dat
2009-10-06 16:11 523,264 a--sh--- c:\windows\system32\65.tmp
2009-10-05 21:31 28,160 a------- c:\windows\system32\__c00A515B.dat
2009-10-05 07:33 28,160 a------- c:\windows\system32\__c00BC690.dat
2009-10-04 18:49 <DIR> --d----- c:\program files\Voobly
2009-10-04 13:31 28,160 a------- c:\windows\system32\__c004E4B3.dat
2009-10-04 08:53 28,160 a------- c:\windows\system32\__c0039069.dat
2009-10-03 23:02 <DIR> --d----- c:\program files\Uniblue
2009-10-03 19:44 28,160 a------- c:\windows\system32\__c0070C59.dat
2009-10-03 19:18 28,160 a------- c:\windows\system32\__c00B3164.dat
2009-10-03 11:46 27,648 a------- c:\windows\system32\__c006921E.dat
2009-10-02 22:51 <DIR> --d----- c:\program files\Age Of Empires 2 & The Conquerors Expansion - Full Game
2009-10-02 18:08 28,160 a------- c:\windows\system32\__c0022FBE.dat
2009-10-02 17:24 <DIR> --d----- c:\program files\Conduit
2009-10-02 16:16 28,160 a------- c:\windows\system32\__c0091D0B.dat
2009-10-02 16:06 28,160 a------- c:\windows\system32\__c005179.dat
2009-10-02 07:29 28,160 a------- c:\windows\system32\__c00360E0.dat
2009-10-01 21:11 28,160 a------- c:\windows\system32\__c00943A4.dat
2009-10-01 18:59 28,160 a------- c:\windows\system32\__c004A7D.dat
2009-10-01 16:11 28,160 a------- c:\windows\system32\__c0033481.dat
2009-10-01 07:36 28,160 a------- c:\windows\system32\__c0061468.dat
2009-09-30 21:45 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-09-30 21:37 <DIR> --d--r-- c:\program files\Skype
2009-09-30 17:45 3,255 a------- c:\windows\system32\wbem\Outlook_01ca41ed6623c8da.mof
2009-09-30 16:31 28,160 a------- c:\windows\system32\__c00A086.dat
2009-09-30 15:57 28,160 a------- c:\windows\system32\__c0073522.dat
2009-09-29 18:07 28,160 a------- c:\windows\system32\__c00FC919.dat
2009-09-29 16:18 28,160 a------- c:\windows\system32\__c00A3ED6.dat
2009-09-29 07:50 28,160 a------- c:\windows\system32\__c009B6.dat
2009-09-28 21:21 28,160 a------- c:\windows\system32\__c0047FA7.dat
2009-09-28 08:06 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-09-28 08:06 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-09-28 08:04 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll
2009-09-26 23:25 27,648 a------- c:\windows\system32\__c0029EE4.dat
2009-09-26 23:25 27,648 a------- c:\windows\system32\__c00A15BA.dat
2009-09-26 23:25 27,648 a------- c:\windows\system32\__c00A1000.dat
2009-09-26 23:25 27,648 a------- c:\windows\system32\__c0084D50.dat
2009-09-26 23:25 27,648 a------- c:\windows\system32\__c007B86C.dat
2009-09-26 23:25 27,648 a------- c:\windows\system32\__c004B2E8.dat
2009-09-26 23:25 27,648 a------- c:\windows\system32\__c006BD41.dat
2009-09-26 23:21 28,160 a------- c:\windows\system32\__c0058AB8.dat
2009-09-26 16:03 28,160 a------- c:\windows\system32\__c00B390.dat
2009-09-26 07:22 28,160 a------- c:\windows\system32\__c005EB98.dat
2009-09-25 17:55 28,160 a------- c:\windows\system32\__c0035263.dat
2009-09-25 17:47 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2009-09-25 17:47 <DIR> --d----- c:\program files\PC Connectivity Solution
2009-09-25 17:45 7,808 a------- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-09-25 17:45 7,808 a------- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-09-25 17:45 22,016 a------- c:\windows\system32\drivers\ccdcmbo.sys
2009-09-25 17:44 17,664 a------- c:\windows\system32\drivers\ccdcmb.sys
2009-09-25 17:44 1,112,288 a------- c:\windows\system32\wdfcoinstaller01007.dll
2009-09-25 17:44 659,968 a------- c:\windows\system32\nmwcdcocls.dll
2009-09-25 17:13 523,264 a--sh--- c:\windows\system32\B.tmp
2009-09-25 15:55 28,160 a------- c:\windows\system32\__c0057C41.dat
2009-09-24 13:22 28,160 a------- c:\windows\system32\__c0045900.dat
2009-09-24 13:04 28,160 a------- c:\windows\system32\__c0099640.dat
2009-09-24 06:56 27,648 a------- c:\windows\system32\__c00A5949.dat
2009-09-23 21:10 27,648 a------- c:\windows\system32\__c007F932.dat
2009-09-23 20:49 27,648 a------- c:\windows\system32\__c00D9298.dat
2009-09-23 15:50 27,648 a------- c:\windows\system32\__c005C4B.dat
2009-09-23 07:51 27,648 a------- c:\windows\system32\__c0068576.dat

==================== Find3M ====================

2009-10-22 13:33 1,702 a--sh--- c:\windows\system32\GroupPolicy000.dat
2009-09-25 06:56 662,016 a------- c:\windows\system32\wininet.dll
2009-09-25 06:56 81,920 a------- c:\windows\system32\ieencode.dll
2009-09-23 08:00 27,648 a------- c:\windows\system32\__c00B8FF8.dat
2009-09-17 12:00 523,264 a--sh--- c:\windows\system32\1DC.tmp
2009-09-11 16:10 523,264 a--sh--- c:\windows\system32\1.tmp
2009-09-11 15:33 133,632 a------- c:\windows\system32\msv1_0.dll
2009-09-10 19:58 123,392 a------- c:\windows\system32\initpki32.dll
2009-09-04 21:45 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-26 09:16 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 10:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 19:52 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-04 15:00 2,180,352 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:13 2,057,728 a------- c:\windows\system32\ntkrnlpa.exe
2009-07-29 05:53 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 05:53 82,432 a------- c:\windows\system32\fontsub.dll
2004-01-16 23:49 32 -------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2004-01-12 19:20 30 -------- c:\docume~1\topsbo~1\applic~1\Dxccwrd.dll
2004-01-12 19:05 69 -------- c:\docume~1\topsbo~1\applic~1\Dxcdmns.dll
2004-01-12 18:55 992,511 -------- c:\docume~1\topsbo~1\applic~1\Dxcknwrd.dll
2003-09-06 13:16 1,311,252 a--sh--- c:\windows\system32\oqtss.bak2
2003-09-06 20:29 1,315,764 a--sh--- c:\windows\system32\oqtss.ini2

============= FINISH: 17:43:56.84 ===============


I've attached the attach file.
Looking forward to your replies!! :D

Samus

Attached Files



BC AdBot (Login to Remove)

 


#2 Samus

Samus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 23 October 2009 - 08:29 AM

bump

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 23 October 2009 - 05:55 PM.


#3 Samus

Samus
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:55 PM

Posted 29 October 2009 - 06:00 AM

Um, thanks for that.

While I was waiting I was looking at other peoples threads - the ones that have been responded to.

And I found an online scan link, I ran it and it pretty much fixed the google redirecting malware I had.

So maybe you guys can add info about it somewhere and recommend they use it before they start posting logs and such.

I'm not sure where the link is now but I know it was called ESET online scan.
I still have the install file so if anyone needs help I could upload it for them.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:55 PM

Posted 30 October 2009 - 09:25 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users