Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google,Yahoo Searches are getting redirected somewhere else. Can't use search engines at all. Need help please


  • This topic is locked This topic is locked
3 replies to this topic

#1 carlallenjack

carlallenjack

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 22 October 2009 - 10:18 PM

Okay after a recent invasion of "Antivirus Pro" malware, I have this problem.

Actions I have taken:
1.) Run AdAware
2.) Run SpyBot S&D
3.) Run ATFcleaner.exe
4.) Run ESET Nod antivirus
5.) Run HiJackThis (deleted some stuff that I didn't look good, but nothing changed).

There was some malware found and everything was cleaned up, but I still have this google problem!

Whenever I do a google or Yahoo search or bing, I just get back of random, very bad search results which are mostly advertisements. I seem to be okay with ask.com for some reason.

Here is what it looks like when I do a google search. the first picture if if I searched from the top right hand corner of Firefox.

I searched "diabetes" and this is what came up!

Posted Image

The bottom picture is when I manually typed in www.google.com and searched. Notice how there are only 4 results and no "next page" option at the bottom of the google page.

Posted Image

HiJackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:14 PM, on 10/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Brownie\Brnipmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\AnVir Task Manager Free\AnVir.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [AnVir Task Manager Free] "C:\Program Files\AnVir Task Manager Free\AnVir.exe" Minimized
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: En&queue current page with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with Bulk Ima≥ Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
O8 - Extra context menu item: Open &link target with Bulk Image Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm
O8 - Extra context menu item: Open current page with Bulk I&mage Downloader - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1254200314750
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 7723 bytes






---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------






DDS (Ver_09-10-13.01) - NTFSx86
Run by Jack at 20:09:04.67 on Thu 10/22/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1207 [GMT -7:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Brother\BRAdmin Professional 3\bratimer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Brownie\Brnipmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\AnVir Task Manager Free\AnVir.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
c:\syz_dat\systray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jack\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page =
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [AnVir Task Manager Free] "c:\program files\anvir task manager free\AnVir.exe" Minimized
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Norton Ghost 14.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: En&queue current page with Bulk Image Downloader - file://c:\program files\bulk image downloader\iemenu\iebidqueue.htm
IE: Enqueue link target with Bulk Ima≥ Downloader - file://c:\program files\bulk image downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with Bulk Image Downloader - file://c:\program files\bulk image downloader\iemenu\iebidlink.htm
IE: Open current page with Bulk I&mage Downloader - file://c:\program files\bulk image downloader\iemenu\iebid.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\lsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254200314750
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jack\applic~1\mozilla\firefox\profiles\spfcinu2.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-19 64288]
R0 MFX;MFX; [x]
R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2009-8-5 134272]
R0 tdrpman174;Acronis Try&Decide and Restore Points filter (build 174);c:\windows\system32\drivers\tdrpm174.sys [2009-8-5 971552]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files\brother\bradmin professional 3\bratimer.exe [2009-8-20 65536]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-10-7 12672]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2008-10-3 14976]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-4 5120]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896]
S0 XMS1563K;XMS1563K;c:\windows\system32\drivers\XMS1563K.SYS [2008-4-1 52108]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1170768]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-8-4 3584]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\jack\locals~1\temp\alsysio.sys --> c:\docume~1\jack\locals~1\temp\ALSysIO.sys [?]
S3 AODDriver;AODDriver;c:\program files\gigabyte\et6\i386\AODDriver.sys [2009-2-23 7168]
S3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\common files\bcl technologies\easypdf 5\bepldr.exe [2007-8-22 151552]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2009-10-7 17488]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2008-3-1 24944]
S3 MarkFun_NT;MarkFun_NT;\??\c:\program files\gigabyte\et5pro\markfun.w32 --> c:\program files\gigabyte\et5pro\markfun.w32 [?]
S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
S4 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\GSvr.exe [2008-3-1 47624]
S4 IFA_Moore Service;IFA_Moore Service;c:\program files\common files\primal pictures shared\service\IFA_Moore Service File.exe [2008-7-2 68096]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero8\incd\NBHRegInCDSrv.exe [2007-12-13 50984]
S4 Noroadb;Noroadb; [x]

=============== Created Last 30 ================

2009-10-22 01:23 <DIR> --d----- c:\docume~1\jack\applic~1\GetRightToGo
2009-10-22 00:02 178,432 a------- c:\windows\system32\lsp.dll
2009-10-22 00:00 <DIR> --d----- c:\program files\pimqmx
2009-10-20 02:36 <DIR> --d----- c:\program files\WinSCP
2009-10-19 03:25 15,688 a------- c:\windows\system32\lsdelete.exe
2009-10-19 01:55 64,288 a------- c:\windows\system32\drivers\Lbd.sys
2009-10-19 01:54 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-19 01:54 <DIR> --d----- c:\program files\Lavasoft
2009-10-19 01:08 <DIR> --d----- c:\program files\jrcgnn
2009-10-19 01:08 <DIR> --d----- c:\program files\ucpram
2009-10-15 01:08 <DIR> --d----- C:\Saunders
2009-10-13 16:59 2,146,304 a------- c:\windows\system32\GPhotos.scr
2009-10-12 20:41 <DIR> --d----- c:\program files\iPod
2009-10-12 20:41 <DIR> --d----- c:\program files\iTunes
2009-10-12 20:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-09 02:55 4 a------- c:\windows\system32\GVTunner.ref
2009-10-08 22:54 <DIR> --d----- c:\program files\DVDFab 6
2009-10-07 23:39 17,488 a------- c:\windows\etdrv.sys
2009-10-07 23:26 12,672 a------- c:\windows\system32\drivers\cpuz132_x32.sys
2009-10-07 23:26 <DIR> --d----- c:\program files\CPUID
2009-10-07 23:10 <DIR> --d----- c:\program files\AMD
2009-10-07 02:08 36,484 a------- c:\windows\system32\drivers\SMBios.sys
2009-10-05 03:19 81,920 a------- c:\docume~1\jack\applic~1\ezpinst.exe
2009-10-05 03:19 <DIR> --d----- c:\windows\system32\system
2009-10-05 03:19 719,872 a------- c:\windows\system32\devil.dll
2009-10-05 03:19 314,368 a------- c:\windows\system32\avisynth.dll
2009-10-05 03:19 <DIR> --d----- c:\program files\Magic Video Converter
2009-10-04 04:01 <DIR> --d----- c:\program files\Trend Micro
2009-10-04 01:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PhotoStitch
2009-10-03 02:42 <DIR> --d----- c:\program files\Simpli Software
2009-09-28 22:01 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-09-25 01:42 <DIR> --d----- c:\docume~1\jack\applic~1\HDRsoft
2009-09-24 21:21 <DIR> --d----- c:\program files\PhotomatixPro3

==================== Find3M ====================

2009-10-09 02:55 24,944 a------- c:\windows\system32\drivers\GVTDrv.sys
2009-10-09 02:55 17,488 a------- c:\windows\gdrv.sys
2009-10-08 22:54 87,608 a------- c:\docume~1\jack\applic~1\inst.exe
2009-10-08 22:54 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-10-08 22:54 47,360 a------- c:\docume~1\jack\applic~1\pcouffin.sys
2009-10-05 02:27 217,664 a------- c:\windows\system32\drivers\truecrypt.sys
2009-10-03 11:50 2,069,784 a------- c:\windows\system32\AutoPartNt.exe
2009-08-28 19:42 2,065,696 a------- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:42 40,448 a------- c:\windows\system32\drivers\usbaapl.sys
2009-08-23 14:00 23,856 a------- c:\windows\system32\spupdsvc.exe
2009-08-23 14:00 922,112 -------- c:\windows\system32\imapi2fs.dll
2009-08-23 14:00 426,496 -------- c:\windows\system32\imapi2.dll
2009-08-15 16:46 60,652 a---h--- c:\windows\system32\mlfcache.dat

============= FINISH: 20:09:24.65 ===============


----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


RootRepeal is still scanning as I type this. Will post when it's finished. Thanks

BC AdBot (Login to Remove)

 


#2 carlallenjack

carlallenjack
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 22 October 2009 - 10:34 PM

Attachment from DDS and RootRepeal report

Attached Files



#3 carlallenjack

carlallenjack
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:55 PM

Posted 23 October 2009 - 12:46 AM

Problem solved, installed and ran Malwarebytes and it found search.hijacker. Bingo. Everything is back to normal now... thanks

#4 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 23 October 2009 - 05:50 PM

Thanks for letting us know carlallenjack. :(




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users