Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Results Redirected


  • This topic is locked This topic is locked
2 replies to this topic

#1 jamado

jamado

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 26 December 2009 - 09:55 PM

Search engine results are being redirected, but any command line inputs go to the entered site. Computer is running slow as well. I've run MBAM, SuperAntiSpyware, Avast, Trojan Remover, etc. but no joy. I have logs and logs of results, but still the problem persists. Please help! I've been working on this machine for 4 days. Here is my DDS log.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Sean Merrell at 20:37:17.01 on Sat 12/26/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.247.64 [GMT -6:00]

AV: avast! antivirus 4.8.1368 [VPS 091226-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\2Wire\Gateway\2PortalMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Sean Merrell\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IPInSightLAN 02] "c:\program files\visual networks\visual ip insight\sbc\IPClient.exe" -l
mRun: [2wSysTray] c:\program files\2wire\gateway\2PortalMon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {2DEF4530-8CE6-41C9-84B6-A54536C90213} - hxxps://www.dentisoftonline.com/viewer/activeXViewer/activexviewer.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - hxxps://ediagnostics.lexmark.com/serval.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-12-22 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-22 20560]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]
S2 Ca533av;Polaroid Digital Cam Video; [x]
S3 tgiul50;tgiul50;c:\windows\system32\drivers\tgiulnt5.sys [2006-9-19 138528]

=============== Created Last 30 ================

2009-12-27 00:12:44 96512 ----a-w- c:\windows\system32\drivers\OLD6.tmp
2009-12-24 23:28:15 0 d-----w- c:\documents and settings\sean merrell\DoctorWeb
2009-12-24 21:40:41 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-24 01:31:56 54016 ----a-w- c:\windows\system32\drivers\domaqi.sys
2009-12-23 23:58:04 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-12-23 23:58:04 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-12-23 23:58:04 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-12-23 23:58:04 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-12-23 23:58:04 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2009-12-23 23:57:54 0 d-----w- c:\program files\Trojan Remover
2009-12-23 23:57:54 0 d-----w- c:\docume~1\seanme~1\applic~1\Simply Super Software
2009-12-23 23:57:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-12-23 22:01:05 96512 ----a-w- c:\windows\system32\drivers\OLD15.tmp
2009-12-23 22:00:59 96512 ----a-w- c:\windows\system32\drivers\OLD12.tmp
2009-12-23 02:41:54 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-12-23 02:36:45 3706 ----a-w- C:\cc_20091222_203644.reg
2009-12-23 02:33:22 555612 ----a-w- C:\cc_20091222_203318.reg
2009-12-23 02:29:18 0 d-----w- c:\program files\Trend Micro
2009-12-23 01:09:20 0 d-----w- C:\CompDr
2009-12-22 23:59:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-22 23:59:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-22 23:59:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-22 22:42:57 0 d-sha-r- C:\cmdcons
2009-12-22 22:38:36 77312 ----a-w- c:\windows\MBR.exe
2009-12-22 22:38:34 98816 ----a-w- c:\windows\sed.exe
2009-12-22 22:38:34 261632 ----a-w- c:\windows\PEV.exe
2009-12-22 22:38:34 161792 ----a-w- c:\windows\SWREG.exe
2009-12-10 21:17:02 0 d-----w- c:\program files\common files\AnswerWorks 5.0
2009-12-10 21:16:22 1843200 ----a-w- c:\windows\system32\acXMLParser.dll
2009-12-10 21:16:19 3518464 ----a-w- c:\windows\system32\cdintf300.dll
2009-12-10 21:15:29 0 d-----w- c:\program files\common files\Palo Alto Software
2009-12-10 21:15:12 0 d-----w- c:\program files\common files\Intuit
2009-12-10 21:08:39 52 ----a-w- c:\windows\intuprof.ini

==================== Find3M ====================

2009-12-27 00:12:53 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-29 07:45:38 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2007-11-12 21:53:42 18568192 -c--a-w- c:\program files\yie7setup_tb7_news.exe
2005-12-20 19:28:38 520892 -c--a-w- c:\program files\MpegLoader.exe
2005-11-29 18:38:00 5037072 -c--a-w- c:\program files\spybotsd14.exe
2005-11-10 16:12:11 369896 -c--a-w- c:\program files\WindowsXP-KB888240-x86-ENU.exe

============= FINISH: 20:40:34.00 ===============


Root Repeal will not run. I get a Root Repeal Error with Exception Address 0x004eca19. Should I run it in safe mode?

Thanks in advance for any and all help!

BC AdBot (Login to Remove)

 


#2 jamado

jamado
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:56 PM

Posted 30 December 2009 - 12:29 AM

I know you guys are busy, but it would be fair if the VOLUNTEERS would help people in the order that they post. I see a couple of posts that were after mine that are already being helped, and others days before mine that aren't.

Anyway, I already solved my issues. I used TDSSKiller to clean out a rootkit, and was then able to run MBAM, etc to clean out the rest. I'm still running slow but I'll keep working on that issue.

Great forum, but it should be set up for first come, first served. :(

Please close this topic.

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:56 AM

Posted 30 December 2009 - 09:43 AM

Great forum, but it should be set up for first come, first served.

This is the way it is done. On occasion it happens a topic is taken sooner, but there are certains reasons for that.

but it would be fair if the VOLUNTEERS would help people in the order that they post. I see a couple of posts that were after mine that are already being helped,

Feel free to send me a PM with examples...

This topic will now be closed as requested by user.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users