Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some sort of Redirector?


  • This topic is locked This topic is locked
2 replies to this topic

#1 Katman96

Katman96

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Middlefield,CT.
  • Local time:12:33 AM

Posted 04 March 2010 - 12:20 PM

I am able to browse to MSN.com only. Any other website i try to go to will redirect to some "random site". I am having trouble getting gmer.exe to run till completion, so I cant attach that output file. Any suggestions? thanks in advance...


DDS (Ver_09-12-01.01) - NTFSx86
Run by Dawn at 9:25:31.78 on Thu 03/04/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.228 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\sYSteM32\SvchOst.eXE -k okogrp
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
C:\Program Files\Sprint\Sprint SmartView\bmctl.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Malware Removal Tools\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\dawn\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: bmnet.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: 85.13.206.114 uuu20091124.info
Hosts: 85.13.206.114 u07012010u.com

============= SERVICES / DRIVERS ===============

R1 fio32;fio32;c:\windows\system32\drivers\fio32.sys [2010-1-29 59264]
R1 oko6;oko6;c:\windows\system32\drivers\oko6.sys [2010-2-12 32768]
R2 okosrv;okosrv;c:\windows\system32\SvchOst.eXE -k okogrp [2009-6-3 21504]
R3 FinePnt;FinePoint Innovations HID Driver;c:\windows\system32\drivers\FpHidDrv.sys [2006-10-30 24736]
R3 MSTabBtn;Quanta Computer Tablet PC Buttons HID Driver;c:\windows\system32\drivers\mstabbtn.sys [2007-3-9 10496]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2009-10-29 24856]
S2 fioo32;fioo32;c:\windows\system32\SvchOst.eXE -k fioo32 [2009-6-3 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2009-12-2 124224]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-6-3 21504]

=============== Created Last 30 ================

2010-03-04 14:23:36 0 ----a-w- c:\users\dawn\defogger_reenable
2010-03-04 14:22:49 0 d-----w- C:\Malware Removal Tools
2010-03-03 20:35:31 0 d-----w- c:\programdata\WindowsSearch
2010-03-03 19:06:17 0 d-----w- c:\users\dawn\appdata\roaming\Malwarebytes
2010-03-03 19:06:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-03 19:06:03 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-03 19:06:03 0 d-----w- c:\programdata\Malwarebytes
2010-03-03 19:06:03 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-13 02:37:01 32768 ----a-w- c:\windows\system32\drivers\oko6.sys
2010-02-13 02:37:01 102400 ----a-w- c:\windows\system32\oko6.dll
2010-02-13 02:36:40 23552 ----a-w- c:\windows\rdr_1266028598.exe
2010-02-13 02:25:39 194048 ----a-w- c:\windows\rdr_1266027931.exe
2010-02-13 02:25:31 23552 ----a-w- c:\windows\rdr_1266027925.exe
2010-02-13 02:25:25 2 ----a-w- c:\windows\0101120101465448.xxe

==================== Find3M ====================

2010-01-29 16:29:24 75264 ----a-w- c:\windows\rdr_1264782561.exe
2010-01-29 15:58:10 75264 ----a-w- c:\windows\rdr_1264780687.exe
2010-01-29 15:57:32 75264 ----a-w- c:\windows\rdr_1264780650.exe
2010-01-29 15:56:37 75264 ----a-w- c:\windows\rdr_1264780596.exe
2010-01-29 15:51:49 75264 ----a-w- c:\windows\rdr_1264780306.exe
2010-01-29 15:49:23 75264 ----a-w- c:\windows\rdr_1264780160.exe
2010-01-29 15:45:50 75264 ----a-w- c:\windows\rdr_1264779946.exe
2010-01-29 15:44:59 75264 ----a-w- c:\windows\rdr_1264779898.exe
2010-01-29 15:44:15 75264 ----a-w- c:\windows\rdr_1264779853.exe
2010-01-29 15:42:32 75264 ----a-w- c:\windows\rdr_1264779748.exe
2010-01-29 15:41:22 12842 ----a-w- c:\windows\rdr_1264779679.exe
2010-01-29 15:39:58 75264 ----a-w- c:\windows\rdr_1264779596.exe
2010-01-29 15:39:30 75264 ----a-w- c:\windows\rdr_1264779568.exe
2010-01-29 15:38:26 59264 ----a-w- c:\windows\system32\drivers\fio32.sys
2010-01-29 15:38:05 75264 ----a-w- c:\windows\rdr_1264779484.exe.exe
2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 18:32:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-01-01 16:47:44 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-01 16:47:44 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-01 16:47:35 143360 ----a-w- c:\windows\inf\infstor.dat
2009-11-18 16:08:57 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-08 02:51:14 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-11-17 16:55:06 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 9:27:09.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:33 AM

Posted 05 March 2010 - 06:19 AM

Hi,

I see you have Malwarebytes already installed, but from what I can see in above log, it looks like you didn't update malwarebytes, because I know it can deal with this variant.
So, First of all, please update MalwareBytes:
  • Start MalwareBytes and click the Update tab. There click "Check for updates"
  • Once the updates are downloaded, perform a quick scan again.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh DDS log, then we'll proceed from there with new steps.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:33 AM

Posted 10 March 2010 - 11:31 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users