Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search redirecting


  • Please log in to reply
3 replies to this topic

#1 scalibound

scalibound

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 22 April 2010 - 04:59 PM

Both my IE and Firefox google searches are redirecting when I click on one of the search results. IE occassionally opens random spam site while surfing the web.


DDS (Ver_10-03-17.01) - NTFSx86
Run by mark hamilton at 11:58:54.25 on Wed 04/21/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.234 [GMT -7:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Adobe\Reader 9.0\Reader\A3DUtility.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Documents and Settings\mark hamilton\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [Google Update] "c:\documents and settings\mark hamilton\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\okilpr~1.lnk - c:\program files\okidata\oki lpr utility\okilpr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 8\SnagIt32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\markha~1\applic~1\mozilla\firefox\profiles\ivekwrds.default\
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&p=
FF - component: c:\documents and settings\mark hamilton\application data\mozilla\firefox\profiles\ivekwrds.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\mark hamilton\application data\mozilla\firefox\profiles\ivekwrds.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\mark hamilton\application data\mozilla\firefox\profiles\ivekwrds.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}\components\Engine.dll
FF - plugin: c:\documents and settings\mark hamilton\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-20 64288]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-1-5 385536]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/08/25 21:49:57];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-4-13 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-4-13 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-4-13 144704]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;c:\program files\common files\neatreceipts\db controller\NeatReceiptsDBController.exe [2008-2-5 228480]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-4-13 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-13 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-13 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-4-13 40552]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1265264]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-4-13 34248]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]

=============== Created Last 30 ================

2010-04-21 05:20:55 0 d-----w- c:\docume~1\markha~1\applic~1\Malwarebytes
2010-04-21 05:19:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-21 05:19:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-21 05:19:48 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 05:19:47 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-21 04:10:56 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-04-21 04:10:18 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-21 04:10:18 0 d-----w- c:\docume~1\markha~1\applic~1\SUPERAntiSpyware.com
2010-04-21 01:38:32 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-21 01:38:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-04-21 01:20:34 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-20 23:04:38 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-20 23:04:33 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-20 22:57:09 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-20 22:56:35 0 d-----w- c:\program files\Lavasoft
2010-04-20 19:59:50 0 d-----w- c:\program files\Trend Micro
2010-04-17 15:40:24 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-04-17 15:40:23 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2010-04-17 15:40:14 430080 ------w- c:\windows\system32\dllcache\vbscript.dll
2010-04-15 05:14:00 178176 ------w- c:\windows\system32\dllcache\wintrust.dll
2010-04-15 05:13:57 86016 ------w- c:\windows\system32\dllcache\cabview.dll
2010-04-14 16:27:09 140288 ----a-w- c:\windows\system32\zfcxx.tmp
2010-04-14 16:27:09 140288 ----a-w- c:\windows\system32\dllcache\zfcxx.tmp
2010-04-14 10:45:24 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-14 10:45:24 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-14 05:02:34 11169 ----a-w- c:\windows\system32\Config.MPF
2010-04-14 04:59:01 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-04-14 04:59:01 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-14 04:59:00 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-14 04:58:54 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-04-14 04:58:09 0 d-----w- c:\program files\common files\McAfee
2010-04-14 04:58:08 0 d-----w- c:\program files\McAfee.com
2010-04-14 04:58:01 0 d-----w- c:\program files\McAfee
2010-04-14 04:55:06 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-04-14 04:29:31 0 d-----w- c:\windows\system32\wbem\Repository
2010-03-31 22:45:07 193024 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-03-30 22:20:41 104768 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-03-24 02:56:22 3247 ----a-w- c:\windows\system32\wbem\Outlook_01cacafd95dea781.mof

==================== Find3M ====================

2010-04-21 13:06:40 110120 ----a-w- c:\windows\system32\drivers\pnp680r.sys
2010-03-19 13:31:57 89256 ------w- c:\windows\system32\ElbyCDIO.dll
2010-03-12 00:19:34 3602944 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-03-10 14:05:41 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-03-10 14:05:40 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-03-09 11:06:59 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 11:57:57 457216 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 11:57:57 457216 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-23 05:19:59 634648 ------w- c:\windows\system32\dllcache\iexplore.exe
2010-02-23 05:18:27 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2010-02-16 12:52:12 2190080 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 12:50:36 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:50:36 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 12:12:52 2066944 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 12:12:52 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 12:12:52 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 04:27:58 100864 ----a-w- c:\windows\system32\6to4svc.dll
2009-08-26 06:23:34 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009082520090826\index.dat

============= FINISH: 12:02:01.10 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:55 AM

Posted 22 April 2010 - 07:50 PM

Hi, scalibound smile.gif

welcome.gif

Lets try Combofix.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------
  4. Double click on combofix.exe & follow the prompts.
  5. Install the Recovery Console if prompted.
  6. When finished, it will produce a report for you.
  7. Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,749 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:55 AM

Posted 27 April 2010 - 01:07 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 scalibound

scalibound
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 30 April 2010 - 12:57 PM

Thank you for the help and reopening the topic. I ran Combofix it seems to have fixed the problem. Here is the log file.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users