Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE redirects to ads on search results and Gmer restarts computer each time


  • This topic is locked This topic is locked
2 replies to this topic

#1 cmedy

cmedy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 27 May 2010 - 10:38 AM

I've followed all the instructions and have attempted three times to run GMER but each time it takes more than 30 minutes, running well, and then suddenly my computer restarts. I've attached what I saved of Gmer one of the last times before it shut down.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Carolyn at 8:34:38.45 on Thu 05/27/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.287 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
C:WINDOWSsystem32svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
C:WINDOWSsystem32spoolsv.exe
svchost.exe
C:Program FilesAmazonAmazon Unbox VideoADVWindowsClientService.exe
C:Program FilesGoogleUpdate1.2.183.23GoogleCrashHandler.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesSymantec AntiVirusDefWatch.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMotiveMcciCMService.exe
C:Program FilesSymantec AntiVirusSavRoam.exe
C:Program FilesDell Support Centerbinsprtsvc.exe
c:Program FilesMicrosoft SQL Server90Sharedsqlwriter.exe
svchost.exe
C:Program FilesOnline BackupOnlineBackup.exe
C:Program FilesBroadJumpClient FoundationCFD.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesSymantec AntiVirusRtvscan.exe
C:Program FilesMicrosoft OfficeOffice12GrooveMonitor.exe
C:WINDOWSsystem32svchost.exe -k netsvcs
C:Program FilesLinksys Wireless-G USB Wireless Network MonitorWLService.exe
C:Program FilesAdobeAcrobat 9.0AcrobatAcrotray.exe
C:Program FilesLinksys Wireless-G USB Wireless Network MonitorWUSB54Gv4.exe
C:Program FilesCitrixICA Clientconcentr.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesCitrixICA Clientwfcrun32.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesDellSupportDSAgnt.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesShutterflyStudioBINSFlyStudio.exe
C:Documents and SettingsCarolynApplication DataSanDiskSansa UpdaterSansaDispatch.exe
C:Program FilesAmazonAmazon Unbox VideoADVWindowsClientSystemTray.exe
C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE
C:Program FilesMcAfee Security Scan2.0.181SSScheduler.exe
C:Program FilesCommon FilesMicrosoft SharedWorks Sharedwkcalrem.exe
C:Program FilesWindows Desktop SearchWindowsSearch.exe
C:Program FilesSouthwest AirlinesDingDing.exe
C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
C:WINDOWSsystem32SearchIndexer.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesSymantec AntiVirusVPC32.exe
C:WINDOWSsystem32SearchProtocolHost.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsCarolynDesktopdds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/webhp?client=gmail&rls=gm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:windowssystem32userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.5.5126.1836swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:program filesgooglechrome frameapplication5.0.375.49npchrome_frame.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:program filescommon filesadobeacrobatactivexAcroIEFavClient.dll
TB: eMusic Toolbar: {9ee802e8-c931-47ab-b570-aa8f791598ca} - c:program filesemusictbeMu1.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:documents and settingscarolynapplication datamozillafirefoxprofilesb04ogfco.defaultextensions{0b457caa-602d-484a-8fe7-c1d894a011ba}libraryfsaddin-0.80.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
uRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe"
uRun: [DellSupport] "c:program filesdellsupportDSAgnt.exe" /startup
uRun: [MoneyAgent] "c:program filesmicrosoft moneysystemMoney Express.exe"
uRun: [DellSupportCenter] "c:program filesdell support centerbinsprtcmd.exe" /P DellSupportCenter
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [doubleTwist] c:program filesdoubletwist 2.0DoubleTwist.DeviceHelper.exe
uRun: [ShutterflyStudio] c:program filesshutterflystudiobinSFlyStudio.exe /trayonly
uRun: [SansaDispatch] c:documents and settingscarolynapplication datasandisksansa updaterSansaDispatch.exe
mRun: [@BackupScheduler] c:program filesonline backupOnlineBackup.exe
mRun: [BJCFD] c:program filesbroadjumpclient foundationCFD.exe
mRun: [DLBXCATS] rundll32 c:windowssystem32spooldriversw32x863DLBXtime.dll,_RunDLLEntry@16
mRun: [dellsupportcenter] "c:program filesdell support centerbinsprtcmd.exe" /P dellsupportcenter
mRun: [dscactivate] "c:program filesdell support centergs_agentcustomdsca.exe"
mRun: [GrooveMonitor] "c:program filesmicrosoft officeoffice12GrooveMonitor.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:program filesadobeacrobat 9.0acrobatAcrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:program filesadobeacrobat 9.0acrobatAcrotray.exe"
mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportAppleSyncNotifier.exe
mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"
mRun: [ISUSPM Startup] "c:program filescommon filesinstallshieldupdateserviceISUSPM.exe" -startup
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
mRun: [ConnectionCenter] "c:program filescitrixica clientconcentr.exe" /startup
mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"
dRun: [swg] c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe
mExplorerRun: [RTHDBPL] c:documents and settingscarolynapplication datasystemproclsass.exe
StartupFolder: c:docume~1carolynstartm~1programsstartupding!.lnk - c:program filessouthwest airlinesdingDing.exe
StartupFolder: c:docume~1carolynstartm~1programsstartuponenot~1.lnk - c:program filesmicrosoft officeoffice12ONENOTEM.EXE
StartupFolder: c:docume~1alluse~1startm~1programsstartupadobeg~1.lnk - c:program filescommon filesadobecalibrationAdobe Gamma Loader.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupamazon~1.lnk - c:program filesamazonamazon unbox videoADVWindowsClientSystemTray.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupmcafee~1.lnk - c:program filesmcafee security scan2.0.181SSScheduler.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupmicros~1.lnk - c:program filescommon filesmicrosoft sharedworks sharedwkcalrem.exe
StartupFolder: c:docume~1alluse~1startm~1programsstartupwindow~1.lnk - c:program fileswindows desktop searchWindowsSearch.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:progra~1mi1933~1office12EXCEL.EXE/3000
IE: Google Sidewiki... - c:program filesgooglegoogle toolbarcomponentGoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:progra~1mi1933~1office12ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:program filesskypetoolbarsinternet explorerSkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1mi1933~1office12REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:windowssystem32Shdocvw.dll
Trusted Zone: higheredjobs.comwww
Trusted Zone: k12.nc.usc2s.chccs
Trusted Zone: ncacswim.orgwww
Trusted Zone: onthehub.come5
Trusted Zone: stonlinebooking.comsecure
Trusted Zone: usair.comwww
Trusted Zone: usairways.comwww
Trusted Zone: usairways.comwww2
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://site.ebrary.com.libproxy.lib.unc.edu/lib/uncch/support/plugins/ebraryRdr.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:program filesyahoo!commonYinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://preview.evite.com/js/ImageUploader5.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.new.facebook.com/controls/contactx.dll
DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} - hxxp://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://webcam.jomc.unc.edu/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
TCP: {366B5C36-DDE5-44FF-8D97-164B60683C2A} = 192.168.1.1,24.25.5.150
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:program filesgooglechrome frameapplication5.0.375.49npchrome_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:program filesmicrosoft officeoffice12GrooveSystemServices.dll
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1common~1skypeSKYPE4~1.DLL
Notify: AfsLogon - c:program filesopenafsclientprogramafslogon.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:windowssystem32NavLogon.dll
AppInit_DLLs: c:progra~1googlegoogle~1GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:program filesmicrosoft officeoffice12GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:program fileswindows desktop searchMSNLNamespaceMgr.dll
Hosts: 10.254.254.253 AFS

================= FIREFOX ===================

FF - ProfilePath - c:docume~1carolynapplic~1mozillafirefoxprofilesb04ogfco.default
FF - component: c:documents and settingscarolynapplication datamozillafirefoxprofilesb04ogfco.defaultextensions{0b457caa-602d-484a-8fe7-c1d894a011ba}platformwinnt_x86-msvccomponentsSSSLauncher.dll
FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll
FF - plugin: c:program filesgooglepicasa3npPicasa3.dll
FF - plugin: c:program filesgoogleupdate1.2.183.23npGoogleOneClick8.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpdeployJava1.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpicaN.dll
FF - plugin: c:program filesviewpointviewpoint experience technologynpViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: Internal security: No Registry Reference - c:program filesmozilla firefoxextensions{8CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 ctxusbm;Citrix USB Monitor Driver;c:windowssystem32driversctxusbm.sys [2009-9-8 65584]
R1 SAVRT;SAVRT;c:program filessymantec antivirussavrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:program filessymantec antivirusSavrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:program filescommon filessymantec sharedccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:program filescommon filessymantec sharedccSetMgr.exe [2007-5-29 169576]
R2 McrdSvc;Media Center Extender Service;c:windowsehomemcrdsvc.exe [2005-8-5 99328]
R2 SavRoam;SAVRoam;c:program filessymantec antivirusSavRoam.exe [2007-6-6 116928]
R2 Symantec AntiVirus;Symantec AntiVirus;c:program filessymantec antivirusRtvscan.exe [2007-6-6 1821376]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:program filescommon filessymantec sharedeengineEraserUtilRebootDrv.sys [2009-8-27 102448]
R3 NAVENG;NAVENG;c:progra~1common~1symant~1virusd~120100526.006naveng.sys [2010-5-26 85552]
R3 NAVEX15;NAVEX15;c:progra~1common~1symant~1virusd~120100526.006navex15.sys [2010-5-26 1347504]
S2 gupdate;Google Update Service (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2009-11-5 135664]
S3 ICDUSB2;Sony IC Recorder (ST);c:windowssystem32driversIcdUsb2.sys [2006-1-8 39048]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:program filesmcafee security scan2.0.181McCHSvc.exe [2010-1-15 227232]

=============== Created Last 30 ================

2010-05-27 12:32:59 0 ----a-w- c:documents and settingscarolyndefogger_reenable
2010-05-27 11:33:01 754 ----a-w- c:windowsWORDPAD.INI
2010-05-27 00:54:49 0 dc-h--w- c:windowsie8
2010-05-27 00:52:23 411368 ----a-w- c:windowssystem32deployJava1.dll
2010-05-26 14:17:42 69120 ----a-w- C:autoexec.exe
2010-05-25 21:58:38 0 d-----w- c:windows3FADAA19E59544CAA07258B6B0851768.TMP
2010-05-25 17:55:09 9 ----a-w- C:confin.sys
2010-05-25 17:55:00 0 d-sh--w- c:docume~1carolynapplic~1SystemProc
2010-04-29 12:53:00 0 d-----w- c:program filesBonjour

==================== Find3M ====================

2010-04-16 11:43:30 41984 ------w- c:windowssystem32dllcacheiecompat.dll
2010-04-08 17:20:02 91424 ----a-w- c:windowssystem32dnssd.dll
2010-04-08 17:20:02 107808 ----a-w- c:windowssystem32dns-sd.exe
2010-03-10 06:15:52 420352 ----a-w- c:windowssystem32vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:windowssystem32dllcachevbscript.dll
2009-12-16 01:58:42 56 --sh--r- c:windowssystem321CB7290F27.sys
2009-12-16 01:58:43 3558 --sha-w- c:windowssystem32KGyGaAvL.sys
2008-09-10 01:47:29 32768 --sha-w- c:windowssystem32configsystemprofilelocal settingshistoryhistory.ie5mshist012008090920080910index.dat

============= FINISH: 8:37:37.00 ===============

I tried running GMER again, without devices (as you instructed another user) and after five hours it froze my computer again. I should have stated earlier that my problem is similar to many I've read on this forum. Symantic and Norton detect nothing, neither does Windows spyware/malware detector. Yet when i do Web searches, most results redirect to ads and it's maddening. Thank you for any help you can provide.

Attached Files


Edited by Budapest, 27 May 2010 - 04:53 PM.
Posts merged ~BP


BC AdBot (Login to Remove)

 


#2 cmedy

cmedy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:50 AM

Posted 28 May 2010 - 05:33 AM

I fixed it!

I ran Microsoft's live scan from the Microsoft Web site. It found a virus (but deleted it before I wrote it down, sorry) and several suspicious files that no other virus, spyware or malware scan (including Symantec's Antivirus full scan and tdsskiller, among others) had detected so far. The scan took all night but all the hijacking/redirect problems are gone.

Here's where I found Microsoft's PC safety scan that solved my nightmare:

http://onecare.live.com/site/en-us/default.htm

Edited by cmedy, 28 May 2010 - 05:35 AM.


#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:50 AM

Posted 28 May 2010 - 07:45 PM

Glad you fixed it. thumbup2.gif

-------------------------------------------------------------

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users