Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mozilla firefox/ IE7 redirect on Vista


  • This topic is locked This topic is locked
1 reply to this topic

#1 sammik117

sammik117

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:38 PM

Posted 25 October 2010 - 03:05 PM

my computer is redirecting every time i try to click on a link brought up by any search engine. The following is my comboxfix log:

ComboFix 10-10-24.06 - Sammi 10/25/2010 15:14:41.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1537 [GMT -4:00]
Running from: c:\users\Sammi\Desktop\ComboFix.exe
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
SP: PC-cillin Internet Security - Spyware Protection *disabled* (Outdated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-09-25 to 2010-10-25 )))))))))))))))))))))))))))))))
.

2010-10-25 19:19 . 2010-10-25 19:19 -------- d-----w- c:\users\Sammi\AppData\Local\temp
2010-10-25 19:19 . 2010-10-25 19:19 -------- d-----w- c:\users\karen\AppData\Local\temp
2010-10-25 19:19 . 2010-10-25 19:19 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-10-25 19:19 . 2010-10-25 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-25 19:19 . 2010-10-25 19:19 -------- d-----w- c:\users\Daddy\AppData\Local\temp
2010-10-24 13:41 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CB7BD419-4FDE-4B86-B809-EAC9EE2A2E1D}\mpengine.dll
2010-10-18 18:56 . 2010-10-18 18:56 113664 --sha-r- c:\users\Sammi\AppData\Roaming\dlcxlmpme.dll
2010-10-17 05:59 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-17 02:19 . 2010-10-17 02:19 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-10-16 18:05 . 2010-10-16 18:05 -------- d-----w- c:\program files\Kaspersky Lab
2010-10-16 18:05 . 2010-10-16 18:36 -------- d-----w- c:\programdata\Kaspersky Lab
2010-10-16 18:03 . 2010-10-16 18:03 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-10-16 13:25 . 2010-09-16 14:24 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{12F926AC-D217-4C36-8739-2591ECFDDA60}\mpengine.dll
2010-10-16 13:25 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-13 06:42 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 06:42 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 06:42 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 06:42 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 06:42 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 06:42 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-13 06:42 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 06:38 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-11 21:04 . 2010-10-11 21:04 -------- d-----w- c:\users\Sammi\AppData\Roaming\Uniblue
2010-10-07 21:15 . 2010-10-07 21:15 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-29 09:11 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 09:10 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-26 14:33 . 2010-09-26 14:33 -------- d-----w- c:\program files\iPod
2010-09-26 14:29 . 2010-09-26 14:29 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 17:55 . 2010-08-27 15:04 69632 ----a-r- c:\users\Sammi\AppData\Roaming\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
2010-09-09 17:55 . 2010-08-27 15:04 413696 ----a-r- c:\users\Sammi\AppData\Roaming\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
2010-09-09 17:55 . 2010-08-27 15:04 413696 ----a-r- c:\users\Sammi\AppData\Roaming\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
2010-09-09 17:55 . 2010-08-27 15:04 413696 ----a-r- c:\users\Sammi\AppData\Roaming\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\ARPPRODUCTICON.exe
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-17 14:11 . 2010-09-15 06:53 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-27 22:44 . 2010-07-27 22:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 22:44 . 2010-07-27 22:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"mzez"="c:\users\Sammi\AppData\Roaming\dlcxlmpme.dll" [2010-10-18 113664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2007-08-27 1807696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-09-11 218032]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-06-15 47408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-18 50688]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-02-14 266240]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-11-04 537480]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2007-08-27 345432]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2007-08-27 923216]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2008-11-26 36368]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2007-08-27 566872]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2007-08-27 280392]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-25 c:\windows\Tasks\User_Feed_Synchronization-{1A7B266C-2BDC-42A9-A5E9-185BA9250A2A}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
DPF: {E97F469C-D577-4EC2-84F7-FD2186E1AE0A} - hxxps://ll2.hofstra.edu/wsfiles$/bin/wscs1.ocx
FF - ProfilePath - c:\users\Sammi\AppData\Roaming\Mozilla\Firefox\Profiles\zkphytio.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.hofstra.edu/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13161&gct=&gc=1&q=
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Photosynth\npPhotosynthMozilla.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-25 15:19
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-25 15:21:50
ComboFix-quarantined-files.txt 2010-10-25 19:21
ComboFix2.txt 2010-10-24 09:13
ComboFix3.txt 2010-10-22 13:14

Pre-Run: 143,268,003,840 bytes free
Post-Run: 143,256,416,256 bytes free

- - End Of File - - DBC416FD60A66454F3705C642B13CB11

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:38 PM

Posted 25 October 2010 - 11:10 PM

As you have stated in your AII topic that things are fixed,I am closing yhis topic to prevent using valuable time of our MRT volunteers. If you need this re opened ,please send me or any Staff a PM.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users