Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search/ad virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 ReallyReuger

ReallyReuger

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 07 November 2010 - 01:09 PM

Attached File  Attach.txt   12.13KB   1 downloads1.When I do searches, they are re-directed to ad sites.
2.I am also having problems visiting multiple sites(example: pctools.com Page is not diplayed and says diagnose connection). The page errors.
3.I am also having issues downloading.(example:http://cainternetsecurity.net/ISSDownloader/default.aspx?TokenId=736186708038 It gets to the downloader and then errors saying server is down,make sure you are connected to the internet)I also can't download malwarebyte, when I click on the download, it goes to a blank explorer page and says diagnose connection.

I'm not sure if the 3 are related, but I thought I would include known issues I am having with my computer...



DDS (Ver_10-11-05.01) - NTFSx86
Run by Jeff at 12:40:07.96 on Sun 11/07/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2611 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\DOCUME~1\Jeff\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\tcpsvcs.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Documents and Settings\Jeff\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.rr.com
uWindow Title = Windows Internet Explorer provided by Road Runner
uURLSearchHooks: H - No File
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
BHO: {81BE4B08-D7CF-A04A-C98F-F7FA38DD6D96} - No File
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdmcks.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Start WingMan Profiler]
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.EXE" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [RegistryMechanic]
mRun: [VMware hqtray] "g:\vmware player\hqtray.exe"
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRunOnce: [RunNarrator] Narrator.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Open with WordPerfect - c:\program files\corel\wordperfect office x5\programs\WPLauncher.hta
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: softpedia.com
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246728241203
DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://cca117cam.occ.utk.edu/activex/AxisCamControl.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
TCP: NameServer = 93.188.162.226,93.188.166.206
TCP: {294E3BE0-DC9B-4FB4-91B9-71B4F3C7168D} = 93.188.162.226,93.188.166.206
TCP: {C7F861EF-7B58-41C2-B384-C41C31B2F7D9} = 93.188.162.226,93.188.166.206
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
LSA: Notification Packages = scecli scecli

============= SERVICES / DRIVERS ===============

R1 papycpu;papycpu;c:\windows\system32\drivers\papycpu.sys [2006-10-6 1984]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-1-22 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-1-22 563760]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-19 136176]
S3 cpuz132;cpuz132;\??\c:\docume~1\jeff\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\jeff\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

=============== Created Last 30 ================

2010-11-07 17:21:52 388096 ----a-r- c:\docume~1\jeff\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-07 17:21:51 -------- d-----w- c:\program files\Trend Micro
2010-11-06 20:24:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\BDLogging
2010-11-06 19:08:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\54f60000-a592-4466-3e97-28f198deb6ba
2010-11-06 18:55:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\926f0000-19eb-420a-b4ef-c0f234a5e884
2010-11-06 18:36:38 -------- d-----w- c:\docume~1\jeff\applic~1\QuickScan
2010-11-06 18:36:10 -------- d-----w- c:\program files\common files\BitDefender
2010-11-06 18:35:41 1832745 ----a-w- c:\docume~1\alluse~1\applic~1\bdinstall.bin
2010-11-06 17:42:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-11-04 17:38:40 -------- d-----w- c:\program files\Conduit
2010-11-04 17:38:40 -------- d-----w- c:\docume~1\jeff\locals~1\applic~1\Conduit
2010-11-04 16:47:08 39936 ----a-w- c:\windows\system32\dwmapi.dll
2010-11-04 16:47:08 329224 ----a-w- c:\windows\system32\DXErr.exe
2010-11-04 16:47:08 236 ----a-w- c:\program files\common files\dx.reg
2010-11-04 16:47:08 209416 ----a-w- c:\windows\system32\dxcpl.exe
2010-11-04 16:47:08 167936 ----a-w- c:\windows\system32\dxgi.dll
2010-11-04 16:47:07 681478 ----a-w- c:\windows\system32\msvcrtnew.dll
2010-11-04 16:47:07 440080 ----a-w- c:\windows\system32\d3dx10.dll
2010-11-04 16:47:07 1162656 ----a-w- c:\windows\system32\ntdllnew.dll
2010-11-04 16:47:06 874502 ----a-w- c:\windows\system32\kernel32new.dll
2010-11-04 16:47:06 716153 ----a-w- c:\windows\system32\unins000.exe
2010-11-04 16:47:06 187398 ----a-w- c:\windows\system32\d3d10core.dll
2010-11-04 16:47:06 1029126 ----a-w- c:\windows\system32\d3d10.dll
2010-11-04 16:44:36 -------- d-----w- c:\docume~1\jeff\applic~1\GetRightToGo
2010-10-31 01:06:07 -------- d-----w- c:\program files\Steam
2010-10-29 02:03:48 -------- d-----w- c:\docume~1\jeff\applic~1\Inbox Toolbar
2010-10-29 02:00:03 -------- d-----w- c:\docume~1\jeff\applic~1\SiteRanker
2010-10-16 12:44:00 -------- d-----w- c:\docume~1\jeff\locals~1\applic~1\Temp
2010-10-15 21:20:55 -------- d-----w- c:\docume~1\jeff\applic~1\Lionhead Studios
2010-10-15 21:18:58 -------- d-sh--w- c:\windows\ftpcache
2010-10-15 21:06:32 -------- d-----w- c:\program files\Lionhead Studios Ltd
2010-10-15 21:06:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\Lionhead Studios

==================== Find3M ====================

2010-11-07 14:48:05 189392 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-07 14:34:39 189392 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-11-06 22:09:52 138056 -c--a-w- c:\docume~1\jeff\applic~1\PnkBstrK.sys
2010-11-06 22:09:34 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-11-06 21:39:51 3360624 ----a-w- c:\windows\system32\pbsvc.exe
2010-10-03 18:47:40 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-10-03 18:47:40 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-10-03 18:47:40 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-09-15 08:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 06:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-14 12:47:33 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

============= FINISH: 12:41:20.34 ===============

Attached File  GMER.log   7.91KB   4 downloadsHere is the GMER file

EDIT: Posts merged ~BP

Edited by Budapest, 07 November 2010 - 03:58 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:28 PM

Posted 14 November 2010 - 09:25 AM

Hello ReallyReuger

Welcome to BleepingComputer :)
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 ReallyReuger

ReallyReuger
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 14 November 2010 - 05:36 PM

Thanks for your response, but I already formatted my hard-drive.

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:04:28 PM

Posted 14 November 2010 - 06:02 PM

You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed.

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users