Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirecting


  • This topic is locked This topic is locked
7 replies to this topic

#1 swanek

swanek

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 13 October 2011 - 07:10 PM

Hi, I've started having trouble with Internet Explorer starting up on its own and loading ad pages like blinkx.com and others. Also Google and Bing search results redirect me to other pages. I have run Norton AV, Malwarebytes, Spybot, ccleaner. No help.

Here is my DDS log. Attach.txt and Ark.txt are attached. Any help is appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by Frank at 19:00:09 on 2011-10-13
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2046.637 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\System32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\sttray.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Mesh\WLSync.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Frank\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Mesh\MOE.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\DllHost.exe
C:\Users\Frank\Desktop\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070606
uInternet Settings,ProxyOverride = 192.168.*.*;*.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\19.1.1.3\ips\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Adblock Pro: {f385c231-605b-4d8f-aca9-dbff765bbe17} - c:\program files\adblock pro\AdblockPro.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [QuickenScheduledUpdates] c:\program files\quicken\bagent.exe
uRun: [WLSync] "c:\program files\windows live\mesh\WLSync.exe" /background
uRun: [Google Update] "c:\users\frank\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\frank\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Block This Image (Adblock Pro) - c:\program files\adblock pro\blockimg.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: $talisma_url$
Trusted Zone: internet
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: netlibrary.com
Trusted Zone: turbotax.com
Trusted Zone: wpcc.edu\bb
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} - hxxp://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A1BB723-27CF-43C1-BDFD-A1D7970D826D} - file:///E:/data/ASR_3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://ive.boehringer-ingelheim.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
TCP: Interfaces\{476A8650-3BFA-4508-8725-5BE4E911048E} : DhcpNameServer = 172.16.145.103 172.16.145.103
TCP: Interfaces\{5542C586-096E-49E1-A885-D950C64BEF04} : DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\frank\appdata\roaming\mozilla\firefox\profiles\fh4qdfyu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: c:\program files\virtual account numbers\components\SlimOrbAddonCitiVAN.dll
FF - component: c:\users\frank\appdata\roaming\mozilla\firefox\profiles\fh4qdfyu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\users\frank\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\users\frank\appdata\roaming\move networks\plugins\npqmp071503000010.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1301010.003\symds.sys [2011-10-12 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1301010.003\symefa.sys [2011-10-12 897656]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.0.0.128\definitions\bashdefs\20110929.001\BHDrvx86.sys [2011-9-29 816760]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1301010.003\ccsetx86.sys [2011-10-12 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.0.0.128\definitions\ipsdefs\20111012.034\IDSvix86.sys [2011-10-12 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1301010.003\ironx86.sys [2011-10-12 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nav\1301010.003\symnets.sys [2011-10-12 314488]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-27 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-5-31 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-10-22 47640]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\19.1.1.3\ccsvchst.exe [2011-10-12 138760]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-10-13 1153368]
R2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-10-12 105592]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [2010-9-22 15488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-9-12 136176]
S2 RebitSysMonSvc;Rebit System Monitor;c:\program files\rebit\bin\rebitsysmonsvc.exe --> c:\program files\rebit\bin\RebitSysMonSvc.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-9-12 136176]
S3 IntelDH;IntelDH Driver;c:\windows\system32\drivers\IntelDH.sys [2007-6-5 5504]
S3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [2008-11-14 18912]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-12-16 27192]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-24 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-18 1343400]
.
=============== Created Last 30 ================
.
2011-10-13 22:18:24 -------- d-----w- c:\users\frank\appdata\local\{3AA8ACE7-F8CC-434F-8155-2CA1151CB67D}
2011-10-13 22:18:11 -------- d-----w- c:\users\frank\appdata\local\{5ED4087A-4BEC-4E23-B2B0-9CF4976FEA7F}
2011-10-13 10:17:44 -------- d-----w- c:\users\frank\appdata\local\{BF527654-7941-4303-8C16-9D7738077806}
2011-10-13 10:17:31 -------- d-----w- c:\users\frank\appdata\local\{7032C8A1-BCB6-4690-A244-79E5FC7392DF}
2011-10-13 06:06:49 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 06:06:49 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 06:06:46 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 06:06:46 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 06:06:39 2334720 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 01:42:39 897656 ----a-w- c:\windows\system32\drivers\nav\1301010.003\symefa.sys
2011-10-13 01:42:39 340088 ----a-r- c:\windows\system32\drivers\nav\1301010.003\symds.sys
2011-10-13 01:42:39 31864 ----a-w- c:\windows\system32\drivers\nav\1301010.003\srtspx.sys
2011-10-13 01:42:39 314488 ----a-w- c:\windows\system32\drivers\nav\1301010.003\symnets.sys
2011-10-13 01:42:38 566904 ----a-w- c:\windows\system32\drivers\nav\1301010.003\srtsp.sys
2011-10-13 01:42:38 149624 ----a-w- c:\windows\system32\drivers\nav\1301010.003\ironx86.sys
2011-10-13 01:42:38 132744 ----a-w- c:\windows\system32\drivers\nav\1301010.003\ccsetx86.sys
2011-10-13 01:42:29 -------- d-----w- c:\windows\system32\drivers\nav\1301010.003
2011-10-13 01:39:30 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{00b7404e-e63c-42fa-b13d-d27f7b6829e3}\mpengine.dll
2011-10-13 01:35:15 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-10-13 01:35:15 -------- d-----w- c:\program files\Symantec
2011-10-13 01:35:15 -------- d-----w- c:\program files\common files\Symantec Shared
2011-10-13 01:32:37 -------- d-----w- c:\windows\system32\drivers\NAV
2011-10-13 01:32:34 -------- d-----w- c:\program files\Norton AntiVirus
2011-10-13 01:32:33 -------- d-----w- c:\programdata\Norton
2011-10-13 01:27:27 -------- d-----w- c:\programdata\NortonInstaller
2011-10-13 01:27:27 -------- d-----w- c:\program files\NortonInstaller
2011-10-12 22:17:03 -------- d-----w- c:\users\frank\appdata\local\{86D335CD-145F-43BC-8F55-B56945C52ED2}
2011-10-12 10:16:32 -------- d-----w- c:\users\frank\appdata\local\{710AFF08-2DB7-45F8-8D8D-77B802D1601A}
2011-10-11 22:16:02 -------- d-----w- c:\users\frank\appdata\local\{5456691B-358D-4B85-B628-6E61282BD421}
2011-10-11 10:15:24 -------- d-----w- c:\users\frank\appdata\local\{01482513-442F-49C1-BFD8-5FF65EFB48E0}
2011-10-10 18:13:59 -------- d-----w- c:\users\frank\appdata\local\{9B097179-81DF-4D96-913C-6A5E94E6251A}
2011-10-10 18:13:32 -------- d-----w- c:\users\frank\appdata\local\{1BC10900-560B-4DC8-BD24-6C6EE16E6ADB}
2011-10-10 10:35:46 -------- d-----w- c:\users\frank\appdata\roaming\Malwarebytes
2011-10-10 10:35:28 -------- d-----w- c:\programdata\Malwarebytes
2011-10-10 04:18:43 -------- d-----w- c:\users\frank\appdata\local\{F4FAF693-629A-4F60-9EEE-03266927FF64}
2011-10-10 04:18:19 -------- d-----w- c:\users\frank\appdata\local\{25AA4910-D868-450D-8964-47216CD5DC24}
2011-10-08 10:11:48 -------- d-----w- c:\users\frank\appdata\local\{8F9E361D-1434-413F-9674-E78EAB180EFE}
2011-10-08 10:11:32 -------- d-----w- c:\users\frank\appdata\local\{85621EFE-813A-4F4C-B8EB-71A125DFF5BD}
2011-10-07 22:10:26 -------- d-----w- c:\users\frank\appdata\local\{AC3AAA95-F673-4E46-B7CE-4B6052E48C95}
2011-10-07 22:09:54 -------- d-----w- c:\users\frank\appdata\local\{7B5AE02A-F1B2-475A-A786-11D404E46032}
2011-10-06 22:21:39 -------- d-----w- c:\users\frank\appdata\local\{1668CA18-919F-4117-BBAA-7168746B320F}
2011-10-06 10:21:14 -------- d-----w- c:\users\frank\appdata\local\{5CEFAE8A-4CDE-476D-BC47-5AF04EE71ACE}
2011-10-05 22:20:49 -------- d-----w- c:\users\frank\appdata\local\{EA3B7D95-E9F8-4312-B90B-04B606C1FFFD}
2011-10-05 10:20:24 -------- d-----w- c:\users\frank\appdata\local\{29DBFCC9-2693-4517-A772-18EEB61C0846}
2011-10-04 22:19:59 -------- d-----w- c:\users\frank\appdata\local\{1D715E4E-2F51-4336-A336-EC1EF559625E}
2011-10-04 10:19:30 -------- d-----w- c:\users\frank\appdata\local\{3A8AD3B1-D7C7-4D56-AEA7-AC12D1372963}
2011-10-04 10:19:10 -------- d-----w- c:\users\frank\appdata\local\{811701C2-0590-4531-900B-6C0BD847272B}
2011-10-03 12:07:30 -------- d-----w- c:\users\frank\appdata\local\{38EC0805-364A-4E6D-9BDD-DABAAB97AA68}
2011-10-03 12:07:19 -------- d-----w- c:\users\frank\appdata\local\{3B73F454-491C-4EB9-9FA8-0B03D5818DED}
2011-10-03 00:06:48 -------- d-----w- c:\users\frank\appdata\local\{655E7C83-E44E-42BB-82E1-7245F4413076}
2011-10-03 00:06:32 -------- d-----w- c:\users\frank\appdata\local\{06AC2497-8331-4EBD-B006-6FE868552276}
2011-10-02 12:01:39 -------- d-----w- c:\users\frank\appdata\local\{F9B25E57-C8F8-4008-A4DB-D128E58DD2DE}
2011-10-02 00:01:11 -------- d-----w- c:\users\frank\appdata\local\{A45DE483-B36D-4BA9-9B99-D6E73C1FC298}
2011-10-01 12:00:45 -------- d-----w- c:\users\frank\appdata\local\{F1B66DDE-7BA1-4BC0-ABBA-6021D52F323E}
2011-10-01 00:00:18 -------- d-----w- c:\users\frank\appdata\local\{6E9EAEB8-462D-4F56-AE1B-495506CDF3B2}
2011-09-30 11:59:52 -------- d-----w- c:\users\frank\appdata\local\{092686F2-AA1E-425B-8A3A-CEC29911F9AF}
2011-09-29 23:59:26 -------- d-----w- c:\users\frank\appdata\local\{C3207B32-1356-4FF9-975A-93C85CEB169C}
2011-09-29 11:58:59 -------- d-----w- c:\users\frank\appdata\local\{BF186E65-D5EF-41B0-B381-12A65BF7D7A8}
2011-09-28 23:58:32 -------- d-----w- c:\users\frank\appdata\local\{44EA930F-A432-44DF-A53C-55814BB37E1A}
2011-09-28 11:58:04 -------- d-----w- c:\users\frank\appdata\local\{745D281F-A8DC-44A3-9D24-75A00A1BEAED}
2011-09-27 23:57:38 -------- d-----w- c:\users\frank\appdata\local\{24288C88-4D3F-431B-AA22-6F0D2332ECBC}
2011-09-27 11:57:12 -------- d-----w- c:\users\frank\appdata\local\{D46424A5-C5D4-4A16-8D92-A29859F1E852}
2011-09-27 11:57:00 -------- d-----w- c:\users\frank\appdata\local\{484DAFAF-F9DA-49B6-9D2F-0A8DE2609147}
2011-09-26 23:56:34 -------- d-----w- c:\users\frank\appdata\local\{8D72B93F-4366-426A-81B3-12ED7A345323}
2011-09-26 11:56:08 -------- d-----w- c:\users\frank\appdata\local\{CCFE5023-8121-41AC-836D-7D34713A3457}
2011-09-26 11:55:56 -------- d-----w- c:\users\frank\appdata\local\{49AF4113-F4B6-4C7E-BE6E-AFEA7A51D99F}
2011-09-25 23:55:26 -------- d-----w- c:\users\frank\appdata\local\{C1940BE9-403A-4591-B6DD-7BE89F066604}
2011-09-25 11:55:00 -------- d-----w- c:\users\frank\appdata\local\{0F1F9EDC-D883-4845-8333-E0943551BD72}
2011-09-24 23:54:35 -------- d-----w- c:\users\frank\appdata\local\{55FD2EA5-D639-4960-BE5B-0757FA9585A9}
2011-09-24 11:53:46 -------- d-----w- c:\users\frank\appdata\local\{FFD5B0C6-680D-47F4-9A5C-F6FFE93E0682}
2011-09-23 23:27:43 -------- d-----w- c:\users\frank\appdata\local\{A97B8E2C-7CA1-427B-A347-A993E178D9DF}
2011-09-23 23:27:31 -------- d-----w- c:\users\frank\appdata\local\{308CC9E9-788A-4BB5-9707-38B0E8580738}
2011-09-23 02:41:34 -------- d-----w- c:\users\frank\appdata\local\{6EC89023-023F-4401-A744-C2640C536DCD}
2011-09-22 14:41:08 -------- d-----w- c:\users\frank\appdata\local\{D4AC55DC-EDFB-4AD7-AE9D-9B76D9181A80}
2011-09-22 02:40:29 -------- d-----w- c:\users\frank\appdata\local\{C5F78752-911F-44C7-868B-71B8F46E7DD6}
2011-09-22 02:40:10 -------- d-----w- c:\users\frank\appdata\local\{ACC4595B-DD4C-4533-98E0-C5B38E273311}
2011-09-21 11:28:35 -------- d-----w- c:\users\frank\appdata\local\{273BD0DC-966B-4F17-9CAF-12A8CFF7DA20}
2011-09-20 23:28:09 -------- d-----w- c:\users\frank\appdata\local\{3CCBCE0F-95AF-468A-9B51-C3C70D3CBC6C}
2011-09-20 11:27:43 -------- d-----w- c:\users\frank\appdata\local\{96931B50-623A-4DED-BB0B-DA33DA813C11}
2011-09-20 11:27:32 -------- d-----w- c:\users\frank\appdata\local\{E137D891-3A49-4996-9724-AA0B31845542}
2011-09-19 23:27:05 -------- d-----w- c:\users\frank\appdata\local\{84B2322F-F1BA-43B3-982E-C0ED33FFF14B}
2011-09-19 11:26:39 -------- d-----w- c:\users\frank\appdata\local\{54754FA9-C469-4D4C-9CF5-ED6C7CEBAD65}
2011-09-19 11:26:26 -------- d-----w- c:\users\frank\appdata\local\{A2C99025-4DA8-4353-A2E9-DA4CCA78C81A}
2011-09-18 23:25:47 -------- d-----w- c:\users\frank\appdata\local\{794A9CDB-6E3B-4B43-B24F-ED9134966265}
2011-09-18 08:59:31 -------- d-----w- c:\users\frank\appdata\local\{D67295ED-C186-4547-83FA-C4DCBBDF32E3}
2011-09-17 20:59:06 -------- d-----w- c:\users\frank\appdata\local\{9053A681-3A73-45BA-9731-8BB4104FB87A}
2011-09-17 08:58:40 -------- d-----w- c:\users\frank\appdata\local\{E92976EC-D055-43F0-8D93-011284F982C8}
2011-09-16 20:58:14 -------- d-----w- c:\users\frank\appdata\local\{8142E4F8-8438-4413-80C7-C75FB5D67991}
2011-09-16 08:57:47 -------- d-----w- c:\users\frank\appdata\local\{56693737-7BFD-489F-83B1-850860FF7036}
2011-09-15 20:57:21 -------- d-----w- c:\users\frank\appdata\local\{E002B557-937F-4EF5-9C7D-891705B7EBAF}
2011-09-15 08:56:55 -------- d-----w- c:\users\frank\appdata\local\{233323ED-A8DD-4161-AA13-0FC5C46E4ED0}
2011-09-14 20:56:31 -------- d-----w- c:\users\frank\appdata\local\{904B6B65-4E42-41CC-A4ED-3B057FC15CA3}
2011-09-14 08:56:06 -------- d-----w- c:\users\frank\appdata\local\{9D1B687F-574A-407B-AE66-F65DE9AD77D1}
.
==================== Find3M ====================
.
2011-10-13 01:54:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 10:18:32 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-07 10:18:32 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-10-07 10:18:31 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-10-07 10:18:31 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-26 07:29:34 60 ----a-w- c:\windows\wpd99.drv
2011-08-19 15:01:27 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2011-07-19 10:58:42 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 19:09:07.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 swanek

swanek
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 15 October 2011 - 03:47 PM

One more thing, Internet Explorer keeps starting up in the Processes. Memory usage increases until PC crashes. If I end the process, it starts up again within a few minutes. When the PC is disconnected from the internet, IE does not restart.

#3 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 PM

Posted 16 October 2011 - 10:41 AM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ďAll clear.Ē Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#4 swanek

swanek
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 16 October 2011 - 01:17 PM

Here is the Combofix log file. In case it is relevant, it took ~ 1 hour to complete.

Attached Files

  • Attached File  log.txt   19.01KB   3 downloads


#5 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 PM

Posted 16 October 2011 - 02:06 PM

swanek:

Are your searches still being redirected? Please do this next:

Posted Image Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.
Please include the following in your next post:
  • Are your searches still being redirected?
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#6 swanek

swanek
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 16 October 2011 - 04:48 PM

Search results are still redirecting. Internet Explorer background processes are still spontaneously opening.

Malwarebytes scan showed no infected objects. Log file below.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7955

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

10/16/2011 5:41:48 PM
mbam-log-2011-10-16 (17-41-48).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 359505
Time elapsed: 1 hour(s), 5 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 PM

Posted 16 October 2011 - 05:00 PM

swanek:

Please do this next:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Post that log, please.
Please include the following in your next post:
  • TDSSKiller log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 PM

Posted 23 October 2011 - 10:39 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users