It is currently Sun Oct 22, 2017 9:19 am


Internet redirects

Is your PC infected? Is it running slow? Just can't figure out what's making it sluggish? Here is the place to get some help.

Moderators: liljim, Gecko

Internet redirects

Postby houdini71 » Wed Aug 08, 2012 12:35 pm

Hello Everyone,

My problem is that every time I search google and click on a result from my search inquiry, the link goes to some other website that has nothing to do with what the original link was suppose to take me to. It happens to every link in google when I search for something on google. Also, I get random popups for different advertisements. any help!??? Thanks everyone in advance for any suggestions (I've ran malwarebytes and super antispyware with no luck) I can't boot into safemode either for some reason, I have windows 7 and when I boot into safemode my monitor says out of range and I can't view my desktop so that's not an option for me. Please let me know if anyone can help me with removing whatever spyware/adware I have on my computer IF that is the problem.

Thank you


Houdini
houdini71
Newbie
Newbie
 
Posts: 5
Joined: Wed Aug 08, 2012 12:28 pm

Thanks given:0
Thanks received:0
Top

Re: Internet redirects

Postby Gecko » Wed Aug 08, 2012 2:18 pm

houdini71,

Please download combofix to your desktop.

Double click combofix.exe and follow the prompts.

If combofix will not start or is ended before the "Blue window" please rename combofix.exe to cbf.exe and try again.

Do not exit Combofix while it is running you my loose all your personal settings!
Important Note - Do not mouseclick combofix's window while it's running, that may cause it to stall.

When it's done running it will produce a log for you. Please post that log in your next reply.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Internet redirects

Postby houdini71 » Thu Aug 09, 2012 3:11 am

Hello Gecko,

When I download combofix.exe to desktop and double click, it intalls to a directory in my C drive labeled 32788R22FWJFW

After installing, the install window disappears and nothing happens. Am I doing something wrong?

Thank you for your help.

houdini
houdini71
Newbie
Newbie
 
Posts: 5
Joined: Wed Aug 08, 2012 12:28 pm

Thanks given:0
Thanks received:0
Top

Re: Internet redirects

Postby Gecko » Thu Aug 09, 2012 1:11 pm

Please rename combofix.exe to cbf.exe and try again
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Internet redirects

Postby houdini71 » Fri Aug 10, 2012 2:58 am

Ok It worked, here is my log:


ComboFix 12-08-09.01 - Houdini 08/09/2012 18:17:20.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6067 [GMT -7:00]
Running from: c:\users\Houdini\Desktop\cbf.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
O:\Autorun.inf
.
---- Previous Run -------
.
c:\program files (x86)\Adobe\mf.dll
c:\users\Houdini\AppData\Roaming\vso_ts_preview.xml
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{76a3bdab-69eb-3f78-d506-e8c990141750}\@
c:\windows\Installer\{76a3bdab-69eb-3f78-d506-e8c990141750}\L\00000004.@
c:\windows\Installer\{76a3bdab-69eb-3f78-d506-e8c990141750}\L\201d3dde
c:\windows\Installer\{76a3bdab-69eb-3f78-d506-e8c990141750}\U\00000004.@
c:\windows\Installer\{76a3bdab-69eb-3f78-d506-e8c990141750}\U\00000008.@
c:\windows\Installer\{76a3bdab-69eb-3f78-d506-e8c990141750}\U\000000cb.@
c:\windows\Installer\{76a3bdab-69eb-3f78-d506-e8c990141750}\U\80000000.@
c:\windows\Installer\{76a3bdab-69eb-3f78-d506-e8c990141750}\U\80000032.@
c:\windows\Installer\{76a3bdab-69eb-3f78-d506-e8c990141750}\U\80000064.@
F:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 01:26 . 2012-08-10 01:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 01:11 . 2012-08-10 01:29 77824 ----a-w- c:\windows\KMSEmulator.exe
2012-08-09 03:11 . 2012-08-09 03:11 -------- d-----w- c:\program files (x86)\SFTech
2012-08-08 05:21 . 2012-08-08 05:21 -------- d-----w- c:\windows\SysWow64\searchplugins
2012-08-08 05:21 . 2012-08-08 05:21 -------- d-----w- c:\windows\SysWow64\Extensions
2012-08-08 04:57 . 2012-08-08 04:57 -------- d-----w- c:\program files (x86)\Yahoo!
2012-08-08 04:57 . 2012-08-08 04:57 -------- d-----w- c:\program files (x86)\CCleaner
2012-08-08 04:33 . 2012-08-08 04:33 -------- d-----w- c:\programdata\IBUpdaterService
2012-08-08 04:33 . 2012-08-08 04:30 339904 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_391\uninstall.exe
2012-08-08 04:33 . 2012-08-10 01:29 -------- d-----w- c:\program files (x86)\Giraffic
2012-08-08 04:33 . 2012-08-08 04:34 -------- d-----w- c:\programdata\Giraffic
2012-08-08 04:32 . 2012-08-08 04:32 -------- d-----w- c:\program files (x86)\Veoh Networks
2012-08-08 04:32 . 2012-08-08 04:30 339904 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_361\uninstall.exe
2012-08-08 04:31 . 2012-08-08 04:31 -------- d-----w- c:\programdata\bProtectorForWindows
2012-08-04 00:27 . 2012-08-04 00:27 -------- d-----w- c:\users\Houdini\AppData\Local\Apple
2012-08-01 12:36 . 2012-08-01 12:36 -------- d-----w- c:\users\Houdini\AppData\Local\texturemate.com
2012-08-01 12:34 . 2012-08-01 12:34 -------- d-----w- c:\program files (x86)\abrMate
2012-07-31 05:20 . 2012-07-31 05:26 -------- d-----w- c:\program files (x86)\Exterminate It!
2012-07-31 04:00 . 2012-07-31 04:00 -------- d-----w- c:\program files (x86)\Motorola Media Link
2012-07-31 01:46 . 2012-07-31 01:46 -------- d-----w- c:\program files\CCleaner
2012-07-30 09:00 . 2012-08-09 09:00 -------- d-----w- c:\users\Houdini\AppData\Local\Adobe
2012-07-30 03:52 . 2012-07-30 03:52 -------- d-----w- c:\users\Houdini\AppData\Local\Apple Computer
2012-07-30 02:09 . 2012-08-09 02:06 302592 ----a-w- c:\windows\SysWow64\cmd.execf
2012-07-29 23:39 . 2012-07-29 23:39 -------- d-----w- c:\program files\TabletPlugins
2012-07-29 23:38 . 2012-05-07 21:42 15736 ----a-w- c:\windows\system32\drivers\wacomrouterfilter.sys
2012-07-29 23:36 . 2012-05-30 17:30 66424 ----a-w- c:\windows\system32\drivers\wachidrouter.sys
2012-07-29 23:36 . 2012-05-30 17:30 13688 ----a-w- c:\windows\system32\drivers\hidkmdf.sys
2012-07-29 23:36 . 2012-05-08 17:30 1721576 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2012-07-29 23:03 . 2012-07-29 23:03 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-27 20:00 . 2012-07-27 20:00 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-27 19:53 . 2012-07-27 19:53 -------- d-----w- c:\windows\Sun
2012-07-26 01:57 . 2012-07-26 01:57 -------- d-----w- c:\users\Houdini\AppData\Local\Diagnostics
2012-07-21 14:54 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-21 14:44 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-21 14:43 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-21 14:43 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-21 14:43 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-21 14:43 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-21 14:43 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-21 14:43 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-21 14:43 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-21 14:43 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-21 14:43 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-21 14:43 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-21 14:43 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-21 14:43 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-21 14:43 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-21 08:46 . 2012-07-21 08:46 -------- d-----w- c:\program files\Motorola Inc
2012-07-11 04:16 . 2012-07-11 11:23 -------- d-----w- c:\users\Houdini\AppData\Roaming\Apple Computer
2012-07-11 04:16 . 2012-07-11 04:16 -------- dc----w- c:\windows\system32\DRVSTORE
2012-07-11 04:16 . 2009-05-18 20:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-11 04:16 . 2008-04-17 19:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-07-11 04:16 . 2008-04-17 19:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-11 04:15 . 2012-07-11 04:15 -------- d-----w- c:\program files\iPod
2012-07-11 04:15 . 2012-07-11 04:16 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-07-11 04:15 . 2012-07-11 04:16 -------- d-----w- c:\program files\iTunes
2012-07-11 04:15 . 2012-07-11 04:16 -------- d-----w- c:\program files (x86)\iTunes
2012-07-11 04:15 . 2012-07-11 04:15 -------- d-----w- c:\programdata\Apple Computer
2012-07-11 04:14 . 2012-07-11 04:14 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-07-11 04:13 . 2012-07-11 04:13 -------- d-----w- c:\program files\Common Files\Apple
2012-07-11 04:12 . 2012-07-11 04:12 -------- d-----w- c:\program files\Bonjour
2012-07-11 04:12 . 2012-07-11 04:12 -------- d-----w- c:\program files (x86)\Bonjour
2012-07-11 04:12 . 2012-07-11 04:15 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-07-11 04:12 . 2012-07-11 04:14 -------- d-----w- c:\programdata\Apple
2012-07-11 01:58 . 2012-07-11 01:58 -------- d-----w- c:\users\Houdini\AppData\Roaming\SUPERAntiSpyware.com
2012-07-11 01:57 . 2012-07-11 01:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-11 01:57 . 2012-07-11 01:57 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-11 01:55 . 2012-07-11 01:55 -------- d-----w- c:\users\Houdini\AppData\Roaming\Malwarebytes
2012-07-11 01:54 . 2012-07-29 16:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-11 01:54 . 2012-07-11 01:54 -------- d-----w- c:\programdata\Malwarebytes
2012-07-11 01:54 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 03:55 . 2012-04-06 01:10 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 03:55 . 2012-03-20 12:53 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-31 03:59 . 2012-06-21 02:51 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2012-07-21 14:47 . 2012-03-22 13:15 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-16 09:40 . 2012-07-25 01:09 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{35B16094-8339-46D5-8840-B583B5AF3241}\mpengine.dll
2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-07 03:09 . 2012-03-20 06:28 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-06-07 03:09 . 2012-03-20 06:28 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-06-02 22:19 . 2012-06-21 07:23 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 07:23 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 07:23 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 07:23 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 07:23 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 07:23 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 07:23 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 07:23 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 07:23 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2012-03-20 05:48 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-30 17:29 . 2012-03-20 13:15 1759648 ----a-w- c:\windows\system32\Wacom_Touch_Tablet.dll
2012-05-30 17:29 . 2012-03-20 13:15 1445280 ----a-w- c:\windows\SysWow64\Wacom_Touch_Tablet.dll
2012-05-30 17:29 . 2012-03-20 13:14 1833888 ----a-w- c:\windows\system32\WacomMT.dll
2012-05-30 17:29 . 2012-03-20 13:14 1831328 ----a-w- c:\windows\system32\Wintab32.dll
2012-05-30 17:29 . 2012-03-20 13:14 1766304 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2012-05-30 17:29 . 2012-03-20 13:14 1497504 ----a-w- c:\windows\SysWow64\Wintab32.dll
2012-05-30 17:29 . 2012-03-20 13:14 1498528 ----a-w- c:\windows\SysWow64\WacomMT.dll
2012-05-30 17:29 . 2012-03-20 13:14 1451936 ----a-w- c:\windows\SysWow64\Wacom_Tablet.dll
2012-05-30 05:39 . 2012-05-30 05:39 614400 ----a-w- c:\windows\AutoKMS.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2012-03-23 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-03-23 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-10 03:00 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-07-31 2053]
"VeohPlugin"="c:\program files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2012-06-26 4686848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-11-14 13312]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-23 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-15 235520]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-06-05 87400]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2012-07-02 2232504]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-07-17 116632]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2012-05-30 8712096]
S2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\Tablet\Wacom\Wacom_TouchService.exe [2012-05-30 567712]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-02-15 10856960]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-02-15 327680]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-05-30 13688]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-05-30 66424]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-05-07 15736]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 03:55]
.
2012-08-10 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-05-30 05:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.raidernews.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Houdini\AppData\Roaming\Mozilla\Firefox\Profiles\ij87x21s.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.groppettiauto.com/owa/auth ... m%2fowa%2f
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - ab4579d8-2548-4cae-9fde-03b49e000759
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111917&tt=3212_5
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 8ace69000000000000000026183304ba
FF - user.js: extensions.BabylonToolbar.instlDay - 15560
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.621:31
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\program files (x86)\Giraffic\Veoh_Giraffic.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2012-08-09 18:36:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-10 01:36
.
Pre-Run: 184,036,433,920 bytes free
Post-Run: 183,515,312,128 bytes free
.
- - End Of File - - C60C644B2B2866744BC790E8CE75D15A
houdini71
Newbie
Newbie
 
Posts: 5
Joined: Wed Aug 08, 2012 12:28 pm

Thanks given:0
Thanks received:0
Top

Re: Internet redirects

Postby Gecko » Fri Aug 10, 2012 3:43 pm

houdini71,

Download Malwarebytes Anti-Malware to your desktop and run the install. During the install check the box Check for Update once it's updated then run a Full scan.

When Malwarebytes Anti-Malware is finished it will produce a log, paste the contents of that log into your next reply.
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Internet redirects

Postby houdini71 » Sun Aug 12, 2012 6:35 am

Hello Gecko,
here is my malwarebytes log:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.10.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Houdini :: HOUDINI-PC [administrator]

8/11/2012 12:52:02 PM
mbam-log-2012-08-11 (12-52-02).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1054879
Time elapsed: 3 hour(s), 2 minute(s), 7 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2552 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)
houdini71
Newbie
Newbie
 
Posts: 5
Joined: Wed Aug 08, 2012 12:28 pm

Thanks given:0
Thanks received:0
Top

Re: Internet redirects

Postby Gecko » Sun Aug 12, 2012 3:53 pm

houdini71,

So how's it running now?
User avatar
Gecko
Super Moderator
Super Moderator
 
Posts: 5206
Joined: Thu Oct 25, 2001 1:00 am
Location: Florida, USA

Thanks given:1
Thanks received:23
Top

Re: Internet redirects

Postby houdini71 » Mon Aug 13, 2012 1:56 am

Everything is working great Gecko!!! Thanks a million, appreciate your help and expertise!!!
houdini71
Newbie
Newbie
 
Posts: 5
Joined: Wed Aug 08, 2012 12:28 pm

Thanks given:0
Thanks received:0
Top


Return to Malware Support

Who is online

Users browsing this forum: No registered users and 1 guest