Thread: Search engine redirects
View Single Post
Old 12-07-2008, 06:58 PM   #3 (permalink)
mpire344
Registered User
 
Join Date: Dec 2008
Posts: 8
OS: XP


Re: Search engine redirects
Hi thanks for responding.

I followed the list as best as I could but unfortunately the gmer rootkit scanner is being blocked by whatever is affecting my computer. I know this because whenever I click it, it doesn't open up and attempting to go to the site results in a link not found error. As a result I only have the DDS and Attach texts.


Some other antivirus websites like symantec, malwarebytes, and a couple of tech sites, including this forum (I'm reading on a different computer), are coming up with the same problem as well. But it's weird because now whenever I try to access those websites, my browser prompts me for a username and password. None of these programs can update themselves either.

A few days before I posted on this site, I tried scanning with CWShredder and it found and eliminated CWS.SVchost32. That's gone but I'm still getting redirected. I've checked my hosts file and there doesn't seem to be anything there other than the local host address. Anyways here's my DDS file.



DDS (Version 1.0) - NTFSx86
Run by Ben Yang at 18:53:38.94 on Sun 12/07/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.75 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\Program Files\Toshiba\TapButton\TapButt.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\TFNF5.exe
svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Ben Yang\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Bar = hxxp://www.toshiba.com/search
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {601ED020-FB6C-11D3-87D8-0050DA59922B} - c:\program files\ipswitch\ws_ftp pro\wsbho2k0.dll
BHO: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [nah_Shell] c:\documents and settings\ben yang\nah_ebos.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [CrossMenu] c:\program files\toshiba\crossmenu\CrossMenu.exe
mRun: [TapButt] c:\program files\toshiba\tapbutton\TapButt.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [TAcelMgr] c:\program files\toshiba\acceleration utilities\tacelmgr\TAcelMgr.exe
mRun: [TSkrMain] c:\program files\toshiba\acceleration utilities\shaker\TSkrMain.exe
mRun: [TPSMain] TPSMain.exe
mRun: [TFNF5] TFNF5.exe
mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
mRun: [TosRotation] "c:\program files\toshiba\toshiba rotation utility\TRot.exe"
mRun: [TAudEffect] c:\program files\toshiba\taudeffect\TAudEff.exe /run
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
mRun: [<NO NAME>]
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [EOUApp] c:\program files\intel\wireless\bin\EOUWiz.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
StartupFolder: c:\docume~1\benyan~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wiredl~1.lnk - c:\program files\wired\wired-login.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpgwlnotify - tpgwlnot.dll
AppInit_DLLs: KATRACK.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 SAVRTPEL;SAVRTPEL;\??\c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.SYS [2004-8-30 5888]
R2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccEvtMgr.exe" [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccSetMgr.exe" [2006-7-19 169632]
R2 Tmesrv;Tmesrv3;"c:\program files\toshiba\tme3\Tmesrv31.exe" /Service [2004-8-30 126976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-10-17 99376]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [2004-8-30 8832]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2004-8-30 30720]
R3 TMicAry;Toshiba Audio Effect with MicArray;c:\windows\system32\drivers\TMicAry.sys [2004-8-30 138240]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2004-8-27 14208]
S1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys []
S2 ekrn;Eset Service;"c:\program files\eset\eset nod32 antivirus\ekrn.exe" []
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" []
S3 fsbl-standalone;F-Secure BlackLight Beta Engine Driver;\??\c:\docume~1\benyan~1\locals~1\temp\f-secure\blacklight\fsbldrv.sys []
S3 Ip6apswmss;Ip6apswmss;c:\windows\system32\drivers\sr.sys [2004-8-27 73472]
S3 mqdmbus;Motorola DM Composite Driver (WDM);c:\windows\system32\drivers\mqdmbus.sys [2006-12-28 66656]
S3 mqdmmdfl;Motorola USB Modem (Filter);c:\windows\system32\drivers\mqdmmdfl.sys [2006-12-28 9232]
S3 mqdmmdm;Motorola USB Modem;c:\windows\system32\drivers\mqdmmdm.sys [2006-12-28 92064]
S3 mqdmserd;Motorola USB Diag;c:\windows\system32\drivers\mqdmserd.sys [2006-12-28 79328]
S3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20080310.002\naveng.sys [2008-3-10 82256]
S3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20080310.002\navex15.sys [2008-3-10 895408]
S3 SavRoam;SAVRoam;"c:\program files\symantec antivirus\SavRoam.exe" [2006-9-27 116464]
S3 SAVRT;SAVRT;\??\c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
S3 Symantec AntiVirus;Symantec AntiVirus;"c:\program files\symantec antivirus\Rtvscan.exe" [2006-9-27 1813232]

=============== Created Last 30 ================

2008-12-07 06:22 <DIR> --d----- c:\docume~1\benyan~1\applic~1\TextPad
2008-12-04 00:32 <DIR> --d----- C:\VundoFix Backups
2008-12-04 00:23 <DIR> --d----- c:\program files\Yahoo!
2008-12-04 00:23 <DIR> --d----- c:\program files\CCleaner
2008-12-03 22:51 <DIR> --d-h--- c:\windows\PIF
2008-12-03 22:50 380,928 -----r-- c:\windows\system32\pSOAP32.dll
2008-12-03 22:50 188,416 -----r-- c:\windows\system32\pocketHTTP.dll
2008-12-03 22:50 110,676 -----r-- c:\windows\system32\psDime.dll
2008-12-03 22:50 73,728 -----r-- c:\windows\system32\psProxy.dll
2008-12-03 22:15 2,289 a------- c:\documents and settings\ben yang\nah_log.dat
2008-12-03 00:22 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-02 23:48 <DIR> --d----- c:\program files\RogueRemover FREE
2008-12-02 23:43 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-02 23:43 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-02 23:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-02 23:43 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-02 23:40 <DIR> --d----- c:\program files\Trend Micro
2008-12-02 23:11 141,312 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2008-12-02 23:11 <DIR> --d----- c:\docume~1\benyan~1\applic~1\Spyware Terminator
2008-12-02 23:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spyware Terminator
2008-12-02 23:10 <DIR> --d----- c:\program files\Spyware Terminator
2008-11-28 13:51 80,384 a------- c:\documents and settings\ben yang\nah_ebos.exe
2008-11-19 02:20 <DIR> --d----- c:\docume~1\benyan~1\applic~1\Gradekeeper
2008-11-19 02:19 <DIR> --d----- c:\windows\Gradekeeper
2008-11-16 01:32 <DIR> --d----- c:\program files\common files\NSV
2008-11-16 01:19 <DIR> --d----- c:\program files\The KMPlayer
2008-11-15 23:04 <DIR> --d----- c:\program files\PeerGuardian2
2008-11-12 22:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2008-11-12 02:00 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 01:59 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll

==================== Find3M ====================

2008-12-07 18:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Tarma Installer
2008-12-05 23:29 <DIR> --d----- c:\docume~1\benyan~1\applic~1\uTorrent
2008-12-03 23:33 <DIR> --d----- c:\program files\mIRC
2008-12-03 22:19 <DIR> --d----- c:\program files\Toshiba
2008-12-03 00:22 <DIR> --d----- c:\program files\Lavasoft
2008-12-02 22:44 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-02 22:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-02 20:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2008-11-12 22:01 <DIR> --d----- c:\program files\AIM6
2008-10-25 20:24 <DIR> --d----- c:\program files\DivX
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 20:14 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-08-21 06:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Corporation
2008-08-19 00:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\KeyAccess
2008-08-19 00:01 <DIR> --d----- c:\docume~1\benyan~1\applic~1\Prism Pack
2008-08-18 01:59 <DIR> --d----- c:\docume~1\benyan~1\applic~1\Intel
2007-09-28 23:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2007-03-02 01:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MiKTeX
2006-06-02 20:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avanquest Software
2005-03-19 22:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AliasWavefront
2004-08-30 12:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Agilix
2004-08-27 18:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SBSI
2005-03-20 19:24 8 ---shr-- c:\windows\system32\1DC98CF3EC.sys
2008-08-17 23:30 11,062 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-04 00:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090420080905\index.dat

============= FINISH: 18:55:03.67 ===============
Attached Files
File Type: rar Attach.rar (4.3 KB, 1 views)
Last edited by mpire344; 12-07-2008 at 07:05 PM.
mpire344 is offline