Virus and google

This is a discussion on Virus and google within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Hello. Recently, my laptop has been redirecting me to random websites when clicking on search results. They all seem to


 
 
Thread Tools Search this Thread
Old 06-05-2011, 02:15 PM   #1
Registered Member
 
Join Date: May 2011
Posts: 9
OS: 7



Hello.

Recently, my laptop has been redirecting me to random websites when clicking on search results. They all seem to go to something to do with "findology" before loading a random website. This doesn't happen when I type the website directly into the address bar.

I have tried running AVG, Spybot and Malwarebyte to no avail - they come up with nothing to solve the problem. I have included my DDS log below.

Thank you in advance for your help.
Jose

.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by J Oliveira at 18:41:04 on 2011-06-05
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4063.2567 [GMT 1:00]
.
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\SysWOW64\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~2\McAfee.com\Agent\mcagent.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Apoint\ApMsgFwd.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10a.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files (x86)\McAfee\MPF\MC\MpfAlert.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEA&bmod=EU01
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - C:\Program Files (x86)\McAfee\MSK\MskAPBho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [McENUI] C:\PROGRA~2\McAfee\MHN\McENUI.exe /hide
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
mRun: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 194.168.4.100 194.168.8.100
TCP: Interfaces\{0C797335-E31A-4525-987D-CDC8C6D40C63} : DhcpNameServer = 192.168.2.1 194.168.4.100 194.168.8.100
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - C:\Program Files (x86)\McAfee\MSK\MskAPBho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [McENUI] C:\PROGRA~2\McAfee\MHN\McENUI.exe /hide
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
mRun-x64: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-6-5 203280]
R2 McProxy;McAfee Proxy Service;C:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [2011-6-5 359952]
R2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2011-6-5 153920]
R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-18 189984]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-6-5 104960]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-6-5 411496]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-6-5 522240]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2011-6-5 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]
S3 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2011-6-5 332272]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-6-5 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2011-6-5 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2011-6-5 427304]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-6-5 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2011-6-5 91432]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-6-5 468264]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-6-5 357672]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-6-5 110888]
.
=============== Created Last 30 ================
.
2011-06-05 14:17:04 220672 ----a-w- C:\Windows\System32\wintrust.dll
2011-06-05 14:17:04 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2011-06-05 14:17:03 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-06-05 14:17:03 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-06-05 01:53:46 -------- d-----w- C:\_FS_SWRINFO
2011-06-05 01:53:45 -------- d-----w- C:\Documentation
2011-06-05 01:53:04 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-06-05 01:52:51 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2011-06-05 01:52:04 140779848 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc9C2F.tmp
2011-06-05 01:51:59 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-06-05 01:51:31 -------- d-----w- C:\Program Files (x86)\Sony Corporation
2011-06-05 01:50:54 -------- d-----w- C:\Program Files (x86)\VAIO FW screensavers
2011-06-05 01:48:38 3727720 ----a-w- C:\Windows\SysWow64\d3dx9_35.dll
2011-06-05 01:48:15 98304 ----a-w- C:\Windows\SysWow64\VESWinlogon.dll
2011-06-05 01:44:46 -------- d-----r- C:\Program Files (x86)\Skype
2011-06-05 01:44:37 -------- d-----w- C:\Program Files\Roxio
2011-06-05 01:44:33 -------- d-----w- C:\ProgramData\Uninstall
2011-06-05 01:44:22 -------- d-----w- C:\Program Files (x86)\Roxio
2011-06-05 01:41:26 -------- d-----w- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2011-06-05 01:39:37 -------- d-----w- C:\Windows\PCHEALTH
2011-06-05 01:33:45 -------- d-----w- C:\ProgramData\Partner
2011-06-05 01:30:45 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-06-05 01:30:02 -------- d-----w- C:\Program Files (x86)\Common Files\InterVideo
2011-06-05 01:29:21 -------- d-----w- C:\Program Files (x86)\InterVideo
2011-06-05 01:25:03 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2011-06-05 01:24:50 55280 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2011-06-05 01:24:49 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2011-06-05 01:24:49 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2011-06-05 01:23:34 -------- d-----w- C:\Windows\Sonysys
2011-06-05 01:23:26 -------- d-----w- C:\Program Files (x86)\Sony
2011-06-04 18:33:49 -------- d-----w- C:\Users\J Oliveira\AppData\Local\Adobe
2011-06-04 18:31:35 -------- d-----w- C:\Users\J Oliveira\AppData\Local\Google
2011-06-04 18:29:59 -------- d-----w- C:\Users\J Oliveira\AppData\Local\Sony_Corporation
2011-06-04 18:29:42 -------- d-----w- C:\Users\J Oliveira\AppData\Local\ATI
2011-06-04 18:29:41 -------- d-----w- C:\Users\J Oliveira\AppData\Local\Broadcom
2011-06-04 18:28:28 -------- d-----w- C:\Users\J Oliveira\AppData\Local\VirtualStore
2011-06-04 18:28:19 -------- d--h--w- C:\Windows\msdownld.tmp
2011-06-04 18:19:02 -------- d-----w- C:\Program Files\Sony
.
==================== Find3M ====================
.
.
============= FINISH: 18:42:14.96 ===============
Attached Files
File Type: zip Attach.zip (2.1 KB, 11 views)

__________________
zjoliveira is offline  
Old 06-07-2011, 06:03 AM   #2
TSF Enthusiast
 
Deleted 080713's Avatar
 
Join Date: Jun 2008
Location: London UK
Posts: 4,672
OS: Windows 7 SP1 x64



Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

__________________
Deleted 080713 is offline  
Old 06-07-2011, 12:21 PM   #3
TSF Enthusiast
 
Deleted 080713's Avatar
 
Join Date: Jun 2008
Location: London UK
Posts: 4,672
OS: Windows 7 SP1 x64



Hi,

Did you perform a reinstall very recently?

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
__________________
Deleted 080713 is offline  
Old 06-08-2011, 11:17 AM   #4
Registered Member
 
Join Date: May 2011
Posts: 9
OS: 7



Hello there,

Thank you very much for your quick reply. Yes, I did perform a reinstall about a week ago. Here is what I got after scannig my computer using the aswMBR:

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-08 19:13:32
-----------------------------
19:13:32.225 OS Version: Windows x64 6.1.7600
19:13:32.225 Number of processors: 2 586 0x170A
19:13:32.240 ComputerName: JOLIVEIRA-VAIO UserName: J Oliveira
19:13:35.033 Initialize success
19:14:00.929 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:14:00.929 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
19:14:00.944 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006f
19:14:00.944 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0
19:14:00.960 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000070
19:14:00.960 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
19:14:00.960 Device \Driver\iaStor -> MajorFunction fffffa800574a6c0
19:14:02.972 Disk 0 MBR read successfully
19:14:02.972 Disk 0 MBR scan
19:14:02.988 Disk 0 TDL4@MBR code has been found
19:14:02.988 Disk 0 MBR hidden
19:14:03.004 Disk 0 MBR [TDL4] **ROOTKIT**
19:14:03.019 Disk 0 trace - called modules:
19:14:03.019 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800574a6c0]<<
19:14:03.035 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004834060]
19:14:03.035 3 CLASSPNP.SYS[fffff8800106c43f] -> nt!IofCallDriver -> [0xfffffa80046e4a00]
19:14:03.050 5 ACPI.sys[fffff88000fb2781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046e9050]
19:14:03.050 \Driver\iaStor[0xfffffa8005747e70] -> IRP_MJ_CREATE -> 0xfffffa800574a6c0
19:14:03.050 Scan finished successfully
19:14:27.776 Disk 0 MBR has been saved successfully to "C:\Users\J Oliveira\Desktop\MBR.dat"
19:14:27.776 The log file has been saved successfully to "C:\Users\J Oliveira\Desktop\aswMBR.txt"
Attached Files
File Type: zip MBR.zip (525 Bytes, 0 views)
__________________
zjoliveira is offline  
Old 06-08-2011, 12:59 PM   #5
TSF Enthusiast
 
Deleted 080713's Avatar
 
Join Date: Jun 2008
Location: London UK
Posts: 4,672
OS: Windows 7 SP1 x64



Hi,

Run aswMBR

Click Scan

Upon completion of the scan, click the Fix button. Wait for the tool to report 'Infection fixed successfully', and reboot when prompted.



After rebooting, double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.


Please also run this tool:
  • Download TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, ensure Cure is selected (it should be by default) NOTE: If Cure is not an option, please select Skip.
  • Click Continue then click Reboot now.
  • Once complete, a log will be produced at the root drive which is typically C:\
    For example, C:\TDSSKiller.2.5.4.0_date_time_log.txt
  • Attach that log, please.
__________________
Deleted 080713 is offline  
Old 06-11-2011, 11:44 AM   #6
Registered Member
 
Join Date: May 2011
Posts: 9
OS: 7



Thank you for your help.

I have run aswMBR and click on the "fix" button. After that, it ran a code and asked me to restart my computer. I pressed yes and the computer restarted but a message came up saying that there were an error with the starting and the computer could not start properly.

The only option that I had to be able to use my laptop again was to restore the operating system to factory settings, losing everything I had saved there. Despite this, I ran the programme again after Windows had reinstalled again and the same problem came up when I ran the scan. I had to restore the system. The scan showed at least one rootkit detected which is why it required the system to restart to fix the problem. However, I didn't noted down what rootkit this was.

The google search engine continues with the same problem even though the system has been restored twice.

Thank you in advance for your help.
__________________
zjoliveira is offline  
Old 06-11-2011, 12:39 PM   #7
TSF Enthusiast
 
Deleted 080713's Avatar
 
Join Date: Jun 2008
Location: London UK
Posts: 4,672
OS: Windows 7 SP1 x64



Hi, did you manage to run TDSSKiller?

Prior to the symptoms occurring, have you created backup discs for your computer?

Please provide the full make and model number of your laptop.
__________________
Deleted 080713 is offline  
Old 06-12-2011, 10:09 AM   #8
Registered Member
 
Join Date: May 2011
Posts: 9
OS: 7



I didn't manage to run TDSSkiller before I had to reboot the system but I have now. One thing was flagged up and I managed to "cure" it. The log for what happened is attached.

I had not created back up disks for the computer as I didn't realise I needed to. I thought they would have come with the laptop when I bought it. I know now!

My laptop is a Sony Vaio, model PCG-3J1M.

Thank you once again.
Attached Files
File Type: txt TDSSKiller.2.5.4.0_12.06.2011_17.34.54_log.txt (64.8 KB, 6 views)
__________________
zjoliveira is offline  
Old 06-12-2011, 11:20 AM   #9
TSF Enthusiast
 
Deleted 080713's Avatar
 
Join Date: Jun 2008
Location: London UK
Posts: 4,672
OS: Windows 7 SP1 x64



Hi,

Are you still experiencing any re-directs? How is the computer behaving now?

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)

Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
__________________
Deleted 080713 is offline  
Old 06-12-2011, 11:53 AM   #10
Registered Member
 
Join Date: May 2011
Posts: 9
OS: 7



No, I haven't experienced any redirects since I ran that programme so far.

Here is my aswMBR log:

aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
Run date: 2011-06-12 19:50:39
-----------------------------
19:50:39.729 OS Version: Windows x64 6.1.7600
19:50:39.729 Number of processors: 2 586 0x170A
19:50:39.729 ComputerName: ZEJOAO-VAIO UserName: Ze Joao
19:50:41.664 Initialize success
19:50:45.517 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:50:45.517 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
19:50:45.517 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000069
19:50:45.533 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0
19:50:45.533 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006a
19:50:45.533 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
19:50:45.564 Disk 0 MBR read successfully
19:50:45.564 Disk 0 MBR scan
19:50:45.564 Disk 0 Windows XP default MBR code
19:50:45.564 Service scanning
19:50:46.656 Disk 0 trace - called modules:
19:50:46.656
19:50:46.671 Scan finished successfully
19:51:31.755 Disk 0 MBR has been saved successfully to "C:\Users\Ze Joao\Desktop\MBR.dat"
19:51:31.771 The log file has been saved successfully to "C:\Users\Ze Joao\Desktop\aswMBR.txt"

Thank you once again.
Attached Files
File Type: zip MBR.zip (519 Bytes, 1 views)
__________________
zjoliveira is offline  
Old 06-12-2011, 12:08 PM   #11
TSF Enthusiast
 
Deleted 080713's Avatar
 
Join Date: Jun 2008
Location: London UK
Posts: 4,672
OS: Windows 7 SP1 x64



Hi,

Your Java is out of date.

Java(TM) can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. Let me know if it does not.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.
--------------------------------------

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • Please post contents of that file in your next reply.
--------------------------------------

Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.
--------------------------------------
__________________
Deleted 080713 is offline  
Old 06-15-2011, 12:49 PM   #12
TSF Enthusiast
 
Deleted 080713's Avatar
 
Join Date: Jun 2008
Location: London UK
Posts: 4,672
OS: Windows 7 SP1 x64



Hi zjoliveira, are you still with us? As mentioned, the forum is very busy. Please reply within 24 hours or this thread will be closed.
__________________
Deleted 080713 is offline  
Old 06-16-2011, 03:40 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 25,641
OS: XP SP3; Win7 32/64-bit



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Yeah, I'm thinking my machine is infested.
Yeah, I'm thinking my machine is infested. Doesn't allow me to restore the system. Can't start up IE8 unless I rebooted first with the Internet cable unplugged. Can't open IE8,but you can see a bunch of IE processes in the Task Manager. Machine won't let me go into Safe Mode: Pressing F8...
Drawn Inactive Malware Help Topics 28 04-23-2011 05:57 AM
need help with google virus
Hello, I have an issue with the google redirect virus. Im running Windows Vista sp2. Thank you. . DDS (Ver_11-03-05.01) - NTFSx86 Run by Alejandro Sanchez at 17:43:07.74 on Sat 03/05/2011 Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_23 Microsoft® Windows Vista™ Home Premium ...
jasexile Resolved HJT Threads 9 03-12-2011 12:57 PM
computer freezes redirects to different sites on google
Please help. My computer has been running slow and many times when I upload a page it says it is not responding. The other issue is that when I do a search on google and click on the correct search,it directs me to another soliciting site. I have tried to run GMER both ways and it just will not...
lubo1 Inactive Malware Help Topics 8 02-21-2011 09:28 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 03:35 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts