Google Redirecting

Gypsy Woman · 07-15-2009, 04:55 PM

getting redirected from google to unknown sites. Here are some logs I took from your site,,thank you for your help with this problem.

gmer wouldn't let me hit the "scan" button. so i just posted my process explorer log instead, sorry.

here's an image of my statusbar in firefox when i try and load a wikipedia page: http://www.mediafire.com/?0tf3ctjimtk

thanks again.

DDS (Ver_09-06-26.01) - NTFSx86
Run by Gypsy at 15:36:14.98 on Wed 07/15/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.146 [GMT -7:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Gypsy\Application Data\Microsoft\Windows\iexplorer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.5\YTPro.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\yahoomessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Documents and Settings\Gypsy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.bearshare.com/
mWinlogon: Taskman=c:\recycler\s-1-5-21-1669559277-7548787343-996529309-5950\rundll32.exe
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [nvd32_r] rundll32.exe "c:\documents and settings\gypsy\application data\unobi.dll" s
uRun: [DiskChk help] rundll32.exe "c:\documents and settings\all users\proto.dll" run
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mExplorerRun: [explorer] c:\documents and settings\gypsy\application data\microsoft\windows\iexplorer.exe
mExplorerRun: [Lsass Service] c:\documents and settings\gypsy\application data\microsoft\windows\lsass.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246050458937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gypsy\applic~1\mozilla\firefox\profiles\oe5030ek.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - HiddenExtension: Internal security: No Registry Reference - c:\program files\mozilla firefox\extensions\{53430B52-CE8C-4E2A-A36C-63394A0B5E8A}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-8-4 3584]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2009-6-3 120168]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\drivers\WlanUIG.sys [2009-5-19 347648]

=============== Created Last 30 ================

2009-07-14 17:57 <DIR> --d----- c:\docume~1\gypsy\applic~1\Windows Search
2009-07-14 17:43 <DIR> --d----- c:\docume~1\gypsy\applic~1\FrostWire
2009-07-14 17:42 <DIR> --d----- c:\program files\FrostWire
2009-07-14 17:42 <DIR> --d----- c:\program files\AskBarDis
2009-07-08 12:05 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-07-08 12:04 <DIR> --d----- c:\windows\system32\LogFiles
2009-07-03 21:36 <DIR> --d----- c:\docume~1\gypsy\applic~1\StumbleUpon
2009-07-03 21:36 <DIR> --d----- c:\program files\StumbleUpon
2009-07-01 11:52 135,168 a------- c:\windows\system32\igfxres.dll
2009-06-29 16:15 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-06-29 16:15 268,648 a------- c:\windows\system32\mucltui.dll
2009-06-26 13:57 <DIR> --d----- c:\docume~1\gypsy\applic~1\Windows Desktop Search
2009-06-26 13:57 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-06-26 13:57 <DIR> --d----- c:\program files\Windows Desktop Search
2009-06-26 13:56 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-06-26 13:56 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-06-26 13:56 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-06-16 07:36 119,808 -c------ c:\windows\system32\dllcache\t2embed.dll
2009-06-16 07:36 81,920 -c------ c:\windows\system32\dllcache\fontsub.dll

==================== Find3M ====================

2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-04 14:55 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-03 23:05 26,624 a------- c:\documents and settings\all users\proto.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-28 01:11 2,678 a------- c:\windows\java\packages\data\T3HVHBXF.DAT
2009-05-28 01:11 2,678 a------- c:\windows\java\packages\data\Z7PFVFNN.DAT
2009-05-28 01:11 2,678 a------- c:\windows\java\packages\data\Q3RJJXBV.DAT
2009-05-28 01:11 2,678 a------- c:\windows\java\packages\data\H3JHJLZJ.DAT
2009-05-28 01:11 2,678 a------- c:\windows\java\packages\data\R5J5R5N5.DAT
2009-05-25 00:24 350,208 a------- c:\windows\system32\mssph.dll
2009-05-21 00:32 61,224 a------- c:\documents and settings\gypsy\GoToAssistDownloadHelper.exe
2009-05-20 17:32 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-20 15:35 35,840 a------- c:\docume~1\gypsy\applic~1\unobi.dll
2009-05-19 23:02 155,995 a------- c:\windows\java\packages\1NNXZ3BT.ZIP
2009-05-19 23:02 2,232 a------- c:\windows\java\packages\data\J5RJ5BP3.DAT
2009-05-19 22:34 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-12 15:12 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys

============= FINISH: 15:36:45.04 ===============

**chemist** · 07-18-2009, 04:39 PM

Quote:

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-8-4 3584]

This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, uninstall any such applications.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.

In 2006, a study revealed that 59% of keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

This thread shall now be closed.

------------------------------------------------------