Jump to content

google redirect


Recommended Posts

Thanks for your help.

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.13.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.5512

daniel :: RUINPC [administrator]

Protection: Enabled

8/13/2012 5:52:13 PM

mbam-log-2012-08-13 (17-52-13).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 212611

Time elapsed: 7 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_32

Run by daniel at 18:00:18 on 2012-08-13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2336 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://google.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1287741644333

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab

TCP: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76

TCP: Interfaces\{021F82C8-9F77-4554-A999-FF01A0363467} : DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\daniel\application data\mozilla\firefox\profiles\08jgdekp.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\daniel\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\daniel\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\daniel\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\daniel\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

============= SERVICES / DRIVERS ===============

.

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-30 655944]

R2 MySQL55;MySQL55;"c:\program files\mysql\mysql server 5.5\bin\mysqld" --defaults-file="c:\documents and settings\all users\application data\mysql\mysql server 5.5\my.ini" mysql55 --> c:\program files\mysql\mysql server 5.5\bin\mysqld [?]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-30 22344]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-13 40776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2009-5-24 68136]

S2 gupdate1ca0256e22e12d6;Google Update Service (gupdate1ca0256e22e12d6);c:\program files\google\update\GoogleUpdate.exe [2009-7-11 133104]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-5-24 1262400]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 250056]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-11 133104]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-4 113120]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]

S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

.

=============== Created Last 30 ================

.

2012-08-13 21:50:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-08-11 00:19:43 -------- d-----w- c:\documents and settings\daniel\application data\NVIDIA

2012-08-11 00:19:37 -------- d-----w- c:\documents and settings\daniel\application data\MySQL

2012-08-10 22:34:27 -------- d-----w- c:\program files\MySQL

2012-08-10 22:34:22 -------- d-----w- c:\documents and settings\all users\application data\MySQL

2012-08-10 22:01:20 -------- d-----w- c:\program files\Windows Resource Kits

2012-07-30 11:07:58 -------- d-----w- c:\documents and settings\daniel\application data\Malwarebytes

2012-07-30 11:07:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-30 11:07:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-30 11:07:45 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-07-29 13:00:25 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-29 12:50:52 -------- d-----w- c:\documents and settings\all users\application data\RegAce

2012-07-29 11:00:07 -------- d-----w- c:\documents and settings\all users\application data\RegRun

2012-07-29 11:00:04 2 --shatr- c:\windows\winstart.bat

2012-07-29 11:00:01 -------- d-----w- c:\program files\UnHackMe

2012-07-28 10:48:42 -------- d-sha-r- C:\cmdcons

2012-07-28 10:45:30 98816 ----a-w- c:\windows\sed.exe

2012-07-28 10:45:30 518144 ----a-w- c:\windows\SWREG.exe

2012-07-28 10:45:30 256000 ----a-w- c:\windows\PEV.exe

2012-07-28 10:45:30 208896 ----a-w- c:\windows\MBR.exe

2012-07-24 23:56:02 -------- d-----w- c:\documents and settings\daniel\local settings\application data\{1FB73823-D5EB-11E1-8270-B8AC6F996F26}

.

==================== Find3M ====================

.

2012-08-12 21:44:13 16608 ----a-w- c:\windows\gdrv.sys

2012-08-03 11:08:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-03 11:08:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-24 23:09:03 1074636 ----a-w- c:\windows\system32\nvdrsdb0.bin

2012-05-24 23:09:03 1 ----a-w- c:\windows\system32\nvdrssel.bin

2012-05-24 23:09:00 1074636 ----a-w- c:\windows\system32\nvdrsdb1.bin

.

============= FINISH: 18:00:32.56 ===============

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.