Jump to content

Recommended Posts

It looked like my computer picked up the My Disk malware yesterday...which I believe I have removed....but my browser search results (IE or Google) still seem to redirect to unknown sites.

Can someone help me figure out how to fix this redirection issue?

Here is DDS.txt and I will attach Attach.txt, arc.txt and my latest Malwarebyte's Anti-Malware log. I have tried Spybot Search & Destroy, CA AntiVirus and Hitman Pro in addition to Malwarebyte's Anti-Malware, but still have the search results redirect issue.

DDS (Ver_10-12-12.02) - NTFSx86

Run by Patti at 13:53:14.34 on Mon 01/10/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.302 [GMT -5:00]

AV: CA Anti-Virus *Disabled/Updated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe

C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program Files\Belkin\F5D9050\Belkinwcui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\CAPPActiveProtection.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPCtlPriv.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\Patti\My Documents\Downloads\dds.com

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

============== Pseudo HJT Report ===============

uSearch Bar =

uStart Page = hxxp://my.yahoo.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\patti\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [CAVRID] "c:\program files\ca\etrust ez armor\etrust ez antivirus\CAVRID.exe"

mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [F5D9050] c:\program files\belkin\f5d9050\Belkinwcui.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: c:\windows\system32\VetRedir.dll

Trusted Zone: ameriprise.com\wcm-cpd

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166882270437

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: WIKI.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2008-10-18 26352]

R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2008-10-18 21104]

R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2010-6-3 746216]

R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2008-10-18 21488]

R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2008-10-18 32240]

R2 CAISafe;CAISafe;c:\program files\ca\etrust ez armor\etrust ez antivirus\isafe.exe [2008-10-18 144960]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 VETMSGNT;VET Message Service;c:\program files\ca\etrust ez armor\etrust ez antivirus\vetmsg.exe [2008-10-18 238928]

R3 owcmirrorV1;owcmirrorV1;c:\windows\system32\drivers\owcmirrorminiV1.sys [2010-1-26 3712]

R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\etrust ez armor\etrust pestpatrol\PPCtlPriv.exe [2007-8-16 189704]

R3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys [2010-11-14 19968]

R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2010-6-3 130280]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-1-10 38224]

S3 BKNDIS5;BKNDIS5 NDIS Protocol Driver;c:\progra~1\belkin\f5d9050\BKNDIS5.SYS [2010-11-14 15872]

S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-18 135664]

=============== Created Last 30 ================

2011-01-10 16:24:47 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-01-10 16:24:45 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-01-10 16:24:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro

2011-01-10 15:54:59 -------- d-----w- c:\documents and settings\patti\log

2011-01-10 12:51:29 -------- d-----w- c:\docume~1\patti\applic~1\Malwarebytes

2011-01-10 12:51:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-01-10 12:51:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-01-10 12:51:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-10 12:51:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-17 01:41:08 -------- d-----w- c:\program files\iPod

2010-12-17 01:41:03 -------- d-----w- c:\program files\iTunes

2010-12-17 01:32:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2010-12-17 01:32:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2010-12-17 01:32:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2010-12-17 01:32:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2010-12-17 01:32:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2010-12-17 01:32:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2010-12-17 01:32:14 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2010-12-15 12:21:29 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-15 12:20:48 45568 ------w- c:\windows\system32\dllcache\wab.exe

==================== Find3M ====================

2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 14:01:37.25 ===============

Link to post
Share on other sites

  • 4 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.