Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Firefox Redirect

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
Caseydog9
Newbie


Joined: 06 Jan 2012
Last Visit: 10 Jan 2012
Posts: 4

PostPosted: Fri Jan 06, 2012 3:25 pm    Post subject: Firefox Redirect Reply with quote

When I do a Google search the results come back normally, however when I click on one of the returned search items Firefox gets redirected to an advertising site instead of the target desired. This also affects IE (and searches done with Bing) as well with the same symptom. I have run many malware programs recommended but nothing seems to work. I have seen that others have had this issue going back a couple years but I have found no solution that works for my situation. I would greatly appreciate any help. Here are the scan and log files from DDS.

Otherwise the everything seems to run more or less normally but this makes the web almost useless.

Thanks for any help.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by Bill at 17:05:35 on 2012-01-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.797 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\o2flash.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Windows\VM331_STI.EXE
C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
C:\Program Files\epson\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Brownie\BrStsWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Garmin\gStart.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\OfficeGuardian\reminder\SacReminder.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\CapsUnlock\CapsUnlock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Brownie\Brnipmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Brownie\Brnipmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\Bill\AppData\Roaming\U3\0000187DA5758BA7\LaunchPad.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110515165202.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [gStart] c:\garmin\gStart.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [SacReminder] c:\programdata\officeguardian\reminder\SacReminder.exe
uRun: [HLBackupScheduler] c:\program files\verizon v cast media manager\V CAST Backup Scheduler.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IndicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe
mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe
mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe
mRun: [LoadBtnHnd] c:\program files\fujitsu\btnhnd\BtnHnd.exe
mRun: [TvOutSwitch] c:\program files\fujitsu\dispswitch\DispSwitchLauncher.exe
mRun: [331BigDog] c:\windows\VM331_STI.EXE
mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\fjdvrupd\updatenv.exe
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program

files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
StartupFolder: c:\users\bill\appdata\roaming\micros~1\windows\startm~1\programs\startup\capsun~1.lnk - c:\program files\capsunlock\CapsUnlock.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 68.94.157.1
TCP: Interfaces\{27ECC3BC-E301-44F8-916F-809CCF1A3012} : DhcpNameServer = 192.168.0.1 68.94.157.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bill\appdata\roaming\mozilla\firefox\profiles\itx36r20.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&rlz=1V2IPYX&q=
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - component: c:\users\bill\appdata\roaming\mozilla\firefox\profiles\itx36r20.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}

\components\dtTransparency.dll
FF - component: c:\users\bill\appdata\roaming\mozilla\firefox\profiles\itx36r20.default\extensions\support@lastpass.com\platform\winnt_x86-

msvc\components\lpxpcom.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Ad-Aware Security Toolbar: {87934c42-161d-45bc-8cef-ef18abe2a30c} - %profile%\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2007-8-30 8960]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-2-20 387480]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-2 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2007-5-11 35456]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-3-18 64584]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-3-18 165032]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-18 56064]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-8-30 5632]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-2-20 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-2-20 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-18 314088]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2008-3-12 3872]
S3 maz500m;maz500m;c:\windows\system32\drivers\maz500m.sys [2008-4-2 25044]
S3 maz500u;maz500u;c:\windows\system32\drivers\maz500u.sys [2008-4-2 50900]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-18 84488]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-2-20 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-2-20 40552]
.
=============== Created Last 30 ================
.
2012-01-06 19:55:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-06 18:33:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-06 18:33:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-06 15:26:14 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-06 15:17:37 -------- d-----w- c:\users\bill\appdata\local\adaware
2012-01-06 15:17:36 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-01-06 15:17:32 -------- d-----w- c:\program files\Toolbar Cleaner
2012-01-06 15:17:13 -------- d-----w- c:\program files\adawaretb
2012-01-06 15:17:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-01-06 15:16:30 -------- d-----w- c:\program files\Lavasoft
2012-01-06 13:56:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-06 13:56:19 411368 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2012-01-06 02:42:22 -------- d-----w- c:\users\bill\appdata\roaming\SUPERAntiSpyware.com
2012-01-06 02:41:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-06 02:41:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-06 02:34:44 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-01-06 02:34:44 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-01-06 02:34:44 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-01-06 02:34:44 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-01-06 02:34:44 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2012-01-06 02:34:42 -------- d-----w- c:\users\bill\appdata\roaming\Simply Super Software
2012-01-06 02:34:42 -------- d-----w- c:\programdata\Simply Super Software
2012-01-06 02:34:42 -------- d-----w- c:\program files\Trojan Remover
2012-01-04 01:36:19 -------- d-----w- c:\users\bill\appdata\roaming\Malwarebytes
2012-01-04 01:35:48 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-04 01:35:48 -------- d-----w- c:\programdata\Malwarebytes
2012-01-04 01:35:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-26 16:15:54 -------- d-----w- c:\program files\File Type Assistant
2011-12-15 23:47:11 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-15 23:47:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-15 23:47:07 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 23:47:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 23:46:57 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-15 23:46:49 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 23:46:08 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 17:07:10.42 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/24/2008 12:08:28 PM
System Uptime: 1/6/2012 7:46:43 AM (10 hours ago)
.
Motherboard: FUJITSU | | FJNB1DA
Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz | Onboard | 1833/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 184 GiB total, 106.163 GiB free.
D: is FIXED (NTFS) - 1 GiB total, 1.002 GiB free.
E: is CDROM (UDF)
F: is CDROM (CDFS)
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP398: 11/25/2011 11:46:56 AM - Device Driver Package Install: FTDI Universal Serial

Bus controllers
RP399: 11/25/2011 11:50:25 AM - Device Driver Package Install: FTDI Ports (COM &

LPT)
RP400: 12/16/2011 3:02:02 AM - Windows Update
RP401: 12/26/2011 10:44:06 AM - Removed Safari
RP403: 12/26/2011 10:47:27 AM - Removed Zoom ADSL Modem
RP404: 12/26/2011 10:48:12 AM - Removed Times Reader
RP405: 12/29/2011 10:32:55 AM - Scheduled Checkpoint
RP406: 1/3/2012 3:00:33 AM - Windows Update
RP407: 1/4/2012 1:09:37 AM - Scheduled Checkpoint
RP408: 1/6/2012 7:54:09 AM - Installed Java(TM) 6 Update 20
RP409: 1/6/2012 9:13:42 AM - Installed Ad-Aware
RP410: 1/6/2012 9:15:42 AM - Installed Ad-Aware
RP412: 1/6/2012 1:29:51 PM - Removed AnswerWorks 4.0 Runtime - English
RP413: 1/6/2012 1:31:14 PM - Removed AnswerWorks 5.0 English Runtime
.
==== Installed Programs ======================
.
.
ABBYY FineReader 6.0 Sprint
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Ad-Aware Security Toolbar
Adobe Flash Player 11 ActiveX
Adobe Reader 9.3.4
Agere Systems HDA Modem
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Yahoo! Applications
ATT-PRT22
AVerMedia HC80 ExpressCard Hybrid ATSC 1.3.0.71
Bonjour
Brother HL-2170W
DiMAGE Viewer
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Event Manager
EPSON Perfection V500 Photo Scanner Driver Update
EPSON Perfection V500P User's Guide
EPSON Scan
EPSON Scan Assistant
ffdshow [rev 2527] [2008-12-19]
File Type Assistant
Fujitsu Display Manager
Fujitsu Driver Update
Fujitsu Hotkey Utility
Fujitsu MobilityCenter Extension Utility
Fujitsu System Extension Utility
Garmin Training Center 3.4.3
Garmin WebUpdater
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 5
LastPass (uninstall only)
LifeBook Application Panel
LiveUpdate Notice (Symantec Corporation)
LOGic 8
Malwarebytes Anti-Malware version 1.60.0.1800
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox (3.5.2)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
O2Micro Flash Memory Card Windows Driver
OGA Notifier 2.0.0048.0
Quicken 2010
QuickTime
Realtek High Definition Audio Driver
Roxio Easy Media Creator Home
Samsung Sync A707 USB - Handset Manager V9.2
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Spelling Dictionaries Support For Adobe Reader 8
Sptnavi
Spybot - Search & Destroy
SUPERAntiSpyware
TD AMERITRADE StrategyDesk 3.0
TD AMERITRADE StrategyDesk 3.2_2 (C:\Users\Bill\AppData\Roaming\TD

AMERITRADE\StrategyDesk)
Trojan Remover 6.8.2
TrustedQSL 1.11
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax Deluxe 2007
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VC0331 USB2.0 Digital Camera
Verizon V CAST Media Manager
Windows Media Player Firefox Plugin
WModem Driver Installer
.
==== Event Viewer Messages From Past Week ========
.
12/31/2011 12:27:47 PM, Error: EventLog [6008] - The previous system shutdown at

12:25:42 PM on 12/31/2011 was unexpected.
12/31/2011 12:20:24 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document

Test Page, owned by Bill, failed to print on printer Brother HL-2170W series. Try to

print the document again, or restart the print spooler. Data type: NT EMF 1.008.

Size of the spool file in bytes: 95792. Number of bytes printed: 0. Total number of

pages in the document: 1. Number of pages printed: 0. Client computer: \\BILL-PC.

Win32 error code returned by the print processor: 2250. This network connection does

not exist.
1/6/2012 7:48:46 AM, Error: Service Control Manager [7023] - The Computer Browser

service terminated with the following error: The specified service does not exist

as an installed service.
1/6/2012 7:48:46 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent

service depends the following service: BFE. This service might not be installed.
1/6/2012 7:48:46 AM, Error: Service Control Manager [7003] - The IKE and AuthIP

IPsec Keying Modules service depends the following service: BFE. This service might

not be installed.
1/6/2012 7:48:46 AM, Error: Service Control Manager [7000] - The Parallel port

driver service failed to start due to the following error: The service cannot be

started, either because it is disabled or because it has no enabled devices

associated with it.
1/6/2012 7:48:46 AM, Error: Service Control Manager [7000] - The Automatic

LiveUpdate Scheduler service failed to start due to the following error: The system

cannot find the file specified.
1/2/2012 2:24:17 PM, Error: EventLog [6008] - The previous system shutdown at

2:21:06 PM on 1/2/2012 was unexpected.
1/1/2012 11:34:43 AM, Error: Service Control Manager [7034] - The McAfee Scanner

service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 02 Oct 2014
Posts: 4660
Location: Land Of The Leprechauns

PostPosted: Mon Jan 09, 2012 9:08 am    Post subject: Reply with quote

Hi and welcome to Spyware Warrior Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Note: If you haven't done so already, please read this topic Things to know before you post where the conditions for receiving help here are explained.
Quote:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



It appears that your computer has a nasty Rootkit infection called ZeroAccess, this infection can prove tricky to remove.
A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:
  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are rootkits from Wikipedia
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
How to backup your files in Windows XP
How to backup your files in Windows Vista/Windows 7

Should you have any questions please feel free to ask.

Please let us know what you have decided to do in your next post.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Caseydog9
Newbie


Joined: 06 Jan 2012
Last Visit: 10 Jan 2012
Posts: 4

PostPosted: Mon Jan 09, 2012 5:12 pm    Post subject: Firefox Redirect Help Reply with quote

Cypher,

Thanks for your effort on this, it is much appreciated.

This is really bad news though. I'm really not too concerned about the computer, I'll start over with that. Maybe I'll upgrade to Win 7 at the same time. I'm much more concerned about what might have been stolen and perhaps used.

The computer is totally offline (a bit late perhaps) and this is being drafted on a clean one.

Thanks again - this is a great service.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 02 Oct 2014
Posts: 4660
Location: Land Of The Leprechauns

PostPosted: Tue Jan 10, 2012 2:48 am    Post subject: Reply with quote

Hi Caseydog9,
Quote:
Thanks for your effort on this, it is much appreciated.

You're most welcome.
Quote:
I'm much more concerned about what might have been stolen and perhaps used.

You have made the right decision, if this infection was on my computer i would reformat myself i can assure you.
Chances are that nothing has been stolen from your computer yet, but the attacker may have the ability to access it at any time.
Quote:
Maybe I'll upgrade to Win 7 at the same time.

You can download the Windows 7 Upgrade Advisor from the link below, it will tell you if your computer can support Win 7.
http://www.microsoft.com/download/en/details.aspx?id=20

Any questions before i close this topic?
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Caseydog9
Newbie


Joined: 06 Jan 2012
Last Visit: 10 Jan 2012
Posts: 4

PostPosted: Tue Jan 10, 2012 7:16 am    Post subject: Firefox Redirect Reply with quote

Thanks again.

My only remaining question is if you can point me to any information or guidance to make sure that I do the reinstall or upgrade in a way that is sure to remove the malware. In other words I want to make certain I don't move the bad code somehow in the process of saving stuff. I have pretty good backups of all my user files but I do not have disks to restore the OS (Vista). So unless I buy a new Windows 7 license I assume the OS is restored from some sort of partition. Should I avoid that? Another example example - is copying over Firefox bookmarks using export/import a risk?

I don't need to take your time on step by step help but perhaps there is a tutorial or something.

Regards.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 02 Oct 2014
Posts: 4660
Location: Land Of The Leprechauns

PostPosted: Tue Jan 10, 2012 8:56 am    Post subject: Reply with quote

Hi Caseydog9,
First there is no risk in exporting your Firefox bookmarks.
As to reinstalling the OS, did you get Vista recovery discs when you bought the computer or did vista come pre installed?
If it came pre installed there may be a recovery partition.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Caseydog9
Newbie


Joined: 06 Jan 2012
Last Visit: 10 Jan 2012
Posts: 4

PostPosted: Tue Jan 10, 2012 10:55 am    Post subject: Firefox Redirect Reply with quote

It came pre-installed. I will investigate the options.

I think you can close this thread if you wish.

Thanks.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 02 Oct 2014
Posts: 4660
Location: Land Of The Leprechauns

PostPosted: Tue Jan 10, 2012 11:21 am    Post subject: Reply with quote

Hi Caseydog9,
Reboot the computer and quickly start tapping F12, this should give you access to the recovery partition.
If F12 doesn't work try F11, let me know how it goes.
_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 02 Oct 2014
Posts: 4660
Location: Land Of The Leprechauns

PostPosted: Fri Jan 13, 2012 10:09 am    Post subject: Reply with quote

Quote:
Due to a lack of response this topic is now closed.

If you still need help you must open a new thread in the Help with spyware removal forum, post a new set of DDS logs, and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group