Browser Hijacked (keeps redirecting)

PostPosted: Sun Jan 01, 2012 7:59 am

Every time I click on a site using google, my browser is redirected to a dummy site. I also keep getting a "Windows host process (Rundll32)" popping up asking for permission to continue. Also, Internet Explorer keeps opening itself up to several different shopping sites. Please help.

Here's my DDS logs:
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_26
Run by Mosby at 9:40:15 on 2012-01-01
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.984 [GMT -6:00]
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\real\realplayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\iPod\bin\iPodService.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1070519
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: Fantapper: {8a86d350-37ab-410a-8531-7d1363f317b3} - c:\program files\brand affinity technologies\fantapper player\\IEInstaller.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
uRun: [DOSBoxData] rundll32.exe "c:\users\mosby\appdata\local\dosbox\dosboxdata\DOSBoxdata.dll",DllRegisterServer
uRun: [Apple] rundll32.exe c:\users\mosby\appdata\local\dosbox\dosboxupdate\DOSBoxupdt32.dll,DllRegisterServer
uRun: [GoogleTrayTray] rundll32.exe "c:\programdata\GoogleTrayTray.dll",DllRegisterServer
uRun: [-658169084] rundll32.exe "c:\users\mosby\appdata\local\temp\nsvc22f.tmp\sg981sa.xvl",DllRegisterServer
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\PhotoDownloader.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [PRISMSVR.EXE] "c:\windows\system32\PRISMSVR.EXE" /APPLY
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
mRunOnce: [*Restore] c:\windows\system32\rstrui.exe /runonce
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\Service Manager.norun
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer =
TCP: Interfaces\{1FA284E2-E817-406E-ACF2-CF8355E824CB} : DhcpNameServer =
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\mosby\appdata\roaming\mozilla\firefox\profiles\0iddw1a6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - user.js: yahoo.homepage.dontask - true);user_pref(extentions.y2layers.installId, 7669650d-e285-4c52-ad62-32a263721e6b
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,DropDownDeals,
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-12-18 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-12-18 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-12-18 656320]
R2 FTSvc;Fantapper Player Update Service;c:\program files\brand affinity technologies\fantapper player\FantapperUpdateService.exe [2011-12-12 11776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-2-28 378472]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2007-3-22 138344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-23 136176]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-5-18 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-23 136176]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-12-18 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-12-18 1150936]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2012-01-01 15:30:05 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f8a74746-b217-48f3-a4a1-a3291761dcea}\offreg.dll
2011-12-30 07:43:37 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f8a74746-b217-48f3-a4a1-a3291761dcea}\mpengine.dll
2011-12-24 02:36:27 94208 ----a-w- c:\programdata\GoogleTrayTray.dll
2011-12-18 18:21:37 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-12-18 18:21:37 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-12-18 18:21:35 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-12-18 18:21:35 103232 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-12-18 18:21:30 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-12-18 18:21:30 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-12-18 18:21:25 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-12-18 18:21:20 -------- d-----w- c:\users\mosby\appdata\roaming\PC Tools
2011-12-18 18:21:20 -------- d-----w- c:\program files\PC Tools Security
2011-12-18 18:21:20 -------- d-----w- c:\program files\common files\PC Tools
2011-12-18 18:20:07 -------- d-----w- c:\programdata\PC Tools
2011-12-06 23:49:37 -------- d-sh--w- C:\found.000
2011-12-04 14:25:58 677136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
==================== Find3M ====================
2011-12-31 14:44:42 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-12-31 14:44:28 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-12-31 14:44:28 103736 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-12-23 19:52:21 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-11-15 13:50:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-24 19:51:38 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-10-24 03:26:51 22328 ----a-w- c:\users\mosby\appdata\roaming\PnkBstrK.sys
2011-10-06 22:28:18 770384 ----a-w- c:\windows\system32\msvcr100.dll
2011-10-06 22:28:18 421200 ----a-w- c:\windows\system32\msvcp100.dll
2011-10-06 22:28:18 138056 ----a-w- c:\windows\system32\atl100.dll
============= FINISH: 9:41:32.32 ===============

DDS (Ver_2011-08-26.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 5/18/2007 12:01:04 PM
System Uptime: 1/1/2012 9:29:47 AM (0 hours ago)
Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Microprocessor | 1867/1066mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 223 GiB total, 120.326 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.075 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
==== Installed Programs ======================
2Wire Wireless Client
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.5
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
CAM UnZip 4.5
Carbonite Online Backup Setup
Conexant D850 PCI V.92 Modem
Corel Paint Shop Pro Photo XI
Corel Snapfire Plus
Dell Games
Dell System Customization Wizard
Digital Line Detect
Documentation & Support Launcher
EarthLink Setup Files
EFI Decorative Fonts
EFI OZ Fonts
EFI Palmer Fonts
EFI PM Fonts
EPSON Printer Software
Fantapper Player
Game Console - WildGames
Games, Music, & Photos Launcher
Gimp 2.6.2 Debug
Google Chrome
Google Desktop
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Internet Service Offers Launcher
iPod for Windows 2006-06-28
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) SE Runtime Environment 6
LEGO Digital Designer
LEGO Universe
Lets Ride Horse Club - The Saddle Show Mystery
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MobileMe Control Panel
Modem Diagnostic Tool
Mozilla Firefox 8.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Scan
NVIDIA 3D Vision Driver 267.42
NVIDIA Control Panel 267.42
NVIDIA Graphics Driver 267.42
NVIDIA HD Audio Driver
NVIDIA Install Application
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
Octoshape add-in for Adobe Flash Player
Plants vs. Zombies
Primary Tablet 5.0
PunkBuster Services
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealUpgrade 1.1
ResChanger 2005
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Shop To Win
SigmaTel Audio
SnapStream Firefly Mini 1.0.1
Sonic Activation Module
Spyware Doctor 8.0
Timez Attack Launcher
Typing Instructor for Kids 3
Unity Web Player (All users)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Word 2007 (KB974631)
URL Assistant
User's Guides
WinZip 15.0
Yontoo Layers Runtime 1.10.01
==== Event Viewer Messages From Past Week ========
12/27/2011 12:25:48 PM, Error: EventLog [6008] - The previous system shutdown at 12:24:44 PM on 12/27/2011 was unexpected.
==== End Of File ===========================
PostPosted: Tue Jan 03, 2012 3:37 am

  • Download MGA Diagnostic Tool to your Desktop.
  • Double click MGADiag.exe to launch the programme.
  • Click Continue and let the scan run.
  • When finished it will have created a log.
  • Click Copy.
  • Next open Notepad.

    • Click Start > Run type Notepad click OK.
    • This will open an empty Notepad file.
    • Right click in the empty file and choose Paste to copy the log from MGA Diagnostics into it.
    • Save the file to your Desktop.

  • Close MGA Diagnostic Tool.
  • Copy/Paste the log in your next reply please.


Download CKScanner to your Desktop.

  • Doubleclick CKScanner.exe to launch it.
  • Click Search For Files.
  • After a couple minutes a list will appear in the panel to the right.
  • Click Save List To File.
  • A message box will verify the file saved.
  • Close CKScanner.
  • Copy/paste the contents of ckfiles.txt in your next reply please (it will be on your Desktop).
  • Please run the program once only.

PostPosted: Sat Jan 07, 2012 2:42 am

Due to lack of response this topic is now closed.

If you still need help you must open a new thread in the Help with Spyware Removal forum, post a new log, and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

