Search reridect virus

June 9, 2010 at 13:23:20
Specs: Windows XP
I ran into a problem with my search links being re-directed to another site. I'm assuming this is some kind of virus, but McAfee didn't show that anything was wrong. MalwareBytes didn't either. I deleted both and installed Microsoft Securty Essentials. That didn't find anything either.

At this point, I don't even really care if I can't get rid of the search bug. I just won't search for anything with that machine. My question is, is there anything else that the bug is doing that I should be worried about? Even though all these virus checkers came back clean, I feel like it isn't safe to log in to e-mail or facebook or anything because I know there is active malware on my machine. Am I overreacting?


See More: Search reridect virus

Report •


#1
June 9, 2010 at 13:36:49
I'm guessing your default search engine is set to google?..

Try doing a scan with Combo Fix: http://www.bleepingcomputer.com/com...

And Hitman Pro 3.5.: http://download.cnet.com/Hitman-Pro...


Report •

#2
June 9, 2010 at 13:44:32
Before I do that stuff, I just want to know if this thing does something other than re-direct the searches. Do I need to go through downloading the other stuff to tell?

Report •

#3
June 9, 2010 at 13:52:36
It's a bad virus, and it would be best to get it removed as it can slow down your computer and make browsing nearly impossible. Also, please post a Combo Fix log, and I would recommend scanning with Hitman Pro 3.5. or http://support.kaspersky.com/viruse... (click on the one that says TDSS), just to be sure, after you've posted the log of course.

Report •

Related Solutions

#4
June 9, 2010 at 18:04:43

Report •

#5
June 9, 2010 at 18:17:17
I forgot all about StopZilla. I haven't heard that name in years, to be honest.

Report •

#6
June 9, 2010 at 18:35:48
OK... I ran ComboFix. While running, I got a message that "PEV.cfxxe has encountered a problem and needs to close". I clicked OK, and it pretty much continued as the instructions expected. It deleted 6 files and one folder.

I'll run HitMan Pro next.

Here's the log from ComboFix:

ComboFix 10-06-09.01 - Billy 06/09/2010 21:11:39.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.581 [GMT -4:00]
Running from: c:\documents and settings\Billy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Billy\GoToAssistDownloadHelper.exe
C:\LOG1D1.tmp
C:\LOG1D4.tmp
C:\LOG75.tmp
c:\program files\Common Files\Uninstall
c:\program files\PlaySushi\PSTExt.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\msxmlm.dll.tmp

Infected copy of c:\windows\system32\drivers\imapi.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 )))))))))))))))))))))))))))))))
.

2010-06-08 00:57 . 2010-06-08 00:57 28812000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{406995F2-3AF7-73B2-7C56-B73F0EC3F469}-{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.exe
2010-06-07 21:40 . 2010-06-07 21:41 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-05-30 03:07 . 2010-05-30 03:07 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-30 02:53 . 2010-05-30 02:53 -------- d-----w- c:\documents and settings\Billy\Local Settings\Application Data\ommoppnjf
2010-05-26 13:07 . 2010-05-26 13:07 503808 ----a-w- c:\documents and settings\Billy\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5597e24e-n\msvcp71.dll
2010-05-26 13:07 . 2010-05-26 13:07 499712 ----a-w- c:\documents and settings\Billy\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5597e24e-n\jmc.dll
2010-05-26 13:07 . 2010-05-26 13:07 348160 ----a-w- c:\documents and settings\Billy\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5597e24e-n\msvcr71.dll
2010-05-26 13:07 . 2010-05-26 13:07 12800 ----a-w- c:\documents and settings\Billy\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-56dfe936-n\decora-d3d.dll
2010-05-26 13:07 . 2010-05-26 13:07 61440 ----a-w- c:\documents and settings\Billy\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-56dfe936-n\decora-sse.dll
2010-05-16 16:41 . 2010-05-16 16:41 503808 ----a-w- c:\documents and settings\Billy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ec1319b-n\msvcp71.dll
2010-05-16 16:41 . 2010-05-16 16:41 499712 ----a-w- c:\documents and settings\Billy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ec1319b-n\jmc.dll
2010-05-16 16:41 . 2010-05-16 16:41 348160 ----a-w- c:\documents and settings\Billy\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6ec1319b-n\msvcr71.dll
2010-05-16 16:41 . 2010-05-16 16:41 61440 ----a-w- c:\documents and settings\Billy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-22284d05-n\decora-sse.dll
2010-05-16 16:41 . 2010-05-16 16:41 12800 ----a-w- c:\documents and settings\Billy\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-22284d05-n\decora-d3d.dll
2010-05-16 16:41 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 01:25 . 2007-04-26 23:15 -------- d-----w- c:\documents and settings\Billy\Application Data\Skype
2010-06-10 01:23 . 2009-12-31 00:07 -------- d-----w- c:\program files\Hot Wheels
2010-06-10 01:20 . 2010-03-07 07:21 -------- d-----w- c:\program files\PlaySushi
2010-06-10 00:51 . 2007-04-02 00:13 -------- d-----w- c:\program files\Dl_cats
2010-06-07 22:15 . 2008-03-31 00:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-07 21:40 . 2009-05-29 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-30 02:52 . 2007-04-01 23:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-16 16:42 . 2006-08-09 03:23 -------- d-----w- c:\program files\Common Files\Java
2010-05-16 16:41 . 2006-08-09 03:23 -------- d-----w- c:\program files\Java
2010-05-10 12:04 . 2010-05-10 12:02 -------- d-----w- c:\program files\iTunes
2010-05-10 12:03 . 2010-05-10 12:03 -------- d-----w- c:\program files\iPod
2010-05-10 12:03 . 2009-12-24 19:50 -------- d-----w- c:\program files\Common Files\Apple
2010-05-10 11:54 . 2010-05-10 11:54 -------- d-----w- c:\program files\Bonjour
2010-05-10 11:51 . 2010-05-10 11:51 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-03 20:05 . 2010-04-03 20:05 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-02-14 00:26 . 2007-08-13 20:36 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-11-05 23:01 . 2006-08-16 00:10 88 --sh--r- c:\windows\system32\74125C7281.sys
2007-11-05 23:01 . 2006-08-16 00:10 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EasyIconOverlayHandler1 {91F666B4-6971-48F1-90DA-F73C16A72470}]
@="{91F666B4-6971-48F1-90DA-F73C16A72470}"
[HKEY_CLASSES_ROOT\CLSID\{91F666B4-6971-48F1-90DA-F73C16A72470}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"wikibrowse"="c:\program files\WikiBrowse\wbaccnter.exe" [2006-08-17 574464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-12-13 58992]
"Norton Ghost 10.0"="c:\program files\Norton Ghost\Agent\GhostTray.exe" [2005-12-07 1537696]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-14 30192]
"BuildBU"="c:\dell\bldbubg.exe" [2006-08-09 61440]
"snpstd3"="c:\windows\vsnpstd3.exe" [2004-12-16 339968]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 73728]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Hot Wheels® Turbo Driver™ Watcher"="c:\program files\Hot Wheels\HotwheelsWatcher.exe" [2008-01-25 2870612]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]

c:\documents and settings\Billy\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
Skype.lnk - c:\program files\Skype\Phone\Skype.exe [2009-10-9 25623336]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-8-8 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-05 20:49 10536 ----a-w- c:\program files\Citrix\GoToAssist\516\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\dlcfcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcfpswx.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/22/2007 11:18 PM 24652]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [11/25/2005 6:43 PM 31896]
S0 ouzpbx;ouzpbx;c:\windows\system32\drivers\hwqzcyuu.sys --> c:\windows\system32\drivers\hwqzcyuu.sys [?]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [1/9/2010 12:07 PM 18560]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/8/2006 11:42 PM 30192]
S3 WCG200BXP;Linksys WCG200 Wireless-G Cable Gateway(B);c:\windows\system32\DRIVERS\WCGBXP.sys --> c:\windows\system32\DRIVERS\WCGBXP.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-06-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 22:02]

2010-06-10 c:\windows\Tasks\User_Feed_Synchronization-{595E3542-24BD-49D4-A1E5-F33AFFD6BAC5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Billy\Application Data\Mozilla\Firefox\Profiles\x5am5h4u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.espn.go.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - component: c:\documents and settings\Billy\Application Data\Mozilla\Firefox\Profiles\x5am5h4u.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Billy\Application Data\Mozilla\Firefox\Profiles\x5am5h4u.default\extensions\textlinks@playsushi.com\components\PlaySushiFF.dll
FF - plugin: c:\documents and settings\Billy\Application Data\Move Networks\plugins\npqmp071504000001.dll
FF - plugin: c:\documents and settings\Billy\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmnqmp07030901.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-wikiqlaunch - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-Winamp Toolbar for Firefox - c:\documents and settings\Billy\Application Data\Mozilla\Firefox\Profiles\x5am5h4u.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 21:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\program files\Citrix\GoToAssist\516\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(1380)
c:\windows\system32\WININET.dll
c:\progra~1\WIKIBR~1\WBSHIC~1.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\Ink\SKCHUI.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\GEARSec.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-09 21:30:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-10 01:30

Pre-Run: 72,291,708,928 bytes free
Post-Run: 72,377,536,512 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - CDE3F166FD1FD8FAC72B285AFF82084C


Report •

#7
June 9, 2010 at 18:49:17
I ran Hitman Pro too. It didn't find any threats.

I tried a dozen or so searches, and I didn't run into any problems. Still too early to tell, but maybe ComboFix did the trick. Anything in the log?


Report •

#8
June 10, 2010 at 21:51:15
you need to remove all instances of viewpoint manager or
viewpoint media player via add/remove programs. otherwise i
think you'll be ok.

Report •

#9
June 11, 2010 at 11:00:43
Is that just something I can do from add/remove progams?

Report •

#10
June 11, 2010 at 12:29:57
OK... I removed it. Thanks for the help! Far less painful than I was expecting!

Report •

#11
August 23, 2010 at 14:52:00
My question is if Malwarebytes Anti-Malware and/or Super AntiSpyware of which I have both can't detect this redirect virus are they really viable options in terms of real pc security??? From what I had gathered they are considered very good virus scanners but this incident has me truly doubting that.

Report •


Ask Question