Results 1 to 7 of 7

Thread: Google search results hijacked

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2010-10-21, 15:40 #1
    daggit
    daggit is offline
    Junior Member
    Join Date
    Oct 2010
    Location
    Miami
    Posts
    3

    Unhappy Google search results hijacked

    This problem is now intermittent, and has been going on for the past 5 days.

    I have already:

    - Scanned my system with numerous (and I mean numerous) antivirus, antimalware, and (I'll admit) registry cleaner (as a last resort...) software.
    - Cleared out all TEMP folders
    - Ran HijackThis, and triple-/quadruple-checked all items
    - Uninstalled/Reinstalled JAVA
    - Restored all system files to a known working date
    - Ran SFC /scannow
    - Uninstalled/Reinstalled all browsers
    - Took a detailed look at my Event Viewer (some errors, but nothing out of the ordinary)

    ...among many, many other attempts at restoring my system.

    AVAST! is currently my a/v. The hijacks started before while I was running MS Security Essentials.

    The original problem hijacked my browser(s) every time I opened a web page, including an attempt at hijacking my homepage.
    I was using Microsoft Security Essentials at the time as my A/V
    I am now currently using AVAST!, as stated above, in addition to using SPYBOT's (had it instaleld before my System Restore. Will install before my next reboot.)

    After scanning my system with various system scanners and removing detected threats, the hijacks became less often (@ 2-3 clicks into search results)

    After restoring my system using System Restore (currently), the hijacks are still less often but still happen every 3-4 clicks on occasion. Sometimes I can go as long as @ 10 clicks before the hijacks happen.

    Hijacked redirect web pages also still appear at random during browsing without any prompting (no links clicked, no typing, etc.). (They are similar to my search result hijack pages, so are these are delayed hijacks?)

    I have a host of information. Please let me know what you want me to paste.

    As requested, here is my DDS log: (Please note that prior to my last scan, I disabled AVAST! For this reason, you will probably not see AVAST! as part of my running processes.)


    Quote Originally Posted by DDS.scr
    DDS (Ver_10-10-10.03) - NTFSx86
    Run by DJ at 9:27:00.12 on Thu 10/21/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3572.2029 [GMT -4:00]


    ============== Running Processes ===============

    C:\Windws\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\USB SR\USBSRService.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k apphost
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\CISVC.EXE
    c:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    c:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\tcpsvcs.exe
    C:\Windows\System32\snmp.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
    C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TouchFreeze\TouchFreeze.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\DJ\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\jucheck.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Users\DJ\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.com/
    uWindow Title = Windows Internet Explorer provided by Internet by DJ
    uSearch Bar = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    mSearchAssistant = hxxp://www.google.com/ie
    mURLSearchHooks: H - No File
    BHO: IE7Pro BHO: {00011268-e188-40df-a514-835fcd78b1bf} - c:\program files\iepro\iepro.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\iepro\IEProRecorder.dll
    TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [TouchFreeze] c:\program files\touchfreeze\TouchFreeze.exe
    uRun: [Adobe Reader Synchronizer] "c:\program files\adobe\reader 9.0\reader\AdobeCollabSync.exe"
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
    mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
    mRun: [<NO NAME>]
    mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
    mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avast!] "c:\program files\avast\ashDisp.exe"
    mRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /QS
    StartupFolder: c:\users\dj\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {000002a3-84fe-43f1-b958-f2c3ca804f1a} - {CD275D4E-791A-4993-9D4D-6A071EDD2709} - c:\program files\iepro\iepro.dll
    IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    LSA: Authentication Packages = msv1_0 wvauth

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\dj\appdata\roaming\mozilla\firefox\profiles\ziqf236s.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nptgeqplugin.dll
    FF - plugin: c:\program files\nos\bin\np_gp.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\dj\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\users\dj\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\users\dj\appdata\roaming\mozilla\firefox\profiles\ziqf236s.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
    FF - plugin: c:\users\dj\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\dj\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\windows\system32\wat\npWatWeb.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

    ============= SERVICES / DRIVERS ===============

    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]
    R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-12-10 386848]
    R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2010-1-11 82944]
    R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\usb sr\USBSRService.exe [2010-8-31 242000]
    R3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-3-31 29472]
    R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-3-31 33832]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2010-3-31 221912]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-10-21 45648]
    S2 avast! Antivirus;avast! Antivirus;c:\program files\avast\ashServ.exe [2010-10-21 132472]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-14 135664]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\avast\ashMaiSv.exe [2010-10-21 243064]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\avast\ashWebSv.exe [2010-10-21 345464]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2010-2-11 319488]
    S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2010-2-11 51456]
    S3 CASprint;Sprint Con App Svc;c:\program files\sprint\sprint smartview\ConAppsSvc.exe [2010-6-8 124224]
    S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [2010-9-12 112640]
    S3 cm_ser;C-motech USB Serial Port Driver;c:\windows\system32\drivers\cm_ser.sys [2010-9-12 103680]
    S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-3-31 6114816]
    S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-3-31 47104]
    S3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-3-31 49152]
    S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-3-31 38400]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys [2010-4-7 12800]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-6 1343400]
    S4 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-12-17 812448]
    S4 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-12-17 27040]
    S4 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-12-22 77312]

    =============== Created Last 30 ================

    2010-10-21 13:24:59 -------- d-----w- c:\program files\NT Registry Optimizer
    2010-10-21 10:53:10 506368 ----a-w- c:\windows\system32\msxml.dll
    2010-10-21 10:47:56 45648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-10-21 10:47:53 -------- d-----w- c:\program files\Avast
    2010-10-21 10:24:13 -------- d-----w- c:\progra~2\PC Tools
    2010-10-21 10:17:28 1137360 ----a-w- C:\fsbl2.exe
    2010-10-21 10:01:43 1137360 ----a-w- C:\fsbl.exe
    2010-10-21 02:41:50 -------- d-----w- c:\program files\Window Registry Repair
    2010-10-21 01:52:39 -------- d-----w- c:\users\dj\appdata\roaming\Uniblue
    2010-10-21 01:52:38 -------- dc----w- c:\progra~2\{AD5E3D2B-0DB1-4CD0-9913-0DDF2051E490}
    2010-10-21 01:52:36 -------- d-----w- c:\program files\Uniblue
    2010-10-21 01:51:52 -------- d-----w- c:\users\dj\appdata\local\PackageAware
    2010-10-21 00:13:54 -------- d-----w- c:\program files\Sun
    2010-10-20 01:53:34 -------- d-----w- c:\program files\CCleaner
    2010-10-19 19:53:45 153088 ----a-w- c:\windows\system32\UNRAR3.dll
    2010-10-19 19:53:35 -------- d-----w- c:\users\dj\appdata\roaming\Simply Super Software
    2010-10-19 19:53:35 -------- d-----w- c:\program files\Trojan Remover
    2010-10-19 19:53:35 -------- d-----w- c:\progra~2\Simply Super Software
    2010-10-19 19:38:53 -------- d-----w- c:\program files\Ad-Aware
    2010-10-19 17:55:12 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
    2010-10-19 17:47:30 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
    2010-10-19 17:47:26 -------- d-----w- c:\program files\SpybotSD
    2010-10-19 17:46:00 -------- d-----w- c:\users\dj\appdata\roaming\TweakNow RegCleaner Professional
    2010-10-19 17:46:00 -------- d-----w- c:\program files\TweakNow
    2010-10-15 09:20:08 -------- d-----w- c:\program files\ESET
    2010-10-15 09:01:14 -------- d-----w- c:\program files\Trend Micro
    2010-09-29 07:00:32 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2010-09-29 02:59:22 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
    2010-09-29 02:59:21 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-28 02:46:01 -------- d-----r- c:\program files\Skype
    2010-09-25 22:47:42 -------- d-----w- c:\users\dj\appdata\roaming\GrabPro
    2010-09-25 22:45:42 -------- d-----w- c:\users\dj\appdata\roaming\MiniDm
    2010-09-25 22:44:44 -------- d-----w- c:\program files\IEPro
    2010-09-25 21:23:21 -------- d-----w- c:\program files\TouchFreeze
    2010-09-25 16:53:58 -------- d-----w- c:\program files\Audacity
    2010-09-22 21:19:23 2614272 ----a-w- c:\windows\explorer - Copy.exe

    ==================== Find3M ====================

    2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
    2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll

    ============= FINISH: 9:27:37.05 ===============
    As of yet, I have not detected anything out of the ordinary.
    I have removed so many viruses and hijackers in the past without any issue, so this is quite baffling.
    The next step imo is to just nuke and repave.......
    I do not know how this hijacker got on my system. I am usually very *very* careful about what I download and where I browse.

    Please let me know any suggestions. Any thoughts at all will be greatly appreciated.


    Also, please note that I have read "BEFORE you POST".
    =======================

    Please, can anybody help?

    =======================

    Edit
    Waiting for help in the Malware Forum FOUR days or longer?
    Last edited by tashi; 2010-10-23 at 09:13. Reason: Merged two posts, as per forum FAQ, and provided link
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules