Hi All

First time here. I think I got the posting procedure right so here goes.

I found myself being redirected to obvious malware sites so i ran spybot check. Sure enough it discovered "coolwwwsearch.olehelp" after fixing it i found the same problems so did a little online research and tried using Cw shredder. Not only did that detect the entry above but it also found "coolwwwsearch.alfasearch". I "fixed" that using CWshredder and rebooted only to continue to find the problem.

I've had a search through the forums for an answer but have had no luck.I keep getting redirected and it's affecting my PC's performance.

If anyone can help me get rid off this pain in the butt it would be greatly appreciated.

Below are logs.


DDS (Ver_10-10-10.03) - NTFSx86
Run by Chrisfromhell at 19:40:32.82 on Tue 26/10/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2604 [GMT 8:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Chrisfromhell\Application Data\Microsoft\Windows\shell.exe
"C:\Documents and Settings\Chrisfromhell\Application Data\Microsoft\svchost.exe"
C:\DOCUME~1\CHRISF~1\LOCALS~1\Temp\dwm.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\SOUNDMAN.EXE
svchost.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Chrisfromhell\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = "hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mWinlogon: Shell=explorer.exe c:\windows\system32\ntdevice.exe
uWinlogon: Shell=explorer.exe,c:\documents and settings\chrisfromhell\application data\microsoft\windows\shell.exe
uWindows: Load=c:\docume~1\chrisf~1\locals~1\temp\dwm.exe
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [SoundMan] SOUNDMAN.EXE
StartupFolder: c:\docume~1\chrisf~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido anti-malware\shellhook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chrisf~1\applic~1\mozilla\firefox\profiles\vxwogjq7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\chrisfromhell\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pace anti-piracy\ilok\NPPaceILok.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2004-11-22 3072]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2004-2-9 301200]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2008-11-21 464264]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2004-6-10 255096]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2004-6-10 242808]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2010-2-11 16400]
R2 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 ewido security suite guard;ewido security suite guard;c:\program files\ewido anti-malware\ewidoguard.exe [2005-12-19 151616]
R2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2008-11-21 80392]
R2 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2004-2-9 37008]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2004-7-7 1267024]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2009-2-10 33792]
R3 iLokDrvr;Usb Driver;c:\windows\system32\drivers\iLokDrvr.sys [2009-12-23 54328]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101007.002\naveng.sys [2010-10-22 86064]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101007.002\navex15.sys [2010-10-22 1371184]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2004-6-10 87160]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2010-2-11 85008]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys --> c:\windows\system32\drivers\MBX2DFU.sys [?]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys --> c:\windows\system32\drivers\mbx2midk.sys [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-4-24 137344]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2004-7-7 173392]
S3 ZOOM_R16MTR;ZOOM R16 Audio Interface;c:\windows\system32\drivers\zmr16usbaudio.sys --> c:\windows\system32\drivers\zmr16usbaudio.sys [?]

=============== Created Last 30 ================

2010-10-26 09:46:18 -------- d-----w- c:\program files\ewido anti-malware
2010-10-26 09:03:28 160256 ----a-w- c:\docume~1\chrisf~1\applic~1\microsoft\svchost.exe
2010-10-26 02:25:34 388096 ----a-r- c:\docume~1\chrisf~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-10-26 02:25:33 -------- d-----w- c:\program files\Trend Micro
2010-10-25 05:35:10 -------- d-----w- c:\program files\PS3 Media Server
2010-10-23 09:26:04 205312 ----a-w- c:\docume~1\chrisf~1\applic~1\microsoft\windows\shell.exe

==================== Find3M ====================

2010-10-26 10:58:31 16608 ----a-w- c:\windows\gdrv.sys
2010-10-25 12:22:12 234280 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-10-25 12:22:12 234280 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-22 11:27:33 112 ----a-w- c:\windows\system32\msvcsv60.dll
2010-08-04 01:59:10 53248 ----a-w- c:\windows\system32\aticalrt.dll
2010-08-04 01:59:00 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-08-04 01:57:40 4358144 ----a-w- c:\windows\system32\aticaldd.dll
2010-08-04 01:53:22 15900672 ----a-w- c:\windows\system32\atioglxx.dll
2010-08-04 01:47:50 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-08-04 01:47:00 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-08-04 01:46:04 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-08-04 01:41:40 3901280 ----a-w- c:\windows\system32\ati3duag.dll
2010-08-04 01:31:16 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-08-04 01:31:04 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-08-04 01:30:56 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-08-04 01:30:50 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-08-04 01:30:38 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-08-04 01:29:26 606208 ----a-w- c:\windows\system32\ati2evxx.exe
2010-08-04 01:28:12 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-08-04 01:28:06 2537728 ----a-w- c:\windows\system32\ativvaxx.dll
2010-08-04 01:27:20 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-04 01:24:04 610304 ----a-w- c:\windows\system32\atikvmag.dll
2010-08-04 01:23:52 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-08-04 01:22:28 188416 ----a-w- c:\windows\system32\atiadlxx.dll
2010-08-04 01:22:08 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-08-04 01:16:50 700416 ----a-w- c:\windows\system32\ati2cqag.dll
2010-08-04 01:15:20 65024 ----a-w- c:\windows\system32\atimpc32.dll
2010-08-04 01:15:20 65024 ----a-w- c:\windows\system32\amdpcom32.dll

============= FINISH: 19:40:50.45 ===============