Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google/Mozilla Firefox Hi-Jacked Re-directed To Pop-Under Ad

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google/Mozilla Firefox Hi-Jacked Re-directed To Pop-Under Ad

Unread postby simpleprofits101 » May 9th, 2011, 6:35 pm

Hello there,

I noticed in the last 72hours when I search via Mozilla or Google Chrome any of the PPC and organic sites are being re-directed to pop-under ads. I have contacted the "referrer" but nobody knows whats going on.

I want to remove these malware, but also find out how these pop-under ads are being triggered (whats the source).

DDS Log:


DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by MyName at 15:19:13.24 on Mon 05/09/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8117.5901 [GMT -7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Norton 360\Engine\5.0.2.1\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\Norton 360\Engine\5.0.2.1\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\MatiasLeiva\AppData\Local\SENukeX\SENuke.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\SYNND\RemoteAutomator.exe
C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\MatiasLeiva\AppData\Local\SENukeX\SENukeRecovery.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\MatiasLeiva\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
uInternet Settings,ProxyServer = 184.82.186.145:8800
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mWinlogon: Userinit=userinit.exe,
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.0.2.1\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.0.2.1\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.0.2.1\coIEPlg.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [Article Marketing Robot] C:\Program Files (x86)\Article Marketing Robot\Article Marketing Robot.exe /startup
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [Kdizulefariza] rundll32.exe "C:\Users\MatiasLeiva\AppData\Local\ovofatufoqi.dll",Startup
uRun: [fsm]
uRun: [SEnukeX] C:\Users\MatiasLeiva\appdata\local\senukex\senuke.exe
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Boingo Wi-Fi] "C:\Program Files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\MATIAS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AUTOST~1.LNK - C:\Program Files (x86)\SYNND\RemoteAutomator.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: {2F4A00A9-E1D8-4702-9424-636098EF4283} = 93.188.165.211,93.188.160.182
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
mRun-x64: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun-x64: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-5-9 69376]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0500020.001\SymDS64.sys [2011-5-2 450608]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0500020.001\SymEFA64.sys [2011-5-2 802864]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20110430.001\BHDrvx64.sys [2011-4-30 1127032]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20110506.001\IDSviA64.sys [2011-5-6 476792]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0500020.001\Ironx64.sys [2011-5-2 171128]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0500020.001\symnets.sys [2011-5-2 382072]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-6-18 379520]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-12-17 202752]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-4-29 2146496]
R2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);C:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2009-3-30 57617752]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\5.0.2.1\ccSvcHst.exe [2011-5-2 130000]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-8-6 13784]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-6-18 2314240]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-6-30 52264]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-6-18 35104]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-5-3 132656]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-6-18 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-1-20 76912]
R3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-6 118672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-18 135664]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-8-20 44032]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-6-18 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-6-18 79360]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-1-18 61792]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-18 135664]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-24 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);C:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2011-05-09 20:12:53 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-05-09 20:12:50 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-05-09 20:01:17 -------- d-----w- C:\Users\MATIAS~1\AppData\Local\Amazon
2011-05-09 19:23:36 -------- d-----w- C:\Users\MATIAS~1\AppData\Local\Diagnostics
2011-05-04 04:15:33 -------- d-----w- C:\Program Files (x86)\TheBestSpinner
2011-05-03 18:57:40 -------- d-----w- C:\Program Files (x86)\Vuze_Remote
2011-05-03 18:20:22 -------- d-----w- C:\Users\MATIAS~1\AppData\Roaming\Software Informer
2011-05-03 18:20:22 -------- d-----w- C:\Program Files (x86)\Software Informer
2011-05-03 17:30:13 -------- d-----w- C:\Users\MATIAS~1\AppData\Local\CrashDumps
2011-05-03 06:06:48 0 ----a-w- C:\Users\MATIAS~1\AppData\Local\Qvilabamomi.bin
2011-05-03 06:06:47 -------- d-----w- C:\Users\MATIAS~1\AppData\Local\{FDF6ED03-D1E1-4C84-97C1-038A50CE8665}
2011-05-03 05:29:02 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-05-03 04:52:00 -------- d-----w- C:\Users\MATIAS~1\AppData\Local\Conduit
2011-05-03 04:51:57 -------- d-----w- C:\Users\MATIAS~1\AppData\Local\ConduitEngine
2011-05-03 03:55:58 -------- d-----w- C:\Program Files (x86)\Norton 360
2011-05-03 03:55:47 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-05-03 03:55:47 -------- d-----w- C:\PROGRA~3\NortonInstaller
2011-05-03 03:43:47 -------- d-----w- C:\PROGRA~3\Norton
2011-05-03 02:52:59 -------- d-----w- C:\Windows\pss
2011-05-03 02:42:57 -------- d-----w- C:\Users\MATIAS~1\AppData\Roaming\Malwarebytes
2011-05-03 02:42:52 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-05-03 02:42:50 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-03 01:48:29 -------- d-----w- C:\Temp
2011-05-01 05:38:18 -------- d-----w- C:\Users\MatiasLeiva\.seospyglass
2011-04-29 01:35:48 1070432 ----a-w- C:\Windows\SysWow64\wodTunnel.dll
2011-04-29 01:35:48 -------- d-----w- C:\Program Files (x86)\RemoteAutomator
2011-04-28 04:40:56 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-04-28 04:40:56 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-04-26 22:14:40 -------- d-----w- C:\Users\MATIAS~1\AppData\Local\SENukeX
2011-04-26 22:13:45 -------- d-----w- C:\Users\MATIAS~1\AppData\Local\Deployment
2011-04-26 22:13:45 -------- d-----w- C:\Users\MATIAS~1\AppData\Local\Apps
2011-04-25 18:00:30 -------- d-----w- C:\Users\MATIAS~1\AppData\Roaming\ubot
2011-04-25 18:00:24 -------- d-----w- C:\Users\MATIAS~1\AppData\Local\Xenocode
2011-04-25 17:52:11 -------- d-----w- C:\Program Files (x86)\Article Marketing Robot
2011-04-19 01:16:24 -------- d-----w- C:\Program Files (x86)\Market Samurai
.
==================== Find3M ====================
.
2011-05-03 03:56:25 174640 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-03-30 00:59:57 72080 ----a-w- C:\Users\MatiasLeiva\g2mdlhlpx.exe
2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
2011-02-26 06:23:14 2870272 ----a-w- C:\Windows\explorer.exe
2011-02-26 05:33:07 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-02-24 06:30:00 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-24 06:29:15 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-02-24 06:24:57 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-02-24 05:32:52 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-24 05:32:44 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-02-24 05:30:16 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-02-24 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
2011-02-24 04:24:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-02-24 04:23:48 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-02-24 03:50:26 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-02-23 05:16:28 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-23 05:16:01 401920 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-23 05:15:50 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-23 05:15:27 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-23 05:15:14 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-23 05:15:13 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-23 05:15:06 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-19 06:37:44 1135104 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-19 06:37:10 1540608 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-19 06:36:49 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-02-19 06:36:13 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-19 05:32:48 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-19 05:32:35 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-02-19 05:32:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-19 04:13:39 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-19 03:37:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-02-18 06:37:05 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-18 05:36:26 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-12 06:14:41 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
.
============= FINISH: 15:20:03.22 ===============

Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/18/2011 3:35:15 PM
System Uptime: 5/9/2011 3:00:15 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | G73Jh
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz | Socket 989 | 928/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 17.521 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 146.162 GiB free.
E: is FIXED (NTFS) - 204 GiB total, 203.935 GiB free.
F: is FIXED (NTFS) - 149 GiB total, 113.797 GiB free.
G: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Anchor Service CS4
Adobe CSI CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1 MUI
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Update Manager CS4
Alcor Micro USB Card Reader
Article Marketing Robot
ASUS AI Recovery
ASUS AP Bank
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
ASUS_Notebook_G73 Screen Saver
ATK Package
Boingo Wi-Fi
Camtasia Studio 7
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Choice Guard
Conduit Engine
Connect
ControlDeck
Creative MediaSource 5
CyberLink LabelPrint
CyberLink Power2Go
Dicsoft Video Converter Platinum v3.6.5
Dropbox
Express Gate
ezs3 4.6.2
FileZilla Client 3.3.5.1
Game Park Console
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.5.0.457
Intel(R) Management Engine Components
Java(TM) 6 Update 13
Junk Mail filter update
kuler
Market Samurai
Micro Niche Finder 5.0
Microsoft adCenter Desktop
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Browser
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSXML 4.0 SP3 Parser (KB973685)
Norton 360
Realtek High Definition Audio Driver
RemoteAutomator V3.0.3.0
RemoteAutomator V4.0.0.3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
SEO SpyGlass
Skype™ 4.2
Snagit 10
Software Informer 1.1
Sound Blaster Audigy HD
Suite Shared Configuration CS4
SYNND RemoteAutomator
TheBestSpinner
Times Reader
TweetAttacks
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update or Uninstall SENukeX
Vuze
Vuze Remote Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinFlash
Wireless Console 3
Wisdom-soft Set up ScreenHunter 5.1 Pro
Xilisoft Video Converter Ultimate 6
.
==== Event Viewer Messages From Past Week ========
.
5/9/2011 12:23:16 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
5/7/2011 4:37:42 PM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
5/5/2011 9:31:05 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ERIC-VAIO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2F4A00A9-E1D8-4702-9424-636098EF4283}. The master browser is stopping or an election is being forced.
5/2/2011 8:35:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000a0 (0x0000000000000009, 0xffffffffc000009c, 0x0000000000000001, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 050211-19110-01.
.
==== End Of File ===========================
simpleprofits101
Active Member
 
Posts: 1
Joined: May 9th, 2011, 6:14 pm
Advertisement
Register to Remove

Re: Google/Mozilla Firefox Hi-Jacked Re-directed To Pop-Unde

Unread postby Carolyn » May 14th, 2011, 12:28 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems.

Please do not run any other tool until instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

=============================

With reference to Malware Removal P2P Programs Policy, please uninstall the following programs before we continue:

  1. Click on Start > Control Panel and double click on Programs and Features.
  2. Locate Vuze and click on the Uninstall button to uninstall it.
  3. Repeat for Vuze Remote Toolbar any other P2P programs that may be installed.
  4. Close Control Panel when done.

=============================

Please run DDS again, then post the new logs in your next reply (post all logs as text, no attachments please):
  • DDS.txt
  • Attach.txt
  • Also please tell me if this computer is used for any business activities.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Google/Mozilla Firefox Hi-Jacked Re-directed To Pop-Unde

Unread postby NonSuch » May 18th, 2011, 1:13 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 284 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware