Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Crafty Redirect


  • Please log in to reply

#1
MichelleakaToy

MichelleakaToy

    New Member

  • Member
  • Pip
  • 1 posts
Recently I have picked up a nasty little redirect that won't go away. At first IE wouldn't open at all, giving me an error web page will not open. I read through the forum followed many of the links and instructions from those that have come before me. I ran Highjackthis, and combofix. I have logs for both of them.

IE now opens to my home page and various pages, but when I click links I get the redirect again and a new error 'Detecting java script'. When I close an open page I cannot reopen IE. I get an error stating page cannot open and a redirected address in status bar 'chrome://oovootb/content/newtab/newtab.html' I do not have chrome downloaded on this system. Kind of at a loss here. Any help would be great!

Thanks in advance,
Michelle

combofix log

ComboFix 10-09-21.03 - Michelle 09/22/2010 12:17:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1384 [GMT -4:00]
Running from: c:\users\Michelle\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
SP: Norton 360 *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sda
c:\windows\system32\sda\SDTOCDDA.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-22 to 2010-09-22 )))))))))))))))))))))))))))))))
.

2010-09-22 16:38 . 2010-09-22 16:38 -------- d-----w- c:\users\Toy\AppData\Local\temp
2010-09-22 16:38 . 2010-09-22 16:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-22 15:42 . 2010-09-22 15:42 -------- d-----w- c:\users\Michelle\AppData\Local\Opera
2010-09-22 15:41 . 2010-09-22 15:42 -------- d-----w- c:\program files\Opera
2010-09-15 20:40 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 20:39 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 20:38 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 20:37 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-16 07:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-09 15:02 . 2009-08-31 00:29 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-28 18:10 . 2008-09-28 23:40 -------- d-----w- c:\users\Michelle\AppData\Roaming\OpenOffice.org2
2010-08-28 18:05 . 2008-09-28 23:41 1 ----a-w- c:\users\Michelle\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-08-12 13:15 . 2008-06-25 23:36 1356 ----a-w- c:\users\Michelle\AppData\Local\d3d9caps.dat
2010-08-09 16:35 . 2010-08-09 16:35 -------- d-----w- c:\program files\Trend Micro
2010-08-04 07:16 . 2009-08-08 01:04 -------- d-----w- c:\users\Michelle\AppData\Roaming\Free Audio Editor
2010-06-26 06:05 . 2010-08-13 09:27 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-13 09:24 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-13 09:24 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-13 09:24 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-03-29 18:29 . 2008-03-29 18:29 14 --sh--r- c:\windows\System32\drivers\fbd.sys
2008-03-29 18:29 . 2008-03-29 18:29 5 --sh--r- c:\windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
2009-05-08 19:00 86016 ----a-w- c:\program files\oovootb\oovoodx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"= "c:\program files\oovootb\oovoodx.dll" [2009-05-08 86016]

[HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-13 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-06-01 18:53 1093208 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-05-06 2785582]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20080613.001\IDSvix86.sys [2008-04-04 261680]
S1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-07-15 203056]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 SBAMSvc;Fix-It;c:\program files\Common Files\AntiVirus\SBAMSvc.exe [2010-02-22 1012080]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2009-08-10 69936]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-04-17 109616]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*NewlyCreated* - SBRE
*Deregistered* - SBRE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 13:46]

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-13 13:46]

2010-09-20 c:\windows\Tasks\Norton Security Scan for Michelle.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-18 16:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.worldbroadcastingsystem.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
FF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\u3avnov7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.netflix.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Michelle\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-22 12:39
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2197801145-1507210848-4252859125-1000\Software\SecuROM\License information*]
"datasecu"=hex:23,31,b3,bb,b2,a6,26,aa,58,58,33,93,ff,51,21,b9,8c,6b,f7,69,f5,
36,6f,49,5b,2b,c9,f8,4c,96,04,2a,17,85,8b,43,d0,f2,78,d9,e6,2c,c7,3c,e0,c4,\
"rkeysecu"=hex:17,0c,8b,a8,75,cb,05,56,56,b0,06,85,72,9c,ba,40

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-22 12:47:32
ComboFix-quarantined-files.txt 2010-09-22 16:47

Pre-Run: 66,751,918,080 bytes free
Post-Run: 66,692,722,688 bytes free

- - End Of File - - D73FC3AA4F8EF310F027AFCEDFD01127
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP