browser redirected

inver90 · 22 February 2010 at 8:43PM

Hello everyone i am new to martins site this is my first post .
every now and again my browser is getting redirected to (outsaid.ru/pok.php) and (ask.com) plus a few others ..
i have spybot sd . spyware blaster . ad-aware . malwarebytes .avg . and finally microsoft essentials all showing clean .
i have a hijack this log and dont have a clue what to do with it .
can someone please help ?
i tried to post the hijack this log but as i am new it wont allow it because it has links in it
{Sorry as a new user you are not allowed to post with links. This is done to stop spammers clogging up the site. Please edit your message below to continue.}
here is the log with links removed
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:50, on 22/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DfrgNTFS.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = tommy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [dboledg] rundll32.exe "C:\Documents and Settings\tommy\Local Settings\Application Data\dboledg\dboledg.dll", DllInit
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
--
End of file - 7635 bytes

Reluctant_spender · 22 February 2010 at 8:53PM

Have you run malwarebytes - if not ensure you update it first and then do a full scan.

Reluctant_spender · 22 February 2010 at 8:55PM

you also appear to be running AVG and Microsoft security essentials - two anti virus programmes is not good as they can fight and cause issues.
Can you also follow the below, this will show what programmes are installed on your system;

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
More information with a screenshot, can be found here.

Snooze · 22 February 2010 at 9:05PM

The browser being redirected is probably nothing to do with a virus, it just happens sometimes when you click on certain sites. For example, I don't have any viruses here but I could quite easily list a dozen different sites that will open up partypoker.com in addition to the site you actually want. Many sites are set up deliberately to redirect you to another site when you click it as it earns them revenue. It sucks, but that's the interweb for you...

closed · 22 February 2010 at 9:10PM

You've got far too much security software, avg, mse/defender, spybot and adaware - I would suggest uninstalling the lot, and replace with avast, then run an updated malwarebytes scan

and delete this

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

and upload this C:\Documents and Settings\tommy\Local Settings\Application Data\dboledg\dboledg.dll to http://www.virustotal.com/

O4 - HKCU\..\Run: [dboledg] rundll32.exe "C:\Documents and Settings\tommy\Local Settings\Application Data\dboledg\dboledg.dll", DllInit

uninstall ask toolbar if you have it

these are a little odd

O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) -

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

dogmaryxx · 22 February 2010 at 10:28PM

Also disable Tea Timer in Spybot S&D

Go to Mode > Advanced mode and click Yes to verify that you want to go to advanced mode.

Select Tools from the menu on the left side, > Resident and remove the check mark from Resident "Tea Timer".

inver90 · 22 February 2010 at 11:35PM

thanks for the quick replies here is the log file from uninstall
AC3Filter (remove only)
Acrobat.com
Acrobat.com
Ad-Aware
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3
Adobe Shockwave Player 11.5
Ares 2.1.2
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI MCE Transcode
ATI Problem Report Wizard
AVG Free 9.0
Belarc Advisor 8.1
Catalyst Control Center - Branding
CCleaner
CDBurnerXP
Diskeeper Professional Premier Edition
DivX Codec
DivX Plus DirectShow Filters
DivX Plus Web Player
FLAC 1.2.1b (remove only)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB922120-v6)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
HydraVision
ImgBurn (Remove Only)
InterVideo WinDVD 4
Java 2 Runtime Environment, SE v1.4.1_03
Java Web Start
Java(TM) 6 Update 18
Logitech QuickCam Software
Logitech® Camera Driver
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
Pinnacle TVCenter Pro
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Speccy
Spybot - Search & Destroy
SpywareBlaster 4.2
Update for Microsoft Windows (KB971513)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Vista Codec Package
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Imaging Component
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR

inver90 · 22 February 2010 at 11:47PM

i have uploaded the file from C:\Documents and Settings\tommy\Local Settings\Application Data\dboledg\dboledg.dll
here is the result

File DBOLEDG.DLL received on 2010.02.16 14:33:44 (UTC)
Current status: finished

Result: 3/40 (7.50%)

AntivirusVersionLast UpdateResulta-squared4.5.0.502010.02.16-AhnLab-V35.0.0.22010.02.15-AntiVir8.2.1.1702010.02.16-Antiy-AVL2.0.3.72010.02.16-Authentium5.2.0.52010.02.16W32/Sinowal-based!MaximusAvast4.8.1351.02010.02.16-AVG9.0.0.7302010.02.16-BitDefender7.22010.02.16-CAT-QuickHeal10.002010.02.16-ClamAV0.96.0.0-git2010.02.16-Comodo39572010.02.16-DrWeb5.0.1.122222010.02.16-eSafe7.0.17.02010.02.16-eTrust-Vet35.2.73052010.02.16-F-Prot4.5.1.852010.02.15W32/Sinowal-based!MaximusF-Secure9.0.15370.02010.02.16-Fortinet4.0.14.02010.02.15-GData192010.02.16-IkarusT3.1.1.80.02010.02.16-Jiangmin13.0.9002010.02.16-K7AntiVirus7.10.9742010.02.15-Kaspersky7.0.0.1252010.02.16-McAfee58932010.02.15-McAfee+Artemis58932010.02.15-Microsoft1.54062010.02.16-NOD3248712010.02.16-Norman6.04.082010.02.16-nProtect2009.1.8.02010.02.16-Panda10.0.2.22010.02.15-PCTools7.0.3.52010.02.16-Prevx3.02010.02.16-Rising22.34.01.032010.02.11-Sophos4.50.02010.02.16-Sunbelt56802010.02.16-Symantec20091.2.0.412010.02.16Suspicious.InsightTheHacker6.5.1.4.1952010.02.16-TrendMicro9.120.0.10042010.02.16-VBA323.12.12.22010.02.16-ViRobot2010.2.16.21882010.02.16-VirusBuster5.0.21.02010.02.16-Additional informationFile size: 81920 bytesMD5 : 5f504620b767a7cd3b0e6bcb14c04353SHA1 : a336d883892b6aa832b1c272b82bc2ae8acc8163SHA256: f4e4d4e53754bd26a85f50fe3538a4f4f42616ed3acfcda2c1a3ed965a8485c7PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x942C
timedatestamp.....: 0x4B022D28 (Tue Nov 17 05:57:12 2009)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xD8C8 0xE000 6.27 dad9ba907d645688625930b8c9eff41b
.rdata 0xF000 0x210D 0x3000 4.34 ee81b6b7bd4fb78cf8e2660721c52bcb
.data 0x12000 0x3B0 0x1000 0.20 7bfe70a3f9a5197cae5354eb6420ab9f
.reloc 0x13000 0x8A4 0x1000 4.36 a52980fc64ceb54d58a41c37e2336cdd

( 4 imports )

> advapi32.dll: RegDeleteValueA, RegOpenKeyExA, MakeAbsoluteSD, QueryServiceStatus, GetOldestEventLogRecord, DuplicateToken, RegisterEventSourceA, SetEntriesInAclA, RegisterServiceCtrlHandlerA, OpenServiceW, SetThreadToken, RegQueryInfoKeyW, ClearEventLogW, RegRestoreKeyA, RegSaveKeyW, ReportEventA, ImpersonateLoggedOnUser, GetEffectiveRightsFromAclW, GetAclInformation, RegReplaceKeyW, RegDeleteKeyW, ImpersonateAnonymousToken, RegOpenKeyW, RegUnLoadKeyA, ImpersonateSelf, RegConnectRegistryA, EnumServicesStatusExW, CloseServiceHandle, ReadEventLogW, EnumServicesStatusA, OpenServiceA, RegDeleteKeyA, RegEnumKeyW, RegCreateKeyA, StartServiceCtrlDispatcherA, LockServiceDatabase, NotifyChangeEventLog, CreateProcessWithLogonW, RegQueryValueExA
> gdi32.dll: GetOutlineTextMetricsA, CreateRectRgnIndirect, RealizePalette, SetTextCharacterExtra, ExtTextOutA, EnumFontFamiliesExW, GetEnhMetaFileA, PolyBezierTo, GetViewportOrgEx, GetCharWidth32W, GetPath, AddFontResourceA, SetBkColor, BeginPath, ExtCreateRegion, BitBlt, GetTextExtentPoint32A, ScaleWindowExtEx, GetGlyphOutlineW, SelectPalette, GetTextExtentPoint32W, GetPaletteEntries, GetRandomRgn, FillRgn, GetCharABCWidthsW, SetMiterLimit, CreatePatternBrush, SetPolyFillMode, EndPage, PathToRegion, CreateDCA, SetViewportExtEx, GetPixel, ExtFloodFill, PatBlt, TextOutA, SetWorldTransform, CreateHalftonePalette, GetMetaFileBitsEx, GetTextExtentPointW, GetFontResourceInfoW, RectVisible, GetStretchBltMode, GetRegionData, LPtoDP, PolyPolygon, CreatePalette, DescribePixelFormat, RemoveFontResourceA, GetObjectType, CreateDIBSection, SetMagicColors, SetMapperFlags, GetDCOrgEx, CreateBrushIndirect, IntersectClipRect, CreatePolygonRgn, PlayEnhMetaFile, ResetDCA, GetFontData, EnumFontFamiliesW, CreateEnhMetaFileW, Chord, GetTextAlign, PaintRgn, CreatePenIndirect, ExtEscape, GetROP2, GetBitmapDimensionEx, StretchBlt, ModifyWorldTransform, SetWindowExtEx, GetCharacterPlacementA, SetBkMode, CreateMetaFileW, GetDIBits, SetAbortProc, SwapBuffers, CreateCompatibleDC
> kernel32.dll: GetFileSize, WriteConsoleW, lstrcpynA, GetDiskFreeSpaceExW, WaitNamedPipeW, AllocConsole, VerifyVersionInfoA, GetWindowsDirectoryW, TryEnterCriticalSection, GetTapeParameters, GetLocaleInfoW, RegisterWaitForSingleObjectEx, GlobalHandle, FlushConsoleInputBuffer, HeapCompact, OpenSemaphoreA, GlobalGetAtomNameA, ExpandEnvironmentStringsA, OpenMutexW, CreateRemoteThread, SetWaitableTimer, ResumeThread, GetWindowsDirectoryA, GetDateFormatA, EnumResourceNamesW, WaitForMultipleObjects, SetVolumeLabelW, GetFileTime, LocalHandle, GetDefaultCommConfigW, CopyFileW, GetVolumePathNameW, VirtualAlloc, GetFullPathNameW, WaitForMultipleObjectsEx, GetFullPathNameA, GetCurrentProcess, CancelWaitableTimer, FillConsoleOutputAttribute, GetVolumeInformationA, GetCommandLineW, VirtualFree, DisconnectNamedPipe, FormatMessageW, CompareStringA, GetModuleFileNameW, RemoveDirectoryA, FreeEnvironmentStringsW, GetSystemWow64DirectoryW, IsValidCodePage, ProcessIdToSessionId, PurgeComm, GetExitCodeProcess, EscapeCommFunction, HeapSize, ClearCommError, AddAtomW, SetProcessShutdownParameters, GlobalAlloc, GetQueuedCompletionStatus, GetVolumeNameForVolumeMountPointW, GetConsoleMode, CreateEventA, FindNextFileA, FindNextFileW, SetFileTime, lstrcmpW, CreateFileW, FindVolumeMountPointClose, GetSystemInfo, GetFileAttributesExA, GetTempFileNameA, GlobalFlags, FreeConsole, GetVersion, GetModuleHandleExW, SetConsoleTextAttribute, FileTimeToSystemTime, CancelIo, ReadConsoleInputA, FindCloseChangeNotification, LockResource, VerSetConditionMask, WriteProcessMemory, OpenEventW, ExitProcess, VerLanguageNameW, GetProfileIntW, WriteProfileStringW, FindClose, CreateMailslotW, MapViewOfFileEx, PeekConsoleInputA, FindFirstVolumeMountPointW, DeleteFileA, CopyFileExW, SetConsoleCtrlHandler, CreateConsoleScreenBuffer, GetTimeFormatA, GetThreadLocale, OpenThread, WaitNamedPipeA, GlobalReAlloc, GetProfileStringW, GetEnvironmentVariableA, FlushViewOfFile, FindFirstChangeNotificationW, GetDiskFreeSpaceW, GetThreadPriority, GetEnvironmentStrings, EnumResourceNamesA, SearchPathA, OpenSemaphoreW, LoadResource, GetConsoleOutputCP, FlushFileBuffers, IsBadWritePtr, GetThreadContext, GetSystemDefaultUILanguage, FindAtomA, GetTimeZoneInformation, DuplicateHandle, GetProfileStringA, WriteProfileStringA, GetCPInfo, GetComputerNameExW, GetTempPathA, lstrlenW, VirtualQuery, LeaveCriticalSection, GetProcAddress, InitializeCriticalSection, GetSystemTimeAsFileTime, lstrlenA, VirtualProtect, lstrcatW, HeapAlloc, CreateFileMappingA, CreateProcessA, GetComputerNameA, GetLastError, HeapFree, EnterCriticalSection, HeapValidate, InterlockedExchange, CloseHandle, CreateThread, CopyFileA, UnmapViewOfFile, GetProcessHeap, MoveFileExA, WaitForSingleObject, SetVolumeMountPointW, LoadLibraryA
> ole32.dll: StgOpenStorage, OleUninitialize, RevokeDragDrop, IIDFromString, OleSetMenuDescriptor, CreatePointerMoniker, OleCreateStaticFromData, CoDisableCallCancellation, RegisterDragDrop, CoDisconnectObject, StgOpenStorageEx, CoGetInterfaceAndReleaseStream, CoEnableCallCancellation, OleLoad, StgIsStorageFile, CreateFileMoniker, OleCreateFromFile, OleQueryLinkFromData, CoMarshalInterface, CoCreateInstanceEx, CreateBindCtx, CoFreeUnusedLibraries, CreateDataAdviseHolder, OleCreateMenuDescriptor, MkParseDisplayName, CoFreeUnusedLibrariesEx, CoTaskMemAlloc, CoInitialize, CoTaskMemFree

( 1 exports )

> DllInit, DllInstallTrID : File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)ssdeep: 1536:t2pLPKPfMogezlfDBY5PWlZx0Ry6uif61CTVNNrqO:t2sXlfDa5elwR6iQMdrqsigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -packers (Kaspersky): PE_PatchRDS : NSRL Reference Data Set

closed · 22 February 2010 at 11:52PM

difficult to read it like that, could you post a link to the results.

Generally, if you google a strange looking dll, in a strange place (application data) and get 0 results (well 1 now, your post), on a system with a possible infection, treat it as suspect.

inver90 · 23 February 2010 at 12:12AM

sorry i am new here and therfore not allowed to post any links so the copy and paste was all i could do

closed · 23 February 2010 at 12:14AM

ok, could you post the 3 detections instead?

http://www.f-secure.com/v-descs/trojan-psw_w32_sinowal_cp.shtml

http://www.virustotal.com/estadisticas.html

Delete it, and reboot, see if problem continues

browser redirected

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free