[Closed- Office Server] Google/Yahoo redirects, Host Services for Windows Crashing

[DrSyntax]

Hello everyone, I am having a bit of an issue here and was looking for some help.

A few days ago I was asked to repair a computer in an office where it kept redirecting google and yahoo search results, as well as constant crashes of the Windows Hosting Service.

A domino effect of this is that the computer acts as a non-dedicated server for the entire office's database program.

I've done the preliminary steps and will post the logs for Malwarebytes, GMER, and DDS (both DDS and Attach)

Malwarebytes
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6020

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

3/11/2011 10:03:09 AM
mbam-log-2011-03-11 (10-03-09).txt

Scan type: Quick scan
Objects scanned: 172586
Time elapsed: 6 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Temp\0.16358324044715977.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

 

[Bobbye]

Welcome To TechSpot! You may not be pleased, but I'm am going to refer you to the IT person for that office because:

A domino effect of this is that the computer acts as a non-dedicated server for the entire office's database program.

Under this circumstance you shouldnt' be trying to handle this on a forum like this in which we do not use remote access to handle the problems. Something done here could inadvertently affect this system further or possibly other systems that depend on it.

The one file shows in Mbam is a temp file so a disc cleanup should remove it-or- using TFC:

If you want, you can use this program to clean the temp files: TFC (Temp File Cleaner) Please read the description of what it does and take responsibility for running it.

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
==============================================
Please note: this is not a malware cleaning. It is just a program to clean these files. I do not accept any responsibility for any untoward effect the program might have on the system.