Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect.


  • This topic is locked This topic is locked
2 replies to this topic

#1 infest

infest

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 30 April 2009 - 08:34 AM

I'm having the exact same problem as this gentleman. Accept I can't quit figure out how to get it removed.

Ad-aware won't update definitions, Malwarebytes and Spybot won't open up at all.



DDS (Ver_09-03-16.01) - NTFSx86
Run by 283 at 7:56:16.14 on Thu 04/30/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.196 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\283\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\drweb-cureit.exe
C:\DOCUME~1\283\LOCALS~1\Temp\RarSFX1\_start.exe
C:\DOCUME~1\283\LOCALS~1\Temp\RarSFX1\setup.exe
C:\Documents and Settings\283\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.5.0.134\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.0.0,85.255.0.0
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\283\applic~1\mozilla\firefox\profiles\ur612ppt.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-28 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1005000.086\SymEFA.sys [2009-4-28 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1005000.086\BHDrvx86.sys [2009-4-28 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1005000.086\cchpx86.sys [2009-4-28 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090420.001\IDSXpx86.sys [2009-4-28 276344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-28 101936]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090429.050\NAVENG.SYS [2009-4-30 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090429.050\NAVEX15.SYS [2009-4-30 876144]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-4-26 40832]

=============== Created Last 30 ================

2009-04-30 07:11 --d----- c:\documents and settings\283\DoctorWeb
2009-04-29 11:22 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-29 11:22 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-29 11:22 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-29 11:22 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-28 13:25 --d----- c:\program files\CCleaner
2009-04-28 13:24 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-28 13:20 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-28 13:16 -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-28 13:09 --d--r-- c:\program files\Norton Support
2009-04-28 11:54 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-04-28 11:54 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-28 11:54 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-04-28 11:54 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-28 11:54 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-28 11:54 --d----- c:\program files\Symantec
2009-04-28 11:54 --d----- c:\program files\common files\Symantec Shared
2009-04-28 11:53 --d----- c:\windows\system32\drivers\NAV
2009-04-28 11:53 --d----- c:\program files\Norton AntiVirus
2009-04-28 11:53 --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-04-28 11:53 --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-04-28 11:51 --d----- c:\program files\NortonInstaller
2009-04-28 11:51 --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-04-28 08:48 --d----- c:\program files\Spybot - Search & Destroy
2009-04-23 14:08 --d----- c:\program files\Lavasoft
2009-04-23 14:06 36,864 ---shr-- c:\windows\system32\rundll85.exe
2009-04-20 10:49 37,376 a------- C:\keymaker.exe
2009-04-20 10:39 162,816 a------- c:\windows\system32\fmod.dll
2009-04-20 10:25 --d----- c:\windows\SxsCaPendDel
2009-04-20 09:28 --d----- c:\program files\Panoramic
2009-04-20 09:09 --d----- c:\program files\Resco
2009-04-15 13:07 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 13:07 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-15 13:06 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-15 13:06 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-15 13:06 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-15 13:06 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 13:06 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-15 13:06 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-15 13:06 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-15 13:06 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 13:06 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 11:12 --d----- c:\program files\Samsung
2009-04-15 08:34 --d----- c:\program files\Evernote
2009-04-02 07:45 --d----- c:\program files\iPod
2009-04-02 07:45 --d----- c:\program files\iTunes
2009-04-02 07:43 --d----- c:\program files\Bonjour
2009-04-01 10:25 --d----- c:\program files\WinAVI Video Converter
2009-04-01 10:02 38 a------- c:\windows\AviSplitter.INI

==================== Find3M ====================

2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 13:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 07:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 07:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 07:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 07:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 06:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 06:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 05:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 14:59 56,832 a------- c:\windows\system32\secur32.dll
2008-10-07 08:12 68,904 a------- c:\docume~1\283\applic~1\GDIPFONTCACHEV1.DAT
2007-10-25 11:51 87,608 a------- c:\docume~1\283\applic~1\ezpinst.exe
2007-10-25 11:51 47,360 a------- c:\docume~1\283\applic~1\pcouffin.sys
1999-12-31 19:00 23 -c-shr-- c:\windows\mtlid64s2.dat
2008-08-28 06:39 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082820080829\index.dat

============= FINISH: 7:57:33.45 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 infest

infest
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 30 April 2009 - 02:14 PM

Just wanted to say I figured out how that guy did it. It worked. I got it removed. And once it was removed i was able to open up the necessary adware removers to remove the rest of it.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:02:37 AM

Posted 01 May 2009 - 04:59 AM

Thanks for informing us.

This Topic is closed.

Should you need it reopened, please contact a Forum Moderator. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users