Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected browser, slow page loads, redirected search results, etc


  • This topic is locked This topic is locked
3 replies to this topic

#1 queesy

queesy

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 12 July 2009 - 10:18 PM

Specs:
Windows XP SP3, 2gb ram, core 2 duo @ 2.40ghz

scanners:
ad-aware, avg, ccleaner, hijackthis, regcure

browser:
firefox 3.5


recently JUST reformatted. and having problems noticed gmail start to lag terribly and I know it's not the internet because my laptop is fine. I did notice some google search results to redirect to spyware, have tried to research but have not found a fix that works for me yet. Not sure what I did as I have only installed programs on here and that is all. Scanned with everything I could through at it but not sure.




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/8/2009 11:12:31 PM
System Uptime: 7/12/2009 6:55:17 PM (2 hours ago)

Motherboard: http://www.abit.com.tw/ | | F-I90HD (ATI RS600-SB600)
Processor: Intel® Core™2 CPU 6600 @ 2.40GHz | Socket 775 | 2391/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 135.803 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_2412147B&REV_13\3&61AAA01&0&A0
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_2412147B&REV_13\3&61AAA01&0&A0
Service:

==== System Restore Points ===================

RP1: 7/8/2009 11:14:40 PM - System Checkpoint
RP2: 7/8/2009 11:25:41 PM - Installed AVG Free 8.5
RP3: 7/9/2009 12:08:15 AM - Installed Microsoft Office Enterprise 2007
RP4: 7/9/2009 1:07:54 AM - Installed Windows Media Format Runtime
RP5: 7/9/2009 1:12:16 AM - Installed UltraMon
RP6: 7/9/2009 8:46:29 AM - Avg8 Update
RP7: 7/9/2009 10:53:22 PM - Installed Image Resizer Powertoy for Windows XP
RP8: 7/9/2009 10:53:38 PM - Installed Alt-Tab Task Switcher Powertoy for Windows XP
RP9: 7/9/2009 10:58:11 PM - Removed Alt-Tab Task Switcher Powertoy for Windows XP
RP10: 7/10/2009 1:19:43 AM - Printer Driver Adobe PDF Converter Installed
RP11: 7/11/2009 2:15:53 AM - System Checkpoint
RP12: 7/11/2009 5:26:50 PM - Installed UltraMon
RP13: 7/11/2009 5:56:58 PM - Installed USB PC Camera Plus
RP14: 7/12/2009 10:47:03 AM - test
RP15: 7/12/2009 3:08:49 PM - Removed USB PC Camera Plus
RP16: 7/12/2009 6:52:10 PM - Restore Operation
RP17: 7/12/2009 6:56:07 PM - Restore Operation

==== Installed Programs ======================

µTorrent
Ad-Aware
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIM 6
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Auto Gordian Knot 2.45
AVG Free 8.5
AviSynth 2.5
BHODemon 2.0.0.23
CCleaner (remove only)
DVDFab Platinum 3.2.0.0
EPSON Printer Software
ffdshow [rev 1723] [2007-12-24]
Google Chrome
Google Talk Plugin
HijackThis 2.0.2
IconPackager
Image Resizer Powertoy for Windows XP
Logitech SetPoint
Magic ISO Maker v5.3 (build 0221)
Microsoft .NET Framework 2.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5)
PDF Settings
PeerGuardian 2.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RegCure 1.6.0.0
Security Update for Windows XP (KB969898)
TVersity Codec Pack 1.2
TVersity Media Server Pro 1.6 Beta
UltraMon
Update for Windows XP (KB955839)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.9
VobSub v2.23 (Remove Only)
WebFldrs XP
Winamp
WindowBlinds
Windows Media Format Runtime
WinRAR archiver
XviD MPEG4 Video Codec (remove only)

==== Event Viewer Messages From Past Week ========

7/9/2009 9:12:32 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avg8wd service.
7/9/2009 3:26:33 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\uxtheme.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 6.0.2900.5512, the version of the system file is 6.0.2900.5512.
7/9/2009 3:22:34 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\uxtheme.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
7/8/2009 11:10:27 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
7/12/2009 12:49:24 PM, error: ati2mtag [43033] - Edid checksum error
7/12/2009 12:33:11 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/10/2009 1:02:19 PM, error: Service Control Manager [7034] - The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================





please help, have a final due this week... thank you in advance. god bless.

Attached Files


Edited by queesy, 12 July 2009 - 10:19 PM.


BC AdBot (Login to Remove)

 


m

#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:23 PM

Posted 23 July 2009 - 10:18 AM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 queesy

queesy
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:23 PM

Posted 26 July 2009 - 04:30 PM

hi syler
it was taking too long to get a response here so i took it to my uncle who fixes computers at his store. i was watching him fix it and he did something very similar to your method...and all is well now except that i get two DLL errors at start up. one is called kidistuff.dll

thank you...

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:06:23 PM

Posted 26 July 2009 - 05:06 PM

Hi queesy,

Sorry it took so long to get to you, thanks for letting me no you got it solved :thumbup2:

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users