Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep Getting redirected


  • Please log in to reply
1 reply to this topic

#1 madpenguin2111

madpenguin2111

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 21 August 2009 - 10:01 PM

I have the dds.txt but when i tried to run the root repeal it keep popping up errors. I just got Blue screen of death i think from trying to do many scans and tasks at once. but i have Google chrome so it refreshed my tabs. but root repeal did create something. if you need any more info i'll try to get it posted. thnx for your guy's help in advance.







DDS (Ver_09-07-30.01) - NTFSx86
Run by HP Pavilion at 22:28:16.20 on Fri 08/21/2009
Internet Explorer: 7.0.6000.16757
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2942.1123 [GMT -4:00]

SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\wpcumi.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\HP Pavilion\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\HP Pavilion\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Eamonn\bin\Eamonn.exe
C:\Program Files\Metacafe\MetacafeAgent.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\HP Pavilion\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\HP Pavilion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HP Pavilion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HP Pavilion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\HP Pavilion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HP Pavilion\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Users\HP Pavilion\AppData\Local\Temp\Temp2_gmr.zip\gmr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\RacAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\cleanmgr.exe
C:\WINDOWS\System32\dfrgui.exe
C:\Windows\system32\defrag.exe
C:\Windows\system32\DfrgNtfs.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\msiexec.exe
c:\Windows\system32\MsiExec.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Users\HP Pavilion\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: bignetdaddy: {1e914b76-9367-c6fa-8632-18ca51c7ded8} - c:\windows\system32\nszD211.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Google Update] "c:\users\hp pavilion\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [F.lux] "c:\users\hp pavilion\local settings\apps\f.lux\flux.exe" /noshow
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [Eamonn] c:\program files\eamonn\bin\Eamonn.exe -h
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [<NO NAME>]
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\users\hppavi~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\metacafe.lnk - c:\program files\metacafe\MetacafeAgent.exe
StartupFolder: c:\users\hppavi~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\metacafe.lnk - c:\program files\metacafe\MetacafeAgent.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZCxdm492YYUS
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
LSP: c:\windows\system32\wpclsp.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://quickscan.bitdefender.com/cab/ActiveQscan.cab
TCP: NameServer = 85.255.112.84,85.255.112.80
TCP: {D6DB9107-1650-46FD-B012-C6FB025F9A16} = 85.255.112.84,85.255.112.80
TCP: {E1056881-027D-45BB-BCA2-833FAE367DC1} = 85.255.112.84,85.255.112.80
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\go333c~1\GOEC62~1.DLL
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll

============= SERVICES / DRIVERS ===============

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-8-21 38160]
R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\WUSB54GCx86.sys [2008-7-18 256000]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-3-30 55280]

=============== Created Last 30 ================

2009-08-21 19:04 <DIR> --d----- c:\users\hppavi~1\appdata\roaming\Malwarebytes
2009-08-21 19:04 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-21 19:04 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-08-21 19:04 <DIR> --d----- c:\programdata\Malwarebytes
2009-08-21 19:04 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-21 19:04 <DIR> --d----- c:\progra~2\Malwarebytes
2009-08-19 16:33 <DIR> --d----- c:\users\hppavi~1\appdata\roaming\QuickScan
2009-08-11 12:17 1,439 a------- c:\windows\system32\v_live_s.xml
2009-08-11 12:17 604 a------- c:\windows\system32\proxies.xml
2009-08-10 22:25 121 a------- c:\windows\bdagent.INI
2009-08-09 16:18 81,984 a------- c:\windows\system32\bdod.bin
2009-08-06 22:00 324,727,448 a------- c:\windows\MEMORY.DMP
2009-08-06 10:56 850 a------- c:\windows\system32\ProductTweaks.xml
2009-08-06 10:56 385 a------- c:\windows\system32\user_gensett.xml
2009-08-06 00:42 <DIR> --d----- c:\users\hppavi~1\appdata\roaming\BitDefender
2009-08-06 00:41 <DIR> --d----- c:\programdata\BitDefender
2009-08-06 00:41 <DIR> --d----- c:\program files\BitDefender
2009-08-06 00:41 <DIR> --d----- c:\progra~2\BitDefender
2009-08-06 00:39 <DIR> --d----- c:\program files\common files\BitDefender
2009-08-05 10:16 <DIR> --d----- c:\users\hppavi~1\appdata\roaming\InfraRecorder
2009-08-05 10:15 <DIR> --d----- c:\program files\InfraRecorder
2009-08-05 00:02 <DIR> --d----- C:\CPM
2009-07-29 22:19 <DIR> --d----- c:\program files\iPod
2009-07-29 22:19 <DIR> --d----- c:\program files\iTunes
2009-07-27 00:43 <DIR> --d----- c:\users\hppavi~1\appdata\roaming\HpUpdate
2009-07-27 00:43 <DIR> --d----- c:\windows\Hewlett-Packard

==================== Find3M ====================

2009-08-15 01:12 56,385 a------- c:\windows\War3Unin.dat
2009-07-12 12:55 85,888 a------- c:\windows\system32\dde59b0f-c986-ba81-8d47-5d9ffa49586f.exe
2009-07-03 17:48 1,300,480 a------- c:\windows\system32\nszD211.dll
2009-06-25 16:49 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-25 16:49 86,016 a------- c:\windows\inf\infstor.dat
2009-06-25 16:49 51,200 a------- c:\windows\inf\infpub.dat
2009-06-24 16:12 45,426 a------- c:\windows\system32\rjtorucaitldglp.dll-uninst.exe
2009-06-22 23:19 386,480 a------- c:\windows\system32\jucheck.exe
2009-06-22 23:19 148,888 a------- c:\windows\system32\jusched.exe
2009-06-22 23:19 54,680 a------- c:\windows\system32\jureg.exe
2009-06-22 23:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-22 18:11 1,149,440 a------- c:\windows\system32\themecpl.dll
2009-05-24 22:17 15,964,160 a------- c:\windows\system32\imageres.dll
2009-01-15 01:36 4 a------- c:\users\hp pavilion\version.dat
2008-09-06 00:21 32 a------- c:\programdata\ezsid.dat
2008-09-06 00:21 32 a------- c:\progra~2\ezsid.dat
2008-07-14 10:55 308,600 a------- c:\programdata\NortonProtectionMemo.exe
2008-07-14 10:55 308,600 a------- c:\progra~2\NortonProtectionMemo.exe
2008-07-09 07:18 174 a--sh--- c:\program files\desktop.ini
2008-06-24 23:59 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-09-05 16:07 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-05 16:07 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-05 16:07 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-08-08 19:14 22 a--sh--- c:\windows\sminst\HPCD.sys
2007-12-08 03:36 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 22:30:49.53 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:02:42 PM

Posted 02 September 2009 - 07:03 PM

hi madpenguin2111,

Sorry for delay. Your log is several days old. If you still need help, reply to my post

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users