Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus (& likely more)-Avast & Malwarebytes won't remove


  • This topic is locked This topic is locked
2 replies to this topic

#1 namawa

namawa

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 02 December 2009 - 12:42 AM

Redirect/adware virus.
Constantly redirected during websearches and ad sites pop up in new windows.
Have run Avast and Malwarebytes scans several times, seems to reappear along with other infections and really bogs down our already slow computer. Computer was virtually disabled last night - unable to use any programs or connect to internet. Started in safe mode tonight and ran both a Malwarebytes scan and Avast scan - was finally able to reach your website.
Any help appreciated.
--------------------------------------------------------------------------------------------------------------------------------------------

DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 22:41:40.84 on Tue 12/01/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.166 [GMT -6:00]

AV: AntiMalware *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: avast! antivirus 4.8.1368 [VPS 091201-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\svchost.exe -k netsvc
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NAF881DV\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.3.28.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [AntiMalware] "c:\program files\antimalware\antimalware.exe" -noscan
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9f.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &Search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180806778234
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180806759875
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: image file execution options - svchost.exe
IFEO: brastk.exe - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-25 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-3-25 138680]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R2 SPService;SPService;c:\windows\system32\svchost.exe -k netsvc [2002-9-3 14336]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-3-25 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-3-25 352920]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [?]
S2 uzxcyrq;uzxcyrq;c:\windows\system32\drivers\hlbhwfocqwn.sys []

=============== Created Last 30 ================

2009-12-02 04:26:00 0 d-----w- c:\program files\Trend Micro
2009-12-01 13:54:39 0 d-sh--w- c:\docume~1\alluse~1\applic~1\WSVJPQDFPD_A
2009-11-29 22:24:38 0 ----a-w- c:\windows\system32\1842.exe
2009-11-29 22:04:38 0 ----a-w- c:\windows\system32\22190.exe
2009-11-29 21:44:38 0 ----a-w- c:\windows\system32\3035.exe
2009-11-29 21:24:38 0 ----a-w- c:\windows\system32\12316.exe
2009-11-29 21:04:38 0 ----a-w- c:\windows\system32\778.exe
2009-11-29 20:44:35 0 ----a-w- c:\windows\system32\27529.exe
2009-11-29 20:24:35 0 ----a-w- c:\windows\system32\9741.exe
2009-11-29 20:04:34 0 ----a-w- c:\windows\system32\8723.exe
2009-11-29 19:44:29 0 ----a-w- c:\windows\system32\12859.exe
2009-11-29 19:24:29 0 ----a-w- c:\windows\system32\20037.exe
2009-11-29 19:04:28 0 ----a-w- c:\windows\system32\32757.exe
2009-11-29 18:44:28 0 ----a-w- c:\windows\system32\32662.exe
2009-11-29 18:24:27 0 ----a-w- c:\windows\system32\27644.exe
2009-11-29 18:04:26 0 ----a-w- c:\windows\system32\25547.exe
2009-11-29 17:44:26 0 ----a-w- c:\windows\system32\6868.exe
2009-11-29 17:24:25 0 ----a-w- c:\windows\system32\28253.exe
2009-11-29 17:04:25 0 ----a-w- c:\windows\system32\7711.exe
2009-11-29 16:44:21 0 ----a-w- c:\windows\system32\15141.exe
2009-11-29 16:24:18 0 ----a-w- c:\windows\system32\4664.exe
2009-11-29 16:04:17 0 ----a-w- c:\windows\system32\17673.exe
2009-11-29 15:44:17 0 ----a-w- c:\windows\system32\30333.exe
2009-11-29 15:24:16 0 ----a-w- c:\windows\system32\31322.exe
2009-11-29 15:04:07 0 ----a-w- c:\windows\system32\23811.exe
2009-11-29 14:44:06 0 ----a-w- c:\windows\system32\28703.exe
2009-11-29 14:24:03 0 ----a-w- c:\windows\system32\9894.exe
2009-11-29 14:04:02 0 ----a-w- c:\windows\system32\17035.exe
2009-11-29 13:44:01 0 ----a-w- c:\windows\system32\26299.exe
2009-11-29 13:23:58 0 ----a-w- c:\windows\system32\25667.exe
2009-11-29 13:03:57 0 ----a-w- c:\windows\system32\19912.exe
2009-11-29 12:43:57 0 ----a-w- c:\windows\system32\1869.exe
2009-11-29 12:23:56 0 ----a-w- c:\windows\system32\11538.exe
2009-11-29 12:03:55 0 ----a-w- c:\windows\system32\14771.exe
2009-11-29 11:43:51 0 ----a-w- c:\windows\system32\21726.exe
2009-11-29 11:23:42 0 ----a-w- c:\windows\system32\5447.exe
2009-11-29 11:03:41 0 ----a-w- c:\windows\system32\19895.exe
2009-11-29 10:43:41 0 ----a-w- c:\windows\system32\19718.exe
2009-11-29 10:23:40 0 ----a-w- c:\windows\system32\18716.exe
2009-11-29 10:03:40 0 ----a-w- c:\windows\system32\17421.exe
2009-11-29 09:43:39 0 ----a-w- c:\windows\system32\12382.exe
2009-11-29 09:23:38 0 ----a-w- c:\windows\system32\292.exe
2009-11-29 09:03:38 0 ----a-w- c:\windows\system32\153.exe
2009-11-29 08:43:37 0 ----a-w- c:\windows\system32\3902.exe
2009-11-29 08:23:33 0 ----a-w- c:\windows\system32\14604.exe
2009-11-29 08:03:33 0 ----a-w- c:\windows\system32\32391.exe
2009-11-29 07:43:32 0 ----a-w- c:\windows\system32\5436.exe
2009-11-29 07:23:32 0 ----a-w- c:\windows\system32\4827.exe
2009-11-29 07:03:31 0 ----a-w- c:\windows\system32\11942.exe
2009-11-29 06:43:30 0 ----a-w- c:\windows\system32\2995.exe
2009-11-29 06:23:27 0 ----a-w- c:\windows\system32\491.exe
2009-11-29 06:03:26 0 ----a-w- c:\windows\system32\9961.exe
2009-11-29 05:43:26 0 ----a-w- c:\windows\system32\16827.exe
2009-11-29 05:23:25 0 ----a-w- c:\windows\system32\23281.exe
2009-11-29 05:03:25 0 ----a-w- c:\windows\system32\28145.exe
2009-11-29 04:43:24 0 ----a-w- c:\windows\system32\5705.exe
2009-11-29 04:23:24 0 ----a-w- c:\windows\system32\24464.exe
2009-11-29 04:03:23 0 ----a-w- c:\windows\system32\26962.exe
2009-11-29 03:43:23 0 ----a-w- c:\windows\system32\29358.exe
2009-11-29 03:23:21 0 ----a-w- c:\windows\system32\11478.exe
2009-11-29 03:03:19 0 ----a-w- c:\windows\system32\15724.exe
2009-11-29 02:43:18 0 ----a-w- c:\windows\system32\19169.exe
2009-11-29 02:23:18 0 ----a-w- c:\windows\system32\26500.exe
2009-11-29 02:03:14 0 ----a-w- c:\windows\system32\6334.exe
2009-11-29 01:43:12 0 ----a-w- c:\windows\system32\18467.exe
2009-11-29 01:17:11 1 ----a-w- C:\s
2009-11-27 16:02:27 0 d-----w- c:\docume~1\alluse~1\applic~1\SP
2009-11-22 21:43:57 0 d-----w- c:\program files\WinPcap
2009-11-22 19:23:20 0 d-----w- c:\documents and settings\all users\7f38740
2009-11-17 01:31:38 0 d-----w- c:\docume~1\owner\applic~1\Blitware
2009-11-17 01:17:19 0 d-----w- c:\windows\BlueBlitz MagicBeamer Demo

==================== Find3M ====================

2009-11-30 09:25:25 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-25 02:13:36 24 ----a-w- c:\documents and settings\owner\jagex_runescape_preferences.dat
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2008-03-25 18:22:58 5761 -c--a-w- c:\program files\install.log
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2009-01-22 13:58:20 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009012220090123\index.dat

============= FINISH: 22:45:05.12 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 namawa

namawa
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 07 December 2009 - 02:21 PM

Thanks for considering...but we ended up with a complete crash and have since had to reinstall windows, etc.....

#3 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:12:23 AM

Posted 15 December 2009 - 12:22 PM

Sorry to hear that
Sometimes it is best. Glad you're up and running

Topic closed
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users