Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 asankim

asankim

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 07 March 2010 - 02:32 PM

Hi, I try hard to be self-sufficient...and I've tried many different things to fix my bleeping computer but now I realize I just need help. I've installed various protection software and cleaned/quarantined what it came up with, but I still have the same problem. My computer has some kind of a redirecting virus, where search results, when clicked, redirect a browser (both Firefox and IE) to various ad sites (like searchclick8) The two DDS and GMER logs follow. Please help -- thank you!!



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/18/2005 3:45:08 PM
System Uptime: 3/6/2010 11:35:06 AM (0 hours ago)

Motherboard: Dell Inc. | |
Processor: Intel® Pentium® M processor 2.00GHz | Microprocessor | 1995/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 13.392 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP959: 2/7/2010 10:56:52 AM - Removed AVG Free 8.5
RP960: 2/7/2010 10:59:43 AM - Installed AVG Free 8.5
RP961: 2/8/2010 12:11:01 PM - System Checkpoint
RP962: 2/8/2010 7:34:42 PM - Installed McAfee VirusScan Enterprise
RP963: 2/14/2010 12:39:07 PM - Installed Windows Defender
RP964: 2/14/2010 12:40:06 PM - Installed Windows Defender
RP965: 2/15/2010 1:29:33 AM - Removed Windows Defender
RP966: 2/15/2010 1:30:01 AM - Removed Windows Defender
RP967: 2/15/2010 1:45:17 AM - Installed SUPERAntiSpyware Free Edition
RP968: 3/4/2010 9:37:05 PM - System Checkpoint
RP969: 3/6/2010 8:16:58 AM - Software Distribution Service 3.0
RP970: 3/6/2010 8:22:50 AM - Software Distribution Service 3.0
RP971: 3/6/2010 10:54:49 AM - Removed SUPERAntiSpyware Free Edition
RP972: 3/6/2010 10:57:01 AM - Removed McAfee VirusScan Enterprise
RP973: 3/6/2010 10:58:02 AM - Removed McAfee Agent.

==== Installed Programs ======================

2Wire Wireless Client
3ivx MPEG-4 5.0.1 Decoder (remove only)
7-Zip 4.64
AC3Filter (remove only)
Adobe Acrobat 4.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
AOL Connectivity Services
Apple Mobile Device Support
Apple Software Update
Audible Download Manager
BCM V.92 56K Modem
Bonjour
Broadcom 440x 10/100 Integrated Controller
Broadcom Gigabit Integrated Controller
C-Major Audio
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon MP Drivers 6.0
Canon MP Navigator 1.0
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon ScanGear Starter
Canon Utilities Digital Photo Professional 1.6
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Capture 1.3
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
Cinergy Script Editor
Cisco Systems VPN Client 4.0.5 (Rel)
Compatibility Pack for the 2007 Office system
Conexant D110 MDC V.92 Modem
CoreFTP
D-Link DWA-652 Xtreme N Notebook Adapter
Dell ResourceCD
Dell Wireless WLAN Card
DivX Web Player
Easy-WebPrint
EOS Capture 1.3
ESET Online Scanner v3
ffdshow (remove only)
Google Earth
High Definition Audio Driver Package - KB835221
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB979306)
Intel® PROSet/Wireless Software
InterActual Player
Internal Network Card Power Management
InterVideo WinDVD
iPod for Windows 2006-03-23
IrfanView (remove only)
iTunes
J2SE Development Kit 5.0 Update 5
J2SE Development Kit 5.0 Update 6
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 5
Jasc Paint Shop Pro 8 Dell Edition
Java™ 6 Update 5
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Fireworks MX 2004
Macromedia Flash MX 2004
Macromedia FreeHand MXa
Macromedia Shockwave Player
MATLAB 8-19-2005
MATLAB Student 7.0
Maya 7.0
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft FrontPage Client - English
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual Studio .NET Professional 2003 - English
Microsoft Visual Studio 6.0 Enterprise Edition
mIWA
mIWCA
mLogView
mMHouse
Move Media Player
Mozilla Firefox (2.0.0.20)
mPfMgr
mPfWiz
mProSafe
MSDN Library - April 2005
MSN Music Assistant
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mToolkit
muvee Plugin 1.0
mWlsSafe
mXML
mZConfig
Netflix Movie Viewer
Norton AntiSpam
Norton Internet Security
NVIDIA Cg Toolkit 1.4.1
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OmniPage SE 2.0
OpenOffice.org Installer 1.0
PhotoStitch
Presto! PageManager 6.03
QuickSet
QuickTime
Rational Rose Enterprise Edition
RAW Image Task 2.0
RealPlayer
RemoteCapture Task 1.1
Safari
Search Assistant - My Search
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Sentinel System Driver
Sonic Audio module
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic RecordNow!
Sonic Update Manager
TD AMERITRADE StrategyDesk 3.1
thinkorswim from TD AMERITRADE
TweetDeck
Undisker
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Visual Studio .NET Professional 2003 - English
Visual Studio.NET Baseline - English
Wacom Tablet Driver
WebFldrs XP
WexTech AnswerWorks
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
X-Win32 - ISD Wrapped
X-Win32 6.1

==== Event Viewer Messages From Past Week ========

3/6/2010 10:57:08 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SASKUTIL\0000 disappeared from the system without first being prepared for removal.
3/6/2010 10:57:08 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SASENUM\0000 disappeared from the system without first being prepared for removal.
3/6/2010 10:57:08 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SASDIFSV\0000 disappeared from the system without first being prepared for removal.
3/6/2010 1:32:28 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/6/2010 1:20:02 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/6/2010 1:19:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV Fips intelppm IPSec mfehidk mfetdik MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
3/6/2010 1:19:56 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
3/6/2010 1:19:56 AM, error: Service Control Manager [7001] - The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error: The dependency service or group failed to start.
3/6/2010 1:19:56 AM, error: Service Control Manager [7001] - The Message Queuing service depends on the Distributed Transaction Coordinator service which failed to start because of the following error: The dependency service or group failed to start.
3/6/2010 1:19:56 AM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
3/6/2010 1:19:56 AM, error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
3/6/2010 1:19:56 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/6/2010 1:19:56 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/6/2010 1:19:56 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/6/2010 1:19:56 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/6/2010 1:19:47 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/6/2010 1:19:40 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/5/2010 8:58:42 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
3/5/2010 8:56:57 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
3/5/2010 8:56:57 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
3/5/2010 11:48:59 PM, error: System Error [1003] - Error code 1000000a, parameter1 0000ffdf, parameter2 00000002, parameter3 00000001, parameter4 806e4a8e.
3/5/2010 10:16:45 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
3/5/2010 10:11:10 PM, error: Service Control Manager [7000] - The DS1410D service failed to start due to the following error: The system cannot find the file specified.
3/5/2010 10:03:22 PM, error: Service Control Manager [7034] - The Maya 7.0 Documentation Server service terminated unexpectedly. It has done this 1 time(s).
3/5/2010 10:03:22 PM, error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================






DDS (Ver_09-12-01.01) - NTFSx86
Run by PC1 at 11:49:15.90 on Sat 03/06/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.531 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Alias\Maya7.0\docs\wrapper.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\Alias\Maya7.0\docs\jre\bin\java.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\wirelesscm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PC1\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: H - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Dell Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [IntelZeroConfig] c:\program files\intel\wireless\bin\ZCfgSvc.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [Symantec NetDriver Warning] c:\progra~1\symnet~1\SNDWarn.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\documents and settings\pc1\start menu\programs\startup\PowerReg SchedulerV2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{3e5562ed-69ab-4cec-91e2-64e18ec5acc6}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\d-link dwa-652 xtreme n notebook adapter\wirelesscm.exe
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
Trusted Zone: microsoft.com\office
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://express.foto.com/Newuploader/ImageUploader4.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://ftiinotes1.forsythe.com/dwa7W.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
TCP: {4B2327E6-346F-4A74-BB2B-A5B8AF60C929} = 83.149.115.157,4.2.2.1
TCP: {8FD56E09-5B7E-4185-985A-71920CC68E6F} = 83.149.115.157,4.2.2.1,209.18.47.61 209.18.47.62
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\progra~1\coreftp\pftpns.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pc1\applic~1\mozilla\firefox\profiles\z13vopss.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - component: c:\documents and settings\pc1\application data\mozilla\firefox\profiles\z13vopss.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

S3 CBBCM43;BUFFALO WLI-CB-G54 Wireless Network Adapter;c:\windows\system32\drivers\BCMWL5.SYS [2003-7-25 376192]
S3 ESSIDSET;ESSIDSET;c:\windows\system32\ESSIDSET.SYS [2005-8-22 9376]
S3 OMNUSB;Omnikey AG CardMan 2020 USB Smart Card Reader;c:\windows\system32\drivers\sccmusbm.sys [2005-8-19 23936]
S3 Wltvcerv;Wltvcerv; [x]

=============== Created Last 30 ================

2010-03-06 16:34:42 0 d-----w- c:\windows\system32\KB905474
2010-03-06 16:31:51 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-03-06 07:24:34 0 d-----w- c:\windows\system32\CatRoot_bak
2010-03-06 07:08:25 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-03-06 07:06:47 283648 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-03-06 07:06:46 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-03-06 07:06:46 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-03-06 07:06:46 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2010-03-06 07:06:46 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-03-06 07:06:46 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-03-06 07:06:46 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-03-06 07:06:46 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-03-06 07:06:46 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-03-06 07:05:34 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-03-06 07:00:00 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-03-06 06:50:44 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-03-06 05:56:12 0 d-----w- c:\program files\ESET
2010-03-06 05:33:23 0 dcsha-r- C:\cmdcons
2010-03-06 05:28:53 77312 ----a-w- c:\windows\MBR.exe
2010-03-06 05:28:49 98816 ----a-w- c:\windows\sed.exe
2010-03-06 05:28:49 261632 ----a-w- c:\windows\PEV.exe
2010-03-06 05:28:49 161792 ----a-w- c:\windows\SWREG.exe
2010-02-15 09:45:42 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-15 09:45:20 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-15 09:45:20 0 d-----w- c:\docume~1\pc1\applic~1\SUPERAntiSpyware.com
2010-02-09 03:34:08 0 d-----w- c:\program files\common files\Cisco Systems
2010-02-08 01:49:40 1060864 ----a-w- c:\windows\system32\MFC71.DLL

==================== Find3M ====================

2010-03-06 19:36:16 13857 ----a-w- c:\windows\system32\wacom.dat
2010-03-06 04:56:56 125301 ----a-w- c:\windows\system32\nvModes.dat
2010-02-06 23:39:28 95360 -c--a-w- c:\windows\system32\drivers\atapi.svs
2010-02-06 23:39:28 95360 -c----w- c:\windows\system32\drivers\atapi.sys
2010-01-05 10:00:29 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\csrsrv.dll

============= FINISH: 11:50:01.34 ===============





GMER


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-06 22:28:22
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\PC1\LOCALS~1\Temp\pxrdapob.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:27 AM

Posted 10 March 2010 - 02:04 PM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since resolved your issues I
would appreciate if you would let me no so I can close this topic.


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt

Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:27 AM

Posted 14 March 2010 - 07:10 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users