Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirecting


  • This topic is locked This topic is locked
13 replies to this topic

#1 uzair

uzair

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 17 March 2010 - 01:58 PM

Hi,
browser redirecting me to other websites through search engines like google bing yahoo
before the problem only lied with google but now has escalated.
ive tried resolving the problem before with another site but they were no hope.

would be great if you could help
btw the anti-v/m softwares i have are
malwarebytes anti-malware - AVG 9.0 - superantispyware
realtek.TFC,ERUNT --think from previous attempt to resolve was told to download
thanks

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:08 PM

Posted 17 March 2010 - 04:02 PM

Hello let's start with an MBAM log. Or perhaps the MBAM and SAS logs that tell us what infections were /are on here.
Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Edited by boopme, 17 March 2010 - 04:03 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 uzair

uzair
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 17 March 2010 - 05:22 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3878
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

17/03/2010 22:19:51
mbam-log-2010-03-17 (22-19-51).txt

Scan type: Quick Scan
Objects scanned: 130967
Time elapsed: 9 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

_____________________________________________________________

much thanks for replying back
ill post SAS stuff once finished

#4 uzair

uzair
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 17 March 2010 - 06:10 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/01/2009 at 10:03 PM

Application Version : 4.30.1004

Core Rules Database Version : 4247
Trace Rules Database Version: 2138

Scan type : Complete Scan
Total Scan Time : 00:35:30

Memory items scanned : 791
Memory threats detected : 0
Registry items scanned : 7832
Registry threats detected : 0
File items scanned : 27676
File threats detected : 6

Adware.Tracking Cookie
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@pointroll[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@atdmt[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@ads.pointroll[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@bs.serving-sys[2].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@serving-sys[1].txt
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\user@serving-sys[2].txt

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:08 PM

Posted 17 March 2010 - 07:14 PM

I guess you are still redirecting..
Run these please

Please read and follow all these instructions very carefully.
  • Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe to run it.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

Now part 1 of S!Ri's SmitfraudFix
Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 uzair

uzair
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 18 March 2010 - 12:50 PM

GooredFix by jpshortstuff (08.01.10.1)
Log created at 17:48 on 18/03/2010 (user)
Firefox version 3.0.15 (en-US)

========== GooredScan ==========

Deleting "C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fvlkwcpm.default\extensions\{e5d82885-f2d8-40f6-8a21-4cebd9b43d5c}" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [16:36 16/09/2009]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [16:45 18/09/2009]

C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fvlkwcpm.default\extensions\
YoutubeDownloader@PeterOlayev.com [00:16 12/02/2010]
{20a82645-c095-46ed-80e3-08825760534b} [21:04 21/09/2009]
{73a6fe31-595d-460b-a920-fcc0f8843232} [13:48 28/02/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [17:41 16/09/2009]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG9\Firefox" [14:55 14/11/2009]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [16:52 20/11/2009]

-=E.O.F=-

#7 uzair

uzair
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 18 March 2010 - 12:58 PM

SmitFraudFix v2.424

Scan done at 17:55:09.66, 18/03/2010
Run from C:\Users\user\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6002] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\ehome\ehtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\werfault.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\SearchFilterHost.exe

hosts

hosts file corrupted !

127.0.0.1 m.dell.com
127.0.0.1 microsoft.com.org
127.0.0.1 www.www.microsoft.com.org
127.0.0.1 ads.techguy.org

C:\


C:\Windows


C:\Windows\system


C:\Windows\Web


C:\Windows\system32


C:\Windows\system32\LogFiles


C:\Users\user


C:\Users\user\AppData\Local\Temp


C:\Users\user\Application Data


Start Menu


C:\Users\user\FAVORI~1


Desktop


C:\Program Files


Corrupted keys


Desktop Components



o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\System32\\avgrsstx.dll"


Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"

RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




DNS

Description: Intel® WiFi Link 5100 AGN
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B4DB3F65-E976-4195-BF30-33E14A3E22AF}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B4DB3F65-E976-4195-BF30-33E14A3E22AF}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B4DB3F65-E976-4195-BF30-33E14A3E22AF}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B4DB3F65-E976-4195-BF30-33E14A3E22AF}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


Scanning for wininet.dll infection


End

#8 vplumme

vplumme

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 18 March 2010 - 01:13 PM

This Anti - Soft virus can be a pain in the rear. It will always start with your computer once your begin to open your internet browser or when your system starts up.

1)Boot to Safe Mode
2)Look for the folders under Administrator\Local Settings\Application Data and delete folders that doesn't look right. The executables are in those folders.
3)Open up your registry. Export your registry and save it with a date like (31810) in a new folder under My documents called Registry
4)The key values will then need to be deleted under HKCU\HKLM SOFTWARE\MICROSOFT\WINDOWS\CURRENT VERSION\RUN
5)Close your registry and reboot your machine.
6)Update your virus software or get one and install it. :thumbsup:

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:08 PM

Posted 18 March 2010 - 02:07 PM

Hello.. in case you are not sure what don't look right is avoid deleting.
A suggestion has been made that involves modifying the registry. Modifying the registry can be dangerous (and can render your system unbootable) so it's advisable that you make a backup of the registry before proceeding.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Registry Modifications

For more information about modifying the registry, see this Microsoft article: http://support.microsoft.com/default.aspx/kb/256986


As you have a corrupt Hosts file and I would like to see exactly which files to delete. We need a deeper look,please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic from step 9.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 uzair

uzair
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 18 March 2010 - 02:27 PM

hi
ive saved dds on desktop but it opens using notepad?

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:08 PM

Posted 18 March 2010 - 03:54 PM

Can you Copy/Paste that ...
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 uzair

uzair
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 18 March 2010 - 04:11 PM

not sure if this is the thing your looking for.....but got part of it cos it way tooo big

MZ   @  !L!This program cannot be run in DOS mode.

$ PE L +I  2 n Z   @     0  f          .code     PEC2FO .rsrc    $R Pd5 d% 3PECompact2 VK ўoTN<N<T#=L34w
lTS`M6lՍ[NPHr_0)a ؾ,f)|Bţ3]ˣoKjvh-Pw4l4` \3nfwp"nseXcDgϨ|0 O E J\#2\bN\Mk(^EK] m
<_@tHw,K{YwCdAEj]vWbڰ.ϓcF (C&{;yU2)[)g*uŊ0ʫ䜁M呎s
PKڟ}Cb{/p=_IѶ_' ֐`VSJYgĹ|_KwD ;6ИoOGS̷c7KgB-6Xfv-pĝ]PmUu ;&ƲoY-00
+=C<%#ɚxu C1y4jST)<H]nwPmq*?>?244 i)mK᪆+:@C
N>t-dDS[.^ݏ|@ِtP\R-TqLAu\hcD4fi]6nl
o@AFGo*=ܔ|Hϗ~'VR
`m۟IͬK1Ux>ARC)^M.!5 ?S& vjulB礪`2vb'
J:%Æ5,
h23g/C\.2wiL%g𞁇ji]f˓@U?@.H0߽$UwGBݜԣb]jڞe
)l Lz?j,Bћw`UE[ԃPFW'
Ӛ𜤊h2QNY2ע:ڏ"5_:fyfƈɘ2V" Gx ys{[ "}g+Zqp=sA
0 Nİ"fC0:m4g3 %۹ά͢
<WqW0Y],AlBw$
]agH(aIyց>(D P5Z{qR9*.r)791;rT5X{ ; 1
಴X̠0fTq{ 00|-_
۾%h;s?8PVz^Po?&%fKx_IPzPHi@l0Y!)ߵl=*M3| kY6m&鼦 qO͖hCܾ1=K1
T 5BIk>yI~v +:`
60-npvpT^ }}LJqScs!
FcZ4qkh/g↎5i/>!J$^`S$(]4*\Vɶq9DK3v:32XEղB7Žbk.K{ ɱ滝v8]e Mp92S -4!/M[#C~*`"_Ǥ*Qޭ9hm!I獚b ;)!ƿfWJriK̦#BϚʱv߬qNU_5&΢Z׽ S .tP7i^ țvSQ!`[@7z35dD@tqToehK$w!cDzXCUUY3P+O"%x&1IxMoh*}od6#$"~IXڷl既ΔֿUFIo`C&K49.!+(ʯ%0'g "By;OAwdž<.ªYŜlJǐ=v0/5mjtwu.5g"[/~|6}Nnf9<?Sт &.0BY D{NhٽFrqi0sl򥥼4!;xĠxug3eZrjN#h=s`U=ca]Ĵu{\ ։Ja)cpjJjW)nۧVB\k0:T6i͗|H [Tu5oPE#^
)MU\ N/Kt!yc-
֒Ī,eH/C!yI<&PK
gMefF
 XBc O 0BmBh9t腗u'j]nėz#
2{+X21z
~S=|auO'ў#pgm5;_vfVu6sh_~d2;]|R'_U
m@G?])[B+;$x44=Q(b ۗ[@UёyZ$$qBb΂zٸskrY- d5UXI(*ygkJB64ZG7b'XSIҾ]AI@HmHCXR@dM,M 7|J |HPMoO=;2ow/zi]&dTO/E-߇B?)~d#.ʉAn
k f){l! ԏÜD%6 f\T^S5wQxrnC8@m
޶0
}*ۢ8[},8Hj^+& qX dDKGc0Fsv7X@-
\<XMt f$pi}Oӝ^_2jnШXhxy=2uߋӿiz--N՝Ovq?4"
#€X^H95^7XBB[Ŀjե(?<2
z.8O^%??-0 F0^F߇Mfάd,2'^ΰR;QVV-ɝ?78Zh\cnKl[W{~8WUztCp'o*s!gS,~ ⏏{9HSI _UapM;jD%Iuj-8/P_vT[P=*2V#C%92<\*8mj%*yT% ]v{@YPx"+czP6#ְX.aʌeR0R0_L,mKBx30`2P}ud'"-,4_7Ͷ}}I|M 1cdrC^2CPM4RhӺmKao{oZ+$^2QʫlNj$
a w+bESfJ
q%߷ܥ P B
vEh?j9BLQ~ UZsWa 5Dzo$_6o|_|2f{ٷQLbPwjJ$5P> Ҹ*!
_"AsNсTW*A'):thumbsup:ld`_L3EG)QWV,n:M ֗rʢs<Y D읭Gg$U㔟Hzo2t%F1(g K
Q"ۄ NIߥdUtFgIcghnXg~n[ /Ī_rξN<qGPJ,/cgߍmȭrhS.r'r6 V5S @Xal|z]\W.
&:*A .G8B9|hz}
8X=|]G0n clNS2
W}syA$2KWS@Er}g2fF3TOwrF!9zC4=Әx)uQmhf|B7doң)- ky=fo1 L)e 4(to(??v|\+TQ c
NewΧ}֩MlAw{1E!CAOd#4е#/Uۼvt JAW_IԱSS^33hAf=`WJLJ]pr䫽n»A ωBAa;h$sI&A=1ChړKZk(uʁCq{V= O^!.\'*f끻Ѐ\A M_/cbq%18>.T^* [Kte!X!ꙃ'K2fB@s3fvMH讹0 gSkl R"2Ќ*Xb) K}I@,[5>r$U2
~$^jXCw4Ta%Url\<Dz#.mD|gX ز<1L=ÖS[IH?NŭN?\lT?cpDa^GtL4C!:18_qߝ&exyCΘö6D Fw P?4,HeR@1yߑ1vKQhHsw7ڸ*kTa }#n?~è^](tXJWʞړ\YwMClLmIfAzL 4~b}Se8[ sL
!3ژCySv۞jϿRU^?ݬ> ;aJbeμ{B9IdjŋmOLlj_tڋ6?VXtJ'>2fv17(uA\{іK{ `<jfdtנ!: KmHt'c :^igfd fH<WoHo/݅['."bD{"FPR
`#JasUܚ:2ik߇ '|+qHU:V#HIݡїTC׏.}UAy%P?RSCOɉԺg
i5N}<Z3BV'rȶI4iP!=^F?#5;"W5WәiMe
h?ؓe>>'hTa+%f'P\į z"NMԥ:@=BUzAˆNVcc,WS%$ =HS(Lo)kNo޸ )Q+Tv *Ӆp/7 gp }5BG+=QS)90[* plrJȟ"ㄿFkfq xx!/+B-7!Qr5 Qp"HJ D:2
m[fݙ^+'B`$ojehx4c'P`"Y!U7ՁmRD
cMTuL6]Jvb^:w`2 !
a:k=Kv&"q;lZP|1\)A-} g''4t>\oqY*N{ صTNRo,g & 3{Um :sJxK ˜>rosf]>u1xݯɗJAgs44C
bhEuyߌ'TYz絺 (va!)
e3d7сλ4ۿSɋ
+
$'A)#5bzmy3J
6D1w&oF?CS͍̊iSB7v&'m[Zn8Xhw_9kP8\z@ό: ¢;q2Lo*y*Pvhޛ7+wK{yPѯ,ֿ5@P:+0xUy/1|ye\klx<b
qAG$1'lRIp_֠Tksdkw
W:n4wȥא<^p#>-'JL8PyNOܚm#V^'Y@+n@?ݰR6 C3k3z<QBI"!DL?VTBQtɦ7O/ٛ#ebR=ܻ6W&n9fɺ7ͅZDbvg>*
0*CxjCcѡe{K
6`c#e[.!#!!ee[=2g&5b,H-:Eu=f~cvtm!RAh1q<B= :+x KY ^is+nFssS0گr_톆QZb3 $Ⱥ$y_!!W0'_LxIȌ%`a4yW[`N'W $^H)o*};#i0H4puehS4

!b& !.N c=G@ۈ;b?TbRG \o!R `;N
O^jAv>'䆆|9YwQ9eHfG raDrsE@F
K5wEzb 6 1un2Ǹ]oت#`<Wj`ezdaBbD5%OuYs;0V-˂YC}C^Ƿ7lDŽ,k'ުBLMU]^5 l^e7*p{>ۈp k?vt3jQL/.!tvɊ)oL]v4u
_4_>bU c-%#=e:?'/GYvXgZ^ h|6`R@QnZUS'+"9l_/P>\yXO{Α3i
?SJE^rFhM<Тm1hVkR %KrB/Y-k4E4{<q7vXڲ6ҽS|3FfB0`;
IV=u}o`jl}]7w|m˄|VX??6쒫N53k:&IjP ex{vQd%jٰG 9\[ Z*Jڹ 0! U-?!uѼJ+yH~QmZ4KMO0?o=k$\ZlDW/oWW_dF߹'\SО2&h6d.,bf>O{<U]$_Z_[7lLX#
whZ t">1hcphWOTux6J`p Վ2Uvu;N1Ng]<Μ{BQ4zF`9Yg`Z&5/[LH%FVv1 DUqOIm|xR5o%*1jdasU)9DFƍt<6e<҈p{}zzU0/ξ V 33xBlO;UUK(-cpDiȞR!¦FA [r]V8D'['+e](6 $gX|~LcQ
q
gТ)L⮭$;͠?ʧ"
>\Z3!كeX) A!
(DҊ-b@j[<W~ԻWF8q;лI&X-C'KL~h+tVh$iYrOC xϻMjDff4l@e2_|j_r櫞3{fɄw'\G<-kRZU[5w.}5&b 3My;O@Fbh;0xa09ln؅Ixh w7CsFftøܱSlMz5ZYGDK~K>c_)'YR+/%;P(&-!݉DkTP?/gyA
-YOG=3N GWȉ2bw w?W܉
]rn]C.XIxC~6M>aea
cJ2f=;}=Qmeºֈ䪿=,b,g4C~$}rWŀXaf#kfhӋ`Ý959"{WDh YQz^/}
n.pDrR]ofƑf8:W"a0J:k_X ;ŷږ~n[ER^hPk˻y#њďqqbnUlk 砑Jռ8@!.wxS}P3q)F8u߄:zK#. @B
) wnNˇtﰉADCrl#1Y?ؑ9DBQa%_UCF%:#M3`/-` -WueXg ȵz

#:tе=uKw+

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:08 PM

Posted 18 March 2010 - 04:20 PM

ooohh that's ugly.
If you cannot get DDS to work, please try this instead.

Please download RSIT by random/random and save it to your Desktop.
Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding RSIT attempting to contact the Internet, please allow the connection.
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
  • If using Windows Vista, be sure to Run As Administrator.
  • Click Continue after reading the disclaimer screen.
  • Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Save the log file to your desktop and copy/paste the contents into a new topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.
If RSIT did not work, then reply back here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:08 PM

Posted 18 March 2010 - 10:05 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/t/303441/rsit-log-file/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users