Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Post Got No Reply/Help Yet?


  • This topic is locked This topic is locked
1 reply to this topic

#1 ErikinColorado

ErikinColorado

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 06 June 2010 - 01:44 PM

I posted my original request for help with the logs needed back on Wednesday but still have not got any help. I know you wonderful volunteers are WAY busy but I got an email back then saying someone would get back to me even if it was several days. It seems like others have gotten help from just last night and I'm wondering if I did something wrong and can't get your replies or if my request just got lost?

CAN SOMEONE PLEASE HELP ME? I now have some "view.atdmt.com" virus and I'm hoping to clean this machine and put in place the protections I see when that's done so this hopefully won't happen again! UGH!

I re-sent the log files but I assume these will need to be re-run since they were done days ago?

THANK YOU FOR HELPING ME AND ALL THE REST OF US VICTIMS OF THESE MALICIOUS PROGRAMS!

thumbup.gif


LOG:




DDS (Ver_10-03-17.01) - NTFSx86
Run by Erik.Martin at 14:20:01.37 on Wed 06/02/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.102 [GMT -7:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\lxdjcoms.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\Watcher.exe
C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Download Guard for Internet Explorer\DownloadGuard.exe
C:\Documents and Settings\erik.martin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://us.mc300.mail.yahoo.com/mc/welcome?.rand=2f8dli3a2tb46
uSearch Bar = hxxp://intranet.wfinet.com
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Download Guard for Internet Explorer: {20c1a7f0-528e-444f-bac5-5804a61cca7f} - c:\program files\lavasoft\download guard for internet explorer\DownloadGuardBHO.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [TRUUpdater] "c:\program files\sierra wireless inc\webupdater\TRUUpdater.exe" /bkground
mRun: [AirCardEnabler]
mRun: [WatcherHelper] "c:\program files\sierra wireless inc\3g watcher\WaHelper.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [lxdjmon.exe] "c:\program files\lexmark 1400 series\lxdjmon.exe"
mRun: [lxdjamon] "c:\program files\lexmark 1400 series\lxdjamon.exe"
mRun: [LXDJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXDJtime.dll,_RunDLLEntry@16
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203021014471
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203033133244
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37934.6753703704
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-2 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-2 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-2 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-1-23 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-1-23 108392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1314704]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-1-23 2177464]
R3 ACGPRS;Sierra Wireless 3G Adapter;c:\windows\system32\drivers\acgprs.sys [2007-3-26 103936]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-2 40384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-26 102448]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2008-2-14 88192]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100601.023\NAVENG.SYS [2010-6-1 85552]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100601.023\NAVEX15.SYS [2010-6-1 1347504]
R3 scrswi;Sierra Wireless Smart Card Reader;c:\windows\system32\drivers\scrswi.sys [2008-4-2 44288]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [2007-3-26 20352]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-25 136176]
S4 vsdatant;vsdatant;a --> a [?]

=============== Created Last 30 ================

2010-06-02 07:30:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-02 07:29:52 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-02 07:14:18 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CCE9E666-4D7C-4946-A98B-CFDE0A0C1706}
2010-06-02 07:13:10 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-02 07:11:45 0 d-----w- c:\program files\Lavasoft
2010-06-02 07:04:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-06-02 07:01:24 0 d-----w- c:\docume~1\erik~1.mar\applic~1\Malwarebytes
2010-06-02 07:01:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-02 07:01:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-02 07:01:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-02 07:01:05 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-07 19:04:38 0 d-----w- c:\docume~1\erik~1.mar\applic~1\j2 Global
2010-05-07 19:03:17 0 d-----w- c:\docume~1\erik~1.mar\applic~1\eFax Messenger
2010-05-07 19:03:01 0 d-----w- c:\docume~1\alluse~1\applic~1\eFax Messenger 4.4 Output
2010-05-07 19:03:01 0 ----a-w- c:\windows\system32\eFax_4_4_Port
2010-05-07 19:01:26 0 d-----w- c:\program files\eFax Messenger 4.4
2010-05-04 23:36:26 215040 ----a-w- c:\windows\system32\CNMLM8V.DLL
2010-05-04 23:34:19 0 d-----w- c:\program files\Canon

==================== Find3M ====================

2010-06-02 17:18:38 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-06-02 08:39:36 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-03-22 12:20:47 111920 ----a-w- c:\windows\xobglu32.dll
2010-03-22 12:20:46 63488 ----a-w- c:\windows\xobglu16.dll
2009-04-08 23:51:57 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040820090409\index.dat

============= FINISH: 14:21:10.82 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:43 PM

Posted 06 June 2010 - 04:09 PM

Looks like you are being helped already here: http://www.bleepingcomputer.com/forums/t/321113/google-redirect-logs-preparedvirus-infectionworm/

This topic is closed. smile.gif
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users