Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with redirect malware/virus!??


  • This topic is locked This topic is locked
3 replies to this topic

#1 mlinebaugh

mlinebaugh

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 29 August 2010 - 05:30 PM

Hi. I don't think it is just google. Anyway, like everyone else I have the redirect virus. I know very little about computers. I have Norton 360 and of course they did a virus scan and nothing showed. I try to open search links and get taken to some strange ad place. I hope someone can rescue me!! sad.gif

I tried to run the GMER I and my computer froze and crashed. Screen went black. Here is the DDS file:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Melissa at 18:02:11.71 on Sun 08/29/2010
Internet Explorer: 7.0.6000.17037
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2046.881 [GMT -4:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Melissa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ED835LKF\dds[1].scr

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer provided by Dell
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1070911
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1070911
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1070911
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
BHO: TTB000000 Class: {62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} - c:\users\melissa\appdata\local\temp\low\COUPON~1.DLL
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.2.0.12\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} - c:\users\melissa\appdata\local\temp\low\CouponBarIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Verizon Broadband Toolbar: {a057a204-bacc-4d26-8398-26fadcf27386} - c:\progra~1\verizo~1\VERIZO~1.DLL
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.2.0.12\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Verizon_Installer.Activation] "c:\users\melissa\appdata\local\temp\verizon_installer\McciInitializer.exe"
uRun: [Security Master AV] "c:\programdata\3253f47\SM3253.exe" /s /d
mRun: [<NO NAME>]
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings/include/vzTCPConfig.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/44.10/uploader2.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - hxxp://coolsavings.coupons.smartsource.com/download/cscmv5X.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
IFEO: mrt.exe - svchost.exe
IFEO: msseces.exe - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-6-23 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-6-23 173104]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\bashdefs\20100810.004\BHDrvx86.sys [2010-8-9 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-6-23 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.1.0.32\definitions\ipsdefs\20100827.001\IDSvix86.sys [2010-8-27 344112]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-6-23 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0402000.00c\symtdiv.sys [2010-6-23 339504]
R2 N360;Norton 360;c:\program files\norton 360\engine\4.2.0.12\ccsvchst.exe [2010-6-23 126392]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2010-5-10 668912]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-23 102448]
R3 XG762_VS;ZyXEL 802.11g XG762 1211 Vista Driver;c:\windows\system32\drivers\WlanGZG.sys [2010-5-12 873472]
S2 gupdate1c9ebcb6fa3f3d0;Google Update Service (gupdate1c9ebcb6fa3f3d0);c:\program files\google\update\GoogleUpdate.exe [2009-6-12 133104]
S3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\drivers\MRVW24B.sys [2007-1-19 312320]
S3 Mrvleap;MARVELL EAP Driver;c:\windows\system32\drivers\mrveap32.sys [2007-9-11 15360]
S3 PRSUSB;Sony Reader;c:\windows\system32\drivers\PRSUSB.sys [2007-5-10 18944]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-9-11 29744]

=============== Created Last 30 ================

2010-08-29 21:56:14 0 ----a-w- c:\users\melissa\defogger_reenable
2010-08-29 13:03:02 0 d-----w- c:\users\melissa\appdata\roaming\Tific
2010-08-19 11:44:55 0 d-----w- c:\program files\iPod
2010-08-19 11:44:38 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-19 11:44:38 0 d-----w- c:\program files\iTunes
2010-08-19 11:31:49 0 d-----w- c:\program files\Bonjour
2010-08-10 09:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 09:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-08-29 19:26:10 54173 ----a-w- c:\programdata\nvModes.dat
2010-08-19 11:35:31 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-19 11:35:30 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-08-19 11:35:30 86016 ----a-w- c:\windows\inf\infstor.dat
2008-12-13 08:25:34 174 --sha-w- c:\program files\desktop.ini
2008-06-12 12:35:21 665600 ----a-w- c:\windows\inf\drvindex.dat
2007-11-30 18:14:02 315392 ----a-w- c:\windows\inf\wn121t\InstProtocol.exe
2007-10-29 00:22:32 340480 ----a-w- c:\windows\inf\wn121t\WN111x.sys
2007-10-29 00:21:54 310016 ----a-w- c:\windows\inf\wn121t\wn111.sys
2007-09-11 07:23:46 18944 ----a-w- c:\windows\inf\wn121t\mrv64drv.sys
2007-09-11 07:23:46 15360 ----a-w- c:\windows\inf\wn121t\mrveap32.sys
2007-05-24 18:58:00 249856 ----a-w- c:\windows\inf\wn121t\InsDrv2k.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2006-07-05 15:21:50 212992 ----a-w- c:\windows\inf\wn121t\CopyWHQLDriver.exe
2005-11-17 19:46:24 845736 ----a-w- c:\windows\inf\wn121t\DPInst.exe
2010-01-04 15:17:02 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-01-04 15:17:02 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-01-04 15:17:02 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2008-01-16 01:06:02 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-01-16 01:06:02 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-01-16 01:06:02 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-09-11 20:22:41 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 18:02:43.96 ===============






Here is the "attach" file:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 9/11/2007 8:34:24 AM
System Uptime: 8/29/2010 9:36:02 AM (9 hours ago)

Motherboard: Dell Inc. | | 0RY206
Processor: AMD Athlon™ 64 X2 Dual Core Processor 3800+ | Socket AM2 | 2008/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 223 GiB total, 135.666 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.759 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: NVIDIA nForce Networking Controller
Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_020E1028&REV_A2\3&2411E6FE&0&38
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_020E1028&REV_A2\3&2411E6FE&0&38
Service: NVENETFD

==== System Restore Points ===================

RP772: 8/15/2010 9:41:01 AM - Scheduled Checkpoint
RP773: 8/16/2010 11:31:49 AM - Scheduled Checkpoint
RP774: 8/17/2010 7:20:37 AM - Scheduled Checkpoint
RP775: 8/18/2010 9:34:03 AM - Scheduled Checkpoint
RP776: 8/18/2010 10:36:33 PM - Scheduled Checkpoint
RP777: 8/19/2010 7:32:48 AM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP778: 8/19/2010 7:34:11 AM - Device Driver Package Install: Apple Network adapters
RP779: 8/20/2010 8:44:15 PM - Scheduled Checkpoint
RP780: 8/21/2010 4:01:16 PM - Scheduled Checkpoint
RP781: 8/22/2010 8:53:41 PM - Scheduled Checkpoint
RP782: 8/24/2010 4:48:51 PM - Scheduled Checkpoint
RP783: 8/29/2010 5:47:16 PM - Scheduled Checkpoint

==== Hosts File Hijack ======================

Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.getantivirusplusnow.com
Hosts: 74.125.45.100 www.secure-plus-payments.com
Hosts: 74.125.45.100 www.getavplusnow.com
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 secure.paysecuresystem.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 74.125.45.100 protected.maxisoftwaremart.com
Hosts: 74.55.47.101 www.google.com
Hosts: 74.55.47.101 google.com
Hosts: 74.55.47.101 google.com.au
Hosts: 74.55.47.101 www.google.com.au
Hosts: 74.55.47.101 google.be
Hosts: 74.55.47.101 www.google.be
Hosts: 74.55.47.101 google.com.br
Hosts: 74.55.47.101 www.google.com.br
Hosts: 74.55.47.101 google.ca
Hosts: 74.55.47.101 www.google.ca
Hosts: 74.55.47.101 google.ch
Hosts: 74.55.47.101 www.google.ch
Hosts: 74.55.47.101 google.de
Hosts: 74.55.47.101 www.google.de
Hosts: 74.55.47.101 google.dk
Hosts: 74.55.47.101 www.google.dk
Hosts: 74.55.47.101 google.fr
Hosts: 74.55.47.101 www.google.fr
Hosts: 74.55.47.101 google.ie
Hosts: 74.55.47.101 www.google.ie
Hosts: 74.55.47.101 google.it
Hosts: 74.55.47.101 www.google.it
Hosts: 74.55.47.101 google.co.jp
Hosts: 74.55.47.101 www.google.co.jp
Hosts: 74.55.47.101 google.nl
Hosts: 74.55.47.101 www.google.nl
Hosts: 74.55.47.101 google.no
Hosts: 74.55.47.101 www.google.no
Hosts: 74.55.47.101 google.co.nz
Hosts: 74.55.47.101 www.google.co.nz
Hosts: 74.55.47.101 google.pl
Hosts: 74.55.47.101 www.google.pl
Hosts: 74.55.47.101 google.se
Hosts: 74.55.47.101 www.google.se
Hosts: 74.55.47.101 google.co.uk
Hosts: 74.55.47.101 www.google.co.uk
Hosts: 74.55.47.101 google.co.za
Hosts: 74.55.47.101 www.google.co.za
Hosts: 74.55.47.101 www.google-analytics.com
Hosts: 74.55.47.101 www.bing.com
Hosts: 74.55.47.101 search.yahoo.com
Hosts: 74.55.47.101 www.search.yahoo.com
Hosts: 74.55.47.101 uk.search.yahoo.com
Hosts: 74.55.47.101 ca.search.yahoo.com
Hosts: 74.55.47.101 de.search.yahoo.com
Hosts: 74.55.47.101 fr.search.yahoo.com
Hosts: 74.55.47.101 au.search.yahoo.com

==== Installed Programs ======================

1500
1500_Help
1500Trb
32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe® Photoshop® Album Starter Edition 3.2
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
AMDAway INF
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BufferChm
C5500
C5500_Help
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Cards_Calendar_OrderGift_DoMorePlugout
Comcast Desktop Software (v1.2.0.9)
Conexant D850 PCI V.92 Modem
Copy
CouponBar
Dell DataSafe Online
Dell Driver Download Manager
Dell Support Center (Support Software)
Dell System Customization Wizard
DellSupport
Desktop Doctor
Destination Component
DeviceDiscovery
Digital Line Detect
DocProc
eBook Library by Sony
Fax
First Step Guide
Games, Music, & Photos Launcher
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToAssist 8.0.0.514
GPBaseService
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 11.0
HP Imaging Device Functions 11.0
HP Photosmart C5500 All-In-One Driver Software 11.0 Rel .4
HP Photosmart Essential
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Smart Web Printing
HP Solution Center 11.0
HP Update
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
ImageMixer VCD2
iTunes
Java™ SE Runtime Environment 6
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Modem Diagnostic Tool
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer
NETGEAR WN121T wireless USB 2.0 adapter
NetWaiting
Norton 360
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIANetworkDiagnostic
OCR Software by I.R.I.S. 11.0
PanoStandAlone
Picasa 3
Picture Package
Primo
Product Documentation Launcher
PS_AIO_04_C5500_ProductContext
PS_AIO_04_C5500_Software
PS_AIO_04_C5500_Software_Min
PSSWCORE
PVSonyDll
Quicken 2010
QuickTime
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Runtime
Safari
Scan
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Shop for HP Supplies
Skype™ 4.1
SmartWebPrinting
SolutionCenter
Sonic Activation Module
Sony Picture Utility
Sony USB Driver
Status
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
URL Assistant
User's Guides
Verizon Broadband Toolbar (IE only)
Verizon FiOS Activation
Verizon Servicepoint 3.5.10
VideoToolkit01
Vz In Home Agent
WebReg
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

8/29/2010 9:21:36 AM, Error: Service Control Manager [7030] - The LogMeIn Rescue (0968c7e7-f6b4-41a2-8223-9e901ac03470) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/23/2010 6:16:09 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
8/23/2010 6:15:18 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/23/2010 6:13:18 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 9, function 0. Please contact your system vendor for technical assistance.
8/23/2010 6:13:18 AM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 11, function 0. Please contact your system vendor for technical assistance.

==== End Of File ===========================


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:33 PM

Posted 04 September 2010 - 02:30 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:33 PM

Posted 08 September 2010 - 11:05 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:33 PM

Posted 11 September 2010 - 04:26 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users