Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My log, google search brings me to an ad page


  • This topic is locked This topic is locked
22 replies to this topic

#1 Justin V

Justin V

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 08 February 2011 - 11:43 AM

A little history is that whenever I do a google search it redirects to an ad page.





DDS (Ver_10-12-12.02) - NTFSx86
Run by Mechanic at 11:31:12.55 on Tue 02/08/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.474 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\7d3471df-8f02-4af3-b16c-bf586ed7227e.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mechanic\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://dealerconnect.chrysler.com/dealer/DealerList?TYPE=33554433&REALMOID=06-000a37dd-a3bd-1218-8d71-832d15f30000&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-2EzPI8V9B3zCvoFdgrXHM3pvSyEcC07H9oVck4xThp9e%2fdmvFDcRdS5Y19DGUR8eV%2b2StxNjvYRS0cH0eeDhlIyAU%2fpP%2bMRX&TARGET=-SM-https%3a%2f%2fdealerconnect%2echrysler%2ecom%2fportal%2fController%2fPortal
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080827
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\7d3471df-8f02-4af3-b16c-bf586ed7227e.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35[1].exe" /scan:boot
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
uPolicies-explorer: DisallowRun = 1 (0x1)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220388266031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
IFEO: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mechanic\applic~1\mozilla\firefox\profiles\vrer0mnk.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://www.afodo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=rbIaJZ82&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox
FF - Ext: AVG Security Toolbar em:version=6.010.006.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg9\toolbar\firefox\avg@igeared

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - Search
FF - user.js: keyword.URL - hxxp://www.afodo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=rbIaJZ82&q=

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-7 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-3 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-7 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2009-9-26 819600]
R2 GpibPrtK;Gpib Port;c:\windows\system32\drivers\gpibprtk.sys [2004-10-28 200192]
R2 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [2004-3-26 108124]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [2004-3-15 41071]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-9-23 447832]
R3 nipalusb;NI-PAL USB Driver;c:\windows\system32\drivers\nipalusb.sys [2004-11-2 62464]
R3 sftfs;sftfs;c:\program files\microsoft application virtualization client\drivers\SftFSXP.sys [2009-9-23 543064]
R3 sftplay;sftplay;c:\program files\microsoft application virtualization client\drivers\sftplayxp.sys [2009-9-23 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-9-23 21864]
R3 sftvol;sftvol;c:\program files\microsoft application virtualization client\drivers\SftVolXP.sys [2009-9-23 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-9-23 203608]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-29 136176]
S2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot);"c:\documents and settings\mechanic\local settings\temporary internet files\content.ie5\36zwxu6p\hitmanpro35[1].exe" /crusader:boot --> c:\documents and settings\mechanic\local settings\temporary internet files\content.ie5\36zwxu6p\HitmanPro35[1].exe [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 517448]
S3 NiViPxiK;NiViPxiK;c:\windows\system32\drivers\NiViPxiK.sys [2004-3-30 24064]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\sasenum.sys --> c:\program files\superantispyware\SASENUM.SYS [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-02-08 16:10:10 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-02-08 16:05:44 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-02-08 16:05:42 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-02-08 16:04:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2011-02-08 16:03:40 388096 ----a-r- c:\docume~1\mechanic\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-02-08 16:03:38 -------- d-----w- c:\program files\Trend Micro

==================== Find3M ====================

2010-12-23 21:25:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-23 21:25:57 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD800JD-75MSA3 rev.10.01E04 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8633FECC]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x84ff7879; SUB DWORD [EBP-0x4], 0x84ff7135; PUSH EDI; CALL 0xffffffffffffdf2c; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x86573AB8]
3 CLASSPNP[0xF7633FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\0000006d[0x86529F18]
5 ACPI[0xF74CA620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x865D7940]
[0x85FBBCA8] -> IRP_MJ_CREATE -> 0x8633FECC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD800JD-75MSA3______________________10.01E04#5&16f139c2&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
sectors 156249998 (+229): user != kernel
Warning: possible TDL3 rootkit infection !

============= FINISH: 11:33:28.13 ===============



GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-08 11:40:42
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD800JD-75MSA3 rev.10.01E04
Running: gmer.exe; Driver: C:\DOCUME~1\Mechanic\LOCALS~1\Temp\awxoqaob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3032] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 00D9C510
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] USER32.dll!DrawTextW 7E42D7E2 5 Bytes JMP 00D9C34C
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 00D9BFC3
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] USER32.dll!DrawTextA 7E43C702 5 Bytes JMP 00D9C270
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] USER32.dll!DrawTextExA 7E43C739 5 Bytes JMP 00D9C428
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 00D9C1A3
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 00D9C6DD
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 00D9C0D6
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 00D9C5F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 00D9CA94
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 00D9CB5E
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00D9B1A3
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D9BF35
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D9BC3D
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00D9BE4E
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00D9B0E6
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] WS2_32.dll!recv 71AB676F 2 Bytes JMP 00D9BCE3
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] WS2_32.dll!recv + 3 71AB6772 2 Bytes [2E, 8F]
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D9BD8D
.text C:\Program Files\Internet Explorer\iexplore.exe[3032] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 00D9B56A
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 00A5C510
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DrawTextW 7E42D7E2 5 Bytes JMP 00A5C34C
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 00A5BFC3
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DrawTextA 7E43C702 5 Bytes JMP 00A5C270
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DrawTextExA 7E43C739 5 Bytes JMP 00A5C428
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 00A5C1A3
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 00A5C6DD
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 00A5C0D6
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 00A5C5F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 00A5CA94
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 00A5CB5E
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00A5B1A3
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00A5BF35
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A5BC3D
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00A5BE4E
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00A5B0E6
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WS2_32.dll!recv 71AB676F 2 Bytes JMP 00A5BCE3
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WS2_32.dll!recv + 3 71AB6772 2 Bytes [FA, 8E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00A5BD8D
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 00A5B56A
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 00A4C510
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!DrawTextW 7E42D7E2 5 Bytes JMP 00A4C34C
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 00A4BFC3
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!DrawTextA 7E43C702 5 Bytes JMP 00A4C270
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!DrawTextExA 7E43C739 5 Bytes JMP 00A4C428
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 00A4C1A3
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 00A4C6DD
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 00A4C0D6
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 00A4C5F8
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 00A4CA94
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 00A4CB5E
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00A4B1A3
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00A4BF35
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A4BC3D
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00A4BE4E
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00A4B0E6
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WS2_32.dll!recv 71AB676F 2 Bytes JMP 00A4BCE3
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WS2_32.dll!recv + 3 71AB6772 2 Bytes [F9, 8E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00A4BD8D
.text C:\Program Files\Internet Explorer\iexplore.exe[3456] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 00A4B56A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\mbr \Device\mbr F797DCDE
Device \FileSystem\Fastfat \Fat A6151D20

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD800JD-75MSA3______________________10.01E04#5&16f139c2&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sectors 156249769 (+229): rootkit-like behavior;

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:12 AM

Posted 08 February 2011 - 04:03 PM

Good evening. :)

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#3 Justin V

Justin V
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 09 February 2011 - 10:29 AM

It found nothing, here is the log it gave me.

Attached Files



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:12 AM

Posted 09 February 2011 - 03:07 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button, read the info in the new window, check the appropriate box and click Start.
  • Accept the ActiveX download, and allow it to install.
  • Once this has been completed, you will see the Computer Scan settings page - ensure that you UNCHECK the "Remove found threats" box and then click Start.
  • The virus signature database will now need to be downloaded, so don't forget to instruct your firewall to permit it if it asks.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

I'd also like to know if you have installed a custom HOSTS file or edited the one that you have on your system.

So long, and thanks for all the fish.

 

 


#5 Justin V

Justin V
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 10 February 2011 - 12:13 PM

Ran that scan and it found something this time. I did not delete them and here is the log. As far as the HOSTS file goes I have never edited it but thats not to say that someone else didn't.

Attached Files



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:12 AM

Posted 10 February 2011 - 04:04 PM

Good evening. :)

Download HostsXpert by FunkyToad from here and save it to your Desktop.

You will need to extract the file(s):
Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


You should now see the HostsXpert folder - open it and double click HostsXpert.exe
  • In the top left hand corner of the new window, ensure that the button says "Make ReadOnly?"
    If it says "Make Writable?", click it and it should change to the above.
  • Click on Restore MS Hosts File.
  • In the confirmation window, click on OK.
  • Finally, click the button mentioned above to make it read "Make Writable?".
Let me know how you get on.

So long, and thanks for all the fish.

 

 


#7 Justin V

Justin V
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 10 February 2011 - 04:20 PM

I downloaded it and it says this when I open it.

Your hosts file is marked as a "system file" and cannot be manipulated press ok to remove this attribute o0r cancel to exit.

When I press ok it says the same thing but a hidden file instead of a system file

it also says the "make writeable" and when I click it nothing happens.

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:12 AM

Posted 10 February 2011 - 06:32 PM

Go to Start >> Run..., enter cmd and click OK.
Copy and paste the following into the Command Window that opens and hit <ENTER>:

attrib %SystemRoot%\system32\drivers\etc\HOSTS >> "%userprofile%\desktop\hostsfile.txt"
I'd like a copy of the file hostsfile.txt that should appear on your Desktop - you can close the Command Window once you've found the text file.

So long, and thanks for all the fish.

 

 


#9 Justin V

Justin V
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 11 February 2011 - 09:02 AM

This is what it gave me, I don't think its what you wanted tho.

Attached Files



#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:12 AM

Posted 11 February 2011 - 03:11 PM

Good evening. :)

I have no idea what you did as I can't recreate it on my system - you seem to have posted a copy of your Hosts file, rather than hostsfile.txt that should have been newly created.

Can you tell me exactly what it was that you did.

So long, and thanks for all the fish.

 

 


#11 Justin V

Justin V
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 11 February 2011 - 04:27 PM

ok, I screwed that one up, is this what you wanted, it was on my desktop after I did the previous thing again. I won't be able to reply until monday either, I hope this is ok.

Attached Files



#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:12 AM

Posted 11 February 2011 - 05:01 PM

is this what you wanted

Bingo!

I won't be able to reply until monday either, I hope this is ok.

Monday's fine. I'll come up with a plan of action before then and you can work through it and post accordingly.

So long, and thanks for all the fish.

 

 


#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:12 AM

Posted 12 February 2011 - 02:56 PM

Good evening. :)

Open a Command Window as before and copy and paste the following into it:

attrib -r -a -s -h %SystemRoot%\system32\drivers\etc\HOSTS
Hit <ENTER> and then run through the HostsXpert instructions again and see if things will go according to plan now - let me know how you get on.

So long, and thanks for all the fish.

 

 


#14 Justin V

Justin V
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 14 February 2011 - 09:43 AM

Good morning and happy Valentines day. when I put that into the command window it says

Access Denied - C:\WINDOWS\system32\drivers\etc\hosts

Edited by Justin V, 14 February 2011 - 09:45 AM.


#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:12 AM

Posted 14 February 2011 - 03:49 PM

Good evening. :)

I've got a similar issue in another thread and I think i'm on top of it now. I want you to open a Command Window as you did before and paste the following into it:

cacls %SystemRoot%\system32\drivers\etc\HOSTS > "%userprofile%\desktop\hostsfile.txt"

Hit <ENTER> and let me have the contents of hostsfile.txt as before.

I'd also like you to run the following Command in the Command Window:

NET LOCALGROUP Administrators > "%userprofile%\desktop\admin.txt"

I'd like the contents of admin.txt as well.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users