Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS & Google keeps redirecting


  • This topic is locked This topic is locked
9 replies to this topic

#1 cvid11

cvid11

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 16 June 2011 - 01:14 PM

Every time I click on a Google link I get error or redirected to rouge web site

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/19/2008 1:06:19 PM
System Uptime: 6/16/2011 8:14:29 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0PY423
Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 27.64 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro 8500 A909g
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet Pro 8500 A909g
PNP Device ID: ROOT\PRINTER\0000
Service:
.
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: STMicroelectronics Trusted Platform Module
Device ID: ROOT\SYSTEM\0003
Manufacturer: STMicroelectronics
Name: STMicroelectronics Trusted Platform Module
PNP Device ID: ROOT\SYSTEM\0003
Service: stmtpm
.
==== System Restore Points ===================
.
RP322: 3/18/2011 10:40:22 PM - System Checkpoint
RP323: 3/30/2011 8:28:33 PM - System Checkpoint
RP324: 3/31/2011 3:00:21 AM - Software Distribution Service 3.0
RP325: 4/1/2011 5:51:49 AM - System Checkpoint
RP326: 4/2/2011 8:29:48 AM - System Checkpoint
RP327: 4/3/2011 9:15:46 AM - System Checkpoint
RP328: 4/4/2011 10:15:47 AM - System Checkpoint
RP329: 4/5/2011 11:15:47 AM - System Checkpoint
RP330: 4/6/2011 11:27:50 AM - System Checkpoint
RP331: 4/7/2011 1:33:47 PM - System Checkpoint
RP332: 4/8/2011 2:16:28 PM - System Checkpoint
RP333: 4/9/2011 4:09:20 PM - System Checkpoint
RP334: 4/10/2011 4:33:08 PM - System Checkpoint
RP335: 4/15/2011 1:37:27 PM - Software Distribution Service 3.0
RP336: 4/16/2011 6:03:05 PM - System Checkpoint
RP337: 4/17/2011 6:55:16 PM - System Checkpoint
RP338: 4/26/2011 8:12:50 PM - System Checkpoint
RP339: 4/27/2011 3:00:34 AM - Software Distribution Service 3.0
RP340: 4/28/2011 7:40:46 AM - System Checkpoint
RP341: 4/29/2011 3:00:30 AM - Software Distribution Service 3.0
RP342: 5/2/2011 8:24:44 PM - System Checkpoint
RP343: 5/9/2011 11:59:09 PM - System Checkpoint
RP344: 6/5/2011 3:46:47 PM - System Checkpoint
RP345: 6/5/2011 6:43:40 PM - Removed VIPRE Antivirus.
RP346: 6/5/2011 6:43:59 PM - Installed VIPRE Antivirus.
RP347: 6/6/2011 3:19:56 PM - Installed Windows Internet Explorer 8.
RP348: 6/6/2011 11:55:41 PM - Restore Operation
RP349: 6/7/2011 12:15:33 AM - Restore Operation
RP350: 6/7/2011 10:09:22 AM - Restore Operation
RP351: 6/9/2011 7:53:11 AM - System Checkpoint
RP352: 6/10/2011 1:54:40 PM - System Checkpoint
RP353: 6/13/2011 1:11:40 PM - System Checkpoint
RP354: 6/13/2011 11:46:22 PM - Installed Windows Internet Explorer 8.
RP355: 6/13/2011 11:54:01 PM - Software Distribution Service 3.0
RP356: 6/15/2011 10:07:56 AM - System Checkpoint
RP357: 6/15/2011 4:39:51 PM - Installed HiJackThis
RP358: 6/15/2011 10:59:55 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
32 Bit HP CIO Components Installer
8500A909_eDocs
8500A909_Help
8500A909g
Adobe Acrobat 9 Standard
Adobe Acrobat 9.4.4 - CPSID_83708
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
Bonjour
BPD_DSWizards
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CCleaner
Covenant Eyes
Critical Update for Windows Media Player 11 (KB959772)
Destination Component
DeviceDiscovery
DocMgr
DocProc
Express Burn
Express Rip
Fax
Google Apps Sync™ for Microsoft Outlook® 2.3.22.703
Google Desktop
Google Gears
Google Update Helper
GPBaseService2
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 12.0
HP Document Manager 2.0
HP Imaging Device Functions 12.0
HP Smart Web Printing 4.60
HP Solution Center 13.0
HPProductAssistant
Intel® Graphics Media Accelerator Driver
Internet Explorer (Enable DEP)
iTunes
Java Auto Updater
Java™ 6 Update 20
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Automated Troubleshooting Services Shim
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft English TTS Engine
Microsoft Fix it Center
Microsoft IntelliPoint 7.0
Microsoft IntelliType Pro 7.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Streets & Trips 2010
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable Package
MotoConnect
Motorola Driver Installation 4.6.0
Mouse Suite
MPM
MSVCSetup
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
muvee Reveal Seagate Edition
neroxml
Network
NTRU Hybrid TSS v1.05
NVIDIA Drivers
OCR Software by I.R.I.S. 12.0
Officejet Pro 8500 A909 Series
OGA Notifier 2.0.0048.0
PowerDVD DX
ProductContext
QuickBooks Premier Edition 2007
QuickTime
RealPlayer
RealUpgrade 1.0
SAPI Wrapper
Scan
Seagate Manager Installer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SmartWebPrinting
SnagIt 8
SolutionCenter
SoundMAX
Status
SupportSoft Assisted Service
Toolbox
TrayApp
TTS Wrapper
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIPRE Antivirus
WebEx
WebFldrs XP
WebReg
Windows Driver Package - Product Image (01/01/2007 1.0.1.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows PowerShell™ 1.0 MUI pack
Windows Search 4.0
.
==== Event Viewer Messages From Past Week ========
.
6/16/2011 8:22:58 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
6/16/2011 8:22:58 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/16/2011 8:18:56 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Auth Service service to connect.
6/15/2011 9:38:18 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Image Acquisition (WIA) service to connect.
6/15/2011 9:38:18 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SB Recovery Service service to connect.
6/15/2011 9:38:18 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NTRU Hybrid TSS v1.05 TCSD service to connect.
6/15/2011 9:38:18 AM, error: Service Control Manager [7000] - The Windows Image Acquisition (WIA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2011 9:38:18 AM, error: Service Control Manager [7000] - The SB Recovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/15/2011 3:00:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WebClient service to connect.
6/15/2011 3:00:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QuickBooks Database Manager Service service to connect.
6/15/2011 3:00:44 PM, error: Service Control Manager [7000] - The WebClient service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/14/2011 8:29:54 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service to connect.
6/14/2011 8:29:54 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NVIDIA Display Driver Service service to connect.
6/14/2011 8:29:54 AM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/14/2011 8:29:54 AM, error: Service Control Manager [7000] - The NVIDIA Display Driver Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/14/2011 8:16:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
6/14/2011 8:16:38 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/14/2011 8:16:22 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
6/13/2011 8:36:28 AM, error: Service Control Manager [7034] - The VIPRE Antivirus service terminated unexpectedly. It has done this 1 time(s).
6/13/2011 8:36:14 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
6/13/2011 8:36:14 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/13/2011 8:35:34 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/13/2011 8:35:14 AM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/13/2011 11:55:17 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/13/2011 11:26:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/13/2011 11:20:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm sbaphd
6/13/2011 10:46:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sbaphd SbTis Tcpip WS2IFSL
6/13/2011 10:46:21 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/13/2011 10:46:21 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/13/2011 10:46:21 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/13/2011 10:46:21 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/13/2011 10:46:21 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/13/2011 10:46:21 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/13/2011 10:46:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/13/2011 10:46:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/13/2011 10:16:53 PM, error: Service Control Manager [7034] - The NTRU Hybrid TSS v1.05 TCSD service terminated unexpectedly. It has done this 1 time(s).
6/13/2011 10:15:14 PM, error: Service Control Manager [7023] - The Intel CPU service terminated with the following error: The specified module could not be found.
6/13/2011 10:15:14 PM, error: Service Control Manager [7000] - The DataSvr service failed to start due to the following error: The system cannot find the path specified.
6/10/2011 9:26:07 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Themes service to connect.
6/10/2011 9:26:07 AM, error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/10/2011 8:45:40 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file '~WRD0003.tmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
6/10/2011 8:43:02 AM, error: Print [6161] - The document Job Description - National Account Manager, Rubbermaid Medical Solutions, Nashville (1101321) owned by User failed to print on printer Auto HP Officejet Pro 8500 A909g Series on IAN. Data type: NT EMF 1.008. Size of the spool file in bytes: 229264. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\DADOFFICEPC2010. Win32 error code returned by the print processor: 6 (0x6).
6/10/2011 8:34:22 AM, error: Print [6161] - The document Job Description - National Account Manager, Rubbermaid Medical Solutions, Nashville (1101321) owned by User failed to print on printer Auto HP Officejet Pro 8500 A909g Series on IAN. Data type: NT EMF 1.008. Size of the spool file in bytes: 138856. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\DADOFFICEPC2010. Win32 error code returned by the print processor: 6 (0x6).
6/10/2011 8:24:25 AM, error: Print [6161] - The document CardioNet - Get To The Heart of The Problem owned by User failed to print on printer Auto HP Officejet Pro 8500 A909g Series on IAN. Data type: NT EMF 1.008. Size of the spool file in bytes: 5111808. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\DADOFFICEPC2010. Win32 error code returned by the print processor: 6 (0x6).
6/10/2011 11:49:36 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
6/10/2011 11:24:21 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/10/2011 11:22:46 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
.
==== End Of File ===========================

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 PM

Posted 21 June 2011 - 12:34 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 cvid11

cvid11
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 22 June 2011 - 09:24 AM

Thanks Gringo.

Logs are attached

Computer verry slow. I am sending this log from another computer because of the slow functionality of infected computer, Hopefully you can help be resurrect computer. Svchost.exe currently utlizing 351,840K

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 PM

Posted 22 June 2011 - 03:04 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 cvid11

cvid11
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 22 June 2011 - 05:20 PM

Still being redirected to scour.com when clicking on a google search link. Also still high CPU usage. Combo fix log attached

Attached Files

  • Attached File  log.txt   315.11KB   2 downloads


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 PM

Posted 23 June 2011 - 01:55 AM

Hello

It looks like the rootkit is still active. I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 cvid11

cvid11
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 23 June 2011 - 12:27 PM

Rootkit removed was Rootkit.Win32.TDSS.tf14

Things have settled down Not getting rerdirtected Thanks you

I can't find the log?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 PM

Posted 23 June 2011 - 04:11 PM

Hello

rerun combofix for me again - send me the report when complete


grino
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 PM

Posted 27 June 2011 - 08:40 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 PM

Posted 30 June 2011 - 07:57 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users