Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus: Similar to Google Redirect, but unable to rid of


  • This topic is locked This topic is locked
7 replies to this topic

#1 hoops4kobe

hoops4kobe

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 18 July 2011 - 03:25 PM

Hello,
I think I acquired a virus simiilar to the Google Redirect, but I have tried Malware Bytes/Hijack This/A-Squared without removal. Here are the symptoms:
-whenever I use a search engine (Google, Yahoo, etc.) it redirects all of my searches to random webpages
-my files seem to be hidden. I am unable to access them through My Music or My Pictures, however when I search for a specific file name (let's say the name of the picture is Winter2011), it finds it in my computer.
-sometimes occassionally a google page window will pop up.

Please Help!!!
Thank you.

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:22 AM

Posted 18 July 2011 - 03:27 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Then proceed to run aswMbr.exe as noted below.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Note:
If you are unable to run a Gmer scan due the fact you are running a 64bit machine please run the following tool and post its log.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Thanks and again sorry for the delay.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 hoops4kobe

hoops4kobe
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 18 July 2011 - 05:41 PM

Here is the log from dds:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-07-14.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/2/2010 1:22:53 AM
System Uptime: 7/18/2011 2:57:29 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 158E
Processor: Intel® Core™ i3 CPU U 330 @ 1.20GHz | CPU | 659/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 444 GiB total, 364.31 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 3.111 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\SEEHCRI\0000
Manufacturer:
Name:
PNP Device ID: ROOT\SEEHCRI\0000
Service: seehcri
.
==== System Restore Points ===================
.
RP139: 7/15/2011 7:22:41 PM - Restore Operation
RP140: 7/15/2011 8:02:08 PM - Windows Update
RP141: 7/15/2011 9:56:06 PM - Installed Java™ 6 Update 26
RP142: 7/15/2011 10:00:50 PM - Installed Adobe Reader X (10.1.0).
RP143: 7/15/2011 10:01:16 PM - Removed Norton Online Backup
RP144: 7/16/2011 10:38:45 AM - Windows Update
RP145: 7/16/2011 10:57:14 AM - Removed Acrobat.com
RP146: 7/16/2011 10:58:59 AM - Removed Adobe Reader 9.4.5 MUI.
RP147: 7/16/2011 11:00:41 AM - Removed Adobe Shockwave Player 11.5.
RP148: 7/16/2011 11:38:48 AM - Installed HiJackThis
RP149: 7/16/2011 6:13:43 PM - Removed Windows Live ID Sign-in Assistant
RP150: 7/16/2011 6:23:11 PM - Removed Windows Live Sync
RP151: 7/16/2011 6:23:49 PM - Removed Windows Live Upload Tool
RP152: 7/17/2011 1:11:55 AM - Windows Update
RP153: 7/17/2011 11:45:31 PM - Removed Java™ 6 Update 20 (64-bit)
RP154: 7/17/2011 11:46:55 PM - Removed Java™ 6 Update 26
RP155: 7/17/2011 11:49:13 PM - Removed Facebook Video Calling 1.0.0.7428
RP156: 7/17/2011 11:49:48 PM - Removed Skype Toolbars
RP157: 7/17/2011 11:51:08 PM - Removed Skype™ 5.0
RP158: 7/18/2011 1:22:03 PM - Removed HiJackThis
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bejeweled 2 Deluxe
Bing Rewards Client Installer
Blackhawk Striker 2
Bonjour
Broadcom 2070 Bluetooth 3.0
Broadcom 802.11 Wireless LAN Adapter
Build-a-lot 2
Chuzzle Deluxe
CinemaNow Media Manager
CyberLink DVD Suite
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Dream Day Wedding - Bella Italia
DVD Menu Pack for HP MediaSmart Video
Emsisoft Anti-Malware 5.1
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
FATE
Fences Pro
Final Drive Nitro
Google Toolbar for Internet Explorer
Google Update Helper
Heroes of Hellas 2 - Olympia
HP 3D DriveGuard
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Movies and TV
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP Photo Creations
HP Power Manager
HP Quick Launch
HP QuickWeb Installer
HP Setup
HP Software Framework
HP Support Assistant
HP Wireless Assistant
HPAsset component for HP Active Support Library
IDT Audio
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
iTunes
Jewel Quest 3
Jewel Quest Solitaire 2
LabelPrint
LightScribe System Software
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft IntelliPoint 8.0
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Disney Kitchen
Penguins!
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Recovery Manager
Roxio CinemaNow 2.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Sony Ericsson Update Service
Synaptics Pointing Device Driver
Update Installer for WildTangent Games App
Virtual Families
Virtual Villagers - The Secret City
Wedding Dash® 4-Ever
Wheel of Fortune 2
WildTangent Games App (HP Games)
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
7/18/2011 3:51:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/18/2011 3:29:46 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
7/18/2011 12:59:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/18/2011 12:59:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: a2injectiondriver AFD cdrom DfsC discache DVMIO NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
7/18/2011 12:59:21 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/18/2011 12:59:21 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/18/2011 12:59:21 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/18/2011 12:59:21 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/18/2011 12:59:21 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/18/2011 12:59:21 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/18/2011 12:59:21 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/18/2011 12:59:21 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/18/2011 12:59:21 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/18/2011 12:59:21 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/18/2011 12:59:21 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/18/2011 1:23:34 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
7/18/2011 1:23:34 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
7/18/2011 1:21:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
7/18/2011 1:19:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/18/2011 1:17:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/18/2011 1:17:39 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
7/18/2011 1:17:36 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
7/18/2011 1:17:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/18/2011 1:17:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/18/2011 1:17:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/18/2011 1:17:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/18/2011 1:17:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: a2injectiondriver cdrom discache DVMIO spldr Wanarpv6
7/18/2011 1:16:00 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/18/2011 1:01:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/17/2011 7:02:02 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom DfsC discache DVMIO NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
7/17/2011 6:59:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
7/17/2011 6:59:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
7/17/2011 6:59:13 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/17/2011 6:55:50 PM, Error: Service Control Manager [7024] - The Superfetch service terminated with service-specific error The operation completed successfully..
7/17/2011 1:28:15 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache DVMIO spldr Wanarpv6
7/16/2011 8:34:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
7/16/2011 4:30:05 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000109 (0xa3a039d89c0139e8, 0xb3b7465eee7f72a2, 0xfffff80000ba5618, 0x0000000000000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071611-16005-01.
7/16/2011 11:33:24 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/16/2011 10:04:32 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
7/15/2011 7:25:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DvmMDES service.
7/15/2011 12:35:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
7/15/2011 12:35:38 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/15/2011 12:35:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/15/2011 10:55:15 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
7/15/2011 10:41:32 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom DfsC discache DVMIO NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX tdx vwififlt Wanarpv6 WfpLwf
.
==== End Of File ===========================



HERE IS THE LOG FROM aswMBR:

aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software
Run date: 2011-07-18 15:38:06
-----------------------------
15:38:06.145 OS Version: Windows x64 6.1.7600
15:38:06.145 Number of processors: 4 586 0x2505
15:38:06.145 ComputerName: OLIVIA-HP UserName: Olivia
15:38:08.095 Initialize success
15:38:23.286 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:38:23.286 Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
15:38:23.301 Disk 0 MBR read successfully
15:38:23.301 Disk 0 MBR scan
15:38:23.317 Disk 0 TDL4@MBR code has been found
15:38:23.317 Disk 0 MBR [TDL4] **ROOTKIT**
15:38:23.332 Service scanning
15:38:24.268 Disk 0 trace - called modules:
15:38:24.300 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8006ff0254]<<
15:38:24.300 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006fd7060]
15:38:24.315 3 CLASSPNP.SYS[fffff880011a543f] -> nt!IofCallDriver -> [0xfffffa80051059e0]
15:38:24.331 \Driver\hpdskflt[0xfffffa8004a872e0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8006ff0254
15:38:24.331 Scan finished successfully
15:38:40.102 Disk 0 MBR has been saved successfully to "C:\Users\Olivia\Desktop\MBR.dat"
15:38:40.118 The log file has been saved successfully to "C:\Users\Olivia\Desktop\aswMBR log.txt"

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:22 AM

Posted 18 July 2011 - 06:47 PM

Hello,

That is not the DDS log. That is the Attach.txt Please post the DDS log

1.
Re-Run aswMBR

  • Click Scan
  • On completion of the scan, click the FIXMBR button
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

2.
Please download and run unhide.exe

Things to include in your next reply::
aswMBR log
DDS.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 hoops4kobe

hoops4kobe
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 18 July 2011 - 10:05 PM

Hello!

It has--thankfully--stopped redirecting my searches. My internet searches seem back to normal. The only issue that is left is accessing my files. Whenever I look through My Pictures/My Documents, it does not show any of my files. However, when I search for a certain file name (let's say "Class Syllabus"), I am able to find it through the Start/Search feature. Please help me on accessing files.

Thank you!

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:22 AM

Posted 19 July 2011 - 04:15 PM

Hello,

This type of infection moves all the shortcuts to a temp file. If your have run a cleaner or emptied your temp files we may have a problem.

Please post the DDS.txt like I have ask for for the 3rd time now. I need these logs in order to help.

1.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, type 1 (SCAN) then Enter
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


2.
Please download SystemLook from jpshortstuff and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • 64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy/Paste the following into the box
    :dir
    %Temp%\smtmp /s
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply


Things to include in your next reply::
Systemlook .txt
Roguekiller log
DDS.txt
How is your machine running now?

Edited by fireman4it, 19 July 2011 - 04:21 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:22 AM

Posted 21 July 2011 - 07:53 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:22 AM

Posted 24 July 2011 - 09:25 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users