Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect and virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 wendimrry

wendimrry

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 03 October 2011 - 03:27 PM

I have now discovered how to add my logs

Here they are:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19019
Run by angel at 13:16:02 on 2011-10-03
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1790.791 [GMT -7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\mssprxy32.exe
C:\Windows\system32\CSHelper.exe
C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\vVX3000.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wuauclt.exe
C:\ProgramData\es32.exe
C:\Program Files\Google\Update\Install\{01D1B202-0A45-4F63-A49F-C8FB415ABCCB}\googletoolbarinstaller_en32_signed.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\msiexec.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=1007&m=el1200-07w
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=1007&m=el1200-07w
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vb32&d=1007&m=el1200-07w
mSearchAssistant =
mURLSearchHooks: H - No File
mURLSearchHooks: FroggyBoss Class: {539f76fd-084e-4858-86d5-62f02f54ae86} - c:\program files\minibar\Froggy.dll
BHO: {0ce5f77a-4656-4498-81c3-9179e58c11ef} - c:\windows\system32\AudioSes32.dll
BHO: {0ce5f77b-4656-4498-81c3-9179e58c11ef} - c:\windows\system32\AudioSes32.dll
BHO: bcdfdf06: {100efdd1-c199-8fb3-159f-5efbc9e1c488} - c:\programdata\AudioSes32.dll
BHO: {672fbbd9-4656-4498-81c3-9179e58c11ef} - c:\windows\system32\AudioSes32.dll
BHO: MrFroggy Class: {856e12b5-22d7-4e22-9aca-ea9a008dd65b} - c:\program files\minibar\Froggy.dll
BHO: MinibarBHO: {aa74d58f-acd0-450d-a85e-6c04b171c044} - c:\program files\minibar\Kango.dll
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\datamngr\toolbar\bsdtxmltbpi.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\bearsh~1\mediabar\datamngr\toolbar\bsdtxmltbpi.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eRecoveryService]
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [EarthLink Installer] " /C
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Skytel] Skytel.exe
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [aAAA1uuFmRNQ68234A] c:\windows\system32\P99hhYXwjUVeItP.exe
mRun: [MozillaAgent] c:\windows\temp\kghjdfg.exe
mRun: [dr0bQRgTXjCk8234A] c:\windows\system32\JJ6dWK8fR9TqUeI.exe
mRun: [AZqhYXwkUeOtPy18234A] c:\windows\system32\DamH5sWJ7E8.exe
mRun: [amHsQJ7dE8RYjeB8234A] c:\windows\system32\VXwkUVelOtPy124.exe
mRun: [LA0ucS2ib3n4QsK8234A] c:\windows\system32\v7fRL9gTXjCkVzN.exe
mRun: [volmgr] c:\windows\system32\config\systemprofile\appdata\local\volmgr.exe
dRun: [PbOVsnXuaBESx.exe] c:\programdata\PbOVsnXuaBESx.exe
dRun: [jWqESRYNHMTQic.exe] c:\programdata\jWqESRYNHMTQic.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10b.exe
StartupFolder: c:\users\angel\appdata\roaming\microsoft\windows\start menu\programs\startup\inuv.exe
StartupFolder: c:\users\angel\appdata\roaming\microsoft\windows\start menu\programs\startup\leofeg.exe
StartupFolder: c:\users\angel\appdata\roaming\microsoft\windows\start menu\programs\startup\orja.exe
StartupFolder: c:\users\angel\appdata\roaming\microsoft\windows\start menu\programs\startup\ufito.exe
StartupFolder: c:\users\angel\appdata\roaming\microsoft\windows\start menu\programs\startup\ugjeqe.exe
StartupFolder: c:\users\angel\appdata\roaming\microsoft\windows\start menu\programs\startup\xawoob.exe
StartupFolder: c:\users\angel\appdata\roaming\microsoft\windows\start menu\programs\startup\ybsi.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi.com/About.ps?l=6&t=nzH3qZASY
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - c:\program files\minibar\MinibarButton.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Dream%20Day%20Wedding%20-%20Viva%20Las%20Vegas/Images/stg_drm.ocx
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/IWONBarInitialSetup1.0.1.1.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Annie's%20Millions/Images/armhelper.ocx
TCP: DhcpNameServer = 68.87.73.246 68.87.71.230
TCP: Interfaces\{83F89022-EC82-49C0-8651-02A4A2BFBFCA} : DhcpNameServer = 68.87.73.246 68.87.71.230
Notify: mdhcp32 - mdhcp32.dll
Hosts: 95.64.61.132 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R1 nnfwdk;Nielsen WFP Driver;c:\program files\netratingsnetsight\netsight\meter5\nnfwdk.sys [2010-4-5 20560]
R2 BFE32;Base Filtering Engine ;c:\windows\system32\mssprxy32.exe [2011-6-13 774656]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-8-2 266240]
R2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2007-10-10 24576]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-10-3 1153368]
S1 xgpoaurp;xgpoaurp;c:\windows\system32\drivers\xgpoaurp.sys [2011-10-3 41680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_3232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\encapi32.exe [2011-9-30 774656]
S2 FontCache3.0.0.032;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\odbc32gt32.exe [2011-9-30 774656]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-3 136176]
S2 RasAuto32;Remote Access Auto Connection Manager ;c:\programdata\nvdispsr32.exe [2011-9-30 774656]
S2 RpcLocator32;Remote Procedure Call (RPC) Locator ;c:\programdata\D3DCompiler_3732.exe [2011-9-29 774656]
S2 WinHttpAutoProxySvc32;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\D3DCompiler_3432.exe [2011-9-30 774656]
S2 WPDBusEnum32;Portable Device Enumerator Service ;c:\programdata\odexl3232.exe [2011-9-29 774656]
S2 WPFFontCache_v040032;Windows Presentation Foundation Font Cache 4.0.0.0 ;c:\programdata\AudioSes32.exe [2011-9-29 774656]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-5-17 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-3 136176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
SUnknown woijphco;woijphco; [x]
.
=============== Created Last 30 ================
.
2011-10-03 19:32:21 41680 ----a-w- c:\windows\system32\drivers\xgpoaurp.sys
2011-10-03 18:43:14 -------- d-sh--w- c:\windows\%APPDATA%
2011-10-03 18:43:01 -------- d-s---w- \32788R22FWJFW
2011-10-03 18:16:35 0 ---ha-w- c:\windows\mfsgibuvtb.tmp
2011-10-03 18:11:30 -------- d-----w- c:\windows\system32\PlIBtzPNyAuDoFp
2011-10-03 18:11:29 -------- d-----w- C:\TnF4amH5sJdLgZh
2011-10-03 18:11:29 -------- d-----w- \TnF4amH5sJdLgZh
2011-10-03 18:00:22 -------- d-----w- c:\windows\system32\aA0uvS2ib3n5Q6W
2011-10-03 18:00:22 -------- d-----w- C:\cdWK8fRL9TqU
2011-10-03 18:00:22 -------- d-----w- \cdWK8fRL9TqU
2011-10-03 17:14:41 456192 ---ha-w- c:\programdata\jWqESRYNHMTQic.exe
2011-10-03 17:09:09 41272 ---ha-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-03 17:09:01 -------- d--h--w- C:\Malwarebytes
2011-10-03 17:09:01 -------- d--h--w- \Malwarebytes
2011-10-03 17:08:52 -------- d--h--w- c:\programdata\Malwarebytes
2011-10-03 17:08:49 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
2011-10-02 23:01:10 120832 ----a-w- c:\windows\system32\beep.sys
2011-10-02 23:00:54 462336 ---ha-w- c:\programdata\PbOVsnXuaBESx.exe
2011-10-02 22:48:14 56200 ---ha-w- c:\programdata\microsoft\windows defender\definition updates\{3ceb4509-9796-4397-81e7-5a28a32686ee}\offreg.dll
2011-10-02 22:48:12 7269712 ---ha-w- c:\programdata\microsoft\windows defender\definition updates\{3ceb4509-9796-4397-81e7-5a28a32686ee}\mpengine.dll
2011-10-02 06:06:46 -------- d--h--w- C:\hnnF4pmH5J7E
2011-10-02 06:06:46 -------- d--h--w- \hnnF4pmH5J7E
2011-10-02 06:06:24 -------- d--h--w- C:\HK7fLL9gTXq
2011-10-02 06:06:24 -------- d--h--w- \HK7fLL9gTXq
2011-10-02 06:05:05 -------- d--h--w- c:\windows\system32\CwjjUClIBzPxv2
2011-10-02 06:05:05 -------- d--h--w- C:\hUeIBzzPy1uFQJf
2011-10-02 06:05:05 -------- d--h--w- \hUeIBzzPy1uFQJf
2011-10-02 06:05:04 -------- d--h--w- C:\yLZkBy1DmsLYePA
2011-10-02 06:05:04 -------- d--h--w- c:\windows\system32\AgYVBy1DmsLYePA
2011-10-02 06:05:04 -------- d--h--w- \yLZkBy1DmsLYePA
2011-10-02 06:05:03 -------- d--h--w- C:\Rz5U0QgV2a7qr03
2011-10-02 06:05:03 -------- d--h--w- C:\NS47ZI0347gYrBy
2011-10-02 06:05:03 -------- d--h--w- C:\f9V2a7qr03
2011-10-02 06:05:03 -------- d--h--w- \Rz5U0QgV2a7qr03
2011-10-02 06:05:03 -------- d--h--w- \NS47ZI0347gYrBy
2011-10-02 06:05:03 -------- d--h--w- \f9V2a7qr03
2011-10-02 03:47:00 -------- d--h--w- c:\windows\system32\yG5sQJ6dK9T
2011-10-02 03:47:00 -------- d--h--w- C:\ivD2obF4pGsJdK9
2011-10-02 03:47:00 -------- d--h--w- \ivD2obF4pGsJdK9
2011-10-02 03:46:59 -------- d--h--w- C:\EBcvD2obFp
2011-10-02 03:46:59 -------- d--h--w- \EBcvD2obFp
2011-10-02 03:46:55 -------- d--h--w- C:\yV2aElnTO3qzF7h
2011-10-02 03:46:55 -------- d--h--w- c:\windows\system32\mzF7hBumKw
2011-10-02 03:46:55 -------- d--h--w- \yV2aElnTO3qzF7h
2011-10-02 03:46:54 -------- d--h--w- C:\Qgz2aElnTO3
2011-10-02 03:46:54 -------- d--h--w- \Qgz2aElnTO3
2011-10-02 03:46:46 -------- d--h--w- c:\windows\system32\eGVD8BFRzp91de5
2011-10-02 03:46:42 -------- d--h--w- C:\upY2KcQCF9ya
2011-10-02 03:46:42 -------- d--h--w- \upY2KcQCF9ya
2011-10-02 00:12:19 -------- d--h--w- c:\windows\system32\btAcS2ibDpQ6WfT
2011-10-02 00:12:19 -------- d--h--w- C:\s2ibD3pnQ6WfTrN
2011-10-02 00:12:19 -------- d--h--w- \s2ibD3pnQ6WfTrN
2011-10-02 00:12:18 -------- d--h--w- C:\TahINvi57gjztc2
2011-10-02 00:12:18 -------- d--h--w- C:\eXzFdUrNvi57gj
2011-10-02 00:12:18 -------- d--h--w- \TahINvi57gjztc2
2011-10-02 00:12:18 -------- d--h--w- \eXzFdUrNvi57gj
2011-10-02 00:04:22 -------- d--h--w- c:\windows\system32\xfRL9gjzxuSbn6j
2011-10-02 00:04:22 -------- d--h--w- C:\m8I03GH6dKfLgjt
2011-10-02 00:04:22 -------- d--h--w- \m8I03GH6dKfLgjt
2011-10-02 00:04:21 -------- d--h--w- C:\voF3pma8Iu3GHdK
2011-10-02 00:04:21 -------- d--h--w- C:\f3pma8I03GHdKfL
2011-10-02 00:04:21 -------- d--h--w- C:\B3pma8I03GHdKfL
2011-10-02 00:04:21 -------- d--h--w- \voF3pma8Iu3GHdK
2011-10-02 00:04:21 -------- d--h--w- \f3pma8I03GHdKfL
2011-10-02 00:04:21 -------- d--h--w- \B3pma8I03GHdKfL
2011-10-01 18:59:28 -------- d--h--w- c:\windows\system32\hK8fRRZhhwUeIBz
2011-10-01 18:59:28 -------- d--h--w- c:\windows\system32\GDDD2o4GsQ
2011-10-01 18:59:28 -------- d--h--w- C:\QVVeeIzy1D24GsJ
2011-10-01 18:59:28 -------- d--h--w- C:\QUVVeIzy1D24GsJ
2011-10-01 18:59:28 -------- d--h--w- C:\d9jUVeIzy
2011-10-01 18:59:28 -------- d--h--w- C:\cpEYUVeIzyuD
2011-10-01 18:59:28 -------- d--h--w- C:\aUVVeIzy1D24GsJ
2011-10-01 18:59:28 -------- d--h--w- \QVVeeIzy1D24GsJ
2011-10-01 18:59:28 -------- d--h--w- \QUVVeIzy1D24GsJ
2011-10-01 18:59:28 -------- d--h--w- \d9jUVeIzy
2011-10-01 18:59:28 -------- d--h--w- \cpEYUVeIzyuD
2011-10-01 18:59:28 -------- d--h--w- \aUVVeIzy1D24GsJ
2011-10-01 18:39:53 -------- d--h--w- C:\K2obF3pmGaJdKfL
2011-10-01 18:39:53 -------- d--h--w- \K2obF3pmGaJdKfL
2011-10-01 18:38:50 -------- d--h--w- C:\qJ6dEK8fR9Tw
2011-10-01 18:38:50 -------- d--h--w- \qJ6dEK8fR9Tw
2011-10-01 18:01:08 -------- d--h--w- C:\SoF4pmG5sJdKf
2011-10-01 18:01:08 -------- d--h--w- \SoF4pmG5sJdKf
2011-10-01 17:59:08 -------- d--h--w- C:\cQHf9gTXqYeI
2011-10-01 17:59:08 -------- d--h--w- \cQHf9gTXqYeI
2011-10-01 17:57:08 -------- d--h--w- C:\cZqjYCwkIrOt
2011-10-01 17:57:08 -------- d--h--w- \cZqjYCwkIrOt
2011-10-01 17:55:08 -------- d--h--w- C:\UPci2F4H5Q7E8R
2011-10-01 17:55:08 -------- d--h--w- \UPci2F4H5Q7E8R
2011-10-01 17:53:08 -------- d--h--w- C:\oQd8L9hTXjCkBzN
2011-10-01 17:53:08 -------- d--h--w- \oQd8L9hTXjCkBzN
2011-10-01 17:51:08 -------- d--h--w- C:\JNtxP0ucS
2011-10-01 17:51:08 -------- d--h--w- \JNtxP0ucS
2011-10-01 17:49:08 -------- d--h--w- C:\hAvo4pmH5Q7KgZh
2011-10-01 17:49:08 -------- d--h--w- \hAvo4pmH5Q7KgZh
2011-10-01 17:47:08 -------- d--h--w- C:\m9hTXqjUCkBzNx0
2011-10-01 17:47:08 -------- d--h--w- \m9hTXqjUCkBzNx0
2011-10-01 17:45:08 -------- d--h--w- C:\UucS1ibD3n4m6W7
2011-10-01 17:45:08 -------- d--h--w- \UucS1ibD3n4m6W7
2011-10-01 17:44:24 -------- d--h--w- C:\yfEL9gTZqYwrtP
2011-10-01 17:44:24 -------- d--h--w- \yfEL9gTZqYwrtP
2011-10-01 17:42:24 -------- d--h--w- C:\fUBtzP0yc1
2011-10-01 17:42:24 -------- d--h--w- \fUBtzP0yc1
2011-10-01 17:41:39 -------- d--h--w- C:\rIVrlONtx0c1
2011-10-01 17:41:39 -------- d--h--w- \rIVrlONtx0c1
2011-10-01 17:39:54 -------- d--h--w- C:\zmG5sQJ6dZ
2011-10-01 17:39:54 -------- d--h--w- \zmG5sQJ6dZ
2011-10-01 17:38:41 -------- d--h--w- C:\Nc1vD2obFp5
2011-10-01 17:38:41 -------- d--h--w- \Nc1vD2obFp5
2011-10-01 17:38:02 -------- d--h--w- C:\ytzP0ycA1v2n4m5
2011-10-01 17:38:02 -------- d--h--w- \ytzP0ycA1v2n4m5
2011-10-01 17:36:37 -------- d--h--w- C:\W4QH6sWK7E9TqYw
2011-10-01 17:36:37 -------- d--h--w- \W4QH6sWK7E9TqYw
2011-10-01 17:36:07 -------- d--h--w- C:\rdWfRL9hTqUeIrO
2011-10-01 17:36:07 -------- d--h--w- \rdWfRL9hTqUeIrO
2011-10-01 17:35:49 -------- d--h--w- C:\eG4aQH6sW7E9TqY
2011-10-01 17:35:49 -------- d--h--w- \eG4aQH6sW7E9TqY
2011-10-01 17:35:25 -------- d--h--w- C:\Z4a6sWJ7f
2011-10-01 17:35:25 -------- d--h--w- \Z4a6sWJ7f
2011-10-01 17:34:20 -------- d--h--w- C:\Wb3pmG5aQ6KfLhX
2011-10-01 17:34:20 -------- d--h--w- \Wb3pmG5aQ6KfLhX
2011-10-01 17:33:43 -------- d--h--w- C:\D8gTZqhYCkVlBx
2011-10-01 17:33:43 -------- d--h--w- \D8gTZqhYCkVlBx
2011-10-01 17:31:43 -------- d--h--w- C:\tsQdEK8gR9YwU
2011-10-01 17:31:43 -------- d--h--w- \tsQdEK8gR9YwU
2011-10-01 17:29:43 -------- d--h--w- C:\maJ6dWK8fLhXjCk
2011-10-01 17:29:43 -------- d--h--w- \maJ6dWK8fLhXjCk
2011-10-01 17:27:43 -------- d--h--w- C:\tNtx0ucS1b3n4
2011-10-01 17:27:43 -------- d--h--w- \tNtx0ucS1b3n4
2011-10-01 17:25:48 -------- d--h--w- C:\wfRZ9hTXwUeIrPy
2011-10-01 17:25:48 -------- d--h--w- \wfRZ9hTXwUeIrPy
2011-10-01 17:23:47 -------- d--h--w- C:\BZhTXwUCeI
2011-10-01 17:23:47 -------- d--h--w- \BZhTXwUCeI
2011-10-01 17:21:42 -------- d--h--w- C:\YWK7fEL9gZjCkVl
2011-10-01 17:21:42 -------- d--h--w- \YWK7fEL9gZjCkVl
2011-10-01 17:19:42 -------- d--h--w- C:\iUVrlOBtx0
2011-10-01 17:19:42 -------- d--h--w- \iUVrlOBtx0
2011-10-01 17:17:42 -------- d--h--w- C:\OobF4pm5sJdKf
2011-10-01 17:17:42 -------- d--h--w- \OobF4pm5sJdKf
2011-10-01 17:15:45 -------- d--h--w- C:\CpJYeBPcu2Fms6K
2011-10-01 17:15:45 -------- d--h--w- \CpJYeBPcu2Fms6K
2011-10-01 14:32:46 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-01 02:47:15 151428 ---ha-w- c:\windows\system32\0.16669892600060865.exe
2011-10-01 02:46:49 74047 ---ha-w- c:\windows\system32\0.8220740449271278.exe
2011-10-01 02:42:47 116388 ---ha-w- c:\windows\system32\0.4339913243723872.exe
2011-10-01 00:45:01 -------- d--h--w- c:\windows\system32\ogTZqhYCwUrOtPy
2011-10-01 00:45:01 -------- d--h--w- C:\rxS1bDonGaHsJfL
2011-10-01 00:45:01 -------- d--h--w- \rxS1bDonGaHsJfL
2011-10-01 00:44:57 -------- d--h--w- c:\windows\system32\jrtyioms7LRhwVz
2011-10-01 00:44:56 -------- d--h--w- C:\XGsLjOPa7Z
2011-10-01 00:44:56 -------- d--h--w- \XGsLjOPa7Z
2011-10-01 00:44:50 -------- d--h--w- c:\windows\system32\YbpJE9XUlNvp69U
2011-10-01 00:44:48 -------- d--h--w- C:\z8wzci2FmsdghVB
2011-10-01 00:44:48 -------- d--h--w- c:\windows\system32\Vmm8wzci2Fms
2011-10-01 00:44:48 -------- d--h--w- C:\Uci2FmsdghVByub
2011-10-01 00:44:48 -------- d--h--w- \z8wzci2FmsdghVB
2011-10-01 00:44:48 -------- d--h--w- \Uci2FmsdghVByub
2011-10-01 00:44:46 -------- d--h--w- C:\JI05XN37w
2011-10-01 00:44:46 -------- d--h--w- \JI05XN37w
2011-09-30 23:40:09 774656 ---ha-w- c:\programdata\nvconrm32.exe
2011-09-30 16:37:06 774656 ---ha-w- c:\programdata\D3DCompiler_3432.exe
2011-09-30 10:39:16 774656 ---ha-w- c:\programdata\odbc32gt32.exe
2011-09-30 10:35:40 372224 ---ha-w- c:\windows\system32\0.9064534295463701.exe
2011-09-30 10:35:25 372224 ---ha-w- c:\windows\system32\0.35004438925785364.exe
2011-09-30 10:06:59 774656 ---ha-w- c:\programdata\encapi32.exe
2011-09-30 10:02:19 49152 ---ha-w- c:\windows\system32\sname
2011-09-30 10:02:18 26624 ---ha-w- c:\windows\system32\dll.dll
2011-09-30 10:02:11 295042 ---ha-w- c:\windows\system32\shimg.dll
2011-09-30 10:02:08 49152 ---ha-w- c:\windows\system32\mdhcp32.dll
2011-09-30 10:01:56 372224 ---ha-w- c:\windows\system32\0.10384634602273934.exe
2011-09-30 08:36:41 -------- d--h--w- c:\program files\Minibar
2011-09-30 08:36:34 -------- d--h--w- c:\programdata\Babylon
2011-09-30 08:36:30 2413568 ---ha-w- c:\windows\system32\JJ6dWK8fR9TqUeI.exe
2011-09-30 08:36:28 -------- d--h--w- c:\program files\PriceGong
2011-09-30 08:12:42 -------- d--h--w- c:\windows\system32\k8gTZqhYCkVlBx
2011-09-30 08:12:42 -------- d--h--w- C:\NQH6ONtxPuoG67E
2011-09-30 08:12:42 -------- d--h--w- \NQH6ONtxPuoG67E
2011-09-30 08:12:37 -------- d--h--w- c:\windows\system32\S0234W9ZYkrN0
2011-09-30 08:12:36 -------- d--h--w- C:\az1b5W9UrAbaKgC
2011-09-30 08:12:36 -------- d--h--w- \az1b5W9UrAbaKgC
2011-09-30 08:12:00 774656 ---ha-w- c:\programdata\nvdispsr32.exe
2011-09-30 08:06:43 -------- d--h--w- C:\XsQJ6dEK8RUeByA
2011-09-30 08:06:43 -------- d--h--w- c:\windows\system32\KvS2ibF3pGaHd7R
2011-09-30 08:06:43 -------- d--h--w- \XsQJ6dEK8RUeByA
2011-09-30 08:06:40 -------- d--h--w- c:\windows\system32\Cci3Gms7LhwVOxy
2011-09-30 08:06:40 -------- d--h--w- C:\EAcbp4HWf9ZYkrN
2011-09-30 08:06:40 -------- d--h--w- \EAcbp4HWf9ZYkrN
2011-09-30 08:01:44 -------- d--h--w- C:\YELgRZqhYwUlBz0
2011-09-30 08:01:44 -------- d--h--w- c:\windows\system32\RD2onF4pm5Q7E8R
2011-09-30 08:01:44 -------- d--h--w- \YELgRZqhYwUlBz0
2011-09-30 08:01:40 -------- d--h--w- c:\windows\system32\RvD2onFms8hXjVl
2011-09-30 08:01:39 -------- d--h--w- C:\xELRZqhwUeBz0c1
2011-09-30 08:01:39 -------- d--h--w- \xELRZqhwUeBz0c1
2011-09-30 08:01:24 -------- d--h--w- C:\CyberLink DVD Suite
2011-09-30 08:01:24 -------- d--h--w- \CyberLink DVD Suite
2011-09-30 03:34:54 28160 ---ha-w- c:\windows\system32\0.593926100061704.exe
2011-09-30 02:26:27 -------- d--h--w- C:\ptzP0ycA1v2n
2011-09-30 02:26:27 -------- d--h--w- \ptzP0ycA1v2n
2011-09-30 02:22:59 774656 ---ha-w- c:\programdata\D3DCompiler_3732.exe
2011-09-29 21:35:37 -------- d--h--w- C:\Ys7LThwVOvnd8ZY
2011-09-29 21:35:37 -------- d--h--w- c:\windows\system32\TVelOBtzP
2011-09-29 21:35:37 -------- d--h--w- \Ys7LThwVOvnd8ZY
2011-09-29 21:35:09 774656 ---ha-w- c:\programdata\odexl3232.exe
2011-09-29 16:12:32 -------- d--h--w- c:\windows\system32\aoobbF44pm5sQ
2011-09-29 16:12:32 -------- d--h--w- C:\lAA11uvvD
2011-09-29 16:12:32 -------- d--h--w- \lAA11uvvD
2011-09-29 16:12:24 -------- d--h--w- C:\IUeyvb3maJWf9XU
2011-09-29 16:12:24 -------- d--h--w- \IUeyvb3maJWf9XU
2011-09-29 15:16:10 774656 ---ha-w- c:\programdata\AudioSes32.exe
2011-09-29 14:07:51 -------- d-sh--w- C:\found.007
2011-09-29 14:07:51 -------- d-sh--w- \found.007
2011-09-22 22:03:08 -------- d--h--w- C:\Downloads
2011-09-22 22:03:08 -------- d--h--w- \Downloads
2011-09-22 22:03:06 -------- d--h--w- c:\windows\system32\BitComet
2011-09-22 22:02:52 -------- d--h--w- c:\program files\BitComet
2011-09-18 16:47:22 -------- d--h--w- c:\programdata\1626A
2011-09-15 13:01:52 -------- d--h--w- c:\programdata\3429A
.
==================== Find3M ====================
.
2011-10-03 01:01:01 120832 ----a-w- c:\windows\system32\drivers\beep.sys
.
============= FINISH: 13:17:47.79 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 10/10/2007 3:06:01 AM
System Uptime: 10/3/2011 11:14:48 AM (2 hours ago)
.
Motherboard: eMachines | | WMCP61M
Processor: AMD Athlon™ Processor 2650e | Socket AM2 | 1600/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 66 GiB total, 13.118 GiB free.
D: is FIXED (NTFS) - 67 GiB total, 66.442 GiB free.
F: is CDROM ()
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #8
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0014
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #9
PNP Device ID: ROOT\*6TO4MP\0014
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0020
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #12
PNP Device ID: ROOT\*6TO4MP\0020
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0024
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #14
PNP Device ID: ROOT\*6TO4MP\0024
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0025
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #15
PNP Device ID: ROOT\*6TO4MP\0025
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0026
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #16
PNP Device ID: ROOT\*6TO4MP\0026
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0027
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #17
PNP Device ID: ROOT\*6TO4MP\0027
Service: tunnel
.
==== System Restore Points ===================
.
RP994: 9/23/2011 1:57:09 AM - Windows Update
RP995: 9/23/2011 1:47:24 PM - Removed Ask Toolbar.
RP996: 9/27/2011 1:56:18 AM - Windows Update
RP999: 10/2/2011 3:47:45 PM - Windows Update
RP1001: 10/2/2011 4:18:06 PM - Windows Defender Checkpoint
RP1003: 10/2/2011 5:33:28 PM - Windows Defender Checkpoint
RP1004: 10/3/2011 9:22:36 AM - Removed NetAssistant
RP1006: 10/3/2011 11:05:24 AM - Windows Defender Checkpoint
RP1008: 10/3/2011 12:32:00 PM - Windows Defender Checkpoint
.
==== Installed Programs ======================
.
3DVIA player 5.0
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Adobe Shockwave Player 11.5
Agere Systems PCI-SV92EX Soft Modem
Apple Software Update
Ask Toolbar
Comcast High-Speed Internet Install Wizard
Cooking Dash - DinerTown Studios
CyberLink DVD Suite
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDVD
eMachines Games
eMachines Recovery Management
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iWin Toolbar
Java™ 6 Update 13
Jessicas Cupcake Cafe
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Corporation
Microsoft IntelliPoint 6.3
Microsoft Office Word Viewer 2003
Microsoft Search Enhancement Pack
Microsoft Works
MSVCRT
NetAssistant
Nielsen//NetRatings
Norton Security Scan
NVIDIA Drivers
Profitville
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Slingo Mystery - Whos Gold
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Tourist Trap - Build the Nation's Greatest Vacations!
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Toolbar
Windows Live Writer
Windows Media Player Firefox Plugin
.
==== End Of File ===========================

Edited by boopme, 03 October 2011 - 03:32 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:45 AM

Posted 08 October 2011 - 08:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Your HOSTS file has been compromised.
RESTORE ORIGINAL HOSTS FILE.

Go to: http://www.funkytoad.com/index.php?option=com_content&task=view&id=13&Itemid=
Download the program HostsXpert to restore the default hosts file back onto your machine.
Unzip the program and execute it.
Select
"Restore MS Hosts File".
Close the application.
=*=

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

===

Run the DDS tool again and post the log.
Include the ComboFix log.

Please let me know what problem persists.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:45 AM

Posted 13 October 2011 - 07:14 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users