Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect and just in time debuggin window popping up


  • Please log in to reply
3 replies to this topic

#1 celtics1

celtics1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 30 October 2011 - 09:45 PM

Each time I search on google I get redirected to websites with random links. I also have been getting the just in time debugging screen that pops up every few seconds. I run windows XP pro and Internet Explorer (8) I believe?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:48 PM

Posted 31 October 2011 - 04:16 PM

Hello and welcome.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 celtics1

celtics1
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 31 October 2011 - 08:51 PM

Here are the logs

Mini Tool Box Results

MiniToolBox by Farbar
Ran by Student (administrator) on 31-10-2011 at 20:06:13
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

192.168.0.111 HP0016354D9235

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : DSS-3DHP7B1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
Physical Address. . . . . . . . . : 00-15-C5-3F-35-90

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1490 Dual Band WLAN Mini-Card
Physical Address. . . . . . . . . : 00-16-CE-69-67-50
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
Lease Obtained. . . . . . . . . . : Monday, October 31, 2011 8:02:42 PM
Lease Expires . . . . . . . . . . : Tuesday, November 01, 2011 8:02:42 PM
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 173.194.64.103, 173.194.64.99, 173.194.64.104, 173.194.64.105
173.194.64.147, 173.194.64.106


Pinging google.com [173.194.64.103] with 32 bytes of data:

Reply from 173.194.64.103: bytes=32 time=43ms TTL=46
Reply from 173.194.64.103: bytes=32 time=45ms TTL=46

Ping statistics for 173.194.64.103:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 43ms, Maximum = 45ms, Average = 44ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 67.195.160.76, 72.30.2.43, 98.137.149.56, 98.139.180.149
209.191.122.70


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:

Reply from 98.137.149.56: bytes=32 time=81ms TTL=51
Request timed out.

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 81ms, Maximum = 81ms, Average = 81ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 15 c5 3f 35 90 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
0x3 ...00 16 ce 69 67 50 ...... Dell Wireless 1490 Dual Band WLAN Mini-Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.3 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.3 192.168.1.3 30
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 25
192.168.1.3 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 25
224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 25
255.255.255.255 255.255.255.255 192.168.1.3 2 1
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Catalog5 05 C:\Windows\system32\wshbth.dll [108032] (Microsoft Corporation)
Catalog9 01 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 02 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 03 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 32 C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll [329688] (PC Tools Research Pty Ltd.)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/31/2011 08:02:54 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Threat: Trojan.Maljava in File: C:\DOCUME~1\ALLUSE~1\APPLIC~1\SYMANTEC\SYMANT~1\7.5\APTEMP\APQA4B.TMP by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.

Error: (10/31/2011 08:02:53 PM) (Source: Symantec AntiVirus) (User: )
Description: Threat Found!Threat: Trojan.Maljava in File: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQA4B.tmp by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.

Error: (10/31/2011 08:02:53 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Threat: Trojan.Maljava in File: C:\DOCUME~1\ALLUSE~1\APPLIC~1\SYMANTEC\SYMANT~1\7.5\APTEMP\APQA4B.TMP by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description: The file was deleted successfully.

Error: (10/30/2011 07:37:09 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Threat: Trojan.Gen in File: C:\DOCUME~1\ALLUSE~1\APPLIC~1\SYMANTEC\SYMANT~1\7.5\APTEMP\APQ9F4.TMP by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Error: (10/30/2011 07:36:19 PM) (Source: Symantec AntiVirus) (User: )
Description: Threat Found!Threat: Trojan.Maljava in File: by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description: The file was repaired successfully.

Error: (10/30/2011 07:36:18 PM) (Source: Symantec AntiVirus) (User: )
Description: Threat Found!Threat: Trojan.Maljava in File: by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description: The file was repaired successfully.

Error: (10/30/2011 07:36:15 PM) (Source: Symantec AntiVirus) (User: )
Description: Threat Found!Threat: Trojan.Gen in File: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQ9F3.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (10/30/2011 07:36:14 PM) (Source: Symantec AntiVirus) (User: )
Description: Threat Found!Threat: Trojan.Gen in File: by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (10/30/2011 07:28:14 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Threat: Trojan.Maljava in File: C:\DOCUME~1\ALLUSE~1\APPLIC~1\SYMANTEC\SYMANT~1\7.5\APTEMP\APQA2D.TMP by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.

Error: (10/30/2011 07:28:12 PM) (Source: Symantec AntiVirus) (User: )
Description: Threat Found!Threat: Trojan.Maljava in File: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQA2D.tmp by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.


System errors:
=============
Error: (10/31/2011 08:02:43 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\MFC80.DLL.
Reference error message: The operation completed successfully.
.

Error: (10/31/2011 08:02:43 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (10/31/2011 08:02:43 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (10/29/2011 04:17:01 PM) (Source: DCOM) (User: Student)
Description: The server {D40DAF26-8F39-4430-97B9-D3E1A42426C8} did not register with DCOM within the required timeout.

Error: (10/29/2011 02:13:33 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/29/2011 02:12:23 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
eeCtrl
Fips
intelppm
OMCI
SAVRT
SAVRTPEL
SYMTDI

Error: (10/29/2011 02:11:23 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/29/2011 01:09:53 PM) (Source: Service Control Manager) (User: )
Description: The iPodService service failed to start due to the following error:
%%1053

Error: (10/29/2011 01:09:53 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the iPodService service to connect.

Error: (10/29/2011 01:09:41 PM) (Source: DCOM) (User: Student)
Description: DCOM got error "%%1053" attempting to start the service iPodService with arguments "-Service"
in order to run the server:
{7A7FB085-6068-4898-8CCA-480A9187277C}


Microsoft Office Sessions:
=========================
Error: (10/31/2011 08:02:54 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Threat: Trojan.Maljava in File: C:\DOCUME~1\ALLUSE~1\APPLIC~1\SYMANTEC\SYMANT~1\7.5\APTEMP\APQA4B.TMP by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.

Error: (10/31/2011 08:02:53 PM) (Source: Symantec AntiVirus)(User: )
Description: Threat Found!Threat: Trojan.Maljava in File: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQA4B.tmp by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.

Error: (10/31/2011 08:02:53 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Threat: Trojan.Maljava in File: C:\DOCUME~1\ALLUSE~1\APPLIC~1\SYMANTEC\SYMANT~1\7.5\APTEMP\APQA4B.TMP by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description: The file was deleted successfully.

Error: (10/30/2011 07:37:09 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Threat: Trojan.Gen in File: C:\DOCUME~1\ALLUSE~1\APPLIC~1\SYMANTEC\SYMANT~1\7.5\APTEMP\APQ9F4.TMP by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Error: (10/30/2011 07:36:19 PM) (Source: Symantec AntiVirus)(User: )
Description: Threat Found!Threat: Trojan.Maljava in File: by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description: The file was repaired successfully.

Error: (10/30/2011 07:36:18 PM) (Source: Symantec AntiVirus)(User: )
Description: Threat Found!Threat: Trojan.Maljava in File: by: Auto-Protect scan. Action: Clean succeeded : Access allowed. Action Description: The file was repaired successfully.

Error: (10/30/2011 07:36:15 PM) (Source: Symantec AntiVirus)(User: )
Description: Threat Found!Threat: Trojan.Gen in File: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQ9F3.tmp by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (10/30/2011 07:36:14 PM) (Source: Symantec AntiVirus)(User: )
Description: Threat Found!Threat: Trojan.Gen in File: by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description: The file was quarantined successfully.

Error: (10/30/2011 07:28:14 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Threat: Trojan.Maljava in File: C:\DOCUME~1\ALLUSE~1\APPLIC~1\SYMANTEC\SYMANT~1\7.5\APTEMP\APQA2D.TMP by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.

Error: (10/30/2011 07:28:12 PM) (Source: Symantec AntiVirus)(User: )
Description: Threat Found!Threat: Trojan.Maljava in File: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\APQA2D.tmp by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.


=========================== Installed Programs ============================

6300 (Version: 51.0.230.000)
6300_Help (Version: 51.0.230.000)
6300Trb (Version: 51.0.230.000)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Ad-Aware (Version: 9.6.0)
Ad-Aware Security Toolbar (Version: 0.9.1.4)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Reader 9 (Version: 9.0.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
AiO_Scan_CDA (Version: 51.0.230.000)
AiOSoftwareNPI (Version: 51.0.230.000)
ALPS Touch Pad Driver
AXIS Media Control Embedded
Bluetooth® Wireless Technology Synchronization Plug-in (Version: 1.00.0000)
Bonjour Core for Windows (Version: 1.0.3)
Broadcom Gigabit Integrated Controller (Version: 8.22.11)
BufferChm (Version: 61.0.163.000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conexant HDA D110 MDC V.92 Modem
CP_AtenaShokunin1Config (Version: 61.0.163.000)
CP_CalendarTemplates1 (Version: 61.0.163.000)
cp_OnlineProjectsConfig (Version: 61.0.163.000)
CP_Package_Basic1 (Version: 61.0.163.000)
CP_Package_Variety1 (Version: 61.0.163.000)
CP_Package_Variety2 (Version: 61.0.163.000)
CP_Package_Variety3 (Version: 61.0.163.000)
CP_Panorama1Config (Version: 61.0.163.000)
cp_PosterPrintConfig (Version: 61.0.163.000)
CueTour (Version: 61.0.163.000)
CustomerResearchQFolder (Version: 1.00.0000)
Dell Mobile Broadband Card Utility (Version: 2.01.06.26)
Dell ResourceCD
Dell Wireless WLAN Card (Version: 4.10.47.3)
Destinations (Version: 61.0.163.000)
DeviceFunctionQFolder (Version: 1.00.0000)
DeviceManagementQFolder (Version: 1.00.0000)
DocProc (Version: 6.0.0.0)
DocumentViewer (Version: 61.0.163.000)
DocumentViewerQFolder (Version: 1.00.0000)
Epocrates Essentials for Pocket PC
eSupportQFolder (Version: 1.00.0000)
Fax_CDA (Version: 51.0.230.000)
Foxit Reader
FullDPAppQFolder (Version: 1.00.0000)
Google Earth (Version: 4.1.7076.4458)
Goombah Partner COM Server (Version: 1.0.2.0)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HP Document Viewer 6.1 (Version: 6.1)
HP Extended Capabilities 6.1 (Version: 6.1)
HP Imaging Device Functions 6.1 (Version: 6.1)
HP Photosmart Premier Software 6.1 (Version: 6.1)
HP Product Assistant (Version: 100.000.001.000)
HP PSC & OfficeJet 6.1.A
HP Solution Center and Imaging Support Tools 6.1 (Version: 6.1)
HP Update (Version: 5.002.005.003)
HPProductAssistant (Version: 61.0.163.000)
InstantShareDevices (Version: 61.0.163.000)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4446)
iTunes (Version: 6.0.4.2)
J2SE Runtime Environment 5.0 Update 10 (Version: 1.5.0.100)
J2SE Runtime Environment 5.0 Update 11 (Version: 1.5.0.110)
J2SE Runtime Environment 5.0 Update 9 (Version: 1.5.0.90)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 4 (Version: 1.6.0.40)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
Lexi-CALC (Version: 1.0.12)
Lexi-CALC Calculations (Step 2) (Version: 1.0.8)
Lexi-Comp Interact Reader (remove only)
Lexi-Comp Reader (remove only)
LiveUpdate 2.6 (Symantec Corporation) (Version: 2.6.18.0)
MarketResearch (Version: 61.0.163.000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft ActiveSync (Version: 4.5.5096.0)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Reader for Pocket PC
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Mobipocket Reader 6.2 (Version: 6.2.608)
Mozilla Firefox (1.5) (Version: 1.5 (en-US))
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NewCopy_CDA (Version: 51.0.230.000)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenOffice.org 2.4 (Version: 2.4.9286)
OZ776 SCR CardBus Windows Driver (Version: 0.0.0.1)
PanoStandAlone (Version: 61.0.163.000)
PhotoGallery (Version: 61.0.163.000)
PowerDVD 5.7
ProductContextNPI (Version: 51.0.230.000)
Questionmark Secure Browser (Version: 4.2.4.0)
QuickTime (Version: 7.1)
RandMap (Version: 61.0.163.000)
Readme (Version: 51.0.230.000)
RealPlayer
Roxio DLA (Version: 5.2.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio RecordNow Audio (Version: 2.0.4)
Roxio RecordNow Copy (Version: 2.0.4)
Roxio RecordNow Data (Version: 2.0.4)
Ruckus Player (Version: 3.6.1.14608)
Scan (Version: 6.0.0.0)
ScannerCopy (Version: 6.0.0.0)
SigmaTel Audio (Version: 5.10.4600.0)
SkinsHP1 (Version: 61.0.163.000)
SolutionCenter (Version: 61.0.163.000)
Sonic Update Manager (Version: 3.0.0)
Sonic_PrimoSDK (Version: 61.0.163.000)
Spyware Doctor 8.0 (Version: 8.0)
Status (Version: 70.0.170.000)
Symantec AntiVirus (Version: 10.0.2000.2)
Toolbox (Version: 61.0.163.000)
TrayApp (Version: 61.0.163.000)
Treo 700wx User Guide (Version: 1.00.0000)
Unload (Version: 6.0.0)
Veetle TV 0.9.16 (Version: 0.9.16)
VPN Client
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 61.0.163.000)
Windows Defender (Version: 1.1.1347.6)
Windows Defender Signatures (Version: 1.20.0.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.5.0530.0)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WiseFixer 3.2 (Version: 3.2)

========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 2038.11 MB
Available physical RAM: 997.89 MB
Total Pagefile: 3929.96 MB
Available Pagefile: 2879.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1992.96 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:93.07 GB) (Free:57.15 GB) NTFS

========================= Users: ========================================

User accounts for \\DSS-3DHP7B1

Administrator ASPNET cits
Guest HelpAssistant Student
SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini081106-01.dmp

**** End of log ****






Malwarebytes Log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8055

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

10/31/2011 8:47:56 PM
mbam-log-2011-10-31 (20-47-56).txt

Scan type: Quick scan
Objects scanned: 192614
Time elapsed: 32 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0D8FA586-3FDC-417D-B1E0-7D8E192DF608} (Trojan.SHarpro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D8FA586-3FDC-417D-B1E0-7D8E192DF608} (Trojan.SHarpro) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0D8FA586-3FDC-417D-B1E0-7D8E192DF608} (Trojan.SHarpro) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D8FA586-3FDC-417D-B1E0-7D8E192DF608} (Trojan.SHarpro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Student\local settings\Temp\thpm8686902738786468187.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully.
c:\documents and settings\Student\local settings\application data\securitywow64.dll (Trojan.SHarpro) -> Quarantined and deleted successfully.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:48 PM

Posted 31 October 2011 - 10:07 PM

I take it you still redirect,

We have some work to do.

Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?


Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Reboot to Normal mode MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.




Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (2.6.11.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

Please ask any needed questions,post 3 logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users