Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

credit puma


  • This topic is locked This topic is locked
16 replies to this topic

#1 adamtheaxe

adamtheaxe

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 09 February 2012 - 12:46 AM

hi. I'm hoping this topic is posted in the right forum. The other day all of a sudden when I go on google it takes me to some "creditpuma" site. Also, my font size is real small and it doesn't seem to get any larger. The other day it brought me to some other site from google but now it's been that credit puma site. When I just tried again, now it's "datingpuma". Any ideas what this could be?

Edited by Budapest, 09 February 2012 - 03:42 AM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs


BC AdBot (Login to Remove)

 


#2 AlexDavid

AlexDavid

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 09 February 2012 - 07:38 AM

Iv had the same problem, My google searches are redirected to Creditpuma.com and DatingPuma.com, Iv scanned my computer with AVG and Malwarebytes Anti-Malware and Am still having the problem. One of my other Laptops have it too. I Have Comcast xfinity internet and live in michigan.

#3 mag00n

mag00n

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan
  • Local time:12:16 PM

Posted 09 February 2012 - 08:13 AM

*Bump*
I know of 4 systems plagued with this creditpuma.com redirect issue. No scans can detect it. I am eager for a Mod to work on this one!

Scanned with;

MBam
Kaspersky
RKUnhookerLE
DrWeb
ComboFix
GMER
AVG
Superantispy
sophos anti-rootkit

All updated and 0.00 results.

#4 AlexDavid

AlexDavid

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 09 February 2012 - 08:19 AM

Im concerned with how far this goes, my email password was changed and sent spam, so i dont know if this is a trojon and making my computer a bot, or what. i spent anout 3 Hours on this last night, and am gonna spend another few tonight.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:16 AM

Posted 09 February 2012 - 12:31 PM

Sounds like the problem is actually based in your router and that in turn is infecting all the other computers on your network.
Here is the entire fix(from the beginning) that you will need to run on each PC.

Please download Malwarebytes' Anti-Malware from Here or Here

Next disconnect your system from the internet, and your router, then…

Double Click mbam-setup.exe to install the application.
  • Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 AlexDavid

AlexDavid

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 09 February 2012 - 05:48 PM

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.09.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Alex :: ALEX-PC [administrator]

Protection: Enabled

2/9/2012 5:43:24 PM
mbam-log-2012-02-09 (17-47-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202403
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Detected: 2
C:\Windows\svchost.exe (Trojan.Agent) -> 3780 -> No action taken.
C:\Windows\svchost.exe (Trojan.Agent) -> 3796 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

#7 adamtheaxe

adamtheaxe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 09 February 2012 - 08:36 PM

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.01.13.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
VICKI :: VICKI-PC [administrator]

Protection: Enabled

2/9/2012 8:04:01 PM
mbam-log-2012-02-09 (20-04-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183834
Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2088 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

#8 adamtheaxe

adamtheaxe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 09 February 2012 - 08:38 PM

btw, now when I go onto google it comes up as "foodpuma" today.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:16 AM

Posted 09 February 2012 - 09:09 PM

CreditPuma.com is a actually a fake search engine that unexpectedly installed on the system leading to several problems. One of the most frustrating fact related with CreditPuma.com is that every time a click to this fake search engine makes money to people behind this malicious search engine site.

OK, now lets run these please,

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.





I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 adamtheaxe

adamtheaxe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 09 February 2012 - 09:23 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by VICKI (administrator) on 09-02-2012 at 21:22:28
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
Dell Wireless 1502 802.11b/g/n = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : VICKI-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hvc.rr.com

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 76-27-37-2A-C7-4F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1502 802.11b/g/n
Physical Address. . . . . . . . . : 64-27-37-2A-C7-4F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : hvc.rr.com
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : D0-67-E5-1F-BB-67
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::118c:1634:1a65:6bfd%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, February 09, 2012 8:29:25 PM
Lease Expires . . . . . . . . . . : Friday, February 10, 2012 8:29:23 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 248539109
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-83-80-08-D0-67-E5-1F-BB-67
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.hvc.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hvc.rr.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:81e:15e3:9df0:6733(Preferred)
Link-local IPv6 Address . . . . . : fe80::81e:15e3:9df0:6733%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.115.103
74.125.115.104
74.125.115.105
74.125.115.106
74.125.115.147
74.125.115.99


Pinging google.com [74.125.113.104] with 32 bytes of data:
Reply from 74.125.113.104: bytes=32 time=390ms TTL=51
Reply from 74.125.113.104: bytes=32 time=31ms TTL=51

Ping statistics for 74.125.113.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 31ms, Maximum = 390ms, Average = 210ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.2.43
98.137.149.56


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=150ms TTL=48
Reply from 98.139.183.24: bytes=32 time=64ms TTL=48

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 64ms, Maximum = 150ms, Average = 107ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128
Reply from 127.0.0.1: bytes=32 time=1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
===========================================================================
Interface List
15...76 27 37 2a c7 4f ......Microsoft Virtual WiFi Miniport Adapter
12...64 27 37 2a c7 4f ......Dell Wireless 1502 802.11b/g/n
11...d0 67 e5 1f bb 67 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.100 276
192.168.1.100 255.255.255.255 On-link 192.168.1.100 276
192.168.1.255 255.255.255.255 On-link 192.168.1.100 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.100 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.100 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
17 58 ::/0 On-link
1 306 ::1/128 On-link
17 58 2001::/32 On-link
17 306 2001:0:4137:9e76:81e:15e3:9df0:6733/128
On-link
11 276 fe80::/64 On-link
17 306 fe80::/64 On-link
17 306 fe80::81e:15e3:9df0:6733/128
On-link
11 276 fe80::118c:1634:1a65:6bfd/128
On-link
1 306 ff00::/8 On-link
17 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/09/2012 08:30:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2012 08:23:44 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (02/09/2012 08:13:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2012 05:37:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10000

Error: (02/09/2012 05:37:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10000

Error: (02/09/2012 05:37:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/09/2012 05:37:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9001

Error: (02/09/2012 05:37:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9001

Error: (02/09/2012 05:37:35 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/09/2012 05:37:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8003


System errors:
=============
Error: (02/09/2012 08:32:19 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (02/09/2012 08:30:30 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (02/09/2012 08:28:01 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/09/2012 08:13:00 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (02/09/2012 08:12:24 PM) (Source: BugCheck) (User: )
Description: 0x00000050 (0xfffff8a001104000, 0x0000000000000000, 0xfffff8000312c38e, 0x0000000000000000)C:\Windows\MEMORY.DMP020912-16458-01

Error: (02/09/2012 08:10:24 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/09/2012 07:44:00 PM) (Source: DCOM) (User: VICKI)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}VICKI-PCVICKIS-1-5-21-1216208230-1861881582-716899970-1000LocalHost (Using LRPC)

Error: (02/09/2012 02:39:31 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (02/09/2012 02:37:55 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/09/2012 02:27:41 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.


Microsoft Office Sessions:
=========================
Error: (02/09/2012 08:30:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2012 08:23:44 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (02/09/2012 08:13:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2012 05:37:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10000

Error: (02/09/2012 05:37:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10000

Error: (02/09/2012 05:37:36 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/09/2012 05:37:35 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9001

Error: (02/09/2012 05:37:35 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9001

Error: (02/09/2012 05:37:35 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/09/2012 05:37:34 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8003


=========================== Installed Programs ============================

Adobe AIR (Version: 2.6.0.19120)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Reader X (10.1.2) MUI (Version: 10.1.2)
Amazon MP3 Downloader 1.0.15 (Version: 1.0.15)
AMD APP SDK Runtime (Version: 2.4.650.9)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ATI AVIVO64 Codecs (Version: 11.6.0.10628)
ATI Catalyst Install Manager (Version: 3.0.829.0)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Bar (Version: 6.0.2282.0)
Bing Bar Platform (Version: 6.0.2282.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blio (Version: 2.3.7140)
Bonjour (Version: 3.0.0.10)
Bounce Symphony (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
Cake Mania (Version: 2.2.0.95)
Canon MG8100 series MP Drivers
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.0628.2340.40663)
Catalyst Control Center InstallProxy (Version: 2011.0628.2340.40663)
Catalyst Control Center Localization All (Version: 2011.0628.2340.40663)
ccc-utility64 (Version: 2011.0628.2340.40663)
CCC Help Chinese Standard (Version: 2011.0628.2339.40663)
CCC Help Chinese Traditional (Version: 2011.0628.2339.40663)
CCC Help Czech (Version: 2011.0628.2339.40663)
CCC Help Danish (Version: 2011.0628.2339.40663)
CCC Help Dutch (Version: 2011.0628.2339.40663)
CCC Help English (Version: 2011.0628.2339.40663)
CCC Help Finnish (Version: 2011.0628.2339.40663)
CCC Help French (Version: 2011.0628.2339.40663)
CCC Help German (Version: 2011.0628.2339.40663)
CCC Help Greek (Version: 2011.0628.2339.40663)
CCC Help Hungarian (Version: 2011.0628.2339.40663)
CCC Help Italian (Version: 2011.0628.2339.40663)
CCC Help Japanese (Version: 2011.0628.2339.40663)
CCC Help Korean (Version: 2011.0628.2339.40663)
CCC Help Norwegian (Version: 2011.0628.2339.40663)
CCC Help Polish (Version: 2011.0628.2339.40663)
CCC Help Portuguese (Version: 2011.0628.2339.40663)
CCC Help Russian (Version: 2011.0628.2339.40663)
CCC Help Spanish (Version: 2011.0628.2339.40663)
CCC Help Swedish (Version: 2011.0628.2339.40663)
CCC Help Thai (Version: 2011.0628.2339.40663)
CCC Help Turkish (Version: 2011.0628.2339.40663)
Chuzzle Deluxe (Version: 2.2.0.95)
Clickfree Easy Image
Conexant HD Audio (Version: 8.50.4.0)
Consumer In-Home Service Agreement (Version: 2.0.0)
Coupon Printer for Windows (Version: 5.0.0.1)
Coupons.com Toolbar (Version: 6.6.0.19)
Cozi (Version: 1.0.6505.38692)
D3DX10 (Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software (Version: 9.4.61)
Dell DataSafe Local Backup (Version: 9.4.61)
Dell DataSafe Online (Version: 2.1.19634)
Dell Digital Delivery (Version: 1.7.4502.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell MusicStage (Version: 1.5.201.0)
Dell PhotoStage (Version: 1.5.0.67)
Dell Stage (Version: 1.5.420.0)
Dell VideoStage (Version: 1.2.0.1712)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
DirectX 9 Runtime (Version: 1.00.0000)
Dora's World Adventure (Version: 2.2.0.95)
eBay (Version: 1.4.0)
Escape Whisper Valley ™ (Version: 2.2.0.95)
Farm Frenzy (Version: 2.2.0.95)
FATE (Version: 2.2.0.95)
Final Drive Fury (Version: 2.2.0.95)
Final Drive Nitro (Version: 2.2.0.95)
High-Definition Video Playback (Version: 7.3.10000.0.0)
IncrediMail (Version: 6.2.9.5163)
IncrediMail 2.0 (Version: 6.2.9.5163)
iTunes (Version: 10.5.3.3)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 27 (64-bit) (Version: 6.0.270)
Java™ 6 Update 27 (Version: 6.0.270)
Jewel Quest (Version: 2.2.0.95)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
Luxor (Version: 2.2.0.95)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
McAfee SecurityCenter (Version: 11.0.654)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (Version: 14.0.4763.1000)
Microsoft Search Enhancement Pack (Version: 3.0.131.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Namco All-Stars PAC-MAN (Version: 2.2.0.95)
Nero 10 Movie ThemePack Basic (Version: 10.2.10200.0.0)
Nero Control Center 10 (Version: 10.6.12500.0.5)
Nero ControlCenter 10 Help (CHM) (Version: 10.2.10800)
Nero Core Components 10 (Version: 2.0.20000.9.12)
Nero Update (Version: 1.0.0018)
Penguins! (Version: 2.2.0.95)
Photo Notifier and Animation Creator (Version: 1.0.0.1009)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
RBVirtualFolder64Inst (Version: 1.00.0000)
Roxio BackOnTrack (Version: 4.0)
Roxio Burn (Version: 1.6)
Roxio CinePlayer (Version: 5.6)
Roxio CinePlayer Decoder Pack (Version: 4.3.0)
Roxio Creator 2011 (Version: 1.3.166)
Roxio Creator 2011 (Version: 13.0)
Roxio Creator 2011 (Version: 6.0.0)
Roxio Dell install Util (Version: 2.00.0000)
Roxio PhotoShow (Version: 6.0)
Roxio Video Capture USB (Version: 1.22.0000)
Samantha Swift (Version: 2.2.0.95)
Skype™ 5.5 (Version: 5.5.119)
SmartSound Common Data (Version: 1.1.0)
SmartSound Quicktracks 5 (Version: 5.1.7)
SyncUP (Version: 1.10.11100.8.106)
SyncUP (Version: 10.2.15400)
TrustedID (Version: 5.0)
TrustedID IDMonitor Identity Protection (Version: 1.1.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update Installer for WildTangent Games App
VD64Inst (Version: 1.00.0000)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
Wedding Dash - Ready, Aim, Love! (Version: 2.2.0.95)
WildTangent Games (Version: 1.0.2.5)
WildTangent Games App (Dell Games) (Version: 4.0.5.36)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Zinio Reader 4 (Version: 4.2.4164)
Zuma Deluxe (Version: 2.2.0.95)

========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 8174.64 MB
Available physical RAM: 5991.03 MB
Total Pagefile: 16347.48 MB
Available Pagefile: 12632.16 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.05 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:450.45 GB) (Free:353.48 GB) NTFS

========================= Users: ========================================

User accounts for \\VICKI-PC

Administrator Guest VICKI


**** End of log ****

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:16 AM

Posted 09 February 2012 - 10:45 PM

After ESET reset your Hosts and see if its gone.

Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 adamtheaxe

adamtheaxe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 10 February 2012 - 12:16 AM

Here are the results from the scan:



C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\732F.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\7330.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined

#13 adamtheaxe

adamtheaxe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 10 February 2012 - 12:34 AM

OK, did all the steps and tried google again. When I click on a link it still tries to go to foodpuma but says that it cannot find the page. So google is still disabled for me.

#14 AlexDavid

AlexDavid

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:16 AM

Posted 10 February 2012 - 07:20 AM

I have 1 laptop on my network that isn't infected and oddly it only has windows firewall. 3 of my other infected computers have either AVG or Kaspersky, So i don't think its a router DNS problem because if it was I'd redirect all my computers, this is a very crafty hijack.

Edited by AlexDavid, 10 February 2012 - 07:25 AM.


#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,567 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:16 AM

Posted 10 February 2012 - 11:13 AM

Ok, we are going to need a custom script made to get the offending files off yhe machines.. We need to each stsrt a new topic.

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users