Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser redirecting ie8 and firefox


  • Please log in to reply
5 replies to this topic

#1 dasnow

dasnow

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 22 March 2012 - 10:24 AM

whenever i open ie8 and do a search it get redirected also in firefox also when i open a link in outlook express. need some help please

Dave

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:39 PM

Posted 22 March 2012 - 11:06 AM

Hello Dave,

Are you on a router? Are other machines on it,if so are they redirecting?
Run these next and let me know how iy is after.


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).



Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
    For instructions with screenshots, please refer to the How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all other options as they are set):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the Control Center screen.
  • Back on the main screen, under "Select Scan Type" check the box for Complete Scan.
  • If your computer is badly infected, be sure to check the box next to Enable Rescue Scan (Highly Infected Systems ONLY).
  • Click the Scan your computer... button.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the scan log after reboot, launch SUPERAntiSpyware again.
  • Click the View Scan Logs button at the bottom.
  • This will open the Scanner Logs Window.
  • Click on the log to highlight it and then click on View Selected Log to open it.
  • Copy and paste the scan log results in your next reply.
-- Some types of malware will disable security tools. If SUPERAntiSpyware will not install, please refer to these instructions for using the SUPERAntiSpyware Installer. If SUPERAntiSpyware is already installed but will not run, then follow the instructions for using RUNSAS.EXE to launch the program.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 dasnow

dasnow
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 22 March 2012 - 02:07 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/22/2012 at 03:02 PM

Application Version : 5.0.1146

Core Rules Database Version : 8369
Trace Rules Database Version: 6181

Scan type : Complete Scan
Total Scan Time : 00:16:49

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 900
Memory threats detected : 0
Registry items scanned : 43629
Registry threats detected : 0
File items scanned : 23247
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\David Snow\Cookies\ULCS3ADM.txt [ /atdmt.com ]
C:\Documents and Settings\David Snow\Cookies\5HYINGOI.txt [ /c.atdmt.com ]





MiniToolBox by Farbar Version: 18-01-2012
Ran by David Snow (administrator) on 22-03-2012 at 14:32:42
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


94.63.147.16 www.google.com
94.63.147.17 www.bing.com

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 15173 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Disconnected)
Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : amkit

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.md.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.md.comcast.net.

Description . . . . . . . . . . . : Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-19-DB-F7-1C-D5

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.112

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 75.75.75.75

75.75.76.76

Lease Obtained. . . . . . . . . . : Thursday, March 22, 2012 1:53:04 PM

Lease Expires . . . . . . . . . . : Friday, March 23, 2012 1:53:04 PM

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: google.com
Addresses: 173.194.43.34, 173.194.43.35, 173.194.43.39, 173.194.43.38
173.194.43.41, 173.194.43.40, 173.194.43.37, 173.194.43.36, 173.194.43.33
173.194.43.32, 173.194.43.46



Pinging google.com [173.194.43.8] with 32 bytes of data:



Reply from 173.194.43.8: bytes=32 time=16ms TTL=54

Reply from 173.194.43.8: bytes=32 time=16ms TTL=54



Ping statistics for 173.194.43.8:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 16ms, Maximum = 16ms, Average = 16ms

Server: cdns01.comcast.net
Address: 75.75.75.75

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=46ms TTL=50

Reply from 209.191.122.70: bytes=32 time=47ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 46ms, Maximum = 47ms, Average = 46ms

Server: cdns01.comcast.net
Address: 75.75.75.75

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 19 db f7 1c d5 ...... Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.112 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.112 192.168.1.112 20
192.168.1.0 255.255.255.0 192.168.1.112 192.168.1.112 10
192.168.1.112 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.1.255 255.255.255.255 192.168.1.112 192.168.1.112 10
224.0.0.0 240.0.0.0 192.168.1.112 192.168.1.112 10
255.255.255.255 255.255.255.255 192.168.1.112 192.168.1.112 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/22/2012 01:55:49 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (03/22/2012 01:55:49 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (03/22/2012 01:55:49 PM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (03/22/2012 00:45:28 PM) (Source: Application Hang) (User: )
Description: Hanging application OUTLOOK.EXE, version 12.0.6557.5001, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/22/2012 00:45:28 PM) (Source: Application Hang) (User: )
Description: Hanging application OUTLOOK.EXE, version 12.0.6557.5001, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/22/2012 10:54:05 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (03/22/2012 10:54:05 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (03/22/2012 10:54:05 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (03/22/2012 10:19:41 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (03/22/2012 10:19:41 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle


System errors:
=============
Error: (03/22/2012 10:12:02 AM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\WINDOWS\system32\taskmgr.exe.
Reference error message: The operation completed successfully.
.

Error: (03/22/2012 10:12:02 AM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference error message: Insufficient system resources exist to complete the requested service.
.

Error: (03/21/2012 05:59:00 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (03/21/2012 05:56:02 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (03/21/2012 05:46:57 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (03/21/2012 05:33:39 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (03/21/2012 05:33:36 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (03/21/2012 05:10:32 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (03/21/2012 04:50:08 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (03/21/2012 04:22:34 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D


Microsoft Office Sessions:
=========================
Error: (04/29/2011 09:06:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 41 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/21/2008 08:28:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/21/2008 08:28:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/21/2008 08:28:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/21/2008 08:28:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 92 seconds with 60 seconds of active time. This session ended with a crash.

Error: (11/09/2008 06:08:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/09/2008 06:08:06 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/09/2008 06:07:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/09/2008 06:07:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/09/2008 06:07:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

20-20 CAD v5 (Version: 17.1.64.0)
20-20 Catalog Tools 8.1 (Version: 8.1.7.4526)
20-20 Version 8.1 (Version: 8.1.0.3029)
20-20 Version 8.1 (Version: 8.1.10.3063)
20-20 Version 8.1 (Version: 8.1.9.3059)
2020Cad Export (Version: 6.30)
32 Bit HP CIO Components Installer (Version: 1.0.0)
7500_7600_7700_Help (Version: 1.00.0000)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe Acrobat Connect Add-in
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 ActiveX (Version: 10.0.12.36)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
ALIS
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.1.3)
Apple Software Update (Version: 2.1.1.116)
ATI - Software Uninstall Utility (Version: 6.14.10.1018)
ATI AVIVO Codecs (Version: 9.15.0.20713)
ATI Catalyst Control Center (Version: 2.007.1101.2316)
ATI Display Driver (Version: 8.432-071101a-054437C-ATI)
ATI HYDRAVISION (Version: 3.25.0006)
ATI Parental Control & Encoder (Version: 3.0)
ATI Problem Report Wizard (Version: 8.10)
AutoCAD 2007 - English (Version: 17.0.54.110)
AutoCAD 2010 - English (Version: 18.0.55.0)
AutoCAD 2010 Language Pack - English (Version: 18.0.55.0)
Autodesk Design Review 2008 (Version: 4.1.0)
Autodesk DWF Viewer 7 (Version: 7.0.0)
Autodesk Vault 2008 (Version: 12.0.123.0)
avast! Free Antivirus (Version: 7.0.1426.0)
Bonjour (Version: 2.0.4.0)
BPD_HPSU (Version: 1.00.0000)
BPD_Scan (Version: 3.00.0000)
BPDSoftware (Version: 82.0.173.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 82.0.173.000)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
Cabinet Maker 7 (Version: 18.0.56.0)
Catalyst Control Center Core Implementation (Version: 2007.1101.2317.39832)
Catalyst Control Center Graphics Full Existing (Version: 2007.1101.2317.39832)
Catalyst Control Center Graphics Full New (Version: 2007.1101.2317.39832)
Catalyst Control Center Graphics Light (Version: 2007.1101.2317.39832)
Catalyst Control Center Graphics Previews Common (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Chinese Standard (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Chinese Traditional (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Czech (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Danish (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Dutch (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Finnish (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization French (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization German (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Greek (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Hungarian (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Italian (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Japanese (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Korean (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Norwegian (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Polish (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Portuguese (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Russian (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Spanish (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Swedish (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Thai (Version: 2007.1101.2317.39832)
Catalyst Control Center Localization Turkish (Version: 2007.1101.2317.39832)
ccc-core-preinstall (Version: 2007.1101.2317.39832)
ccc-core-static (Version: 2007.1101.2317.39832)
ccc-utility (Version: 2007.1101.2317.39832)
CCC Help Chinese Standard (Version: 2007.1101.2316.39832)
CCC Help Chinese Traditional (Version: 2007.1101.2316.39832)
CCC Help Czech (Version: 2007.1101.2316.39832)
CCC Help Danish (Version: 2007.1101.2316.39832)
CCC Help Dutch (Version: 2007.1101.2316.39832)
CCC Help English (Version: 2007.1101.2316.39832)
CCC Help Finnish (Version: 2007.1101.2316.39832)
CCC Help French (Version: 2007.1101.2316.39832)
CCC Help German (Version: 2007.1101.2316.39832)
CCC Help Greek (Version: 2007.1101.2316.39832)
CCC Help Hungarian (Version: 2007.1101.2316.39832)
CCC Help Italian (Version: 2007.1101.2316.39832)
CCC Help Japanese (Version: 2007.1101.2316.39832)
CCC Help Korean (Version: 2007.1101.2316.39832)
CCC Help Norwegian (Version: 2007.1101.2316.39832)
CCC Help Polish (Version: 2007.1101.2316.39832)
CCC Help Portuguese (Version: 2007.1101.2316.39832)
CCC Help Russian (Version: 2007.1101.2316.39832)
CCC Help Spanish (Version: 2007.1101.2316.39832)
CCC Help Swedish (Version: 2007.1101.2316.39832)
CCC Help Thai (Version: 2007.1101.2316.39832)
CCC Help Turkish (Version: 2007.1101.2316.39832)
CCleaner (Version: 3.13)
Client Activator 2.0 - English (4)
Client Activator 2.0 - English (All)
Crystal11.5rdcMergeModule (Version: 1.00.0000)
CustomerResearchQFolder (Version: 1.00.0000)
Cut Planner (Version: 6.10)
Cut Planner (Version: 6.20)
Destinations (Version: 82.0.173.000)
DeviceManagementQFolder (Version: 1.00.0000)
DFMcnc (Version: 1.11)
DocProc (Version: 8.1.0.0)
DocProcQFolder (Version: 1.00.0000)
Doors / Free Doors 4.01U (Version: 4.01U)
Download Accelerator Plus (DAP) (Version: 9406 (Build 1092))
DrawPOWER 6.06 (Version: 6.06)
Drill-Mate (Version: 6)
Drive Erase Pro (Version: 1.0.0.468)
DWG TrueView 2007 (Version: 17.0.54.190)
DYNALOG
eSupportQFolder (Version: 1.00.0000)
Exterminate It! (Version: 1.80.11.30)
EzTune (Version: 1.50.049)
Fax (Version: 82.0.188.000)
Google Earth (Version: 6.1.0.5001)
Google SketchUp 6 (Version: 6.0.01313)
Google SketchUp 6 (Version: 6.4.112)
Google Update Helper (Version: 1.3.21.99)
Google Updater (Version: 2.4.2432.1652)
GoToMeeting 4.5.0.457
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HP Customer Participation Program 8.0 (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP OCR Software 8.0 (Version: 8.0)
HP Officejet Pro All-In-One Series (Version: 1.0)
HP Photosmart Essential (Version: 1.12.0.46)
HP Product Assistant (Version: 100.000.001.000)
HP Product Detection (Version: 4.0.0009)
HP Solution Center 8.0 (Version: 8.0)
HP Update (Version: 4.000.010.008)
HPProductAssistant (Version: 82.0.173.000)
HPSSupply (Version: 2.1.3.0000)
I.R.I.S. Desktop Search
Image Resizer Powertoy for Windows XP (Version: 1.00.0001)
IntegrationPack (Version: 6.3)
iolo technologies' Search and Recover (Version: 5.0.6)
iPod Updater 2004-11-15 (Version: 1.0)
IrfanView (remove only)
iTunes (Version: 10.1.2.17)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 23 (Version: 6.0.230)
Java™ 6 Update 7 (Version: 1.6.0.70)
Juniper Networks Cache Cleaner 6.0.0 (Version: 6.0.0.12507)
Juniper Networks Cache Cleaner 6.2.0 (Version: 6.2.0.13255)
Juniper Networks Cache Cleaner 6.5.0 (Version: 6.5.0.15991)
Juniper Networks Host Checker (Version: 6.2.0.13255)
Juniper Networks, Inc. Setup Client (Version: 7.1.3.11013)
Juniper Networks, Inc. Setup Client Activex Control (Version: 2.1.1.1)
Juniper Terminal Services Client (Version: 7.1.0.18671)
L7700 (Version: 50.0.165.000)
Launch2020
LightScribe System Software 1.10.13.1 (Version: 1.10.13.1)
Logo Design Studio Pro (Version: 1.5)
MacDuffCo Manufacturing Ultra-Calc 2.0.10 (Version: 2.0.10)
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
MarketResearch (Version: 82.0.174.000)
Micrografx Picture Publisher 8
Micrografx Simply 3D 3
Micrografx Webtricity 2
Micrografx Windows Draw 6
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Accounting 2007 (Version: 2.0.7503.0)
Microsoft Office Accounting ADP Payroll Addin (Version: 0.0.0.0)
Microsoft Office Accounting Equifax Addin (Version: 2.0.7416.00)
Microsoft Office Accounting Fixed Asset Manager (Version: 2.0.7416.00)
Microsoft Office Accounting PayPal Addin (Version: 2.0.7416.00)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Project Professional 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Ultimate 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60310.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6425.1000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Web Publishing Wizard 1.52
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microvellum
Microvellum 67 (Version: 67.105.0021)
Mozilla Firefox (3.6.28) (Version: 3.6.28 (en-US))
MPM (Version: 1.00.0000)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6.0 Parser (KB933579) (Version: 6.10.1200.0)
Nero 7 Essentials (Version: 7.03.0581)
neroxml (Version: 1.0.0)
Nested Machining 6.2 (Version: 6.21)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PC Tools Registry Mechanic 11.0 (Version: 11.0)
PokerStars
PokerStars.net
Product Planner (Version: 6.20)
Product Planner (Version: 6.30)
ProductContext (Version: 50.0.165.000)
PTN-G ver 1.01 (Version: 1.0.0.0)
QuickBooks (Version: 21.0.4009.904)
QuickBooks Pro 2011 (Version: 21.0.4009.904)
QuickTime (Version: 7.69.80.9)
QuikTrak On-Demand (Version: 6.01)
Readiris Pro 11 (Version: 11.00.4815)
Real Alternative 1.8.0 (Version: 1.8.0)
Realtek High Definition Audio Driver (Version: 5.10.0.5473)
Scan (Version: 8.1.0.0)
SDK (Version: 1.34.003)
Segoe UI (Version: 14.0.4327.805)
Skins (Version: 2007.1101.2317.39832)
Skype Toolbars (Version: 1.0.4051)
Skype™ 5.5 (Version: 5.5.124)
Solid 2012 R1 (Version: 7.00.0000)
Solid Essential 2012 R1 (Version: 7.0.0.137)
SolutionCenter (Version: 82.0.188.000)
Spybot - Search & Destroy (Version: 1.6.0)
Status (Version: 82.0.173.000)
SUPERAntiSpyware (Version: 5.0.1146)
SupportSoft Assisted Service (Version: 15)
SurfSecret Privacy Protector REGISTERED 5.60
SurfSecret Privacy Protector REGISTERED v6.01
The Print Shop 21 (Version: 21.00.0000)
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 82.0.188.000)
UnloadSupport (Version: 1.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VBA (2627.01) (Version: 6.03.00.9402)
WebEx
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 82.0.173.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.8.0031.9)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format 11 runtime
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WiseFixer 3.2 (Version: 3.2)
Yontoo Layers Runtime 1.10.01 (Version: 1.10.01)

========================= Memory info: ===================================

Percentage of memory in use: 24%
Total physical RAM: 3327.23 MB
Available physical RAM: 2528.61 MB
Total Pagefile: 5216.13 MB
Available Pagefile: 4543.1 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.86 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:298.08 GB) (Free:198.17 GB) NTFS

========================= Users: ========================================

User accounts for \\AMKIT

Administrator ASPNET David Snow
Guest HelpAssistant SUPPORT_388945a0


**** End of log ****






Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.19.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
David Snow :: AMKIT [administrator]

3/22/2012 2:17:51 PM
mbam-log-2012-03-22 (14-17-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237841
Time elapsed: 10 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:39 PM

Posted 22 March 2012 - 02:58 PM

Hello, I see evidence of a zeroaccess rootkiy. We nee to repost so we can get it off,

Please go here....Preparation Guide ,do steps 6-9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If GMER won't run skip it and move on.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 dasnow

dasnow
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:07:39 PM

Posted 23 March 2012 - 07:15 AM

can't get dds to give me a readable text in notepad also gmer crashes part way through what now ???

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:39 PM

Posted 23 March 2012 - 02:24 PM

If you cannot get DDS to work, please try this instead.

Please download OTL by OldTimer and save it to your Desktop.
  • Close all other applications and windows so that you have nothing open.
  • Double click on the Posted Image icon on your desktop.

    Vista/Windows 7 users right-click and select Run As Administrator.
    If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • Under Output, ensure that Minimal Output is selected.
  • Click the "Scan All Users" checkbox.
    Leave the remaining selections to the default settings.
  • Click the Posted Image button.
  • Do not use the computer while the scan is in progress.
  • When the scan is complete, two log files will open in Notepad:
    • OTListIt.txt <- (will be maximized)
    • Extras.txt <- (will be minimized in the Task Bar).
  • Both logs are automatically saved to the Desktop.
  • Please copy and paste the contents of OTListIt.txt and Extras.txt in your next reply.
    If the Extras.txt log is too long, you may need to add a second reply to your thread or upload it as an attachment.
  • Click the red X in the upper right corner to exit OTL.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. If OTL did not work, then reply back here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users