Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Had Windows Recovery Virus - now browser is redirecting

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Had Windows Recovery Virus - now browser is redirecting

Unread postby jessup » May 26th, 2011, 1:59 am

This computer is running windows 7 home premium 64 bit, it had the windows recovery virus. I booted into safe mode, ran Malwarebytes - it found some stuff and I rebooted. All my files were hidden, I ran unhide.exe and my files came back. Then I ran Superantispyware, Combofix, and tdsskiller (tdsskiller didn't find anything). The recovery virus appears to be gone but when I try to use any kind of search with a web browser it redirects to some other sites. Another symptom is that I have mcafee security center and when i try to enable the firewall it disables itself after about 5 seconds. I ran hijackthis and pulled a lot of garbage out, but that didn't seem like it changed anything.

Here's my dds log:
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Brandon at 0:47:12 on 2011-05-26
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.4829 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\root\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [RDVCHG] "C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100908124907.dll
BHO-X64: scriptproxy - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-8 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-8 355440]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-8 355440]
R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-9-8 199032]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-9-8 244840]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-9-8 148520]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-4-21 705856]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R4 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-1-11 82944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-9-8 355440]
S3 bcm;WiMAX Network Adapter;C:\Windows\system32\DRIVERS\drxvi314_64.sys --> C:\Windows\system32\DRIVERS\drxvi314_64.sys [?]
S3 bcmbusctr;WiMAX Bus Driver;C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys --> C:\Windows\system32\DRIVERS\BcmBusCtr_64.sys [?]
S3 CASprint;Sprint Con App Svc;C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2010-6-8 124224]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 cm_net;C-motech USB Network Adapter Drivers;C:\Windows\system32\DRIVERS\cm_net.sys --> C:\Windows\system32\DRIVERS\cm_net.sys [?]
S3 cm_ser;C-motech USB Serial Port2 Driver;C:\Windows\system32\DRIVERS\cm_ser.sys --> C:\Windows\system32\DRIVERS\cm_ser.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;\??\C:\Windows\system32\PCTINDIS5X64.SYS --> C:\Windows\system32\PCTINDIS5X64.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-05-26 04:48:04 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-26 03:48:27 -------- d-----w- C:\Windows\pss
2011-05-26 03:47:32 98816 ----a-w- C:\Windows\sed.exe
2011-05-26 03:47:32 89088 ----a-w- C:\Windows\MBR.exe
2011-05-26 03:47:32 256512 ----a-w- C:\Windows\PEV.exe
2011-05-26 03:47:32 161792 ----a-w- C:\Windows\SWREG.exe
2011-05-26 03:43:13 -------- d-----w- C:\Program Files\CCleaner
2011-05-26 02:47:12 -------- d-----w- C:\Users\Brandon\AppData\Roaming\SUPERAntiSpyware.com
2011-05-26 02:47:12 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-05-26 02:47:08 -------- d-----w- C:\ProgramData\!SASCORE
2011-05-26 02:47:06 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-05-26 02:41:12 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Malwarebytes
2011-05-26 02:20:04 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-26 02:20:04 -------- d-----w- C:\ProgramData\Malwarebytes
2011-05-26 02:20:01 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-26 02:20:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-05-26 02:14:17 -------- d-----w- C:\root
2011-05-26 01:56:12 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2011-05-24 08:11:12 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-24 08:11:12 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-12 18:01:47 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-12 18:01:46 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-12 18:01:46 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-01 04:37:42 -------- d-----w- C:\Users\Brandon\AppData\Local\AOL
2011-05-01 04:37:42 -------- d-----w- C:\Users\Brandon\AppData\Local\AIM
2011-05-01 04:37:37 -------- d-----w- C:\ProgramData\AIM
2011-05-01 04:37:34 -------- d-----w- C:\Program Files (x86)\AIM
2011-05-01 04:37:33 -------- d-----w- C:\Program Files (x86)\Common Files\AOL
2011-04-29 16:43:00 2870272 ----a-w- C:\Windows\explorer.exe
.
==================== Find3M ====================
.
2011-03-12 12:03:46 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:31:58 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:23:13 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:23:06 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:23:06 1657216 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:23:06 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:23:00 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:22:41 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:22:40 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:19:26 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:19:26 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:18:20 2566144 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:15:54 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:40:24 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:40:24 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:39:35 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:37:34 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:14:30 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:38:13 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-04 06:17:25 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17:24 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:17:10 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-03-03 06:14:38 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-03-03 05:27:30 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-03-03 03:58:32 3133440 ----a-w- C:\Windows\System32\win32k.sys
2011-02-26 05:33:07 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe
.
============= FINISH: 0:47:35.72 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/11/2010 8:38:58 PM
System Uptime: 5/26/2011 12:19:44 AM (0 hours ago)
.
Motherboard: Dell Inc. | | 04GJJT
Processor: AMD Athlon(tm) II X4 630 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 539.147 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Windows Firewall Authorization Driver
Device ID: ROOT\LEGACY_MPSDRV\0000
Manufacturer:
Name: Windows Firewall Authorization Driver
PNP Device ID: ROOT\LEGACY_MPSDRV\0000
Service: mpsdrv
.
==== System Restore Points ===================
.
RP46: 2/2/2011 7:25:38 AM - Windows Update
RP47: 2/10/2011 2:48:54 PM - Windows Update
RP48: 2/11/2011 12:45:58 PM - Windows Update
RP49: 2/23/2011 10:46:11 AM - Windows Update
RP50: 3/5/2011 10:15:43 AM - Windows Update
RP51: 3/14/2011 8:22:11 AM - Windows Update
RP52: 3/27/2011 12:17:38 PM - Windows Update
RP53: 4/3/2011 2:51:59 PM - Windows Update
RP54: 4/13/2011 6:37:38 PM - Scheduled Checkpoint
RP55: 4/16/2011 12:17:52 PM - Windows Update
RP56: 4/20/2011 12:06:20 PM - Windows Update
RP57: 4/20/2011 5:36:41 PM - Windows Update
RP58: 4/27/2011 10:02:38 AM - Windows Update
RP59: 4/29/2011 11:58:01 AM - Windows Update
RP60: 5/3/2011 1:20:10 PM - Windows Update
RP61: 5/6/2011 8:51:55 AM - Windows Update
RP62: 5/12/2011 1:09:50 PM - Windows Update
RP63: 5/21/2011 1:41:24 AM - Removed Ask Toolbar.
RP64: 5/21/2011 1:42:37 AM - Configured Command & Conquer Generals
RP65: 5/21/2011 1:43:30 AM - Configured Command and ConquerTM Generals Zero Hour
RP66: 5/24/2011 10:10:37 AM - Windows Update
RP67: 5/25/2011 9:41:45 PM - Installed Java(TM) 6 Update 24
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.2
AIM 7
AOL Messaging Toolbar
CA Yahoo! Anti-Spy (remove only)
Compatibility Pack for the 2007 Office system
Consumer In-Home Service Agreement
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
GoToAssist 8.0.0.514
Impossible Creatures
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft Choice Guard
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSVCRT
PowerDVD DX
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Burn
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Westwood Shared Internet Components
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Yahoo! Detect
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
5/26/2011 12:45:38 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR6.
5/26/2011 12:22:21 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
5/26/2011 12:22:21 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
5/26/2011 12:22:21 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
5/26/2011 12:20:13 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
5/26/2011 12:20:04 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff800032d82bd, 0xfffff88008635540, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052611-18735-01.
5/26/2011 12:08:49 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff800032d12bd, 0xfffff880094ea540, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052611-26832-01.
5/26/2011 12:02:49 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
5/26/2011 12:00:43 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff800032d72bd, 0xfffff88005d1b540, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052611-28376-01.
5/25/2011 9:10:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
5/25/2011 9:06:42 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
5/25/2011 9:06:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/25/2011 9:06:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/25/2011 9:06:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/25/2011 9:06:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/25/2011 9:06:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
5/25/2011 3:33:49 AM, Error: Service Control Manager [7038] - The SSDPSRV service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
5/25/2011 3:33:49 AM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
5/25/2011 3:33:49 AM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service did not start due to a logon failure.
5/25/2011 3:33:49 AM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The service did not start due to a logon failure.
5/25/2011 3:33:49 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.
5/25/2011 3:33:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
5/25/2011 11:56:55 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
5/25/2011 10:52:05 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/25/2011 10:51:43 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/24/2011 3:28:40 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.
5/24/2011 3:28:39 AM, Error: Service Control Manager [7023] - The Internet Connection Sharing (ICS) service terminated with the following error: %%-2147467243
5/24/2011 3:28:39 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
5/24/2011 3:28:37 AM, Error: Service Control Manager [7038] - The ALG service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
5/24/2011 3:28:37 AM, Error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not start due to a logon failure.
5/21/2011 1:58:57 AM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
5/20/2011 10:21:00 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Brandon-PC\Brandon SID (S-1-5-21-387032317-3929926151-387620337-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/20/2011 10:21:00 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Brandon-PC\Brandon SID (S-1-5-21-387032317-3929926151-387620337-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================
jessup
Active Member
 
Posts: 1
Joined: May 26th, 2011, 1:42 am
Advertisement
Register to Remove

Re: Had Windows Recovery Virus - now browser is redirecting

Unread postby MWR 3 day Mod » May 29th, 2011, 3:25 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Had Windows Recovery Virus - now browser is redirecting

Unread postby NonSuch » May 31st, 2011, 3:57 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware