Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

scanning with dds.txt (trying to remove redirect virus)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

scanning with dds.txt (trying to remove redirect virus)

Unread postby dynodan » June 11th, 2011, 1:36 pm

Hello, I have been attempting to remove redirect virus. When clicking on search results in IE, it will redirect me to obscure local search sites. By quickly hitting the back arrow, the 2nd time I click on the desired website, it takes me there, so it is not as aggressive as it used to be. Somehow none of the scan fixes can find this thing. Malwarebytes would not install without errors and/or couldn't find anything. tdss killer did not find anything and no log report was available.

Below is contents of the dds.txt file after I ran the dds.com (couldnt get the first one to run right) Also, I didn't see any attach.txt file, only this. I was directed in a previous post not to run any combo fix on my own. Sorry to say I already had run it, but it didn't find any of the redirect virus. Sorry, I apologize, I know your time is freely given and has value. I ran it before I saw the warning not to. Dosen't seem to be any harm done. I appreciate you time and will cooperate with you. It instructed me not to uninstall combo until I was certain none of the saved or backup or quarantined files were needed. Also I have some kind of windows update disable virus telling me the automatic update is disable when it is set to update.
please help!



.
DDS (Ver_2011-06-11.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
Run by Danny at 12:05:30 on 2011-06-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2877 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ACDSYS~1\ACDSee\CAMDET~1.EXE
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\SAiDownloader.exe
C:\WINDOWS\system32\SAiLicSvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: PDFCreator Toolbar Helper: {c451c08a-ec37-45df-aaad-18b51ab5e837} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: PDFCreator Toolbar: {31cf9ebe-5755-4a1d-ac25-2834d952d9b4} - c:\program files\pdfcreator toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [NBJ] "c:\progra~1\ahead\neroba~1\NBJ.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [Camera Detector] c:\progra~1\acdsys~1\acdsee\CAMDET~1.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... 0ItSkhGTkg"&"inst=NzctNTkzMTEwODM4LVQ1LVU4NSsxLUJBKzEtS1YzKzctRlA5KzYtU1QxKzItVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItVklQMTArMS1GMTBNMTBEKzItTElDKzc3LVNQMSsxLVNQMVRCKzEtU1VEKzEtUzFJKzEtU1UzKzEtRkwxMCsx"&"prod=90"&"ver=10.0.1382
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 9824293578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
TCP: Interfaces\{20997094-154B-4DDB-A335-8D7AEA2A121A} : NameServer = 93.188.165.180,93.188.160.240
TCP: Interfaces\{20997094-154B-4DDB-A335-8D7AEA2A121A} : DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100
Notify: AtiExtEvent - Ati2evxx.dll
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\danny\application data\mozilla\firefox\profiles\kwh7te1i.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://Internet Explorer
FF - plugin: c:\documents and settings\danny\application data\mozilla\firefox\profiles\kwh7te1i.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\documents and settings\danny\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\my new downloads\mozilla plugins\npitunes.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Ancestry.com Advanced Image Viewer: support@ancestry.com - %profile%\extensions\support@ancestry.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R1 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2008-1-8 76416]
R1 nmserial;MosChip PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [2008-1-8 62080]
R2 SAiDownloader;SAiDownloader;c:\windows\system32\SAiDownloader.exe [2009-4-16 438272]
R2 SAiLicSvr;SAiLicSvr;c:\windows\system32\SAiLicSvr.exe [2009-7-13 86016]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2008-7-11 328992]
.
=============== Created Last 30 ================
.
2011-06-11 15:53:44 -------- d-sha-r- C:\cmdcons
2011-06-11 15:52:02 98816 ----a-w- c:\windows\sed.exe
2011-06-11 15:52:02 518144 ----a-w- c:\windows\SWREG.exe
2011-06-11 15:52:02 256512 ----a-w- c:\windows\PEV.exe
2011-06-11 15:52:02 208896 ----a-w- c:\windows\MBR.exe
2011-05-14 22:47:40 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-05-14 22:47:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-14 22:47:32 -------- d-----w- c:\documents and settings\danny\application data\SUPERAntiSpyware.com
2011-05-14 22:12:06 -------- d-----w- c:\documents and settings\danny\application data\Malwarebytes
2011-05-14 22:12:01 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-14 21:17:30 -------- d--h--w- c:\windows\system32\GroupPolicy
.
==================== Find3M ====================
.
2009-02-11 20:38:34 1431504 ----a-w- c:\program files\RegCureSetup_RW.exe
2009-02-09 22:07:08 34031720 ----a-w- c:\program files\GoogleSketchUpWEN.exe
2009-02-03 17:12:21 59981528 ----a-w- c:\program files\avg_free_stf_en_8_233a1415.exe
2008-07-22 14:00:53 48367896 ----a-w- c:\program files\avg_free_stf_en_8_138a1332.exe
2008-01-10 16:25:04 15895117 ----a-w- c:\program files\PDFCreator-0_9_5_setup.exe
.
============= FINISH: 12:06:07.29 ===============
dynodan
Active Member
 
Posts: 3
Joined: June 11th, 2011, 11:20 am
Advertisement
Register to Remove

Re: scanning with dds.txt (trying to remove redirect virus)

Unread postby NonSuch » June 11th, 2011, 11:07 pm

This topic is a duplicate and therefore will be closed. Your one remaining topic will be left open; please do not start additional topics.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 18 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware