Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet search re-directing - DDS logs posted

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Internet search re-directing - DDS logs posted

Unread postby kingman » July 4th, 2011, 4:44 pm

Hello,
I had a recent malware attack and am having difficulty getting things back to normal. When I run internet searches and click on a resulting link, I am redirected to bogus websites. I can however type in the URL and navigate that way, favorites seem to work fine as well. Also, particular files and programs appear to be hidden and inaccessible. DDS log and attach log below:

DDS


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Lesley at 16:28:23 on 2011-07-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.64 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\1152166832\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1152166832\ee\AOLServiceHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\Lesley\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lesley\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Lesley\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
mSearchAssistant = hxxp://www.google.com/ie
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: : {67982bb7-0f95-44c5-92dc-e3af3dc19d6d} - c:\program files\video access activex object\isadd.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: {85e2fd78-5af5-48de-b153-38473597b190} - c:\windows\system32\ddcYrPGy.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB: {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\lesley\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10q_ActiveX.exe -update activex
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [HostManager] c:\program files\common files\aol\1152166832\ee\AOLHostManager.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/sh ... tor/sw.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/US/Core/ ... _Win32.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://www.facebook.com/fbplugin/win32/ ... 5569153468
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v46/be ... eweled.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 8773447750
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugi ... ctivex.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CB927D12-4FF7-4A9E-A169-56E4B8A75598} - hxxp://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player ... taller.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 67.223.0.2 67.223.0.3
TCP: Interfaces\{8569F9C2-AB53-4B66-A7D3-044AC6DE8FC9} : DhcpNameServer = 67.223.0.2 67.223.0.3
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - No File
.
============= SERVICES / DRIVERS ===============
.
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-1-15 24652]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-29 39984]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX2000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-1-7 30560]
.
=============== Created Last 30 ================
.
2011-07-04 20:04:01 388096 ----a-r- c:\documents and settings\lesley\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-04 16:39:52 402 ----a-w- c:\documents and settings\lesley\Quarantine.reg
2011-07-04 16:39:52 -------- d-----w- c:\documents and settings\lesley\application data\Malwarebytes
2011-06-18 21:59:01 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-06-18 21:57:20 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2011-06-18 15:02:06 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-06-18 12:53:45 -------- d-----w- c:\program files\Trend Micro
2011-06-15 20:53:46 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-11 12:57:28 -------- d-----r- c:\program files\Skype
.
==================== Find3M ====================
.
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-23 22:15:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 16:29:57.44 ===============

Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/1/2006 4:53:09 AM
System Uptime: 7/4/2011 3:42:49 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 30A8
Processor: Genuine Intel(R) CPU T1300 @ 1.66GHz | U1 | 980/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 85 GiB total, 58.091 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 0.646 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1076: 3/18/2011 10:07:08 AM - System Checkpoint
RP1077: 3/19/2011 10:24:56 AM - System Checkpoint
RP1078: 3/20/2011 9:57:36 PM - System Checkpoint
RP1079: 3/23/2011 6:49:06 PM - System Checkpoint
RP1080: 3/23/2011 11:28:41 PM - Software Distribution Service 3.0
RP1081: 3/25/2011 5:24:16 PM - System Checkpoint
RP1082: 3/30/2011 5:13:19 PM - System Checkpoint
RP1083: 3/31/2011 6:17:48 PM - System Checkpoint
RP1084: 4/1/2011 7:00:14 PM - System Checkpoint
RP1085: 4/2/2011 7:10:28 PM - System Checkpoint
RP1086: 4/4/2011 9:48:35 PM - System Checkpoint
RP1087: 4/7/2011 12:02:57 PM - System Checkpoint
RP1088: 4/9/2011 4:34:39 PM - System Checkpoint
RP1089: 4/11/2011 7:00:10 PM - System Checkpoint
RP1090: 4/13/2011 9:48:17 PM - System Checkpoint
RP1091: 4/15/2011 10:00:54 PM - Software Distribution Service 3.0
RP1092: 4/16/2011 10:33:24 PM - System Checkpoint
RP1093: 4/17/2011 11:39:19 PM - System Checkpoint
RP1094: 4/19/2011 10:03:29 PM - System Checkpoint
RP1095: 4/20/2011 11:39:05 PM - Software Distribution Service 3.0
RP1096: 4/22/2011 2:40:08 PM - System Checkpoint
RP1097: 4/23/2011 3:03:19 PM - System Checkpoint
RP1098: 4/24/2011 7:21:39 PM - System Checkpoint
RP1099: 4/25/2011 7:23:33 PM - System Checkpoint
RP1100: 4/27/2011 9:05:17 PM - System Checkpoint
RP1101: 4/27/2011 10:04:00 PM - Software Distribution Service 3.0
RP1102: 5/1/2011 1:50:34 PM - System Checkpoint
RP1103: 5/2/2011 8:14:07 PM - System Checkpoint
RP1104: 5/3/2011 10:47:03 PM - System Checkpoint
RP1105: 5/5/2011 5:56:19 PM - System Checkpoint
RP1106: 5/6/2011 9:36:39 PM - System Checkpoint
RP1107: 5/8/2011 3:24:52 PM - System Checkpoint
RP1108: 5/9/2011 8:46:25 PM - System Checkpoint
RP1109: 5/11/2011 12:00:36 PM - System Checkpoint
RP1110: 5/11/2011 3:28:02 PM - Software Distribution Service 3.0
RP1111: 5/12/2011 6:17:08 PM - System Checkpoint
RP1112: 5/13/2011 8:48:57 PM - System Checkpoint
RP1113: 5/14/2011 9:22:10 PM - System Checkpoint
RP1114: 5/17/2011 5:42:13 PM - System Checkpoint
RP1115: 5/18/2011 7:25:37 PM - System Checkpoint
RP1116: 5/19/2011 8:14:54 PM - System Checkpoint
RP1117: 5/22/2011 1:48:08 PM - System Checkpoint
RP1118: 5/23/2011 6:52:31 PM - System Checkpoint
RP1119: 5/25/2011 5:36:59 PM - System Checkpoint
RP1120: 5/26/2011 9:33:27 PM - System Checkpoint
RP1121: 5/29/2011 11:06:11 AM - System Checkpoint
RP1122: 5/30/2011 3:35:45 PM - System Checkpoint
RP1123: 6/7/2011 3:21:40 PM - Software Distribution Service 3.0
RP1124: 6/8/2011 6:04:12 PM - System Checkpoint
RP1125: 6/10/2011 9:12:28 AM - System Checkpoint
RP1126: 6/11/2011 8:45:51 AM - Removed Skype™ 5.3
RP1127: 6/11/2011 8:53:38 AM - Removed Skype Toolbars
RP1128: 6/15/2011 4:54:50 PM - Software Distribution Service 3.0
RP1129: 6/15/2011 9:38:04 PM - Software Distribution Service 3.0
RP1130: 6/17/2011 8:28:49 PM - System Checkpoint
RP1131: 6/18/2011 8:53:43 AM - Installed HiJackThis
RP1132: 7/4/2011 4:04:00 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
3ivx MPEG-4 5.0.3 (remove only)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.0
Adobe Shockwave Player 11.5
AiO_Scan_CDA
AiOSoftwareNPI
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Explorer
AOL Spyware Protection
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
BufferChm
C4100
c4100_Help
Conexant HD Audio
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Customer Experience Enhancement
CustomerResearchQFolder
Destinations
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
Easy Internet Sign-up
eSupportQFolder
Fax_CDA
FlipShare
GearDrvs
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Game Console and games
HP Help and Support
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0.A
HP Photosmart Premier Software 6.5
HP QuickPlay 2.0
HP Rhapsody
HP Solution Center 7.0
HP User Guides--System Recovery
HP User Guides 0019
HP Wireless Assistant 2.00 C1
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
InstantShareDevices
InstantShareDevicesMFC
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
J2SE Runtime Environment 5.0 Update 6
K-Lite Codec Pack
LightScribe 1.4.56.1
Malwarebytes' Anti-Malware version 1.51.0.1200
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft Money Plus
Microsoft Money Shared Libraries
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel Viewer
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
muvee autoProducer 4.5
NavFit98A
Netscape Browser (remove only)
NewCopy_CDA
OCR Software by I.R.I.S 7.0
Office 2003 Trial Assistant
OptionalContentQFolder
PanoStandAlone
PhotoGallery
ProductContextNPI
Quick Launch Buttons 5.20 F2
QuickTime
RandMap
Readme
RealPlayer
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
SkinsHP1
Skype™ 5.3
SlideShow
SolutionCenter
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
Status
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TourSetup
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Virtools 3D Life Player
vShare Plugin
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
Wireless Home Network Setup
XML Paper Specification Shared Components Pack 1.0
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Print-at-Home Tool
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
7/4/2011 9:43:57 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/4/2011 9:36:40 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eabfiltr Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
7/4/2011 3:38:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/4/2011 12:40:41 PM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
7/4/2011 12:37:18 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
7/4/2011 12:37:18 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/4/2011 12:37:18 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/4/2011 12:37:18 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
7/4/2011 12:37:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/4/2011 12:36:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/4/2011 12:27:44 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde PCIIde ViaIde
7/4/2011 12:27:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect.
7/4/2011 12:27:44 PM, error: Service Control Manager [7000] - The Spybot-S&D 2 Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================


Thank you!
kingman
Active Member
 
Posts: 2
Joined: July 4th, 2011, 4:19 pm
Advertisement
Register to Remove

Re: Internet search re-directing - DDS logs posted

Unread postby Gary R » July 7th, 2011, 1:50 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Internet search re-directing - DDS logs posted

Unread postby Gary R » July 7th, 2011, 1:59 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi kingman

I'm Gary R, I'll be glad to help you with your computer problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
Important As I said earlier removing Malware is a potentially hazardous thing to do, so to increase our chances of recovery in the event of something unexpected happening, I'd like you to make a backup of your Registry before we start to clean your computer.
  • Download ERUNT to your desktop
  • Alternate Download
  • Double-click on erunt_setup.exe to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


OK, there's a few things in your DDS log need taking care of, there's some other things need attention as well, but we'll deal with them once we've got rid of your infection.

First

Please download Unhide.exe to your Desktop.

  • Double click Unhide.exe to run the program.
The program will remove the +H attribute on all the files on your hard drive. If you have puposely hidden any files, you will have to re-hide them.

NextDownload ComboFix from one of these locations and save it to your Desktop: (if you already have a copy of Combofix, delete it and use this version)

Link 1
Link 2

IMPORTANT !!! ComboFix.exe must be run from your Desktop

  • Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. There are details for disabling many programmes here.
  • Double click on ComboFix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install Microsoft Windows Recovery Console.

**Please note: If Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image

Once Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you.

Please include this log in your next reply. ......... (it can also be found at C:\ComboFix.txt)

IMPORTANT
  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.
If you have any problems with these instructions, a detailed Tutorial for how to use Combofix is available here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Internet search re-directing - DDS logs posted

Unread postby kingman » July 8th, 2011, 6:15 pm

Thanks for responding. I will work on it here this weekend and go through the steps you supplied.
kingman
Active Member
 
Posts: 2
Joined: July 4th, 2011, 4:19 pm

Re: Internet search re-directing - DDS logs posted

Unread postby Gary R » July 12th, 2011, 12:58 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 111 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware