Redirect Virus!

Dell INSPIRON 6000
March 8, 2010 at 17:12:26
Specs: Microsoft Windows XP Professional, 1.729 GHz / 1023 MB
Ok so for the last couple of days every search engine ( Ask, Google, Bing) has been redirecting me to these odd sites that are not the ones I was clicking. It also does the same thing on both Firefox and Explorer.It will no allow me to do System Restore.Both Superantispyware and Walwarebytes I need help please.
Also all the links before fully loading have a logo with what looks like a cursive 2 or a green globe. If that means anything or not.

See More: Redirect Virus!

Report •

#1
March 8, 2010 at 18:54:58
Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

You may need to download these to a cd, external drive, or usb drive and run it on the infected computer but first try to run it from the infected computer.

Please download Rkill from the following link.

Rkill

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. This link will help you disable them:

Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)

A black screen will appear and then disappear. Please do not worry, that is normal.

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the malware when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the malware . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of the guide.

Do not reboot your computer after running rkill as the malware programs will start again.


Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save both reports to your desktop then post them please.

As I didn't understand what you meant about Malwarebytes so open it, update it then run it again and post it log please.


Report •

#2
March 8, 2010 at 19:36:43
I need to do both exeHelper and Rkill?

Report •

#3
March 8, 2010 at 19:41:09
I have Superantispyware and Malwarebytes how would you disable them?

Report •

Related Solutions

#4
March 8, 2010 at 19:42:16
Yes, they are slightly different and remove/suspend different files.

Report •

#5
March 8, 2010 at 19:43:34
You can uninstall superantispyware unlees you paid for it and Malwarebytes does not need to be shut down.

Report •

#6
March 8, 2010 at 19:46:06
Ok thanks.

The exeHelper
exeHelper by Raktor
Build 20091220
Run at 21:34:49 on 03/08/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

And the Rkill
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as JULIAN on 03/08/2010 at 21:44:40.


Processes terminated by Rkill or while it was running:


C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\JULIAN\My Documents\Downloads\rkill.pif


Rkill completed on 03/08/2010 at 21:44:46.


Report •

#7
March 8, 2010 at 19:47:53
Is that it?

Report •

#8
March 8, 2010 at 19:54:11
No, scroll on down the post. We need the DDS scan reports, there will be two of them.

Report •

#9
March 8, 2010 at 19:57:49
Ok sorry

Report •

#10
March 8, 2010 at 20:05:57
DDS (Ver_09-12-01.01) - NTFSx86
Run by JULIAN at 22:02:08.35 on Mon 03/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.163 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2007 DVD\EDICT.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\JULIAN\My Documents\Downloads\exeHelper(2).com
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\JULIAN\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://www.google.com/
mSearchMigratedDefaultURL = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchURL = hxxp://www.google.com/
mSearchAssistant = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Encarta Web Companion Helper Object: {955be0b8-bc85-4caf-856e-8e0d8b610560} - c:\program files\common files\microsoft shared\encarta web companion\2007\ENCWCBAR.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Encarta Web Companion: {147d6308-0614-4112-89b1-31402f9b82c4} - c:\program files\common files\microsoft shared\encarta web companion\2007\ENCWCBAR.DLL
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [L07AXLRD_8924921] "c:\program files\microsoft student\microsoft student with encarta premium 2007 dvd\EDICT.EXE" -m
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [IntelZeroConfig] c:\program files\intel\wireless\bin\ZCfgSvc.exe
mRun: [<NO NAME>]
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\julian\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} - hxxp://simcity.ea.com/exchange/lots/teleport/MaxisSimCity4LotTeleX.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\julian\applic~1\mozilla\firefox\profiles\5q75ylt7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=0&l=dir&sknr=1
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-9-3 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 66632]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 12872]
RUnknown szkg5;szkg5; [x]
RUnknown szkgfs;szkgfs; [x]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-25 30192]
UnknownUnknown is3srv;is3srv; [x]

=============== Created Last 30 ================

2010-03-09 03:44:27 0 d--h--w- c:\windows\PIF
2010-03-09 00:51:47 744 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-03-09 00:44:12 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-03-09 00:39:52 0 d-----w- c:\program files\common files\iS3
2010-03-09 00:39:48 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-03-08 06:21:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-08 06:21:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-08 06:21:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-04 03:37:48 12423 ----a-w- C:\Play.docx
2010-03-04 03:37:34 14049 ----a-w- C:\Music on Culture.docx
2010-03-04 03:37:14 19834 ----a-w- C:\Music Chart.docx
2010-03-04 02:24:48 0 d-----w- c:\program files\common files\Uninstall

==================== Find3M ====================

2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2008-10-04 03:52:24 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100320081004\index.dat

============= FINISH: 22:04:17.67 ===============


Report •

#11
March 8, 2010 at 20:06:52
And the Attach
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/12/2008 6:58:20 PM
System Uptime: 3/8/2010 6:49:14 PM (4 hours ago)

Motherboard: Dell Inc. | |
Processor: Intel(R) Pentium(R) M processor 1.73GHz | Microprocessor | 1729/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 93 GiB total, 43.987 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\MEDIA\0000
Manufacturer:
Name:
PNP Device ID: ROOT\MEDIA\0000
Service:

==== System Restore Points ===================

RP219: 12/9/2009 3:00:46 AM - Software Distribution Service 3.0
RP220: 12/12/2009 11:57:02 AM - System Checkpoint
RP221: 12/13/2009 2:00:11 PM - System Checkpoint
RP222: 12/18/2009 3:17:49 PM - System Checkpoint
RP223: 1/3/2010 3:42:53 PM - System Checkpoint
RP224: 1/4/2010 8:08:42 PM - System Checkpoint
RP225: 1/6/2010 11:51:25 PM - System Checkpoint
RP226: 1/8/2010 5:57:46 PM - System Checkpoint
RP227: 1/10/2010 11:41:12 AM - System Checkpoint
RP228: 1/11/2010 5:48:34 PM - System Checkpoint
RP229: 1/12/2010 6:10:36 PM - System Checkpoint
RP230: 1/13/2010 4:21:44 PM - Software Distribution Service 3.0
RP231: 1/13/2010 4:37:33 PM - Restore Operation
RP232: 1/13/2010 4:44:43 PM - Software Distribution Service 3.0
RP233: 1/14/2010 6:05:21 PM - Software Distribution Service 3.0
RP234: 1/18/2010 9:30:15 PM - Restore Operation
RP235: 1/18/2010 9:43:33 PM - Restore Operation
RP236: 1/19/2010 4:35:17 PM - Software Distribution Service 3.0
RP237: 1/20/2010 3:00:12 PM - Software Distribution Service 3.0
RP238: 1/21/2010 3:00:18 AM - Software Distribution Service 3.0
RP239: 1/21/2010 6:05:22 PM - Software Distribution Service 3.0
RP240: 1/21/2010 11:15:50 PM - Software Distribution Service 3.0
RP241: 1/23/2010 9:29:48 AM - Software Distribution Service 3.0
RP242: 1/24/2010 12:33:14 PM - System Checkpoint
RP243: 1/30/2010 12:00:10 AM - System Checkpoint
RP244: 1/31/2010 1:34:11 AM - System Checkpoint
RP245: 2/1/2010 10:06:49 PM - System Checkpoint
RP246: 2/4/2010 5:26:27 PM - System Checkpoint
RP247: 2/5/2010 7:38:35 PM - System Checkpoint
RP248: 2/7/2010 9:08:52 PM - System Checkpoint
RP249: 2/8/2010 10:03:56 PM - System Checkpoint
RP250: 2/10/2010 12:28:48 AM - System Checkpoint
RP251: 2/11/2010 5:02:32 AM - Software Distribution Service 3.0
RP252: 2/12/2010 9:45:43 AM - System Checkpoint
RP253: 2/13/2010 9:26:32 PM - System Checkpoint
RP254: 2/17/2010 9:16:19 PM - System Checkpoint
RP255: 2/19/2010 10:26:41 PM - System Checkpoint
RP256: 2/24/2010 3:55:06 PM - Software Distribution Service 3.0
RP257: 2/27/2010 11:18:11 AM - System Checkpoint
RP258: 3/3/2010 7:14:45 AM - System Checkpoint
RP259: 3/6/2010 3:38:15 PM - System Checkpoint
RP260: 3/7/2010 4:15:08 PM - System Checkpoint
RP261: 3/8/2010 5:57:49 PM - Restore Operation
RP262: 3/8/2010 6:03:33 PM - Restore Operation
RP263: 3/8/2010 6:07:58 PM - Restore Operation
RP264: 3/8/2010 6:11:50 PM - Restore Operation
RP265: 3/8/2010 6:31:20 PM - Restore Operation
RP266: 3/8/2010 6:39:30 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP267: 3/8/2010 7:25:29 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP268: 3/8/2010 7:26:35 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP269: 3/8/2010 7:26:59 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bonjour
Broadcom 440x 10/100 Integrated Controller
C-Major Audio
Conexant D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Download Manager
Dell Resource CD
eMusic Download Manager 4.1.3.1
ESPNMotion
Express Rip
GemMaster Mystic
Golden Records Vinyl to CD Converter
Google Desktop
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) PROSet/Wireless Software
iTunes
Java(TM) 6 Update 10
K-Lite Mega Codec Pack 4.1.4
Learning Essentials for Microsoft Office
LimeWire 5.2.13
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Math
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Student 2007 for Learning Essentials
Microsoft Student with Encarta Premium 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.6)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
mToolkit
mWlsSafe
mXML
mZConfig
OpenOffice.org Installer 1.0
Otto
Prism Video Converter
QuickTime
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 Series (KB969878)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SimCity™ Societies
Sonic Encoders
SoundTap Streaming Audio Recorder
SUPERAntiSpyware Free Edition
Switch Sound File Converter
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
WavePad Sound Editor
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows System Scanner
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

3/8/2010 6:55:26 PM, error: Service Control Manager [7034] - The STOPzilla Service service terminated unexpectedly. It has done this 1 time(s).
3/8/2010 6:24:28 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/8/2010 6:19:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
3/8/2010 6:19:22 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2010 6:19:22 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2010 6:19:22 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2010 6:19:22 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2010 6:19:22 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2010 6:19:22 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/8/2010 6:19:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/8/2010 5:31:40 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
3/8/2010 5:31:13 PM, error: w29n51 [5031] - \DEVICE\{77706B99-E315-4AFB-A3B0-B767609D0D50} : The adapter has detected an Adapter Check as a result of some unrecoverable hardware of software error. Please contact your service provider.
3/8/2010 5:31:13 PM, error: w29n51 [5010] - \DEVICE\{77706B99-E315-4AFB-A3B0-B767609D0D50} : The adapter has returned an invalid value to the driver.
3/8/2010 5:31:13 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
3/8/2010 5:15:35 PM, error: PlugPlayManager [12] - The device 'TSSTcorp DVD+-RW TS-L532B' (IDE\CdRomTSSTcorp_DVD+-RW_TS-L532B_______________DE03____\3030303237343130323420202020202020202020) disappeared from the system without first being prepared for removal.
3/7/2010 8:50:05 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
3/7/2010 11:47:59 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
3/7/2010 11:47:59 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
3/7/2010 1:26:59 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Updater Service service to connect.
3/7/2010 1:26:59 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
3/7/2010 1:19:01 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file setup.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
3/6/2010 10:40:54 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.

==== End Of File ===========================


Report •

#12
March 8, 2010 at 20:08:42
The Malwarebytes is scanning right now.
By the way thank you for the help I was about to lose my mind.

Report •

#13
March 8, 2010 at 20:42:34
I don't see an antivirus program running, you need to install one.

You can download the free version of AVG antivirus at this link:
AVG Free Antivirus

Update it once you get it installed.

You need to uninstall LimeWire at least until we get your computer clean as it ib known to harbor spyware.

Go to start> control panel> click the Java icon> update tab> update now and allow Java to update. If you are prompted for any add-ons uncheck the box and continue. The newest Java is version 6 update 18.

Please download Combofix with internet explorer instead of FireFox.

Remember..your AVG antivirus must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#14
March 8, 2010 at 20:50:42
What do you mean I have Malwarebytes running now.
I thought I already deleted Limewire? I can't seem to find it.

Report •

#15
March 8, 2010 at 21:32:37
Malwarebytes' Anti-Malware 1.44
Database version: 3838
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/8/2010 11:31:21 PM
mbam-log-2010-03-08 (23-31-21).txt

Scan type: Full Scan (C:\|)
Objects scanned: 271511
Time elapsed: 1 hour(s), 25 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Report •

#16
March 8, 2010 at 23:01:55
Thank you so much! Everything is working perfectly.

Report •

#17
March 9, 2010 at 03:37:51
Glad we could help.

Report •

#18
April 14, 2010 at 18:06:46
I'm having the same problem with the virus that presents a green globe logo or a cursive 2 someone please help

Report •

Ask Question