Jump to content

Recommended Posts

Hi Guys, I Cannot get rid of this redirect, I DONT UNDERSTAND.  I got rid of the ransomware, but this redirect from google still remains.  Help!  Logs below

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18975
Run by Bill at 8:00:26 on 2014-01-31
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.2039.1198 [GMT -8:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Windows\system32\SearchIndexer.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\AOL\1203820559\ee\aolsoftware.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\Explorer.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.





BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [AWworks] regsvr32.exe c:\users\bill\appdata\local\awworks\ctlOffice8.dll
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [sunJavaUpdateReg] "c:\windows\system32\jureg.exe" -delete
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HostManager] c:\program files\common files\aol\1203820559\ee\AOLSoftware.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-Explorer: TaskbarNoNotification = dword:1
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: TaskbarNoNotification = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{91EC5EB3-F542-466D-891D-7110EF549105} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2014-1-30 30976]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2014-01-31 09:30:51 -------- d-----w- C:\AdwCleaner
2014-01-31 09:09:03 -------- d-----w- c:\program files\CCleaner
2014-01-31 08:45:16 72704 ----a-w- c:\windows\system32\admparse.dll
2014-01-31 07:23:01 -------- d-----w- c:\windows\ERUNT
2014-01-31 07:06:06 -------- d-----w- c:\users\bill\appdata\roaming\Malwarebytes
2014-01-31 07:05:49 -------- d-----w- c:\programdata\Malwarebytes
2014-01-31 07:05:48 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-31 07:05:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-31 06:56:42 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{dfbe908c-6c43-46a7-b333-6ccd4d91f31e}\mpengine.dll
2014-01-31 06:08:12 84992 ----a-w- C:\ResetPassword.exe
2014-01-31 05:48:57 30976 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-01-31 05:33:32 -------- d-----w- c:\programdata\HitmanPro
2014-01-02 17:31:49 -------- d-----w- c:\users\bill\appdata\roaming\HpUpdate
2014-01-02 17:31:47 -------- d-----w- c:\windows\Hewlett-Packard
.
==================== Find3M  ====================
.
2014-01-16 17:59:46 231584 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH:  8:00:43.76 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/3/2008 12:45:14 AM
System Uptime: 1/31/2014 7:01:30 AM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | Lancaster8
Processor: Intel® Pentium® Dual  CPU  E2160  @ 1.80GHz | CPU 1 | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 326 GiB total, 239.422 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 0.898 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0002
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0002
Service: tunnel
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Compact Flash  
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20021111153705700&0#
Manufacturer: Generic-
Name: Compact Flash  
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20021111153705700&0#
Service: WUDFRd
.
==== System Restore Points ===================
.
RP1041: 11/26/2013 9:33:50 AM - Windows Update
RP1042: 11/26/2013 9:38:43 AM - Windows Update
RP1043: 11/27/2013 8:11:01 PM - Windows Update
RP1044: 11/28/2013 8:58:30 PM - Windows Update
RP1045: 11/29/2013 11:26:42 AM - Windows Update
RP1046: 11/29/2013 10:24:43 PM - Windows Update
RP1047: 11/30/2013 9:46:31 AM - Windows Update
RP1048: 12/1/2013 10:41:45 AM - Windows Update
RP1049: 12/3/2013 8:46:36 AM - Windows Update
RP1050: 12/3/2013 8:50:04 AM - Windows Update
RP1051: 12/4/2013 8:57:13 AM - Windows Update
RP1052: 12/6/2013 10:09:27 PM - Windows Update
RP1053: 12/6/2013 10:14:51 PM - Windows Update
RP1054: 12/7/2013 9:11:11 PM - Windows Update
RP1055: 12/8/2013 9:03:05 AM - Windows Update
RP1056: 12/9/2013 9:21:51 AM - Windows Update
RP1057: 12/9/2013 11:34:45 PM - Windows Update
RP1058: 12/10/2013 9:48:21 AM - Windows Update
RP1059: 12/11/2013 4:35:49 PM - Windows Update
RP1060: 12/12/2013 10:34:37 AM - Windows Update
RP1061: 12/13/2013 11:27:44 AM - Windows Update
RP1062: 12/13/2013 11:32:49 AM - Windows Update
RP1063: 12/14/2013 9:46:24 AM - Windows Update
RP1064: 12/15/2013 11:17:45 PM - Windows Update
RP1065: 12/16/2013 1:38:33 PM - Windows Update
RP1066: 12/17/2013 9:54:38 AM - Windows Update
RP1067: 12/17/2013 3:55:52 PM - Windows Update
RP1068: 12/18/2013 9:13:00 AM - Windows Update
RP1069: 12/19/2013 8:53:21 AM - Windows Update
RP1070: 12/19/2013 10:52:00 PM - Windows Update
RP1071: 1/8/2014 12:07:00 AM - Scheduled Checkpoint
RP1072: 1/30/2014 10:14:22 PM - Removed Adobe Reader 8.1.2
RP1073: 1/30/2014 10:17:08 PM - Removed HP Update.
RP1074: 1/30/2014 10:17:55 PM - Removed HP Advisor.
RP1076: 1/30/2014 10:25:30 PM - Removed HP Customer Experience Enhancements
RP1077: 1/30/2014 10:30:31 PM - Removed Comcast Desktop Software (v1.2.0.9)
RP1078: 1/30/2014 10:31:26 PM - Removed Java SE Runtime Environment 6 Update 1
RP1079: 1/30/2014 10:34:30 PM - Removed Snapfish Picture Mover
RP1080: 1/30/2014 10:39:56 PM - Removed LightScribe Template Labeler.
RP1081: 1/30/2014 10:45:22 PM - Windows Update
RP1082: 1/30/2014 10:55:38 PM - Windows Update
RP1083: 1/30/2014 11:03:33 PM - Removed RTC Client API v1.2
RP1084: 1/31/2014 12:44:34 AM - Windows Update
RP1085: 1/31/2014 12:46:45 AM - Windows Update
RP1086: 1/31/2014 1:31:47 AM - Windows Update
RP1087: 1/31/2014 3:00:22 AM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
AIO_Scan
AOL Uninstaller (Choose which Products to Remove)
BufferChm
C4200
C4200_doccd
c4200_Help
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Compatibility Pack for the 2007 Office system
Copy
CyberLink DVD Suite Deluxe
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
eSupportQFolder
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Feedback
HP Easy Setup - Frontend
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.5
HP Product Assistant
HP Smart Web Printing 4.60
HP Solution Center 9.0
HPDiagnosticAlert
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Intel® Graphics Media Accelerator Driver
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
OGA Notifier 2.0.0048.0
Picasa 3
Power2Go
PowerDirector
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
Python 2.5
Realtek High Definition Audio Driver
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
SmartWebPrinting
Soft Data Fax Modem with SmartCP
SolutionCenter
Status
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoToolkit01
WeatherBug Gadget
WebReg
.
==== Event Viewer Messages From Past Week ========
.
1/31/2014 7:50:58 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
1/31/2014 12:40:25 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  i8042prt
1/31/2014 1:43:31 AM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
1/31/2014 1:35:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2754670).
1/31/2014 1:26:11 AM, Error: Service Control Manager [7034]  - The XAudioService service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================
 

Link to post
Share on other sites

Hello bradnts! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.