Internet Explorer redirects Virus thread cannot be removed

poorrich
Deleted Member
 
0
 

I have spend over 10 hours trying to find a solution using the internet.
I have had McAfee virus removal team working on it for two days and they could not remove the virus in the thread. I ran Malwarebytes and DDS this did not remove the problem, can you help? I ran both tools in safe mode and Malwarebytes states that it removed all virus'. Here is my dds.txt

.
DDS (Ver_2011-06-03.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Run by HP_Administrator at 23:25:00 on 2011-06-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.641 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.

Thank you for the help

Attachments attach.txt (24.39 KB)
The attachment preview is chopped off after the first 10 KB. Please download the entire file.
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/15/2007 9:33:12 PM
System Uptime: 6/4/2011 11:21:39 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | Puffer2  
Processor:               Intel(R) Pentium(R) 4 CPU 3.20GHz | CPU 1 | 3201/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 179 GiB total, 137.405 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 0.863 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A0B103C&REV_10\4&23C0B1C&0&10F0
Manufacturer: Realtek
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A0B103C&REV_10\4&23C0B1C&0&10F0
Service: rtl8139
.
Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Description: 
Device ID: ROOT\MONITOR\0000
Manufacturer: HP
Name: 
PNP Device ID: ROOT\MONITOR\0000
Service: 
.
==== System Restore Points ===================
.
RP2: 6/1/2011 11:51:52 PM - System Checkpoint
RP3: 6/2/2011 2:06:36 PM - Software Distribution Service 3.0
RP4: 6/2/2011 9:11:58 PM - Removed Bing Maps 3D
RP5: 6/2/2011 9:15:54 PM - Removed Google Earth.
RP6: 6/2/2011 9:19:15 PM - Removed Microsoft WorldWide Telescope
RP7: 6/3/2011 12:16:33 PM - Software Distribution Service 3.0
RP8: 6/4/2011 12:50:07 PM - Software Distribution Service 3.0
RP9: 6/4/2011 3:00:17 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
1000Tour
1200
1200_Help
1200Trb
Acrobat.com
ActivePerl 5.10.0 Build 1005
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.1.3
Agere Systems PCI Soft Modem
AI RoboForm (All Users)
AiO_Scan
AiOSoftware
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aptana Studio 2.0
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
Auslogics Disk Defrag
Batch Image Resizer 3.5
Bonjour
BufferChm
Cartes du Ciel
ColorPic
Conduit Engine
Copy
Coupon Printer for Windows
CP_AtenaShokunin1Config
cp_dwSharkTaleAlbums1
cp_dwSharkTaleCards1
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CP_PLSBusinessFlyers
CreativeProjects
CreativeProjectsTemplates
CueTour
Destinations
Director
DocProc
DocumentViewer
e-Sword
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
Eudora
Evernote v. 4.3.1
FastCGI 1.5 (x86) RTW
Fax
FileZilla Client 3.4.0
FreeMind
GIMP 2.6.8
Google Chrome
Google Update Helper
GoToMeeting 4.5.0.458
GTK+ 2.8.18-1 runtime environment
Help and Support Additions
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet Preloaded Printer Drivers
HP Diagnostic Assistant
HP Image Zone 4.5.3
HP Image Zone for Media Center PC
HP Image Zone Plus 4.5.3
HP LCD Monitor Driver Software 2.00
HP PSC & OfficeJet 4.0
HP Tunes
HP Update
HPIZplus450
HPODiscovery
HpSdpAppCoreApp
ImageMixer VCD2 for FinePix
InfraRecorder
InstantShare
IntelliMover Data Transfer Demo
InterVideo DiscLabel
InterVideo WinDVD Creator
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 10
Jarte 4.3
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 13
Java(TM) 6 Update 15
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Jing
Junk Mail filter update
Keyword Blueprint 2
LAME v3.98.3 for Audacity
LS_HSI
Malwarebytes' Anti-Malware version 1.51.0.1200
Market Samurai
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Standard Edition 2003
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Visual Studio Web Authoring Component
Microsoft Works
Microsoft XML Parser
MicroStaff WINASPI
Mozilla Firefox 4.0.1 (x86 en-US)
MR97113
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 3.5 magicMoments - HPD
muvee autoProducer unPlugged - HPD
MySQL Connector Net 6.1.3
Nero OEM
neroxml
NETGEAR GA311 Gigabit Adapter
NETGEAR GA311 Smart Wizard Utility
OpenOffice.org 3.1
Otto
PanoStandAlone
PC-Doctor for Windows
Peachtree Accounting 2005
PhotoGallery
PhotoJoy
PhotoJoy Bar Toolbar
PHP 5.2.13
PHP Editor 2.22
PrintScreen
ProductContext
QFolder
QuickProjects
QuickTime
Readme
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376
mbam-log-2011-06-04_(23-01-36).txt (2.35 KB)
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6773

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

6/4/2011 11:01:36 PM
mbam-log-2011-06-04 (23-01-36).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 377236
Time elapsed: 45 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FX - Video Converter (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Value: wxfw.dll -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=196&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\all users\application data\06462523 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\hp_administrator\application data\Sun\Java\deployment\cache\6.0\41\4d5a3e9-565fd2b3 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\hp_administrator\my documents\video converter\videoconvertersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\program files\foxtabvideoconverter\uninstall\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b9823275-d858-498b-a4dc-c4eeda322f67}\RP6\A0002656.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\06462523\06462523.cfg (Rogue.Multiple) -> Quarantined and deleted successfully.
 
0
 

Hi and welcome to the Daniweb forums :).

==========

Please do not double post for the same problem and please do not attach logs as requested.
You need to also post the Gmer logs.
The log that you did post is incomplete, so you will have to repost it.
Tools should be run in normal mode unless the virus prevents you from doing so. This is especially true of MBA-M which needs to have its service running.
So basically, you have to start over :).

 
0
 

Which one is current thread? old one should be removed.

 
0
 

old one should be removed.

Sorry, I'll do it now.

You
This article has been dead for over six months: Start a new discussion instead
Post:
Start New Discussion
View similar articles that have also been tagged: