Active Firefox Google DNS redirect loop hijack

niallmckenna · 2009/05/09

[Active]Firefox Google DNS redirect loop hijack

Hi there, a couple of days ago I was attempting to stream a video from a website and the website asked me to install a program in order to view it. Stupidly I did this and as soon as I did I knew it was malware. Since then my firefox home page has been hijacked and I get a redirection loop error message stating the below ....

Redirection limit for this URL exceeded. Unable to load the requested page. This may be caused by cookies that are blocked.

The browser has stopped trying to retrieve the requested item. The site is

redirecting the request in a way that will never complete.

* Have you disabled or blocked cookies required by this site?

* NOTE: If accepting the site's cookies does not resolve the problem, it is probably a server configuration

issue and not your computer

Anyway, I have done a similar thing before and the same thing happened, although I used the information on this website to clear it perviously, this time none of these fixes would work.

I have tried to use spybot but it wouldn't run. I have used a program called prevX 3.0 which I had to pay for and which fixed it the last time but hasn't this time around. I have used ComboFix, malware bytes, anti spy, ad adware CC Cleaner and several others and none of these have fixed the problem with firefox but have removed other malware.

Please can some one help me fix firefox as I'm a web designer and need it working asap and I really dont know what to do.

FYI I have Vista OS.

Many Thanks in advance

Please see my logs below as requested...

DDS (Ver_09-03-16.01) - NTFSx86
Run by Niall at 13:09:47.90 on 09/05/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.353.1033.18.2038.856 [GMT 1:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\sttray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Niall\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\users\niall\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF
IE: Convert link target to Adobe PDF
IE: Convert link target to existing PDF
IE: Convert selected links to Adobe PDF
IE: Convert selected links to existing PDF
IE: Convert selection to Adobe PDF
IE: Convert selection to existing PDF
IE: Convert to Adobe PDF
IE: E&xport to Microsoft Excel
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\niall\appdata\roaming\mozilla\firefox\profiles\2k8v40ox.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\users\niall\appdata\roaming\mozilla\firefox\profiles\2k8v40ox.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-5-4 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-5-4 27656]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-7 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-7 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-4-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-5-7 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-7 298776]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2009-5-4 4368952]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 7408]
S2 gupdate1c9c68016fbe410;Google Update Service (gupdate1c9c68016fbe410);c:\program files\google\update\GoogleUpdate.exe [2009-4-26 133104]
S3 AK;AK;c:\users\niall\appdata\local\temp\ak.exe --> c:\users\niall\appdata\local\temp\AK.exe [?]
S3 EK;EK;c:\users\niall\appdata\local\temp\ek.exe --> c:\users\niall\appdata\local\temp\EK.exe [?]

=============== Created Last 30 ================

2009-05-08 19:20 <DIR> --d----- C:\ComboFix
2009-05-07 20:52 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-05-07 00:39 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-07 00:39 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 00:39 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-07 00:39 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-05-06 23:03 <DIR> --d----- c:\users\niall\appdata\roaming\Antispyware
2009-05-06 21:38 161,792 a------- c:\windows\SWREG.exe
2009-05-06 21:38 98,816 a------- c:\windows\sed.exe
2009-05-05 23:55 <DIR> --d----- c:\programdata\avg8
2009-05-05 23:55 <DIR> --d----- c:\program files\AVG
2009-05-05 23:55 <DIR> --d----- c:\progra~2\avg8
2009-05-05 22:59 <DIR> --d----- c:\users\niall\appdata\roaming\Malwarebytes
2009-05-05 22:59 <DIR> --d----- c:\programdata\Malwarebytes
2009-05-05 22:59 <DIR> --d----- c:\progra~2\Malwarebytes
2009-05-05 20:54 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-05-05 20:54 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-05-05 20:54 <DIR> --d----- c:\users\niall\appdata\roaming\SUPERAntiSpyware.com
2009-05-05 20:54 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-04 19:15 27,656 a------- c:\windows\system32\drivers\pxsec.sys
2009-05-04 19:15 22,024 a------- c:\windows\system32\drivers\pxscan.sys
2009-05-04 19:15 <DIR> --d----- c:\program files\Prevx
2009-05-04 19:14 <DIR> --d----- c:\programdata\PrevxCSI
2009-05-04 19:14 <DIR> --d----- c:\progra~2\PrevxCSI
2009-04-25 05:50 <DIR> --d----- c:\users\niall\appdata\roaming\Spotify
2009-04-25 05:50 <DIR> --d----- c:\program files\Spotify
2009-04-14 21:24 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-14 21:22 1,383,424 a------- c:\windows\system32\mshtml.tlb

==================== Find3M ====================

2009-05-07 22:57 691 a------- c:\users\niall\appdata\roaming\GetValue.vbs
2009-05-07 22:57 35 a------- c:\users\niall\appdata\roaming\SetValue.bat
2009-04-30 21:49 1,604 a------- c:\users\niall\appdata\roaming\wklnhst.dat
2009-04-10 16:02 51,200 a------- c:\windows\inf\infpub.dat
2009-04-10 16:02 143,360 a------- c:\windows\inf\infstrng.dat
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 14:38 86,016 a------- c:\windows\inf\infstor.dat
2009-03-17 04:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 04:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 04:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-03 05:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 05:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 05:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-03 05:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 05:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 05:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 05:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-03 05:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 05:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 05:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-03 04:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 03:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-03 03:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-02-14 18:48 56 a---h--- c:\programdata\ezsidmv.dat
2009-02-14 18:48 56 a---h--- c:\progra~2\ezsidmv.dat
2009-02-13 09:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 09:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-02-09 04:10 2,033,152 a------- c:\windows\system32\win32k.sys
2008-09-28 17:04 174 a--sh--- c:\program files\desktop.ini
2008-09-28 16:38 665,600 a------- c:\windows\inf\drvindex.dat
2008-06-20 23:31 47,360 a------- c:\users\niall\appdata\roaming\pcouffin.sys
2007-12-23 18:46 86,664 a------- c:\users\niall\appdata\roaming\GDIPFONTCACHEV1.DAT
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-10-29 15:53 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2007-10-29 15:53 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2007-10-29 15:53 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 13:10:47.87 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 26/10/2007 01:27:57
System Uptime: 05/09/2009 05:34:27 (-2848 hours ago)

Motherboard: Dell Inc. | | 0KD882
Processor: Genuine Intel(R) CPU T2130 @ 1.86GHz | Microprocessor | 1867/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 137 GiB total, 14.971 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.206 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {ff646f80-8def-11d2-9449-00105a075f6b}
Description: pcouffin device ...
Device ID: ROOT\PCOUFFIN\0000
Manufacturer:
Name: pcouffin device ...
PNP Device ID: ROOT\PCOUFFIN\0000
Service:

==== System Restore Points ===================

RP491: 05/05/2009 23:54:51 - Installed AVG Free 8.5
RP493: 06/05/2009 20:00:53 - Avg8 Update
RP495: 06/05/2009 21:31:58 - Removed SUPERAntiSpyware Free Edition
RP496: 06/05/2009 23:01:57 - Installed Antispyware
RP497: 06/05/2009 23:12:23 - Removed Antispyware
RP498: 07/05/2009 00:29:27 - Removed Microsoft Visual C++ 2005 Redistributable
RP499: 07/05/2009 00:38:04 - Removed Skypeâ„¢ 4.0
RP501: 07/05/2009 20:27:32 - Avg8 Update
RP502: 07/05/2009 23:14:13 - Installed SUPERAntiSpyware Free Edition
RP503: 08/05/2009 23:24:49 - Scheduled Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional - English, FranÃ§ais, Deutsch
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 8.1.2
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
BitTornado 0.3.18
Bonjour
Browser Address Error Redirector
CoffeeCup Free FTP
Conexant HDA D110 MDC V.92 Modem
Dell System Customization Wizard
Dell Wireless WLAN Card
Digimax Master
Digital Line Detect
DVDFab Platinum 4.1.2.0
Easy MP3 Converter 1.27
FoxyTunes for Firefox
Google Chrome
Google Toolbar for Firefox
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
LimeWire 5.1.2
Macromedia Extension Manager
Macromedia Flash 8 Video Encoder
MediaDirect
Microsoft Visual C Runtime
Microsoft Works
MobileMe Control Panel
Modem Diagnostic Tool
Mozilla Firefox (3.0.10)
Mozilla Thunderbird (2.0.0.21)
MP3 Wav Editor 2.4
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
Nero 8
neroxml
NetWaiting
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Nokia PC Suite
Nokia Software Launcher
OpenOffice.org 3.0
OutlookAddinSetup
PC Connectivity Solution
PDF Settings
Prevx 3.0
QuickSet
QuickTime
RealPlayer
Safari
Samsung USB Driver
SigmaTel Audio
Sonic Activation Module
Sothink SWF Decompiler
Spotify
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
User's Guides
VCRedistSetup
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia Modem (10/27/2008 3.9)
Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Player Firefox Plugin
WinRAR archiver

==== Event Viewer Messages From Past Week ========

07/05/2009 20:59:11, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
07/05/2009 20:52:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
07/05/2009 20:44:00, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 SASKUTIL spldr Wanarpv6
07/05/2009 20:24:54, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
07/05/2009 20:24:54, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
06/05/2009 21:56:46, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL
06/05/2009 21:08:27, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL spldr Wanarpv6
06/05/2009 21:08:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
06/05/2009 21:08:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
06/05/2009 21:08:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments " " in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
06/05/2009 21:08:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
06/05/2009 21:07:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
06/05/2009 19:59:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments " " in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
06/05/2009 19:58:58, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
06/05/2009 19:58:58, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/05/2009 21:37:35, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AK service to connect.
05/05/2009 21:37:35, Error: Service Control Manager [7000] - The AK service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/05/2009 21:37:01, Error: Service Control Manager [7030] - The AK service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
05/05/2009 20:22:34, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the EK service to connect.
05/05/2009 20:22:34, Error: Service Control Manager [7000] - The EK service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/05/2009 20:22:01, Error: Service Control Manager [7030] - The EK service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
05/05/2009 19:41:47, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
05/05/2009 19:40:47, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the FLEXnet Licensing Service service to connect.
05/05/2009 19:40:47, Error: Service Control Manager [7000] - The FLEXnet Licensing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/05/2009 19:40:18, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
05/05/2009 19:40:18, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/05/2009 19:40:17, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments " " in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
05/05/2009 19:36:20, Error: EventLog [6008] - The previous system shutdown at 19:35:31 on 05/05/2009 was unexpected.
05/05/2009 19:05:10, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001DD93DE945 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
03/05/2009 15:51:14, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001DD93DE945 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

broni · 2009/05/15

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under Configuration and Preferences, click the Preferences button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* Back on the main screen, under Scan for Harmful Software click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
NOTE: Tracking cookies may be omitted from the log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackThis log.
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Log in or Sign up

Active Firefox Google DNS redirect loop hijack

niallmckenna Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Active Firefox Google DNS redirect loop hijack

niallmckenna Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches