Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1] 2 3 ... 7  All   Go Down

Author Topic: Google Redirect  (Read 48128 times)

0 Members and 1 Guest are viewing this topic.

Kerjifire

  • Guest
Google Redirect
« on: February 24, 2010, 03:48:08 AM »
When ever i click on a link Google redirects me to random sites. I read about ppls atapi.sys being infected.

This is my log 1/40 for the scan
http://www.virustotal.com/analisis/b4df1d2c56a593c6b54de57395e3b51d288f547842893b32b0f59228a0cf70b9-1267008170
« Last Edit: February 24, 2010, 04:22:50 AM by Kerjifire »
Logged

Dr Jay

  • Malware Removal Specialist


    • Specialist
  • Moderator emeritus
    • Thanked: 119
  • Experience: Guru
  • OS: Windows 10
Re: Google Redirect
« Reply #1 on: February 24, 2010, 07:47:05 AM »
Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.
Logged
~Dr Jay

Kerjifire

  • Guest
Re: Google Redirect
« Reply #2 on: February 24, 2010, 11:38:40 PM »
the Combofix won't load, like the green blocks reach the end, but the Blue Cmd Screen doesn't pop-up ???, oh & i forgot to mention that my Malwarebytes, Super-Antispyware & Ad-aware free r not updating
Logged

Kerjifire

  • Guest
Re: Google Redirect
« Reply #3 on: February 25, 2010, 12:55:47 AM »
Sorry About Double Post But I loaded combofix for around 1 hr & it finally worked but i'm still getting redirects. Heres my log

ComboFix 10-02-24.03 - S Chung 25/02/2010  18:33:34.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2047.1494 [GMT 11:00]
Running from: c:\documents and settings\S Chung\Desktop\ \Downloadz\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\S Chung\Application Data\.#
c:\windows\system32\spool\prtprocs\w32x86\00002642.tmp
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
(((((((((((((((((((((((((   Files Created from 2010-01-25 to 2010-02-25  )))))))))))))))))))))))))))))))
.

2010-02-23 11:21 . 2010-02-23 11:21   --------   d-----w-   c:\program files\Combined Community Codec Pack
2010-02-23 11:16 . 2009-06-07 05:24   180224   ----a-w-   c:\windows\system32\xvidvfw.dll
2010-02-23 11:16 . 2009-06-07 05:16   819200   ----a-w-   c:\windows\system32\xvidcore.dll
2010-02-23 11:16 . 2010-02-23 11:16   --------   d-----w-   c:\program files\Xvid
2010-02-23 05:53 . 2010-02-23 05:58   --------   d-----w-   c:\program files\MegaLeecher
2010-02-22 07:22 . 2010-02-24 12:04   --------   d-----w-   c:\documents and settings\S Chung\Application Data\uTorrent
2010-02-19 07:58 . 2010-01-07 05:07   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-19 07:58 . 2010-02-19 07:58   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-02-19 07:58 . 2010-01-07 05:07   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-02-18 08:44 . 2010-02-18 08:44   --------   dc-h--w-   c:\documents and settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-18 08:44 . 2010-02-04 15:53   2954656   -c--a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-18 08:30 . 2010-02-18 08:30   15880   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-02-18 08:29 . 2010-02-18 08:29   163728   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-02-18 08:29 . 2010-02-18 08:29   327000   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-02-18 08:29 . 2010-02-18 08:29   87496   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-02-16 09:48 . 2010-02-16 09:48   180224   ----a-w-   c:\windows\system32\WinVd32.sys
2010-02-16 09:48 . 2010-02-16 09:48   7680   ----a-w-   c:\windows\system32\WinFLsrv.exe
2010-02-16 06:37 . 2010-02-16 06:54   --------   d-----w-   c:\program files\Audio Mid Recorder
2010-02-13 05:29 . 2010-02-13 05:29   --------   d-----w-   c:\documents and settings\S Chung\Application Data\dvdcss
2010-02-12 11:04 . 2010-02-13 08:37   --------   d-----w-   c:\documents and settings\S Chung\Application Data\vlc
2010-02-11 06:29 . 2010-02-22 07:22   --------   d-----w-   c:\program files\uTorrent
2010-02-10 11:12 . 2010-02-10 11:12   --------   d-----w-   c:\documents and settings\S Chung\Application Data\AVS4YOU
2010-02-10 11:09 . 2008-08-13 00:22   1700352   ----a-w-   c:\windows\system32\GdiPlus.dll
2010-02-09 11:13 . 2010-02-17 09:39   --------   d-----w-   c:\documents and settings\S Chung\Local Settings\Application Data\Adobe
2010-02-09 11:13 . 2010-02-09 11:13   --------   d-----w-   c:\program files\Common Files\Adobe
2010-02-07 16:41 . 2010-02-07 16:41   86016   ----a-w-   c:\windows\system32\frapsvid.dll
2010-02-06 11:20 . 2010-02-11 18:42   162512   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2010-02-06 11:20 . 2010-02-11 18:38   19024   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2010-02-06 11:20 . 2010-02-11 18:39   23376   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2010-02-06 11:20 . 2010-02-11 18:42   46672   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2010-02-06 11:20 . 2010-02-11 18:38   100432   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2010-02-06 11:20 . 2010-02-11 18:38   94800   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2010-02-06 11:20 . 2010-02-11 18:38   28880   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2010-02-06 11:19 . 2010-02-11 18:53   38848   ----a-w-   c:\windows\system32\avastSS.scr
2010-02-06 11:19 . 2010-02-11 18:53   153184   ----a-w-   c:\windows\system32\aswBoot.exe
2010-02-04 20:09 . 2010-02-04 20:09   503808   ----a-w-   c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6a350d-n\msvcp71.dll
2010-02-04 20:09 . 2010-02-04 20:09   348160   ----a-w-   c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6a350d-n\msvcr71.dll
2010-02-04 20:09 . 2010-02-04 20:09   499712   ----a-w-   c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4d6a350d-n\jmc.dll
2010-02-04 20:09 . 2010-02-04 20:09   61440   ----a-w-   c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-43519142-n\decora-sse.dll
2010-02-04 20:09 . 2010-02-04 20:09   12800   ----a-w-   c:\documents and settings\M Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-43519142-n\decora-d3d.dll
2010-02-04 20:08 . 2010-02-04 20:08   --------   d-----w-   c:\documents and settings\M Chung\Local Settings\Application Data\Symantec
2010-02-04 20:04 . 2010-02-04 20:04   --------   d-----w-   c:\documents and settings\M Chung\Application Data\Logitech
2010-02-02 08:19 . 2010-02-02 08:20   --------   d-----w-   c:\program files\Hypersnap
2010-01-29 11:38 . 2010-01-29 11:38   --------   d-----w-   c:\documents and settings\S Chung\Local Settings\Application Data\RapidSolution
2010-01-28 10:32 . 2010-01-28 10:32   --------   d-----w-   c:\program files\New Folder
2010-01-28 09:46 . 2010-01-28 09:46   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\ATI
2010-01-28 09:05 . 2010-01-28 09:05   10134   ----a-r-   c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{638965F2-4A84-F3D5-DE33-FE6A8B1EF01C}\ARPPRODUCTICON.exe
2010-01-28 08:44 . 2007-09-14 10:05   593920   ------w-   c:\windows\system32\ati2sgag.exe
2010-01-28 08:33 . 2010-01-28 08:33   --------   d-----w-   c:\program files\ATI
2010-01-28 07:03 . 2010-01-28 07:03   9158   ----a-r-   c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2010-01-28 07:03 . 2010-01-28 07:11   --------   d-----w-   c:\program files\Common Files\ATI Technologies
2010-01-26 21:20 . 2010-01-26 21:20   --------   d-----w-   c:\documents and settings\S Chung\Local Settings\Application Data\Logitech
2010-01-26 11:20 . 2006-08-01 04:02   49152   ----a-w-   c:\windows\system32\ChCfg.exe
2010-01-26 11:20 . 2010-01-26 11:20   --------   d-----w-   c:\program files\Realtek AC97
2010-01-26 11:18 . 2009-12-14 01:33   53248   ----a-w-   c:\windows\system32\CSVer.dll
2010-01-26 09:29 . 2010-01-26 09:29   --------   d-----w-   c:\program files\Driver-Soft

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-25 06:33 . 2007-06-21 11:13   --------   d---a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-02-24 11:28 . 2010-02-24 11:30   2971136   ----a-w-   c:\windows\Internet Logs\xDB2E.tmp
2010-02-24 11:28 . 2010-02-24 11:30   1784832   ----a-w-   c:\windows\Internet Logs\xDB2D.tmp
2010-02-23 11:21 . 2009-07-02 01:31   --------   d-----w-   c:\program files\DivX
2010-02-23 11:20 . 2009-07-02 01:31   --------   d-----w-   c:\program files\Common Files\DivX Shared
2010-02-23 10:37 . 2010-02-23 10:39   2961408   ----a-w-   c:\windows\Internet Logs\xDB2C.tmp
2010-02-23 10:37 . 2010-02-23 10:39   3003904   ----a-w-   c:\windows\Internet Logs\xDB2B.tmp
2010-02-23 07:43 . 2008-08-03 09:07   401408   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGMResource.dll
2010-02-23 07:43 . 2008-08-03 09:07   765952   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\NGMDll.dll
2010-02-21 11:15 . 2009-11-27 05:41   --------   d-----w-   c:\documents and settings\S Chung\Application Data\Skype
2010-02-21 11:12 . 2008-09-02 07:30   --------   d-----r-   c:\program files\Skype
2010-02-21 11:11 . 2008-09-02 07:30   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Skype
2010-02-21 10:37 . 2010-01-26 03:06   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-02-18 08:44 . 2008-04-25 05:16   --------   d-----w-   c:\program files\Lavasoft
2010-02-18 08:30 . 2009-12-26 11:06   862040   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-02-18 08:30 . 2009-12-26 11:06   206944   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-02-18 08:30 . 2009-12-26 11:06   390288   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-02-18 08:29 . 2009-12-26 11:06   537576   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-02-18 08:29 . 2009-12-26 11:06   389784   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-18 08:29 . 2009-12-26 11:05   6296864   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-02-18 08:29 . 2009-12-26 11:05   933120   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-18 08:29 . 2010-01-23 08:44   3803208   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-18 08:29 . 2009-12-26 11:05   816784   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-02-18 08:29 . 2009-12-26 11:05   823928   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-18 08:29 . 2009-12-26 11:05   1643272   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-18 08:29 . 2009-12-26 11:05   788880   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-18 08:29 . 2009-12-26 11:05   1181328   ----a-w-   c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-17 09:29 . 2010-01-26 01:28   117760   ----a-w-   c:\documents and settings\S Chung\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-17 09:28 . 2009-06-07 06:33   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-02-16 06:35 . 2007-08-25 04:54   --------   d-----w-   c:\program files\Common Files\AVSMedia
2010-02-16 06:35 . 2009-12-07 02:03   --------   d-----w-   c:\program files\AVS4YOU
2010-02-16 06:25 . 2009-11-26 08:15   --------   d-----w-   c:\program files\Mp3tag
2010-02-14 00:27 . 2010-01-26 03:06   --------   d-----w-   c:\program files\Spyware Doctor
2010-02-10 09:47 . 2010-02-10 09:48   1260032   ----a-w-   c:\windows\Internet Logs\xDB2A.tmp
2010-02-04 20:04 . 2007-06-17 06:59   149440   ----a-w-   c:\documents and settings\M Chung\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-04 15:53 . 2009-12-26 11:07   64288   ----a-w-   c:\windows\system32\drivers\Lbd.sys
2010-02-03 11:32 . 2008-08-23 11:04   --------   d-----w-   c:\program files\Sun
2010-02-03 11:30 . 2005-04-09 08:52   --------   d-----w-   c:\program files\Java
2010-02-02 08:37 . 2005-04-06 13:23   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-02-02 08:37 . 2009-10-27 10:01   --------   d-----w-   c:\program files\Macromedia
2010-02-02 08:37 . 2009-10-27 10:03   --------   d-----w-   c:\program files\Common Files\Macromedia
2010-01-29 07:54 . 2010-01-18 04:54   --------   d-----w-   c:\documents and settings\S Chung\Application Data\Auslogics
2010-01-29 07:48 . 2010-01-18 04:54   --------   d-----w-   c:\program files\Auslogics
2010-01-28 10:02 . 2009-07-23 10:26   --------   d-----w-   c:\program files\Paint.NET
2010-01-28 09:58 . 2009-06-21 02:44   149440   ----a-w-   c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-28 09:09 . 2009-10-25 04:12   --------   d-----w-   c:\program files\ATI Technologies
2010-01-27 05:12 . 2008-07-03 07:37   215104   ----a-w-   c:\windows\system32\PnkBstrB.exe
2010-01-27 04:38 . 2008-07-03 07:38   138576   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2010-01-27 01:44 . 2009-10-25 05:09   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-01-26 21:21 . 2009-05-26 08:12   --------   d-----w-   c:\program files\Logitech
2010-01-26 21:17 . 2009-05-26 08:12   --------   d-----w-   c:\program files\Common Files\Logitech
2010-01-26 04:16 . 2010-01-26 04:16   --------   d-----w-   c:\documents and settings\S Chung\Application Data\Simply Super Software
2010-01-26 04:16 . 2010-01-26 04:16   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Simply Super Software
2010-01-26 03:06 . 2010-01-26 03:06   --------   d-----w-   c:\documents and settings\S Chung\Application Data\PC Tools
2010-01-26 01:32 . 2010-01-26 01:28   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-01-26 01:31 . 2010-01-26 01:31   52224   ----a-w-   c:\documents and settings\S Chung\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-26 01:28 . 2010-01-26 01:28   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-01-26 01:28 . 2010-01-26 01:28   65024   ----a-r-   c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2010-01-26 01:28 . 2010-01-26 01:28   5120   ----a-r-   c:\documents and settings\S Chung\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
2010-01-26 01:28 . 2010-01-26 01:28   --------   d-----w-   c:\documents and settings\S Chung\Application Data\SUPERAntiSpyware.com
2010-01-25 11:41 . 2009-12-14 08:01   --------   d-----w-   c:\program files\Replay Music 3
2010-01-25 06:03 . 2010-01-25 05:56   --------   d-----w-   c:\documents and settings\S Chung\Application Data\Error Fix
2010-01-25 06:02 . 2010-01-25 05:56   --------   d-----w-   c:\program files\Error Fix
2010-01-25 05:37 . 2005-04-09 08:52   --------   d-----w-   c:\program files\Common Files\Java
2010-01-25 05:36 . 2010-01-25 05:36   61440   ----a-w-   c:\documents and settings\S Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5c4c06a6-n\decora-sse.dll
2010-01-25 05:36 . 2010-01-25 05:36   503808   ----a-w-   c:\documents and settings\S Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-20410059-n\msvcp71.dll
2010-01-25 05:36 . 2010-01-25 05:36   499712   ----a-w-   c:\documents and settings\S Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-20410059-n\jmc.dll
2010-01-25 05:36 . 2010-01-25 05:36   348160   ----a-w-   c:\documents and settings\S Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-20410059-n\msvcr71.dll
2010-01-25 05:36 . 2010-01-25 05:36   12800   ----a-w-   c:\documents and settings\S Chung\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5c4c06a6-n\decora-d3d.dll
2010-01-25 05:03 . 2010-01-25 05:03   --------   d-----w-   c:\documents and settings\S Chung\Application Data\ScanSoft
2010-01-25 05:03 . 2010-01-25 05:03   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\SSScanWizard
2010-01-25 05:03 . 2010-01-25 05:03   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\SSScanAppDataDir
2010-01-25 05:03 . 2007-02-03 10:28   --------   d-----w-   c:\program files\Common Files\ScanSoft Shared
2010-01-25 04:58 . 2010-01-25 04:58   --------   d-----w-   c:\program files\ArcSoft
2010-01-25 04:56 . 2006-02-07 12:05   --------   d-----w-   c:\program files\Canon
2010-01-25 00:06 . 2010-01-24 10:55   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
2010-01-24 23:46 . 2010-01-24 23:58   140288   ----a-w-   c:\windows\Internet Logs\xDB29.tmp
2010-01-24 10:55 . 2008-07-05 13:36   --------   d-----w-   c:\program files\Alwil Software
2010-01-23 08:34 . 2005-04-30 13:35   --------   d-----w-   c:\program files\QuickTime
2010-01-23 08:31 . 2008-12-08 03:22   --------   d-----w-   c:\program files\Common Files\Apple
2010-01-23 08:30 . 2008-08-18 08:54   --------   d-----w-   c:\program files\Apple Software Update
2010-01-23 00:41 . 2010-01-23 00:41   --------   d-----w-   c:\documents and settings\S Chung\Application Data\Logitech
2010-01-23 00:38 . 2010-01-23 00:38   --------   d-----w-   c:\documents and settings\S Chung\Application Data\Leadertech
2010-01-23 00:38 . 2009-05-26 08:25   --------   d-----w-   c:\program files\Common Files\Logishrd
2010-01-23 00:38 . 2009-05-26 08:27   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\LogiShrd
2010-01-23 00:36 . 2010-01-23 00:36   --------   d-----w-   c:\documents and settings\All Users.WINDOWS\Application Data\Logitech
2010-01-23 00:09 . 2010-01-23 00:11   2403840   ----a-w-   c:\windows\Internet Logs\xDB28.tmp
2010-01-22 23:33 . 2010-01-22 23:39   2400768   ----a-w-   c:\windows\Internet Logs\xDB27.tmp
2010-01-22 06:58 . 2010-01-22 07:38   2399744   ----a-w-   c:\windows\Internet Logs\xDB26.tmp
2010-01-22 06:58 . 2010-01-22 07:38   49664   ----a-w-   c:\windows\Internet Logs\xDB25.tmp
2010-01-22 05:17 . 2007-11-11 03:37   4828308   ----a-w-   c:\windows\Internet Logs\tvDebug.Zip
2010-01-21 05:10 . 2010-01-21 07:34   69120   ----a-w-   c:\windows\Internet Logs\xDB24.tmp
2010-01-20 22:07 . 2009-03-28 02:51   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-01-18 06:15 . 2010-01-18 06:17   2381312   ----a-w-   c:\windows\Internet Logs\xDB23.tmp
2010-01-18 06:15 . 2010-01-18 06:17   65024   ----a-w-   c:\windows\Internet Logs\xDB22.tmp
2010-01-17 03:38 . 2010-01-17 03:39   58880   ----a-w-   c:\windows\Internet Logs\xDB21.tmp
2010-01-16 08:21 . 2010-01-16 23:22   134656   ----a-w-   c:\windows\Internet Logs\xDB20.tmp
2009-12-31 16:50 . 2004-08-04 12:00   353792   ----a-w-   c:\windows\system32\drivers\srv.sys
2009-12-31 07:08 . 2009-12-31 07:08   10134   ----a-r-   c:\documents and settings\M Chung\Application Data\Microsoft\Installer\{638965F2-4A84-F3D5-DE33-FE6A8B1EF01C}\ARPPRODUCTICON.exe
2009-12-27 05:50 . 2009-12-28 00:52   204800   ----a-w-   c:\windows\Internet Logs\xDB1F.tmp
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
2000-01-01 00:00 . 2000-01-01 00:00   23   --sh--r-   c:\windows\mtlid64s2.dat
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\System32\eventlog.dll ... is missing !!
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 08:22   333192   ----a-w-   c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-01-22 67128]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-24 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"DNTVSchedulerProTray Icon"="c:\program files\DNTV Scheduler Pro\DNTVSchedulerProTray.exe" [2009-03-14 167936]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 98304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 03:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 01:28   72208   ----a-w-   c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0sprestrt\0sprestrt\0sprestrt\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Battle For Middle Earth I\\game.dat"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Call of Duty Modern Warfare\\iw3mp.exe"=
"c:\\Documents and Settings\\All Users.WINDOWS\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"h:\\Nexon\\Combat Arms\\NMService.exe"=
"h:\combat arms\CombatArms.exe"= h:\combat arms\CombatArms.exe:*Enabled:CombatArms.exe
"h:\combat arms\Engine.exe"= h:\combat arms\Engine.exe:*Enabled:Engine.exe
"h:\\Combat Arms\\NMService.exe"=
"h:\\Prince of Persia\\Prince of Persia.exe"=
"h:\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"h:\\BFME2\\game.dat"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\S Chung\\Desktop\\ \\Downloadz\\utorrent(2).exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58508:TCP"= 58508:TCP:Pando Media Booster
"58508:UDP"= 58508:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26/12/2009 10:07 PM 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [26/01/2010 2:06 PM 207792]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/02/2010 10:20 PM 162512]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/11/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/11/2009 8:43 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/02/2010 10:20 PM 19024]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [26/01/2010 2:08 PM 112592]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [23/01/2010 11:38 AM 10384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19/02/2010 6:58 PM 236368]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [16/02/2010 8:48 PM 17984]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19/02/2010 6:58 PM 19160]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 DNTVSchedulerPro;DNTV Scheduler Pro Service;c:\program files\DNTV Scheduler Pro\wrapper.exe -s wrapper.conf --> c:\program files\DNTV Scheduler Pro\wrapper.exe -s wrapper.conf [?]
S2 gupdate1ca0c3d8ecb7ade;Google Update Service (gupdate1ca0c3d8ecb7ade);c:\program files\Google\Update\GoogleUpdate.exe [24/07/2009 8:03 PM 133104]
S2 msrvc;msrvc;c:\ssrcc\msrvc.exe --> c:\ssrcc\msrvc.exe [?]
S2 ssrcc;ssrcc;c:\ssrcc\ssrcc.exe --> c:\ssrcc\ssrcc.exe [?]
S3 gagp440p;gAGP440p;

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [5/02/2010 2:52 AM 1228208]
S3 lwadihid;Logitech WingMan Digital Devices(Auto-Detect);c:\windows\system32\drivers\LwAdiHid.sys [24/06/2008 8:01 PM 20864]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\A.tmp --> c:\windows\system32\A.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/11/2009 8:43 AM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [26/01/2010 2:10 PM 359624]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:52]

2010-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34]

2010-02-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-02 09:01]

2009-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5adf3171372.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 09:02]

2009-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 09:02]

2010-02-19 c:\windows\Tasks\Malwarebytes' Scheduled Scan for S Chung.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2010-02-19 05:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: buttongenerator.com
Trusted Zone: wtso.net\www
TCP: {871466D7-BD14-429F-A174-40DED368A122} = 93.188.163.113,93.188.161.83
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\S Chung\Application Data\Mozilla\Firefox\Profiles\6gx4gbbr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: c:\documents and settings\All Users.WINDOWS\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-25 18:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


c:\windows\system32\sys_drv.dat 9036 bytes
c:\windows\system32\sys_drv_2.dat 6024 bytes
c:\windows\system32\WinFLdrv.sys 17984 bytes executable
c:\documents and settings\S Chung\Application Data\systemfl.$dk 990 bytes

scan completed successfully
hidden files: 4

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8A6278C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf765bf28
\Driver\ACPI -> ACPI.sys @ 0xf758ecb8
\Driver\atapi -> atapi.sys @ 0xf7483b3a
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
 ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e668e
 ParseProcedure -> ntoskrnl.exe @ 0x8057b6b1
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1644)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\S Chung\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1412)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-25  18:51:29
ComboFix-quarantined-files.txt  2010-02-25 07:51
ComboFix2.txt  2010-02-04 08:28

Pre-Run: 20,544,013,824 bytes free
Post-Run: 20,515,973,120 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\="Unidentified operating system on drive C."

- - End Of File - - 338F557B0607EB00986C291F98BBD68B
« Last Edit: February 25, 2010, 01:13:17 AM by Kerjifire »
Logged

Dr Jay

  • Malware Removal Specialist


    • Specialist
  • Moderator emeritus
    • Thanked: 119
  • Experience: Guru
  • OS: Windows 10
Re: Google Redirect
« Reply #4 on: February 25, 2010, 07:56:12 AM »
Please download <a href="http://www.helpmyos.com/Cheetah-php-h15.htm?cheetah.zip" target="_blank">Cheetah-Anti-Rogue[/url], and save to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.cmd to start.
  • It will finish quickly and launch a log.
  • Post the contents of it in your next reply.
Logged
~Dr Jay

Kerjifire

  • Guest
Re: Google Redirect
« Reply #5 on: February 25, 2010, 10:48:26 PM »
Cheetah-Anti-Rogue v1.3.11
by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]
Date: 26/02/2010 - Time: 16:47:57 - Arch.: x86
 
 
-- Malware removal tools check --
CCleaner
Malwarebytes' Anti-Malware
SUPERAntiSpyware
 
 
-- Known infection --
 
 
 
Extra message: Detection only.
 
 
EOF
Logged

Dr Jay

  • Malware Removal Specialist


    • Specialist
  • Moderator emeritus
    • Thanked: 119
  • Experience: Guru
  • OS: Windows 10
Re: Google Redirect
« Reply #6 on: February 25, 2010, 11:03:39 PM »
Please open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.
Logged
~Dr Jay

Kerjifire

  • Guest
Re: Google Redirect
« Reply #7 on: February 26, 2010, 01:14:20 AM »
My Malwarebytes won't update. Virus ???, oh & i got the BSOD when first starting the scan

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

26/02/2010 7:13:12 PM
mbam-log-2010-02-26 (19-13-12).txt

Scan type: Quick Scan
Objects scanned: 172933
Time elapsed: 17 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Logged

Dr Jay

  • Malware Removal Specialist


    • Specialist
  • Moderator emeritus
    • Thanked: 119
  • Experience: Guru
  • OS: Windows 10
Re: Google Redirect
« Reply #8 on: February 26, 2010, 03:47:00 PM »
Download WhoCrashed from here
This program checks for any drivers which may have been causing your computer to crash....

Click on the file you just downloaded and run it.
Put a tick in Accept then click on Next
Put a tick in the Don't create a start menu folder then click Next
Put a tick in Create a Desktop Icon then click on Install and make sure there is a tick in Launch Whocrashed before clicking Finish
Click Analyze
It will want to download the Debugger and install it  Say Yes

WhoCrashed will create report but you have to scroll down to see it
Copy and paste it into your next reply
Logged
~Dr Jay

Kerjifire

  • Guest
Re: Google Redirect
« Reply #9 on: February 26, 2010, 04:38:11 PM »
Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.


No valid crash dumps have been found on your computer


--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

Crash dumps are enabled and no valid crash dumps have been found on your computer. In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.
Logged

Dr Jay

  • Malware Removal Specialist


    • Specialist
  • Moderator emeritus
    • Thanked: 119
  • Experience: Guru
  • OS: Windows 10
Re: Google Redirect
« Reply #10 on: February 26, 2010, 04:51:46 PM »
Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.
Please close all other applications running on your system.

Please double click GetSystemInfo.exe to open it.

Click the Settings button.



Set it to Maximum



  IMPORTANT! Then please click Customize - choose Driver / Ports tab and uncheck Scan Ports.


Click Create Report to run it.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.
Logged
~Dr Jay

Kerjifire

  • Guest
Re: Google Redirect
« Reply #11 on: February 26, 2010, 06:04:09 PM »
Logged

Dr Jay

  • Malware Removal Specialist


    • Specialist
  • Moderator emeritus
    • Thanked: 119
  • Experience: Guru
  • OS: Windows 10
Re: Google Redirect
« Reply #12 on: February 27, 2010, 08:39:06 AM »
Download OTL  to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
c:\$recycle.bin\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
nvstor32.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
ahcix86.sys
srsvc.dll
nvrd32.sys
/md5stop
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
Logged
~Dr Jay

Kerjifire

  • Guest
Re: Google Redirect
« Reply #13 on: February 27, 2010, 09:41:24 PM »
it keeps on going Not Responding when i leave it for 15m alone.
Logged

Dr Jay

  • Malware Removal Specialist


    • Specialist
  • Moderator emeritus
    • Thanked: 119
  • Experience: Guru
  • OS: Windows 10
Re: Google Redirect
« Reply #14 on: February 27, 2010, 09:42:17 PM »
Please download OTS by OldTimer and save it to your Desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS to start the program (if you are running on Vista then right-click the program and
    choose Run as Administrator).
  • At the top, tick on Scan All Users section
  • At File Age set it to 90 Days
  • In the Processes, Modules, Services, Drivers, and Registry
     section, please set on Safe List.
  • In the Files Created Within and Files Modified Within section, set it to File Age
  • At the bottom, tick on all Safe List and Use Company Name WhiteList option
  • Under Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:
      Reg - Disabled MS Config Items
      Reg - Drivers32
      Reg - Ext
      Reg - IE
      Explorer Bar
      Reg - NetSvcs
      Reg - Safeboot Minimal
      Reg - Safeboot Network
      File - Lop Check
      File - Purity Scan
    • Do NOT change any other settings.
    • Now click the Run Scan button on the toolbar.
    • Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
    Logged
    ~Dr Jay
    Pages: [1] 2 3 ... 7  All   Go Up
    « previous next »