Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Google redirect problem  (Read 17455 times)

0 Members and 1 Guest are viewing this topic.

bicyclist

    Topic Starter


    Rookie

    • Experience: Beginner
    • OS: Windows XP
    Google redirect problem
    « on: June 10, 2011, 07:40:33 PM »
    Hello,

    I am having a problem when using Google.  When I click on the search results I am usually directed to other websites that sometimes are related to the topic I searched.  If I go back one page while the computer is being redirected and then hit the same desired search result again, the computer is usually not redirected and instead goes to the desired webpage.  Sometimes I have to go back and forth several times to get to the desired webpage.   

    Also I am having problems connecting to the internet and I think it might be related to the redirect problem--happened about the same time.   I also don't have any sound coming from my speakers--I did not notice when that problem started.   

    I've scanned the computer with PC Tools Spyware Doctor and Shield Deluxe Services virus checkers and they can't find the infection.  I'm running Microsoft Windows XP, Version 2002, Service Pack 3.

    Please help.



    SuperDave

    • Malware Removal Specialist


    • Genius
    • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Google redirect problem
    « Reply #1 on: June 10, 2011, 07:55:48 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *********************************************************
    SUPERAntiSpyware

    If you already have SUPERAntiSpyware be sure to check for updates before scanning!


    Download SuperAntispyware Free Edition (SAS)
    * Double-click the icon on your desktop to run the installer.
    * When asked to Update the program definitions, click Yes
    * If you encounter any problems while downloading the updates, manually download and unzip them from here
    * Next click the Preferences button.

    •Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
    * Click the Scanning Control tab.
    * Under Scanner Options make sure only the following are checked:

    •Close browsers before scanning
    •Scan for tracking cookies
    •Terminate memory threats before quarantining
    Please leave the others unchecked

    •Click the Close button to leave the control center screen.

    * On the main screen click Scan your computer
    * On the left check the box for the drive you are scanning.
    * On the right choose Perform Complete Scan
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete a summary box will appear. Click OK
    * Make sure everything in the white box has a check next to it, then click Next
    * It will quarantine what it found and if it asks if you want to reboot, click Yes

    •To retrieve the removal information please do the following:
    •After reboot, double-click the SUPERAntiSpyware icon on your desktop.
    •Click Preferences. Click the Statistics/Logs tab.

    •Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

    •It will open in your default text editor (preferably Notepad).
    •Save the notepad file to your desktop by clicking (in notepad) File > Save As...

    * Save the log somewhere you can easily find it. (normally the desktop)
    * Click close and close again to exit the program.
    *Copy and Paste the log in your post.
    *******************************************
    Please download Malwarebytes Anti-Malware from here.
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
    ***********************************************
    Download DDS from HERE or HERE and save it to your desktop.

    Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

    * XP users Double click on dds to run it.
    * If your antivirus or firewall try to block DDS then please allow it to run.
    * When finished DDS will open two (2) logs.

    1) DDS.txt
    2) Attach.txt

    * Save both logs to your desktop.
    * Please copy and paste the entire contents of both logs in your next reply.

    Note: DDS will instruct you to post the Attach.txt log as an attachment.
    Please just post it as you would any other log by copying and pasting it into the reply.
    Windows 8 and Windows 10 dual boot with two SSD's

    bicyclist

      Topic Starter


      Rookie

      • Experience: Beginner
      • OS: Windows XP
      Re: Google redirect problem
      « Reply #2 on: June 13, 2011, 03:31:31 PM »
      Hi Dave,

      Thank you for responding and helping me with my problem.  The SuperAntiSpyware (SAS) doesn't seem to be running on my computer.  Maybe the infection recognizes it and does not let it run?   I do not get the SAS control center screen mentioned in your instructions (the prompts for Update, Preferences, Start-Up Options, etc.).  So I never get to the scan command.  :(   

      Here is a little more detail.  After downloading SAS and pasting the file to my desktop and clicking on the SAS icon on the desktop, I get a window from my other spyware software that asks me if I want to run the SAS.  I then clicked on the "run" in that window and the computer goes back to desktop view with the SAS icon highlighted and the only other activity is the hourglass appears occasionally next to my pointer/arrow. 

      I also heard a little murmur/electronic sound coming from my computer as though something was engaging.  I let SAS "run" (?) in this fashion for an hour or two and nothing happened.  I then deleted SAS and downloaded it again and then tried to run it again for about ten minutes with no luck.   

      By the way, I did check on the SAS file size (10.8 MB) on my computer and therefore I think SAS has downloaded successfully onto my computer.

      What should I do next?  ???  Maybe I need to run the SAS for several hours or overnight?  I don't have problems running other  programs such as the word processing software or the other anti-spyware programs on my computer.  I'm stumped. 

      SuperDave

      • Malware Removal Specialist


      • Genius
      • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: Google redirect problem
      « Reply #3 on: June 13, 2011, 05:57:43 PM »
      Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
      Save Rkill to your desktop.

      There are 7 different versions. If one of them won't run then download and try to run the other one.
       
      Vista and Win7 users need to right click Rkill and choose Run as Administrator
       

      You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

      * Rkill.exe
      * Rkill.com
      * Rkill.scr
      * WiNlOgOn.exe
      * uSeRiNiT.exe
      * iExplore.exe
      * eXplorer.exe
      Once you've gotten one of them to run then try to immediately run the following.

      Now try running MBAM, SAS and DDS and post the logs.
      If that still doesn't work, re-boot in Safe Mode with NetWorking and run MBAM. Reboot in Normal mode and try running MBAM again

      Here's how to get into Safe Mode.
      Windows 8 and Windows 10 dual boot with two SSD's

      bicyclist

        Topic Starter


        Rookie

        • Experience: Beginner
        • OS: Windows XP
        Re: Google redirect problem
        « Reply #4 on: June 14, 2011, 02:05:34 PM »
        I think Rkill did not run; I tried all seven versions you listed.  I got a similar message for all those versions:  "Processes terminated by Rkill or while it was running:   Rkill completed on 06/13/2011 at 20:54:18."  While that message was being generated, I tried to run SAS and it did not run (SAS icon highlighted only).  :( 

        As you instructed, I downloaded and installed Malwarebytes Anti-Malware (MBAM) while in normal mode, rebooted the system in "Safe Mode with Networking", and tried unsuccessfully to run MBAM in Safe Mode.  :(  I don't have problems running other programs such as my word processing software while in Safe Mode.

        By the way, I did check on the MBAM file size (4.69 MB) installed on my computer and therefore I think MBAM is installed successfully.  The file I downloaded in order to install MBAM (mbam-setup.exe) was a larger file (7.37 MB).   

        What should I do next?  ???

        SuperDave

        • Malware Removal Specialist


        • Genius
        • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Google redirect problem
        « Reply #5 on: June 14, 2011, 05:12:10 PM »
        Did you try running the DDS scan?

        Please download ComboFix from BleepingComputer.com

        Alternate link: GeeksToGo.com

        and save it to your Desktop.
        It would be easiest to download using Internet Explorer.
        If you insist on using Firefox, make sure that your download settings are as follows:

        * Tools->Options->Main tab
        * Set to "Always ask me where to Save the files".

        Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
        Double click ComboFix.exe & follow the prompts.
        As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
        Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

        Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

        Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


        Click on Yes, to continue scanning for malware.
        When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

        If you have problems with ComboFix usage, see How to use ComboFix
        Windows 8 and Windows 10 dual boot with two SSD's

        bicyclist

          Topic Starter


          Rookie

          • Experience: Beginner
          • OS: Windows XP
          Re: Google redirect problem
          « Reply #6 on: June 26, 2011, 08:28:21 PM »
          Sorry for the delayed response; I had a sick family member. 

          The dds.txt scan results:

          .
          DDS (Ver_2011-06-12.02) - NTFSx86
          Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_07
          Run by User at 16:37:40 on 2011-06-14
          Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1527.1073 [GMT -7:00]
          .
          AV: The Shield Deluxe Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
          AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
          FW: McAfee Firewall *Enabled*
          .
          ============== Running Processes ===============
          .
          C:\WINDOWS\system32\svchost -k DcomLaunch
          svchost.exe
          C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Update Service\livesrv.exe
          C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\vsserv.exe
          svchost.exe
          svchost.exe
          svchost.exe
          C:\Program Files\Spyware Doctor\pctsAuxs.exe
          C:\Program Files\Spyware Doctor\pctsSvc.exe
          C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
          C:\Program Files\Spyware Doctor\pctsTray.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
          C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
          C:\Program Files\iTunes\iTunesHelper.exe
          C:\WINDOWS\system32\igfxtray.exe
          C:\WINDOWS\system32\igfxpers.exe
          C:\WINDOWS\system32\hkcmd.exe
          C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
          C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
          C:\Program Files\eFax Messenger 4.3\J2GTray.exe
          C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
          C:\Program Files\Psion\PsiWin\Psconsv.exe
          C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\Program Files\Alarm95\Alarm95.exe
          C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
          C:\PROGRA~1\Psion\PsiWin\Elogerr.exe
          C:\WINDOWS\System32\svchost.exe -k HTTPFilter
          C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
          C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
          C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\system32\svchost.exe -k netsvcs
          .
          ============== Pseudo HJT Report ===============
          .
          uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
          uSearchAssistant = hxxp://www.google.com/ie
          uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
          BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
          BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
          BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
          BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
          TB: The Shield Deluxe 2010 Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\the shield deluxe\the shield deluxe 2010\IEToolbar.dll
          TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
          uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
          uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
          mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
          mRun: [BitDefender Antiphishing Helper] "c:\program files\the shield deluxe\the shield deluxe 2010\IEShow.exe"
          mRun: [BDAgent] "c:\program files\the shield deluxe\the shield deluxe 2010\bdagent.exe"
          mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
          mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
          mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
          mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
          mRun: [Smapp] c:\program files\analog devices\soundmax\SMTray.exe
          mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
          mRun: [igfxtray] c:\windows\system32\igfxtray.exe
          mRun: [igfxpers] c:\windows\system32\igfxpers.exe
          mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
          mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
          mRun: [eFax 4.3] "c:\program files\efax messenger 4.3\J2GDllCmd.exe" /R
          mRun: [DrvLsnr] c:\program files\analog devices\soundmax\DrvLsnr.exe
          StartupFolder: c:\docume~1\user\startm~1\programs\startup\alarm9~2.lnk - c:\windows\winhelp.exe
          StartupFolder: c:\docume~1\user\startm~1\programs\startup\alarm9~1.lnk - c:\program files\alarm95\Alarm95.exe
          StartupFolder: c:\docume~1\user\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
          StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax43~1.lnk - c:\program files\efax messenger 4.3\J2GTray.exe
          StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
          StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\psiwin~1.lnk - c:\program files\psion\psiwin\Psconsv.exe
          StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\tew-424ub\WlanCU.exe
          IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
          IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
          IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
          IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
          IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
          Trusted Zone: google.com\earth
          Trusted Zone: internet
          Trusted Zone: mcafee.com
          DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
          DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
          DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
          DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
          DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
          TCP: DhcpNameServer = 192.168.1.1
          TCP: Interfaces\{BACC9A4A-C40D-46E4-9B44-F839EAFD5C13} : DhcpNameServer = 192.168.1.1
          Notify: igfxcui - igfxdev.dll
          AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
          SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
          .
          ================= FIREFOX ===================
          .
          FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\lc6vgsqt.default\
          FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
          FF - prefs.js: browser.search.selectedEngine - Secure Search
          FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
          FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
          FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\lc6vgsqt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
          FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\lc6vgsqt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
          FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
          FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
          FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
          FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
          FF - plugin: c:\program files\mozilla firefox\plugins\npJoostPlugin.dll
          FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
          FF - plugin: c:\program files\picasa2\npPicasa2.dll
          FF - plugin: c:\program files\picasa2\npPicasa3.dll
          .
          ============= SERVICES / DRIVERS ===============
          .
          R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2007-12-18 40840]
          R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-16 130936]
          R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2007-12-18 66952]
          R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2007-12-18 81288]
          R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [2010-3-6 20480]
          R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-9-17 152328]
          R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [2010-3-7 264576]
          S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-7-16 34248]
          S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-7-16 40552]
          S3 SjyPkt;SjyPkt;\??\c:\windows\system32\drivers\sjypkt.sys --> c:\windows\system32\drivers\SjyPkt.sys [?]
          .
          =============== Created Last 30 ================
          .
          2011-06-14 04:49:15   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
          2011-06-14 04:49:11   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
          2011-06-14 04:49:11   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
          .
          ==================== Find3M  ====================
          .
          .
          =================== ROOTKIT  ====================
          .
          Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
          Windows 5.1.2600 Disk: WDC_WD800JB-00JJC0 rev.05.01C05 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
          .
          device: opened successfully
          user: MBR read successfully
          .
          Disk trace:
          called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x88FC5EC5]<<
          _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x88570872; SUB DWORD [EBP-0x4], 0x8857012e; PUSH EDI; CALL 0xffffffffffffdf33;  }
          1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x898DCAB8]
          3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000005c[0x8971D8E8]
          5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E37D5] -> [0x8965D940]
          [0x891C0218] -> IRP_MJ_CREATE -> 0x88FC5EC5
          kernel: MBR read successfully
          _asm { CALL 0x115;  }
          detected disk devices:
          \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD800JB-00JJC0______________________05.01C05#5&31036641&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
          detected hooks:
          \Driver\atapi DriverStartIo -> 0x88FC5AEA
          user & kernel MBR OK
          sectors 156301486 (+255): user != kernel
          Warning: possible TDL3 rootkit infection !
          .
          ============= FINISH: 16:41:17.98 ===============


          The attach.txt file:

          .
          UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
          IF REQUESTED, ZIP IT UP & ATTACH IT
          .
          DDS (Ver_2011-06-12.02)
          .
          Microsoft Windows XP Professional
          Boot Device: \Device\HarddiskVolume1
          Install Date: 2/3/2007 3:05:34 PM
          System Uptime: 6/14/2011 11:56:59 AM (5 hours ago)
          .
          Motherboard: Hewlett-Packard |  | 090Ch
          Processor:               Intel(R) Pentium(R) 4 CPU 2.80GHz | XU1 PROCESSOR | 2792/533mhz
          .
          ==== Disk Partitions =========================
          .
          C: is FIXED (NTFS) - 75 GiB total, 54.458 GiB free.
          D: is CDROM ()
          E: is Removable
          F: is Removable
          G: is Removable
          H: is Removable
          .
          ==== Disabled Device Manager Items =============
          .
          ==== System Restore Points ===================
          .
          RP1: 6/10/2011 11:23:04 AM - System Checkpoint
          .
          ==== Installed Programs ======================
          .
          Adobe AIR
          Adobe Flash Player 10 Plugin
          Adobe Flash Player ActiveX
          Adobe Reader 9.4.0
          Alarm95
          ArcSoft PhotoImpression 4
          Audacity 1.2.6
          Broadcom Management Programs
          Broadcom NetXtreme Ethernet Controller
          Camera Driver
          Compatibility Pack for the 2007 Office system
          Critical Update for Windows Media Player 11 (KB959772)
          eFax Messenger 4.3
          GIMP 2.4.5
          Google Desktop
          Google Earth
          Google Photos Screensaver
          Google Toolbar for Firefox
          Google Toolbar for Internet Explorer
          Google Update Helper
          Google Updater
          GTK+ Runtime 2.12.8 rev a (remove only)
          Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
          Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
          Hotfix for Windows Internet Explorer 7 (KB947864)
          Hotfix for Windows Media Format 11 SDK (KB929399)
          Hotfix for Windows Media Player 11 (KB939683)
          Hotfix for Windows XP (KB2158563)
          Hotfix for Windows XP (KB2443685)
          Hotfix for Windows XP (KB952287)
          Hotfix for Windows XP (KB954550-v5)
          Hotfix for Windows XP (KB961118)
          Hotfix for Windows XP (KB970653-v3)
          Hotfix for Windows XP (KB976098-v2)
          Hotfix for Windows XP (KB979306)
          Hotfix for Windows XP (KB981793)
          Intel(R) Extreme Graphics 2 Driver
          iTunes
          Java(TM) 6 Update 4
          Java(TM) 6 Update 7
          Joost (tm) Beta 1.1.4
          LizardTech DjVu Control
          Malwarebytes' Anti-Malware
          McAfee Security Scan Plus
          MediaCoder 0.6.1
          Microsoft .NET Framework 1.1
          Microsoft .NET Framework 1.1 Security Update (KB2416447)
          Microsoft .NET Framework 1.1 Security Update (KB979906)
          Microsoft .NET Framework 2.0 Service Pack 2
          Microsoft .NET Framework 3.0 Service Pack 2
          Microsoft .NET Framework 3.5 SP1
          Microsoft Compression Client Pack 1.0 for Windows XP
          Microsoft Internationalized Domain Names Mitigation APIs
          Microsoft Money
          Microsoft National Language Support Downlevel APIs
          Microsoft Office Excel Viewer
          Microsoft Office Word Viewer 2003
          Microsoft User-Mode Driver Framework Feature Pack 1.0
          Miro
          Mozilla Firefox 4.0.1 (x86 en-US)
          Mozilla Thunderbird (2.0.0.17)
          MSXML 6.0 Parser (KB933579)
          OpenOffice.org 2.4
          Picasa 3
          Pidgin
          POV-Ray for Windows v3.6.1b
          PsiWin 2.3
          QuickTime
          Rhapsody Player Engine
          Santa Clara County Water Wise Gardening
          Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
          Security Update for Windows Internet Explorer 7 (KB938127)
          Security Update for Windows Internet Explorer 7 (KB942615)
          Security Update for Windows Internet Explorer 7 (KB950759)
          Security Update for Windows Internet Explorer 7 (KB953838)
          Security Update for Windows Internet Explorer 7 (KB956390)
          Security Update for Windows Internet Explorer 7 (KB958215)
          Security Update for Windows Internet Explorer 7 (KB960714)
          Security Update for Windows Internet Explorer 7 (KB961260)
          Security Update for Windows Internet Explorer 7 (KB963027)
          Security Update for Windows Internet Explorer 7 (KB969897)
          Security Update for Windows Internet Explorer 8 (KB2183461)
          Security Update for Windows Internet Explorer 8 (KB2360131)
          Security Update for Windows Internet Explorer 8 (KB2416400)
          Security Update for Windows Internet Explorer 8 (KB2482017)
          Security Update for Windows Internet Explorer 8 (KB2497640)
          Security Update for Windows Internet Explorer 8 (KB2510531)
          Security Update for Windows Internet Explorer 8 (KB969897)
          Security Update for Windows Internet Explorer 8 (KB971961)
          Security Update for Windows Internet Explorer 8 (KB972260)
          Security Update for Windows Internet Explorer 8 (KB974455)
          Security Update for Windows Internet Explorer 8 (KB976325)
          Security Update for Windows Internet Explorer 8 (KB978207)
          Security Update for Windows Internet Explorer 8 (KB981332)
          Security Update for Windows Internet Explorer 8 (KB982381)
          Security Update for Windows Media Player (KB2378111)
          Security Update for Windows Media Player (KB911564)
          Security Update for Windows Media Player (KB952069)
          Security Update for Windows Media Player (KB954155)
          Security Update for Windows Media Player (KB968816)
          Security Update for Windows Media Player (KB973540)
          Security Update for Windows Media Player (KB975558)
          Security Update for Windows Media Player (KB978695)
          Security Update for Windows Media Player 11 (KB936782)
          Security Update for Windows Media Player 11 (KB954154)
          Security Update for Windows Media Player 6.4 (KB925398)
          Security Update for Windows Media Player 9 (KB936782)
          Security Update for Windows XP (KB2079403)
          Security Update for Windows XP (KB2115168)
          Security Update for Windows XP (KB2121546)
          Security Update for Windows XP (KB2160329)
          Security Update for Windows XP (KB2229593)
          Security Update for Windows XP (KB2259922)
          Security Update for Windows XP (KB2279986)
          Security Update for Windows XP (KB2286198)
          Security Update for Windows XP (KB2296011)
          Security Update for Windows XP (KB2296199)
          Security Update for Windows XP (KB2347290)
          Security Update for Windows XP (KB2360937)
          Security Update for Windows XP (KB2387149)
          Security Update for Windows XP (KB2393802)
          Security Update for Windows XP (KB2412687)
          Security Update for Windows XP (KB2419632)
          Security Update for Windows XP (KB2423089)
          Security Update for Windows XP (KB2436673)
          Security Update for Windows XP (KB2440591)
          Security Update for Windows XP (KB2443105)
          Security Update for Windows XP (KB2476687)
          Security Update for Windows XP (KB2478960)
          Security Update for Windows XP (KB2478971)
          Security Update for Windows XP (KB2479628)
          Security Update for Windows XP (KB2479943)
          Security Update for Windows XP (KB2481109)
          Security Update for Windows XP (KB2483185)
          Security Update for Windows XP (KB2485376)
          Security Update for Windows XP (KB2485663)
          Security Update for Windows XP (KB2503658)
          Security Update for Windows XP (KB2506212)
          Security Update for Windows XP (KB2506223)
          Security Update for Windows XP (KB2507618)
          Security Update for Windows XP (KB2508272)
          Security Update for Windows XP (KB2508429)
          Security Update for Windows XP (KB2509553)
          Security Update for Windows XP (KB2511455)
          Security Update for Windows XP (KB2524375)
          Security Update for Windows XP (KB923561)
          Security Update for Windows XP (KB938464)
          Security Update for Windows XP (KB941569)
          Security Update for Windows XP (KB946648)
          Security Update for Windows XP (KB950760)
          Security Update for Windows XP (KB950762)
          Security Update for Windows XP (KB950974)
          Security Update for Windows XP (KB951066)
          Security Update for Windows XP (KB951376-v2)
          Security Update for Windows XP (KB951698)
          Security Update for Windows XP (KB951748)
          Security Update for Windows XP (KB952004)
          Security Update for Windows XP (KB952954)
          Security Update for Windows XP (KB953839)
          Security Update for Windows XP (KB954211)
          Security Update for Windows XP (KB954459)
          Security Update for Windows XP (KB954600)
          Security Update for Windows XP (KB955069)
          Security Update for Windows XP (KB956391)
          Security Update for Windows XP (KB956572)
          Security Update for Windows XP (KB956744)
          Security Update for Windows XP (KB956802)
          Security Update for Windows XP (KB956803)
          Security Update for Windows XP (KB956841)
          Security Update for Windows XP (KB956844)
          Security Update for Windows XP (KB957095)
          Security Update for Windows XP (KB957097)
          Security Update for Windows XP (KB958644)
          Security Update for Windows XP (KB958687)
          Security Update for Windows XP (KB958690)
          Security Update for Windows XP (KB958869)
          Security Update for Windows XP (KB959426)
          Security Update for Windows XP (KB960225)
          Security Update for Windows XP (KB960715)
          Security Update for Windows XP (KB960803)
          Security Update for Windows XP (KB960859)
          Security Update for Windows XP (KB961371)
          Security Update for Windows XP (KB961373)
          Security Update for Windows XP (KB961501)
          Security Update for Windows XP (KB968537)
          Security Update for Windows XP (KB969059)
          Security Update for Windows XP (KB969898)
          Security Update for Windows XP (KB969947)
          Security Update for Windows XP (KB970238)
          Security Update for Windows XP (KB970430)
          Security Update for Windows XP (KB971468)
          Security Update for Windows XP (KB971486)
          Security Update for Windows XP (KB971557)
          Security Update for Windows XP (KB971633)
          Security Update for Windows XP (KB971657)
          Security Update for Windows XP (KB972270)
          Security Update for Windows XP (KB973346)
          Security Update for Windows XP (KB973354)
          Security Update for Windows XP (KB973507)
          Security Update for Windows XP (KB973525)
          Security Update for Windows XP (KB973869)
          Security Update for Windows XP (KB973904)
          Security Update for Windows XP (KB974112)
          Security Update for Windows XP (KB974318)
          Security Update for Windows XP (KB974392)
          Security Update for Windows XP (KB974571)
          Security Update for Windows XP (KB975025)
          Security Update for Windows XP (KB975467)
          Security Update for Windows XP (KB975560)
          Security Update for Windows XP (KB975561)
          Security Update for Windows XP (KB975562)
          Security Update for Windows XP (KB975713)
          Security Update for Windows XP (KB977165)
          Security Update for Windows XP (KB977816)
          Security Update for Windows XP (KB977914)
          Security Update for Windows XP (KB978037)
          Security Update for Windows XP (KB978251)
          Security Update for Windows XP (KB978262)
          Security Update for Windows XP (KB978338)
          Security Update for Windows XP (KB978542)
          Security Update for Windows XP (KB978601)
          Security Update for Windows XP (KB978706)
          Security Update for Windows XP (KB979309)
          Security Update for Windows XP (KB979482)
          Security Update for Windows XP (KB979559)
          Security Update for Windows XP (KB979683)
          Security Update for Windows XP (KB979687)
          Security Update for Windows XP (KB980195)
          Security Update for Windows XP (KB980218)
          Security Update for Windows XP (KB980232)
          Security Update for Windows XP (KB980436)
          Security Update for Windows XP (KB981322)
          Security Update for Windows XP (KB981852)
          Security Update for Windows XP (KB981957)
          Security Update for Windows XP (KB981997)
          Security Update for Windows XP (KB982132)
          Security Update for Windows XP (KB982214)
          Security Update for Windows XP (KB982665)
          Security Update for Windows XP (KB982802)
          SoundMAX
          Spyware Doctor 6.0
          The Shield Deluxe 2010
          TRENDnet TEW-424UB Wireless USB 2.0 Adapter
          Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
          Update for Windows Internet Explorer 8 (KB976662)
          Update for Windows Internet Explorer 8 (KB976749)
          Update for Windows Internet Explorer 8 (KB980182)
          Update for Windows XP (KB2141007)
          Update for Windows XP (KB2345886)
          Update for Windows XP (KB2467659)
          Update for Windows XP (KB951072-v2)
          Update for Windows XP (KB951978)
          Update for Windows XP (KB955759)
          Update for Windows XP (KB955839)
          Update for Windows XP (KB967715)
          Update for Windows XP (KB968389)
          Update for Windows XP (KB971029)
          Update for Windows XP (KB971737)
          Update for Windows XP (KB973687)
          Update for Windows XP (KB973815)
          WebEx
          WebFldrs XP
          Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
          Windows Genuine Advantage Notifications (KB905474)
          Windows Genuine Advantage Validation Tool (KB892130)
          Windows Imaging Component
          Windows Internet Explorer 7
          Windows Internet Explorer 8
          Windows Media Format 11 runtime
          Windows Media Player 11
          Windows Presentation Foundation
          Windows XP Service Pack 3
          XML Paper Specification Shared Components Pack 1.0
          Yahoo! Install Manager
          Yahoo! Widgets
          .
          ==== Event Viewer Messages From Past Week ========
          .
          6/9/2011 8:34:28 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
          6/9/2011 10:54:45 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
          6/9/2011 10:33:17 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
          6/8/2011 9:52:07 PM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
          6/8/2011 5:45:32 PM, error: Service Control Manager [7034]  - The Print Spooler service terminated unexpectedly.  It has done this 4 time(s).
          6/8/2011 12:48:59 PM, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
          6/8/2011 10:32:07 PM, error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
          6/8/2011 10:30:15 PM, error: Dhcp [1001]  - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0014D148339E.  The following error occurred:  The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
          6/8/2011 1:50:51 PM, error: Service Control Manager [7034]  - The Print Spooler service terminated unexpectedly.  It has done this 3 time(s).
          6/13/2011 12:39:43 PM, error: DCOM [10005]  - DCOM got error "%109" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
          6/13/2011 12:08:56 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the iPodService service to connect.
          6/13/2011 12:08:56 PM, error: Service Control Manager [7000]  - The iPodService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
          6/13/2011 12:06:44 PM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service iPodService with arguments "-Service" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}
          6/10/2011 7:24:13 PM, error: Service Control Manager [7034]  - The Print Spooler service terminated unexpectedly.  It has done this 7 time(s).
          6/10/2011 6:53:41 PM, error: Service Control Manager [7034]  - The Print Spooler service terminated unexpectedly.  It has done this 6 time(s).
          6/10/2011 6:23:49 PM, error: Service Control Manager [7034]  - The Print Spooler service terminated unexpectedly.  It has done this 5 time(s).
          6/10/2011 11:49:57 AM, error: Ftdisk [49]  - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
          6/10/2011 11:49:57 AM, error: Ftdisk [45]  - The system could not sucessfully load the crash dump driver.
          6/10/2011 11:44:57 AM, error: Service Control Manager [7023]  - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:  The system cannot find the file specified.
          6/10/2011 11:44:57 AM, error: Service Control Manager [7023]  - The IPSEC Services service terminated with the following error:  The requested service provider could not be loaded or initialized.
          .
          ==== End Of File ===========================


          I'm in the process of disabling my virus checkers and firewalls in order to run ComboFix.  I have disabled two virus checkers that are in regular use on my system:  the Shield Deluxe and PC Tools Spyware's IntelliGuard.   I cannot display the Windows firewall settings on my computer.   :(   

          I do have a Windows Firewall icon in my Control Panel window; so I think there may be a Windows firewall on my system.  By the way, I no longer have the McAfee Security Scan Plus service and I think I have deleted that software from my computer (I don't know why it shows up in the DDS scans--maybe I should investigate?).  I have downloaded but not successfully run the Malwarebytes' Anti-Malware nor the SAS software on my system as I mentioned in my earlier post; therefore, I don't think I need to disable those programs.     

          When I followed the directions from BleepingComputer to see if the Windows Firewall is running ("To check if the Windows Firewall is turned on or off, go to Start > Run and type: firewall.cpl  press OK ") I got a window that said "Window Firewall settings cannot be displayed because the  associated service is not running".   When I clicked "Yes" to start the Internet Connection Service, I got a window that said "Windows cannot start the Windows/Internet Connection Sharing (ICS) service".

          What should I do next?   ???

          SuperDave

          • Malware Removal Specialist


          • Genius
          • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: Google redirect problem
          « Reply #7 on: June 27, 2011, 03:39:59 PM »
          Download OTL to your desktop.

          * Open OTL
          * Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

          Code: [Select]
          :OTL
          Trusted Zone: google.com\earth
          Trusted Zone: internet
          Trusted Zone: mcafee.com

          :COMMANDS
          [resethosts]
          [purity]
          [emptytemp]
          [start explorer]

          * Click Run Fix
          * OTLI2 may ask to reboot the machine. Please do so if asked.
          * Click OK
          * A report will open. Copy and Paste that report in your next reply.
          *************************************************************

          • Download TDSSKiller and save it to your Desktop.
          • Extract its contents to your desktop.
          • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
          • If an infected file is detected, the default action will be Cure, click on Continue.
          • If a suspicious file is detected, the default action will be Skip, click on Continue.
          • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
          • Click the Report button and copy/paste the contents of it into your next reply
          Note:It will also create a log in the C:\ directory..
          Windows 8 and Windows 10 dual boot with two SSD's

          bicyclist

            Topic Starter


            Rookie

            • Experience: Beginner
            • OS: Windows XP
            Re: Google redirect problem
            « Reply #8 on: July 01, 2011, 07:49:22 PM »
            Dave,

            After following your instructions in your last post, I'm not having redirect problems anymore.   :)  The TDSSKiller found a problem and cured it.  Thank you.

            I there anything else I need to do?

             

            The OTL report:

            All processes killed
            ========== OTL ==========
            ========== COMMANDS ==========
            C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
            HOSTS file reset successfully
             
            [EMPTYTEMP]
             
            User: All Users
             
            User: Default User
            ->Temp folder emptied: 0 bytes
            ->Temporary Internet Files folder emptied: 33170 bytes
            ->Flash cache emptied: 56545 bytes
             
            User: LocalService
            ->Temp folder emptied: 66016 bytes
            ->Temporary Internet Files folder emptied: 2643102 bytes
            ->FireFox cache emptied: 4545144 bytes
            ->Flash cache emptied: 567 bytes
             
            User: NetworkService
            ->Temp folder emptied: 0 bytes
            ->Temporary Internet Files folder emptied: 33170 bytes
             
            User: User
            ->Temp folder emptied: 1602551775 bytes
            ->Temporary Internet Files folder emptied: 135845320 bytes
            ->Java cache emptied: 8733415 bytes
            ->FireFox cache emptied: 112916619 bytes
            ->Flash cache emptied: 78437 bytes
             
            %systemdrive% .tmp files removed: 0 bytes
            %systemroot% .tmp files removed: 2163145 bytes
            %systemroot%\System32 .tmp files removed: 2577 bytes
            %systemroot%\System32\dllcache .tmp files removed: 0 bytes
            %systemroot%\System32\drivers .tmp files removed: 0 bytes
            Windows Temp folder emptied: 139871984 bytes
            %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 227530693 bytes
            %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
            RecycleBin emptied: 0 bytes
             
            Total Files Cleaned = 2,133.00 mb
             
             
            OTL by OldTimer - Version 3.2.25.0 log created on 07012011_130002

            Files\Folders moved on Reboot...

            Registry entries deleted on Reboot...



            The TDSSKiller report:

            2011/07/01 14:53:43.0671 3812   TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
            2011/07/01 14:53:43.0687 3812   ================================================================================
            2011/07/01 14:53:43.0687 3812   SystemInfo:
            2011/07/01 14:53:43.0687 3812   
            2011/07/01 14:53:43.0687 3812   OS Version: 5.1.2600 ServicePack: 3.0
            2011/07/01 14:53:43.0687 3812   Product type: Workstation
            2011/07/01 14:53:43.0687 3812   ComputerName: KENCOMPUTER
            2011/07/01 14:53:43.0687 3812   UserName: User
            2011/07/01 14:53:43.0687 3812   Windows directory: C:\WINDOWS
            2011/07/01 14:53:43.0687 3812   System windows directory: C:\WINDOWS
            2011/07/01 14:53:43.0687 3812   Processor architecture: Intel x86
            2011/07/01 14:53:43.0687 3812   Number of processors: 1
            2011/07/01 14:53:43.0687 3812   Page size: 0x1000
            2011/07/01 14:53:43.0687 3812   Boot type: Normal boot
            2011/07/01 14:53:43.0687 3812   ================================================================================
            2011/07/01 14:53:48.0984 3812   Initialize success
            2011/07/01 14:54:05.0312 3920   ================================================================================
            2011/07/01 14:54:05.0312 3920   Scan started
            2011/07/01 14:54:05.0312 3920   Mode: Manual;
            2011/07/01 14:54:05.0312 3920   ================================================================================
            2011/07/01 14:54:05.0859 3920   ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
            2011/07/01 14:54:05.0921 3920   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
            2011/07/01 14:54:06.0031 3920   aeaudio         (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
            2011/07/01 14:54:06.0125 3920   aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
            2011/07/01 14:54:06.0187 3920   AegisP          (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
            2011/07/01 14:54:06.0250 3920   AFD             (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
            2011/07/01 14:54:06.0578 3920   AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
            2011/07/01 14:54:06.0625 3920   atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
            2011/07/01 14:54:06.0703 3920   Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
            2011/07/01 14:54:06.0750 3920   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
            2011/07/01 14:54:06.0843 3920   b57w2k          (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
            2011/07/01 14:54:06.0921 3920   BDFM            (2b4257ff280b93e3c503925f61d24cba) C:\WINDOWS\system32\drivers\bdfm.sys
            2011/07/01 14:54:07.0015 3920   bdfsfltr        (9b281f5f673cbc5b9ec886d59e0b4f26) C:\WINDOWS\system32\drivers\bdfsfltr.sys
            2011/07/01 14:54:07.0125 3920   bdftdif         (bf1088ece2236621aa31d9108afcc53c) C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Firewall\bdftdif.sys
            2011/07/01 14:54:07.0218 3920   BDSelfPr        (5eaf583c0b1cc2499761ea3b065f5db2) C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdselfpr.sys
            2011/07/01 14:54:07.0312 3920   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
            2011/07/01 14:54:07.0437 3920   Blfp            (07a758bffb297819252aa72bab0e6611) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
            2011/07/01 14:54:07.0515 3920   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
            2011/07/01 14:54:07.0578 3920   CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
            2011/07/01 14:54:07.0656 3920   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
            2011/07/01 14:54:07.0921 3920   Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
            2011/07/01 14:54:07.0968 3920   Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
            2011/07/01 14:54:08.0234 3920   Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
            2011/07/01 14:54:08.0343 3920   dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
            2011/07/01 14:54:08.0453 3920   dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
            2011/07/01 14:54:08.0562 3920   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
            2011/07/01 14:54:08.0625 3920   DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
            2011/07/01 14:54:08.0703 3920   drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
            2011/07/01 14:54:08.0781 3920   Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
            2011/07/01 14:54:08.0843 3920   Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
            2011/07/01 14:54:08.0906 3920   Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
            2011/07/01 14:54:08.0968 3920   Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
            2011/07/01 14:54:09.0031 3920   FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
            2011/07/01 14:54:09.0109 3920   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
            2011/07/01 14:54:09.0156 3920   Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
            2011/07/01 14:54:09.0234 3920   GEARAspiWDM     (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
            2011/07/01 14:54:09.0312 3920   Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
            2011/07/01 14:54:09.0406 3920   HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
            2011/07/01 14:54:09.0546 3920   HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
            2011/07/01 14:54:09.0703 3920   i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
            2011/07/01 14:54:09.0796 3920   ialm            (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
            2011/07/01 14:54:09.0953 3920   IKFileSec       (ff9f262494fc23d77a6148d49d87d2de) C:\WINDOWS\system32\drivers\ikfilesec.sys
            2011/07/01 14:54:10.0000 3920   IKSysFlt        (7e359671fd9595ecb1b0a33fb4184b19) C:\WINDOWS\system32\drivers\iksysflt.sys
            2011/07/01 14:54:10.0062 3920   IKSysSec        (a44cb3cf3af266665261a6e6c9cac27c) C:\WINDOWS\system32\drivers\iksyssec.sys
            2011/07/01 14:54:10.0109 3920   Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
            2011/07/01 14:54:10.0218 3920   IntelIde        (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
            2011/07/01 14:54:10.0296 3920   intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
            2011/07/01 14:54:10.0343 3920   Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
            2011/07/01 14:54:10.0406 3920   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
            2011/07/01 14:54:10.0500 3920   IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
            2011/07/01 14:54:10.0578 3920   IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
            2011/07/01 14:54:10.0640 3920   IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
            2011/07/01 14:54:10.0750 3920   IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
            2011/07/01 14:54:10.0796 3920   isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
            2011/07/01 14:54:10.0859 3920   Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
            2011/07/01 14:54:10.0906 3920   kbdhid          (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
            2011/07/01 14:54:10.0968 3920   kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
            2011/07/01 14:54:11.0031 3920   KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
            2011/07/01 14:54:11.0125 3920   mferkdk         (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
            2011/07/01 14:54:11.0187 3920   mfesmfk         (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
            2011/07/01 14:54:11.0250 3920   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
            2011/07/01 14:54:11.0359 3920   Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
            2011/07/01 14:54:11.0421 3920   Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
            2011/07/01 14:54:11.0484 3920   mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
            2011/07/01 14:54:11.0546 3920   MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
            2011/07/01 14:54:11.0625 3920   MR97310_USB_DUAL_CAMERA (1aae79a4176a957bf2bb679812f04655) C:\WINDOWS\system32\DRIVERS\mr97310c.sys
            2011/07/01 14:54:11.0718 3920   MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
            2011/07/01 14:54:11.0796 3920   Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
            2011/07/01 14:54:11.0859 3920   MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
            2011/07/01 14:54:11.0906 3920   MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
            2011/07/01 14:54:11.0953 3920   MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
            2011/07/01 14:54:12.0031 3920   mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
            2011/07/01 14:54:12.0093 3920   MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
            2011/07/01 14:54:12.0187 3920   Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
            2011/07/01 14:54:12.0375 3920   NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
            2011/07/01 14:54:12.0546 3920   NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
            2011/07/01 14:54:12.0703 3920   NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
            2011/07/01 14:54:12.0750 3920   NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
            2011/07/01 14:54:12.0796 3920   Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
            2011/07/01 14:54:12.0875 3920   NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
            2011/07/01 14:54:12.0937 3920   NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
            2011/07/01 14:54:12.0984 3920   NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
            2011/07/01 14:54:13.0093 3920   Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
            2011/07/01 14:54:13.0171 3920   Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
            2011/07/01 14:54:13.0281 3920   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
            2011/07/01 14:54:13.0375 3920   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
            2011/07/01 14:54:13.0453 3920   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
            2011/07/01 14:54:13.0546 3920   Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
            2011/07/01 14:54:13.0625 3920   PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
            2011/07/01 14:54:13.0687 3920   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
            2011/07/01 14:54:13.0750 3920   PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
            2011/07/01 14:54:13.0828 3920   PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
            2011/07/01 14:54:13.0890 3920   Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
            2011/07/01 14:54:13.0984 3920   PCTCore         (aa9cfa67850893fbb168b9c4e4c86952) C:\WINDOWS\system32\drivers\PCTCore.sys
            2011/07/01 14:54:14.0296 3920   PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
            2011/07/01 14:54:14.0421 3920   Profos          (d90a33660d328a9f587580f0b38c85de) C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Threat Scanner\profos.sys
            2011/07/01 14:54:14.0484 3920   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
            2011/07/01 14:54:14.0562 3920   PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
            2011/07/01 14:54:14.0750 3920   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
            2011/07/01 14:54:14.0828 3920   Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
            2011/07/01 14:54:14.0906 3920   RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
            2011/07/01 14:54:14.0937 3920   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
            2011/07/01 14:54:15.0000 3920   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
            2011/07/01 14:54:15.0062 3920   rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
            2011/07/01 14:54:15.0171 3920   RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
            2011/07/01 14:54:15.0234 3920   redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
            2011/07/01 14:54:15.0390 3920   RTL8187B        (fe999b16e967c84790be6dc1b4e78f2d) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
            2011/07/01 14:54:15.0515 3920   Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
            2011/07/01 14:54:15.0609 3920   serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
            2011/07/01 14:54:15.0671 3920   Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
            2011/07/01 14:54:15.0750 3920   Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
            2011/07/01 14:54:15.0906 3920   SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
            2011/07/01 14:54:15.0984 3920   smwdm           (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
            2011/07/01 14:54:16.0156 3920   splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
            2011/07/01 14:54:16.0218 3920   sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
            2011/07/01 14:54:16.0296 3920   streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
            2011/07/01 14:54:16.0359 3920   swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
            2011/07/01 14:54:16.0421 3920   swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
            2011/07/01 14:54:16.0609 3920   sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
            2011/07/01 14:54:16.0687 3920   Tcpip           (a7d39994cf210133afd8c6ed090765b1) C:\WINDOWS\system32\DRIVERS\tcpip.sys
            2011/07/01 14:54:16.0687 3920   Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\tcpip.sys. Real md5: a7d39994cf210133afd8c6ed090765b1, Fake md5: 9aefa14bd6b182d61e3119fa5f436d3d
            2011/07/01 14:54:16.0703 3920   Tcpip - detected Rootkit.Win32.TDSS.tdl3 (0)
            2011/07/01 14:54:16.0765 3920   TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
            2011/07/01 14:54:16.0828 3920   TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
            2011/07/01 14:54:16.0921 3920   TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
            2011/07/01 14:54:17.0109 3920   Trufos          (b16d66a71de03285e14e9f165b59eda4) C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Threat Scanner\trufos.sys
            2011/07/01 14:54:17.0203 3920   Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
            2011/07/01 14:54:17.0328 3920   Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
            2011/07/01 14:54:17.0390 3920   usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
            2011/07/01 14:54:17.0640 3920   usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
            2011/07/01 14:54:17.0703 3920   USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
            2011/07/01 14:54:17.0781 3920   usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
            2011/07/01 14:54:17.0859 3920   VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
            2011/07/01 14:54:17.0968 3920   VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
            2011/07/01 14:54:18.0046 3920   Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
            2011/07/01 14:54:18.0125 3920   wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
            2011/07/01 14:54:18.0234 3920   WLNdis50        (bb2c5a7a555b387b85481b8bde5370d7) C:\WINDOWS\system32\DRIVERS\wlndis50.sys
            2011/07/01 14:54:18.0343 3920   WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
            2011/07/01 14:54:18.0437 3920   WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
            2011/07/01 14:54:18.0500 3920   WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
            2011/07/01 14:54:18.0593 3920   MBR (0x1B8)     (5f8b5082f3482cc06b72ec5806598ae9) \Device\Harddisk0\DR0
            2011/07/01 14:54:18.0671 3920   Boot (0x1200)   (c7994081284bdc325ed2291034ec901e) \Device\Harddisk0\DR0\Partition0
            2011/07/01 14:54:18.0671 3920   ================================================================================
            2011/07/01 14:54:18.0671 3920   Scan finished
            2011/07/01 14:54:18.0671 3920   ================================================================================
            2011/07/01 14:54:18.0687 2804   Detected object count: 1
            2011/07/01 14:54:18.0687 2804   Actual detected object count: 1
            2011/07/01 14:54:34.0218 2804   Tcpip           (a7d39994cf210133afd8c6ed090765b1) C:\WINDOWS\system32\DRIVERS\tcpip.sys
            2011/07/01 14:54:34.0218 2804   Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\tcpip.sys. Real md5: a7d39994cf210133afd8c6ed090765b1, Fake md5: 9aefa14bd6b182d61e3119fa5f436d3d
            2011/07/01 14:54:40.0937 2804   Backup copy found, using it..
            2011/07/01 14:54:41.0765 2804   C:\WINDOWS\system32\DRIVERS\tcpip.sys - will be cured after reboot
            2011/07/01 14:54:41.0765 2804   Rootkit.Win32.TDSS.tdl3(Tcpip) - User select action: Cure
            2011/07/01 14:55:00.0265 2888   Deinitialize success
             

               

            SuperDave

            • Malware Removal Specialist


            • Genius
            • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: Google redirect problem
            « Reply #9 on: July 02, 2011, 06:06:04 PM »
            Quote
            I there anything else I need to do?
            I want to run some more scans to make sure everything is gone.

            Please download ComboFix from BleepingComputer.com

            Alternate link: GeeksToGo.com

            and save it to your Desktop.
            It would be easiest to download using Internet Explorer.
            If you insist on using Firefox, make sure that your download settings are as follows:

            * Tools->Options->Main tab
            * Set to "Always ask me where to Save the files".

            Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
            Double click ComboFix.exe & follow the prompts.
            As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
            Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

            Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

            Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


            Click on Yes, to continue scanning for malware.
            When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

            If you have problems with ComboFix usage, see How to use ComboFix
            Windows 8 and Windows 10 dual boot with two SSD's

            bicyclist

              Topic Starter


              Rookie

              • Experience: Beginner
              • OS: Windows XP
              Re: Google redirect problem
              « Reply #10 on: July 09, 2011, 11:16:10 PM »
              Dave,

              I ran ComboFix somewhat successfully.  Please find the log below. 

              It lost the Internet connection while it was trying to create the new system restore point.  It was trying to connect to get the MS Recovery Console--I never got the console.

              I did not touch the computer at all when Combofix was trying to run so I was not the cause of the disconnection.   It prompted me to make the connection but there was nothing for me to do to reconnect; the Internet connection icon in the system tray was indicating intermittent Internet connection (icon went back and forth between red "X" and wave symbol next to the monitor symbol). 

              By the way, ComboFix prompted me earlier to allow them to update their software to the newest version and I clicked 'OK".  It was able to download a newer version so I had an Internet connection at that point (I had an earlier version because I downloaded it a week ago at your direction noted in your post of June 14).   

              In order to get something going, I went ahead and clicked "OK" in the "Kindly connect before clicking OK" in the ComboFix window.  The next window said that it was aborting because it could not download files and I clicked "OK" in that window to continue the scan for bad files. 

              On the automatic rebooting of the system, the ComboFix log was eventually posted but the Internet connection was still lost.  On the next (manual) reboot the connection was restored.

              I disabled my Windows XP firewall as well as my Shield Deluxe antivirus protection before running ComboFix. 

              I noticed in the ComboFix log that a McAfee firewall might still be on my machine.  I don't know where or how to disable this; I do not have an icon in my system tray for that program.  I cancelled that service months ago and, if I remember correctly, I thought I uninstalled it.  It is possible that I deleted their files rather than used them to uninstall their features--I don't think McAfee gave me clear directions on the correct uninstall procedures at the time I cancelled their service.  I know I deleted some McAfee program files after I cancelled their service.  Should I contact McAfee to see what I need to do?   ???       

              My computer is still working well; no redirect problem.   :)

              What should I do next?  Should I try to run ComboFix after figuring out the firewall issue?  ???




              ComboFix log:


              ComboFix 11-07-09.03 - User 07/09/2011  19:47:51.1.1 - x86
              Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1527.1080 [GMT -7:00]
              Running from: c:\documents and settings\User\Desktop\ComboFix.exe
              AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
              AV: The Shield Deluxe Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
              FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
              .
              WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
              .
              .
              (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              c:\windows\system32\$winnt$.inf
              c:\windows\system32\closeapp.exe
              c:\windows\vb.ini
              .
              .
              (((((((((((((((((((((((((   Files Created from 2011-06-10 to 2011-07-10  )))))))))))))))))))))))))))))))
              .
              .
              2011-07-06 06:23 . 2011-07-06 06:23   2106216   ----a-w-   c:\program files\Mozilla Firefox\D3DCompiler_43.dll
              2011-07-06 06:23 . 2011-07-06 06:23   1998168   ----a-w-   c:\program files\Mozilla Firefox\d3dx9_43.dll
              2011-07-01 20:00 . 2011-07-01 20:00   --------   d-----w-   C:\_OTL
              2011-06-27 00:10 . 2011-06-27 00:10   0   ---ha-w-   c:\documents and settings\User\Local Settings\Application Data\BITC4.tmp
              2011-06-24 20:34 . 2011-06-24 20:34   --------   d-----w-   c:\program files\Common Files\InstallShield
              2011-06-19 01:34 . 2011-06-19 01:34   0   ---ha-w-   c:\documents and settings\User\Local Settings\Application Data\BITBD.tmp
              2011-06-19 01:17 . 2011-06-19 01:17   0   ---ha-w-   c:\documents and settings\User\Local Settings\Application Data\BITBC.tmp
              2011-06-15 06:11 . 2011-04-21 13:37   105472   -c----w-   c:\windows\system32\dllcache\mup.sys
              2011-06-14 04:49 . 2010-12-21 01:09   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
              2011-06-14 04:49 . 2011-06-14 04:49   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
              2011-06-14 04:49 . 2010-12-21 01:08   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
              .
              .
              .
              ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2011-07-01 21:55 . 2004-08-04 12:00   361600   ----a-w-   c:\windows\system32\drivers\tcpip.sys
              2011-05-02 15:31 . 2007-02-03 23:00   692736   ----a-w-   c:\windows\system32\inetcomm.dll
              2011-04-29 17:25 . 2004-08-04 12:00   151552   ----a-w-   c:\windows\system32\schannel.dll
              2011-04-29 16:19 . 2004-08-04 12:00   456320   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
              2011-04-25 16:11 . 2004-08-04 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
              2011-04-25 16:11 . 2004-08-04 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
              2011-04-25 16:11 . 2004-08-04 12:00   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
              2011-04-25 12:01 . 2004-08-04 12:00   385024   ----a-w-   c:\windows\system32\html.iec
              2011-04-21 13:37 . 2004-08-04 12:00   105472   ----a-w-   c:\windows\system32\drivers\mup.sys
              2011-07-06 06:23 . 2011-04-30 21:08   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
              2009-09-14 05:10 . 2010-08-07 21:24   47104   ----a-w-   c:\program files\mozilla firefox\components\FFComm.dll
              2011-07-01 22:45 . 2008-06-03 17:15   119808   ----a-w-   c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
              .
              .
              (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Note* empty entries & legit default entries are not shown
              REGEDIT4
              .
              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-18 68856]
              .
              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
              "BitDefender Antiphishing Helper"="c:\program files\The Shield Deluxe\The Shield Deluxe 2010\IEShow.exe" [2009-09-14 71152]
              "BDAgent"="c:\program files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe" [2009-09-24 1114536]
              "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-04 282624]
              "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
              "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
              "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
              "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-15 278528]
              "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
              "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
              "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
              "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-07-01 30192]
              "eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
              "DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
              .
              c:\documents and settings\User\Start Menu\Programs\Startup\
              Alarm 95 Help.lnk - c:\windows\winhelp.exe [2004-8-4 256192]
              Alarm 95.lnk - c:\program files\Alarm95\Alarm95.exe [2009-8-23 426496]
              Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]
              .
              c:\documents and settings\All Users\Start Menu\Programs\Startup\
              eFax 4.3.lnk - c:\program files\eFax Messenger 4.3\J2GTray.exe [2008-9-6 629248]
              PsiWin 2.3 Connection Server.lnk - c:\program files\Psion\PsiWin\Psconsv.exe [2008-7-16 286720]
              Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2010-3-7 368640]
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
              @=""
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
              @=""
              .
              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
              @=""
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
              "LMIRescue_05cc69be-ef6c-40d9-a32e-51b51a08a20b"=2 (0x2)
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
              "DisableMonitoring"=dword:00000001
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
              "DisableMonitoring"=dword:00000001
              .
              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
              "EnableFirewall"= 0 (0x0)
              .
              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
              "%windir%\\system32\\sessmgr.exe"=
              "c:\\Program Files\\iTunes\\iTunes.exe"=
              "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
              "c:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"=
              .
              R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/16/2009 3:34 PM 130936]
              R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [3/6/2010 5:51 PM 20480]
              R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [9/17/2009 4:12 PM 152328]
              R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [3/7/2010 4:25 PM 264576]
              S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/10/2010 2:51 PM 135664]
              S2 WLSVC;WLSVC;c:\program files\TRENDnet\TEW-424UB\WLSVC.exe [3/7/2010 4:25 PM 167936]
              S3 Arrakis3;The Shield Deluxe Arrakis Server;c:\program files\Common Files\The Shield Deluxe\The Shield Deluxe Arrakis Server\bin\arrakis3.exe [9/13/2009 11:31 PM 183880]
              S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/18/2007 12:00 PM 30192]
              S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/10/2010 2:51 PM 135664]
              S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/2/2008 10:18 AM 348752]
              S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
              .
              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
              bdx   REG_MULTI_SZ      scan
              .
              Contents of the 'Scheduled Tasks' folder
              .
              2011-07-10 c:\windows\Tasks\Google Software Updater.job
              - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-18 03:27]
              .
              2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc076dadee6214.job
              - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 21:50]
              .
              2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
              - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 21:50]
              .
              .
              ------- Supplementary Scan -------
              .
              uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
              uSearchAssistant = hxxp://www.google.com/ie
              uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
              IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
              IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
              Trusted Zone: google.com\earth
              Trusted Zone: internet
              Trusted Zone: mcafee.com
              TCP: DhcpNameServer = 192.168.1.1
              TCP: Interfaces\{BACC9A4A-C40D-46E4-9B44-F839EAFD5C13}: DhcpNameServer = 192.168.1.1
              FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lc6vgsqt.default\
              FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
              FF - prefs.js: browser.search.selectedEngine - Secure Search
              FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
              FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
              .
              - - - - ORPHANS REMOVED - - - -
              .
              SafeBoot-22771467.sys
              AddRemove-InstallShield_{54C0D94A-F467-4ABC-9D02-6E58748668D4} - c:\progra~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe
              AddRemove-InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} - c:\progra~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe
              AddRemove-MSMONEYV4 - c:\program files\Microsoft Money\setup.exe
              .
              .
              .
              **************************************************************************
              .
              catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2011-07-09 20:04
              Windows 5.1.2600 Service Pack 3 NTFS
              .
              scanning hidden processes ... 
              .
              scanning hidden autostart entries ...
              .
              scanning hidden files ... 
              .
              scan completed successfully
              hidden files: 0
              .
              **************************************************************************
              .
              --------------------- DLLs Loaded Under Running Processes ---------------------
              .
              - - - - - - - > 'explorer.exe'(2084)
              c:\windows\system32\WININET.dll
              c:\progra~1\WINDOW~2\wmpband.dll
              c:\windows\system32\ieframe.dll
              c:\windows\system32\webcheck.dll
              c:\windows\system32\WPDShServiceObj.dll
              c:\windows\system32\PortableDeviceTypes.dll
              c:\windows\system32\PortableDeviceApi.dll
              .
              ------------------------ Other Running Processes ------------------------
              .
              c:\program files\Analog Devices\SoundMAX\SMAgent.exe
              c:\windows\system32\wscntfy.exe
              c:\program files\iPod\bin\iPodService.exe
              .
              **************************************************************************
              .
              Completion time: 2011-07-09  20:08:20 - machine was rebooted
              ComboFix-quarantined-files.txt  2011-07-10 03:08
              .
              Pre-Run: 59,208,437,760 bytes free
              Post-Run: 59,103,842,304 bytes free
              .
              - - End Of File - - C8C30CBA04197C1CFEA51D93309AA454

              SuperDave

              • Malware Removal Specialist


              • Genius
              • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: Google redirect problem
              « Reply #11 on: July 10, 2011, 04:57:10 PM »
              I forgot to mention that the Security check indicates that you have Panda Antivirus Pro 2012 and Norton 360 running at the same time on your computer. One of these AV's will have to be disabled/uninstalled. 
              *********************************************
              Re-running ComboFix to remove infections:

              • Close any open browsers.
              • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
              • Open notepad and copy/paste the text in the quotebox below into it:
                Quote
                KillAll::

                File::
                C:\found.005
                C:\found.004
                C:\found.003
                C:\found.002
                C:\found.001

                DirLook::
                C:\40d9b26e2a8b3f767a
                C:\ef60c58cdd1f56bf95401cfaf20940ef

                Firefox::
                Trusted Zone: internet
                Trusted Zone: mcafee.com

              • Save this as CFScript.txt, in the same location as ComboFix.exe



              • Referring to the picture above, drag CFScript into ComboFix.exe
              • When finished, it shall produce a log for you at C:\ComboFix.txt
              • Please post the contents of the log in your next reply.
              *********************************************************
              Please go to Jotti's malware scan
              (If more than one file needs scanned they must be done separately and links posted for each one)

              * Copy the file path in the below Code box:

              Code: [Select]
              c:\windows\system32\x64
              c:\windows\system32\igxpun.exe
              c:\windows\system32\Drivers\utkwnty5.sys 

              * At the upload site, click once inside the window next to Browse.
              * Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
              * Next click Submit file
              * Your file will possibly be entered into a queue which normally takes less than a minute to clear.
              * This will perform a scan across multiple different virus scanning engines.
              * Important: Wait for all of the scanning engines to complete.
              * Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
              Windows 8 and Windows 10 dual boot with two SSD's

              bicyclist

                Topic Starter


                Rookie

                • Experience: Beginner
                • OS: Windows XP
                Re: Google redirect problem
                « Reply #12 on: August 10, 2011, 09:17:09 AM »
                Dave,

                Sorry about the delayed response; I have some family members that are sick and it takes most of my free time (elderly father and mother in-law).  I could not find the Panda Antivirus Pro 2012 nor the Norton 360 after scanning my system.  Did I miss something?   

                I ran the combo fix and it was able to download the Microsoft Windows recovery console and complete its scan.    The log is below.

                I was not able to scan the files you indicated with Jott's malware scanner.   When I pasted each file (one at a time) into the file upload window, I got a window that says "file not found".

                By the way I might have picked up another redirecting virus (slow/intermittent connection to internet, the hard drive runs unusually fast on start-up as if something is loading, and I lose my internet connection after a few minutes) prior to my running ComboFix.  I don't  think CobmboFix cured it.  I re-enabled my Deluxe Shield as well as my PC Tools Spyware Doctor antivirus checkers and ran them after the ComboFix scan.   I'm not sure I did a good thing.  The PC Tools Spyware caught a lot of items, though did not defined what items it caught, and fixed those files and the system does not run better.     

                I appreciate all the help you have provided.  Let me know what I should do next. 

                Ken


                The ComboFix log:

                ComboFix 11-08-09.02 - User 08/09/2011  19:23:46.2.1 - x86
                Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1527.1115 [GMT -7:00]
                Running from: c:\documents and settings\User\Desktop\ComboFix.exe
                Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
                AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
                AV: The Shield Deluxe Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
                FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
                .
                FILE ::
                "C:\found.001"
                "C:\found.002"
                "C:\found.003"
                "C:\found.004"
                "C:\found.005"
                .
                .
                (((((((((((((((((((((((((   Files Created from 2011-07-10 to 2011-08-10  )))))))))))))))))))))))))))))))
                .
                .
                .
                .
                .
                ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                2011-07-01 21:55 . 2004-08-04 12:00   361600   ----a-w-   c:\windows\system32\drivers\tcpip.sys
                2011-06-27 00:10 . 2011-06-27 00:10   0   ---ha-w-   c:\documents and settings\User\Local Settings\Application Data\BITC4.tmp
                2011-06-19 01:34 . 2011-06-19 01:34   0   ---ha-w-   c:\documents and settings\User\Local Settings\Application Data\BITBD.tmp
                2011-06-19 01:17 . 2011-06-19 01:17   0   ---ha-w-   c:\documents and settings\User\Local Settings\Application Data\BITBC.tmp
                2011-06-02 14:02 . 2004-08-04 12:00   1858944   ----a-w-   c:\windows\system32\win32k.sys
                2011-07-06 06:23 . 2011-04-30 21:08   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
                2009-09-14 05:10 . 2010-08-07 21:24   47104   ----a-w-   c:\program files\mozilla firefox\components\FFComm.dll
                2011-07-01 22:45 . 2008-06-03 17:15   119808   ----a-w-   c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
                .
                .
                ((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                ---- Directory of C:\40d9b26e2a8b3f767a ----
                .
                .
                ---- Directory of C:\ef60c58cdd1f56bf95401cfaf20940ef ----
                .
                .
                .
                (((((((((((((((((((((((((((((   SnapShot@2011-07-10_03.04.24   )))))))))))))))))))))))))))))))))))))))))
                .
                + 2009-12-14 07:08 . 2011-04-26 11:07   33280              c:\windows\system32\dllcache\csrsrv.dll
                - 2009-12-14 07:08 . 2010-12-09 14:30   33280              c:\windows\system32\dllcache\csrsrv.dll
                - 2004-08-04 12:00 . 2010-12-09 14:30   33280              c:\windows\system32\csrsrv.dll
                + 2004-08-04 12:00 . 2011-04-26 11:07   33280              c:\windows\system32\csrsrv.dll
                + 2011-08-07 06:47 . 2011-08-07 06:47   22016              c:\windows\Installer\1024b4.msi
                - 2004-08-04 12:00 . 2010-06-18 17:45   293376              c:\windows\system32\winsrv.dll
                + 2004-08-04 12:00 . 2011-04-26 11:07   293376              c:\windows\system32\winsrv.dll
                + 2007-02-03 14:53 . 2011-07-13 16:42   142832              c:\windows\system32\FNTCACHE.DAT
                - 2007-02-03 14:53 . 2011-06-09 05:19   142832              c:\windows\system32\FNTCACHE.DAT
                + 2010-06-18 17:45 . 2011-04-26 11:07   293376              c:\windows\system32\dllcache\winsrv.dll
                - 2010-06-18 17:45 . 2010-06-18 17:45   293376              c:\windows\system32\dllcache\winsrv.dll
                + 2008-10-15 04:07 . 2011-06-02 14:02   1858944              c:\windows\system32\dllcache\win32k.sys
                + 2007-12-18 20:16 . 2011-07-13 08:54   49089992              c:\windows\system32\MRT.exe
                .
                (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                *Note* empty entries & legit default entries are not shown
                REGEDIT4
                .
                [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-18 68856]
                .
                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
                "BitDefender Antiphishing Helper"="c:\program files\The Shield Deluxe\The Shield Deluxe 2010\IEShow.exe" [2009-09-14 71152]
                "BDAgent"="c:\program files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe" [2009-09-24 1114536]
                "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-04 282624]
                "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
                "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
                "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
                "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-06-15 278528]
                "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
                "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
                "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
                "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-07-01 30192]
                "eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
                "DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
                .
                c:\documents and settings\User\Start Menu\Programs\Startup\
                Alarm 95 Help.lnk - c:\windows\winhelp.exe [2004-8-4 256192]
                Alarm 95.lnk - c:\program files\Alarm95\Alarm95.exe [2009-8-23 426496]
                Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]
                .
                c:\documents and settings\All Users\Start Menu\Programs\Startup\
                eFax 4.3.lnk - c:\program files\eFax Messenger 4.3\J2GTray.exe [2008-9-6 629248]
                PsiWin 2.3 Connection Server.lnk - c:\program files\Psion\PsiWin\Psconsv.exe [2008-7-16 286720]
                Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-424UB\WlanCU.exe [2010-3-7 368640]
                .
                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
                @=""
                .
                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
                @=""
                .
                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
                @=""
                .
                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
                "LMIRescue_05cc69be-ef6c-40d9-a32e-51b51a08a20b"=2 (0x2)
                .
                [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
                "DisableMonitoring"=dword:00000001
                .
                [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
                "DisableMonitoring"=dword:00000001
                .
                [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                "%windir%\\system32\\sessmgr.exe"=
                "c:\\Program Files\\iTunes\\iTunes.exe"=
                "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                "c:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"=
                .
                R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/16/2009 3:34 PM 130936]
                R2 WLNdis50;Wireless Lan NDIS Protocol I/O Control;c:\windows\system32\drivers\WLNdis50.sys [3/6/2010 5:51 PM 20480]
                R3 BDFM;BDFM;c:\windows\system32\drivers\bdfm.sys [9/17/2009 4:12 PM 152328]
                R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [3/7/2010 4:25 PM 264576]
                S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/10/2010 2:51 PM 135664]
                S2 WLSVC;WLSVC;c:\program files\TRENDnet\TEW-424UB\WLSVC.exe [3/7/2010 4:25 PM 167936]
                S3 Arrakis3;The Shield Deluxe Arrakis Server;c:\program files\Common Files\The Shield Deluxe\The Shield Deluxe Arrakis Server\bin\arrakis3.exe [9/13/2009 11:31 PM 183880]
                S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/18/2007 12:00 PM 30192]
                S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/10/2010 2:51 PM 135664]
                S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/2/2008 10:18 AM 348752]
                S3 SjyPkt;SjyPkt;\??\c:\windows\System32\Drivers\SjyPkt.sys --> c:\windows\System32\Drivers\SjyPkt.sys [?]
                .
                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                bdx   REG_MULTI_SZ      scan
                .
                Contents of the 'Scheduled Tasks' folder
                .
                2011-08-10 c:\windows\Tasks\Google Software Updater.job
                - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-18 03:27]
                .
                2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc076dadee6214.job
                - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 21:50]
                .
                2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-10 21:50]
                .
                .
                ------- Supplementary Scan -------
                .
                uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
                uSearchAssistant = hxxp://www.google.com/ie
                uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
                IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
                IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
                Trusted Zone: google.com\earth
                Trusted Zone: internet
                Trusted Zone: mcafee.com
                TCP: DhcpNameServer = 192.168.1.1
                TCP: Interfaces\{BACC9A4A-C40D-46E4-9B44-F839EAFD5C13}: DhcpNameServer = 192.168.1.1
                FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\lc6vgsqt.default\
                FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
                FF - prefs.js: browser.search.selectedEngine - Bing
                FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
                FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
                .
                .
                **************************************************************************
                .
                catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                Rootkit scan 2011-08-09 19:55
                Windows 5.1.2600 Service Pack 3 NTFS
                .
                scanning hidden processes ... 
                .
                scanning hidden autostart entries ...
                .
                scanning hidden files ... 
                .
                scan completed successfully
                hidden files: 0
                .
                **************************************************************************
                .
                --------------------- DLLs Loaded Under Running Processes ---------------------
                .
                - - - - - - - > 'explorer.exe'(2368)
                c:\windows\system32\WININET.dll
                c:\progra~1\WINDOW~2\wmpband.dll
                c:\windows\system32\ieframe.dll
                c:\windows\system32\webcheck.dll
                c:\windows\system32\WPDShServiceObj.dll
                c:\windows\system32\PortableDeviceTypes.dll
                c:\windows\system32\PortableDeviceApi.dll
                .
                ------------------------ Other Running Processes ------------------------
                .
                c:\program files\Analog Devices\SoundMAX\SMAgent.exe
                c:\windows\system32\wscntfy.exe
                c:\program files\iPod\bin\iPodService.exe
                .
                **************************************************************************
                .
                Completion time: 2011-08-09  20:00:06 - machine was rebooted
                ComboFix-quarantined-files.txt  2011-08-10 03:00
                ComboFix2.txt  2011-07-10 03:08
                .
                Pre-Run: 59,016,167,424 bytes free
                Post-Run: 59,009,564,672 bytes free
                .
                WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
                [boot loader]
                timeout=2
                default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
                [operating systems]
                c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
                UnsupportedDebug="do not select this" /debug
                multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
                .
                - - End Of File - - 7CCFC895A45A57F525FADF7D75C17742

                SuperDave

                • Malware Removal Specialist


                • Genius
                • Thanked: 1020
                • Certifications: List
                • Experience: Expert
                • OS: Windows 10
                Re: Google redirect problem
                « Reply #13 on: August 10, 2011, 05:55:41 PM »
                Quote
                Sorry about the delayed response; I have some family members that are sick and it takes most of my free time (elderly father and mother in-law).  I could not find the Panda Antivirus Pro 2012 nor the Norton 360 after scanning my system.  Did I miss something?
                I'm really sorry about your relatives and also the mix-up I caused. I must have confused your thread with another thread. I was juggling too many balls at once.
                Are you still getting the re-directs?


                Quote
                By the way I might have picked up another redirecting virus (slow/intermittent connection to internet, the hard drive runs unusually fast on start-up as if something is loading, and I lose my internet connection after a few minutes) prior to my running ComboFix.  I don't  think CobmboFix cured it.  I re-enabled my Deluxe Shield as well as my PC Tools Spyware Doctor antivirus checkers and ran them after the ComboFix scan.   I'm not sure I did a good thing.
                That could becuse it appears that you two AV programs running at one; McAfee Anti-Virus and Anti-Spyware and The Shield Deluxe Antivirus You should only have one AV running. 

                Please download: HiJackThis to your Desktop.
                Open HijackThis and select Do a system scan only

                Place a check mark next to the following entries: (if there)

                Trusted Zone: google.com\earth
                Trusted Zone: internet
                Trusted Zone: mcafee.com


                Important: Close all open windows except for HijackThis and then click Fix checked.

                Once completed, exit HijackThis.
                ************************************************
                * Download the following tool: RootRepeal - Rootkit Detector
                * Direct download link is here: RootRepeal.zip

                * Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
                * Click this link to see a list of such programs and how to disable them.

                * Extract the program file to a new folder such as C:\RootRepeal
                * Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
                * Select ALL of the checkboxes and then click OK and it will start scanning your system.
                * If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
                * When done, click on Save Report
                * Save it to the same location where you ran it from, such as C:RootRepeal
                * Save it as rootrepeal.txt
                * Then open that log and select all and copy/paste it back on your next reply please.
                * Close RootRepeal.
                Windows 8 and Windows 10 dual boot with two SSD's

                bicyclist

                  Topic Starter


                  Rookie

                  • Experience: Beginner
                  • OS: Windows XP
                  Re: Google redirect problem
                  « Reply #14 on: August 14, 2011, 11:38:32 PM »
                  Dave,

                  The major re-direct problem I originally was having has been solved so my system works much better since I ran the TDSSKiller several posts ago per your instructions.   :)   Mozilla Firefox is preventing a few re-directs but those are mostly during my visits to commercial websites so I think that might be OK--I overreacted to the few redirects I got after all the work we did.   

                  By the way , the sound on my system has been restored again due to running the TDSSKiller several posts ago per your instructions.    :)

                  I seem to be having trouble hooking up to the internet.  I understand the need to have only have one AV running at a time.  I'll try contacting McAfee about how to uninstall their anti-virus software that might still be on my system (I may have inadvertently deleted it rather than uninstalled it when I cancelled their service).

                  I could not get the HiJackThis to run on my system.  When I tried to run it I got a window that said "C:\Documents & Settings\User\Desktop\HiJackThisInstaller.exe is not a valid win32 application". 

                  Thought I should not run RootRepeal until we finished with HiJackThis---OK?   

                  What should I do next?

                  Ken 


                  SuperDave

                  • Malware Removal Specialist


                  • Genius
                  • Thanked: 1020
                  • Certifications: List
                  • Experience: Expert
                  • OS: Windows 10
                  Re: Google redirect problem
                  « Reply #15 on: August 15, 2011, 05:00:21 PM »
                  You can use this tool to remove McAfee.

                  •McAfee Consumer Products Removal Tool  - Use on McAfee, AOL distributions of McAfee, CA distributions of McAfee - McAfee Consumer Products Removal tool (MCPR.exe)

                  Sorry. Please try doing this:
                  Note: If you still have HJT on your desktop you can skip number 1 and go to number 2.
                  1. Please download: HiJackThis to your Desktop.
                  2. Double Click the HijackThis icon, located on your Desktop.
                  By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
                  3. Accept the license agreement.
                  4. Open HijackThis and select Do a system scan only

                  Place a check mark next to the following entries: (if there)

                  Trusted Zone: google.com\earth
                  Trusted Zone: internet
                  Trusted Zone: mcafee.com


                  Important: Close all open windows except for HijackThis and then click Fix checked.

                  Once completed, exit HijackThis.
                  *****************************************************
                  Please run RootRepeal even if HJT doesn't run for you.
                  Windows 8 and Windows 10 dual boot with two SSD's

                  bicyclist

                    Topic Starter


                    Rookie

                    • Experience: Beginner
                    • OS: Windows XP
                    Re: Google redirect problem
                    « Reply #16 on: August 26, 2011, 01:11:16 AM »
                    Dave,

                    I ran the McAfee Consumer products Removal Tool and all the old McAfee files are gone (I scanned my system as a check).   :)   Though there is a new McAffee file, McAfee.xml (in C:\Program Files\common Files\the shield deluxe\Setup Info\(alpha numeric code)\extern), from my re-installation of The Shield Deluxe antivirus checker (see next paragraph) that is part of that install.   

                    I took a big detour in order to run the programs you requested in your last post.  I had to re-install the Shield Deluxe (I now have the 2011 version) because I forgot my password that is needed in order to disable the checker in order to run RootRepeal--really stupid mistake on my part losing my password.  I latter found the password buried in my notes.

                    It was lucky I found my password because the re-install of Shield Deluxe still insisted on my password to change any settings.  By the way, I decided to password protect the Shield Deluxe antivirus setting because I think something (not me) changed only one of the settings, the real time protection, without my knowledge while the other settings were left alone (when I disable my virus checker I turn off all settings).

                    I tried to run HiJackThis as you requested in your last post.   I could not get it to run on my system.  When I tried to run it I got a window that said "C:\Documents & Settings\User\Desktop\HiJackThisInstaller.exe is not a valid win32 application".   :(

                    I tried to run RootRepeal, as you requested in your last post, after I turned off my Windows Firewall and the Shield Deluxe anti-virus checker.  I could not get it to run on my system.  When I tried to run it I got a pop-up window from the Shield Deluxe that said "RootRepeal has been terminated by Active Virus Control".  I turned off all the product settings on the preferences window of the Shield Deluxe in preparation for the RootRepeal run.  I must not be missing something somewhere and I didn't see the Shield Deluxe listed in your link to methods to disable programs.  :(

                    What do I do next?

                    Ken   
                           

                    SuperDave

                    • Malware Removal Specialist


                    • Genius
                    • Thanked: 1020
                    • Certifications: List
                    • Experience: Expert
                    • OS: Windows 10
                    Re: Google redirect problem
                    « Reply #17 on: August 26, 2011, 05:38:02 PM »
                    I'd like to scan your machine with ESET OnlineScan

                    •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
                    ESET OnlineScan
                    •Click the button.
                    •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
                    • Click on to download the ESET Smart Installer. Save it to your desktop.
                    • Double click on the icon on your desktop.
                    •Check
                    •Click the button.
                    •Accept any security warnings from your browser.
                    •Check
                    •Push the Start button.
                    •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
                    •When the scan completes, push
                    •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
                    •Push the button.
                    •Push
                    A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
                    Windows 8 and Windows 10 dual boot with two SSD's

                    bicyclist

                      Topic Starter


                      Rookie

                      • Experience: Beginner
                      • OS: Windows XP
                      Re: Google redirect problem
                      « Reply #18 on: August 31, 2011, 07:48:14 PM »
                      Dave,

                      I ran the ESET OnlineScanner and no threats were found.  It took about four hours to scan my system's seventy thousand files.

                      My observations of my current system status:  my system does not have the redirect problem and I have sound thanks to your directions to remedy those problems.   

                      However, I think I still have some less serious issues regarding connection.  During the mid-afternoon portion of the day (between about 2pm and 5pm) and mid-evening (about 7pm to 9pm) I have problems connecting to the Internet or, while on the Internet during those time periods, my system is so slow it seems as though my machine has locked up.   I think this might be a problem with the Internet service provider (Earthlink) because my wife's computer, with whom I share that service via a wireless connection, has a similar problem but her's is not as severe. 

                      Also, I think some of my connection problem might be caused by my wireless network connection (Trendnet to Linksys router) since the signal strength changes occasionally; the signal strength is not steady since it changes from excellent or good to average on occasion. 

                      Additionally, I think an icon in the system tray on my computer is indicating intermittent or loss of wireless network connection when the wave symbol, that normally lights up periodically (white color to green color) next to the monitor symbol, either freezes in the on position (green light) or fails to light (white color).   

                      Any suggestions?  What do I do next?  I'm interested in making sure all viruses and malware have been removed from my system.

                      I do appreciate all your help; my improved Internet experience due to your help has allowed me to explore and navigate all the health care options for my ailing father and mother in-law.  Again, thank you.         

                      Ken

                      SuperDave

                      • Malware Removal Specialist


                      • Genius
                      • Thanked: 1020
                      • Certifications: List
                      • Experience: Expert
                      • OS: Windows 10
                      Re: Google redirect problem
                      « Reply #19 on: September 01, 2011, 05:03:19 PM »
                      Quote
                      Any suggestions?  What do I do next?  I'm interested in making sure all viruses and malware have been removed from my system.
                      I'm quite confident that your computer is clean. Let's run one more scan to check that connection problem

                      Please download MiniToolBox to Desktop and run it.



                      Checkmark the following boxes:

                        • Flush DNS
                        • Report IE Proxy Settings
                        • Reset IE Proxy Settings
                        • List content of Hosts
                        • List IP Configuration
                        • Lst Last 10 Event Viewer Errors
                        • List Users, Partitions and Memory Size
                        • [/b]
                        Click Go and copy/paste the log (Result.txt) into your next post. .
                        Windows 8 and Windows 10 dual boot with two SSD's

                        bicyclist

                          Topic Starter


                          Rookie

                          • Experience: Beginner
                          • OS: Windows XP
                          Re: Google redirect problem
                          « Reply #20 on: September 06, 2011, 02:16:33 PM »
                          Dave,

                          The MiniToolBox log:

                          MiniToolBox by Farbar
                          Ran by User (administrator) on 06-09-2011 at 11:45:46
                          Microsoft Windows XP Service Pack 3 (X86)

                          ***************************************************************************

                          ========================= Flush DNS: ===================================


                          Windows IP Configuration



                          Successfully flushed the DNS Resolver Cache.


                          ========================= IE Proxy Settings: ==============================

                          Proxy is not enabled.
                          No Proxy Server is set.

                          "Reset IE Proxy Settings": IE Proxy Settings were reset.
                          ========================= Hosts content: =================================

                          127.0.0.1       localhost

                          ========================= IP Configuration: ================================

                          # ----------------------------------
                          # Interface IP Configuration         
                          # ----------------------------------
                          pushd interface ip


                          # Interface IP Configuration for "Local Area Connection"

                          set address name="Local Area Connection" source=dhcp
                          set dns name="Local Area Connection" source=dhcp register=PRIMARY
                          set wins name="Local Area Connection" source=dhcp

                          # Interface IP Configuration for "Wireless Network Connection 11"

                          set address name="Wireless Network Connection 11" source=dhcp
                          set dns name="Wireless Network Connection 11" source=dhcp register=PRIMARY
                          set wins name="Wireless Network Connection 11" source=dhcp


                          popd
                          # End of interface IP configuration




                          Windows IP Configuration



                                  Host Name . . . . . . . . . . . . : KenComputer

                                  Primary Dns Suffix  . . . . . . . :

                                  Node Type . . . . . . . . . . . . : Unknown

                                  IP Routing Enabled. . . . . . . . : No

                                  WINS Proxy Enabled. . . . . . . . : No



                          Ethernet adapter Local Area Connection:



                                  Media State . . . . . . . . . . . : Media disconnected

                                  Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet for hp

                                  Physical Address. . . . . . . . . : 00-0F-20-6F-6B-2E



                          Ethernet adapter Wireless Network Connection 11:



                                  Connection-specific DNS Suffix  . :

                                  Description . . . . . . . . . . . : TRENDnet TEW-424UB 54M USB Dongle

                                  Physical Address. . . . . . . . . : 00-14-D1-48-33-9E

                                  Dhcp Enabled. . . . . . . . . . . : Yes

                                  Autoconfiguration Enabled . . . . : Yes

                                  IP Address. . . . . . . . . . . . : 192.168.2.102

                                  Subnet Mask . . . . . . . . . . . : 255.255.255.0

                                  Default Gateway . . . . . . . . . : 192.168.2.1

                                  DHCP Server . . . . . . . . . . . : 192.168.2.1

                                  DNS Servers . . . . . . . . . . . : 192.168.1.1

                                  Lease Obtained. . . . . . . . . . : Tuesday, September 06, 2011 9:31:46 AM

                                  Lease Expires . . . . . . . . . . : Wednesday, September 07, 2011 9:31:46 AM

                          Server:  UnKnown
                          Address:  192.168.1.1

                          Name:    google.com
                          Addresses:  74.125.93.106, 74.125.93.103, 74.125.93.147, 74.125.93.105
                               74.125.93.99, 74.125.93.104



                          Pinging google.com [74.125.93.99] with 32 bytes of data:



                          Reply from 74.125.93.99: bytes=32 time=95ms TTL=53

                          Reply from 74.125.93.99: bytes=32 time=94ms TTL=53



                          Ping statistics for 74.125.93.99:

                              Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

                          Approximate round trip times in milli-seconds:

                              Minimum = 94ms, Maximum = 95ms, Average = 94ms

                          Server:  UnKnown
                          Address:  192.168.1.1

                          Name:    yahoo.com
                          Addresses:  209.191.122.70, 67.195.160.76, 69.147.125.65, 72.30.2.43
                               98.137.149.56



                          Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



                          Reply from 98.137.149.56: bytes=32 time=41ms TTL=56

                          Reply from 98.137.149.56: bytes=32 time=71ms TTL=56



                          Ping statistics for 98.137.149.56:

                              Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

                          Approximate round trip times in milli-seconds:

                              Minimum = 41ms, Maximum = 71ms, Average = 56ms



                          Pinging 127.0.0.1 with 32 bytes of data:



                          Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

                          Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



                          Ping statistics for 127.0.0.1:

                              Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

                          Approximate round trip times in milli-seconds:

                              Minimum = 0ms, Maximum = 0ms, Average = 0ms

                          ===========================================================================
                          Interface List
                          0x1 ........................... MS TCP Loopback interface
                          0x10003 ...00 0f 20 6f 6b 2e ...... Broadcom NetXtreme Gigabit Ethernet for hp
                          0x10004 ...00 14 d1 48 33 9e ...... TRENDnet TEW-424UB 54M USB Dongle
                          ===========================================================================
                          ===========================================================================
                          Active Routes:
                          Network Destination        Netmask          Gateway       Interface  Metric
                                    0.0.0.0          0.0.0.0      192.168.2.1   192.168.2.102     25
                                  127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1     1
                                192.168.2.0    255.255.255.0    192.168.2.102   192.168.2.102     25
                              192.168.2.102  255.255.255.255        127.0.0.1       127.0.0.1     25
                              192.168.2.255  255.255.255.255    192.168.2.102   192.168.2.102     25
                                  224.0.0.0        240.0.0.0    192.168.2.102   192.168.2.102     25
                            255.255.255.255  255.255.255.255    192.168.2.102           10003     1
                            255.255.255.255  255.255.255.255    192.168.2.102   192.168.2.102     1
                          Default Gateway:       192.168.2.1
                          ===========================================================================
                          Persistent Routes:
                            None

                          ========================= Event log errors: ===============================

                          Application errors:
                          ==================
                          Error: (08/29/2011 00:11:06 PM) (Source: crypt32) (User: )
                          Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

                          Error: (08/29/2011 00:11:06 PM) (Source: crypt32) (User: )
                          Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

                          Error: (08/29/2011 00:11:06 PM) (Source: crypt32) (User: )
                          Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

                          Error: (08/29/2011 00:11:06 PM) (Source: crypt32) (User: )
                          Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

                          Error: (08/29/2011 00:11:06 PM) (Source: crypt32) (User: )
                          Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

                          Error: (08/29/2011 00:11:06 PM) (Source: crypt32) (User: )
                          Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

                          Error: (08/29/2011 00:11:05 PM) (Source: crypt32) (User: )
                          Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

                          Error: (08/29/2011 00:11:05 PM) (Source: crypt32) (User: )
                          Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

                          Error: (08/29/2011 00:11:05 PM) (Source: crypt32) (User: )
                          Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

                          Error: (08/29/2011 00:11:04 PM) (Source: crypt32) (User: )
                          Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


                          System errors:
                          =============
                          Error: (09/06/2011 09:30:46 AM) (Source: Service Control Manager) (User: )
                          Description: The IPSEC Services service terminated with the following error:
                          %%1747

                          Error: (09/04/2011 10:37:16 AM) (Source: Windows Update Agent) (User: )
                          Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

                          Error: (09/04/2011 10:35:32 AM) (Source: Service Control Manager) (User: )
                          Description: The IPSEC Services service terminated with the following error:
                          %%1747

                          Error: (09/01/2011 09:57:19 PM) (Source: Service Control Manager) (User: )
                          Description: The IPSEC Services service terminated with the following error:
                          %%1747

                          Error: (09/01/2011 09:30:57 PM) (Source: Service Control Manager) (User: )
                          Description: The IPSEC Services service terminated with the following error:
                          %%1747

                          Error: (09/01/2011 09:08:36 PM) (Source: Service Control Manager) (User: )
                          Description: The IPSEC Services service terminated with the following error:
                          %%1747

                          Error: (09/01/2011 08:19:46 PM) (Source: Service Control Manager) (User: )
                          Description: The IPSEC Services service terminated with the following error:
                          %%1747

                          Error: (09/01/2011 08:18:51 PM) (Source: Service Control Manager) (User: )
                          Description: The Remote Access Connection Manager service failed to start due to the following error:
                          %%231

                          Error: (09/01/2011 08:18:51 PM) (Source: Service Control Manager) (User: )
                          Description: The Remote Access Connection Manager service failed to start due to the following error:
                          %%231

                          Error: (09/01/2011 08:18:22 PM) (Source: Service Control Manager) (User: )
                          Description: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
                          %%1070


                          Microsoft Office Sessions:
                          =========================
                          Error: (08/29/2011 00:11:06 PM) (Source: crypt32)(User: )
                          Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

                          Error: (08/29/2011 00:11:06 PM) (Source: crypt32)(User: )
                          Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

                          Error: (08/29/2011 00:11:06 PM) (Source: crypt32)(User: )
                          Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

                          Error: (08/29/2011 00:11:06 PM) (Source: crypt32)(User: )
                          Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

                          Error: (08/29/2011 00:11:06 PM) (Source: crypt32)(User: )
                          Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

                          Error: (08/29/2011 00:11:06 PM) (Source: crypt32)(User: )
                          Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

                          Error: (08/29/2011 00:11:05 PM) (Source: crypt32)(User: )
                          Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

                          Error: (08/29/2011 00:11:05 PM) (Source: crypt32)(User: )
                          Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

                          Error: (08/29/2011 00:11:05 PM) (Source: crypt32)(User: )
                          Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.

                          Error: (08/29/2011 00:11:04 PM) (Source: crypt32)(User: )
                          Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis network connection does not exist.


                          ========================= Memory info: ===================================

                          Percentage of memory in use: 36%
                          Total physical RAM: 1527.48 MB
                          Available physical RAM: 966.02 MB
                          Total Pagefile: 2904.86 MB
                          Available Pagefile: 2485.6 MB
                          Total Virtual: 2047.88 MB
                          Available Virtual: 1905.03 MB

                          ========================= Partitions: =====================================

                          1 Drive c: () (Fixed) (Total:74.53 GB) (Free:51.72 GB) NTFS

                          ========================= Users: ========================================

                          User accounts for \\

                          Administrator            ASPNET                   Guest                   
                          HelpAssistant            SUPPORT_388945a0         User                     


                          **** End of log ****

                          SuperDave

                          • Malware Removal Specialist


                          • Genius
                          • Thanked: 1020
                          • Certifications: List
                          • Experience: Expert
                          • OS: Windows 10
                          Re: Google redirect problem
                          « Reply #21 on: September 06, 2011, 04:26:21 PM »
                          The signal is going through but, like you said, it is intermittent. Have you tried hardwiring your computer to the modem? It would appear to be a problem with the wireless. Also, please reset your modem and router. Unplug them for a minute.
                          Windows 8 and Windows 10 dual boot with two SSD's

                          bicyclist

                            Topic Starter


                            Rookie

                            • Experience: Beginner
                            • OS: Windows XP
                            Re: Google redirect problem
                            « Reply #22 on: September 17, 2011, 03:49:17 PM »
                            Dave,

                            With a hardwire connecting my computer to the router located at my wife's computer, I have a good Internet connection.  :)

                            My wife reset the router (pushed the button and unplugged the unit) and disconnected the modem (turned it off at the switch as well as unplugged the unit).  It was a lot of work to follow the instructions to get the router, that is wired directly to my wife's system, back up and running but she was finally able to accomplish the task and she has her Internet phone and Internet connection back.  There was a side benefit of all this work:  we found and properly filed our computer system literature and found some other missing items as well!   

                            My system required more work and was not entirely successful.  My wireless Internet connection is worse since the router/modem reset and my reinstalling the wireless software & adapter.   :(

                            After the resetting the modem and router, I could not hookup my system to the Internet (my system:  Trendnet wireless USB adapter [TEW-424UB] to Linksys router [Wireless-G Broadband Router--mdl. WRT54G2]).  After checking on the Trendnet status, I reentered the security key and was able to get some activity on that device (searching to establish a connection with the router) but still no connection. 

                            I decided to reinstall the Trendnet  software on my computer.  Immediately after reinstalling, I got fifteen minutes of uninterrupted, though slow, Internet connection until I was disconnected.  I could only continue intermittent connection by repairing the connection (by clicking on the icon in the system tray to pop-up a window for that device and then clicking on "Repair").  I had to do this continually to receive about a minute or two of connection. 

                            I kept an eye on the signal strength during this phase of the problem and noticed that it would go from a good connection (multi-bar green) to weak connection (single bar red) back to fair connection (no bar) back to good connection and so forth.  The Internet connection was slow during this time frame (for a minute or two) until I loss the connection entirely (red "X").  I have not had this condition in the past. 

                            Before the router/modem reset and my reinstalling the Trendnet software and adapter, I would routinely get periods of no connection to connection periods of an hour or two.  Things have gone downhill in regard to wireless connectivity.     

                            By the way, I wonder if the wireless connection is having problems due to the building structure where I live.  My place is a small townhouse and has concrete party walls (the wall between units) with wood framing in the interior of the unit.   The router is located about twenty five feet away from my computer and is in another room.

                            Again, the hardwire connection between my computer and the router is working very well and the Google redirect problem has been solved due to your direction.  I have an uninterrupted Internet connection with the hardwire. 

                            I'm not sure if my wireless Internet connection problem is a virus\malware issue; perhaps I should start a new post?   If so, please advise if I should uninstall the various anti virus software packages that I have installed on my system at your direction.  Please include any tips on making the uninstalls successful.   

                            Thank you for your help to date.

                            Ken                 

                            SuperDave

                            • Malware Removal Specialist


                            • Genius
                            • Thanked: 1020
                            • Certifications: List
                            • Experience: Expert
                            • OS: Windows 10
                            Re: Google redirect problem
                            « Reply #23 on: September 17, 2011, 04:08:31 PM »
                            Quote
                            I'm not sure if my wireless Internet connection problem is a virus\malware issue
                            From what you described to me, it would appear that the problem is with the router sending the signal or the receiver. Unfortunately, I can't help you with this. You could start another thread in another forum. Perhaps that may help.
                            Let's do some cleanup.


                            To uninstall ComboFix

                            • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
                            • In the field, type in ComboFix /uninstall


                            (Note: Make sure there's a space between the word ComboFix and the forward-slash.)

                            • Then, press Enter, or click OK.
                            • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
                            *************************************************
                            To remove all of the tools we used and the files and folders they created do the following:
                            Double click OTL.exe.
                            • Click the CleanUp button.
                            • Select Yes when the "Begin cleanup Process?" prompt appears.
                            • If you are prompted to Reboot during the cleanup, select Yes.
                            • The tool will delete itself once it finishes.
                            Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
                            **************************************************
                            Clean out your temporary internet files and temp files.

                            Download TFC by OldTimer to your desktop.

                            Double-click TFC.exe to run it.

                            Note: If you are running on Vista, right-click on the file and choose Run As Administrator

                            TFC will close all programs when run, so make sure you have saved all your work before you begin.

                            * Click the Start button to begin the cleaning process.
                            * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
                            * Please let TFC run uninterrupted until it is finished.

                            Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
                            *****************************************************
                            Use the Secunia Software Inspector to check for out of date software.

                            •Click Start Now

                            •Check the box next to Enable thorough system inspection.

                            •Click Start

                            •Allow the scan to finish and scroll down to see if any updates are needed.
                            •Update anything listed.
                            .
                            ----------

                            Go to Microsoft Windows Update and get all critical updates.

                            ----------

                            I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

                            SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
                            * Using SpywareBlaster to protect your computer from Spyware and Malware
                            * If you don't know what ActiveX controls are, see here

                            Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

                            Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

                            Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
                            Safe Surfing!
                            Windows 8 and Windows 10 dual boot with two SSD's

                            bicyclist

                              Topic Starter


                              Rookie

                              • Experience: Beginner
                              • OS: Windows XP
                              Re: Google redirect problem
                              « Reply #24 on: September 22, 2011, 06:22:50 PM »
                              Dave,

                              I successfully completed the uninstall of ComboFix.   :) 

                              I don't have OTL.exe on my system; it must have been removed by my running my anti-virus during this Google redirect problem process (see my reply #12, August 10--I shouldn't have done that as you mention in your introductory instructions).   :(   Do I delete or try to uninstall the following programs that are on my desktop that I downloaded at your direction?
                                 

                              1.  TDSKiller.exe
                              2.  tdskiller zip
                              3.  Support-LogMeInRescue.exe
                              4.  RootRepeal zip
                              5.  MiniToolBox.exe
                              6.  HjackThisInstaller.exe
                              7.  esetsmartinstalaler_enu.exe

                                 
                              I want to make sure I don't accidentally run these programs again.  To delete I should double right click on the icon and left click on delete in that window?  If I need to uninstall any of these programs, please provide instructions.

                              Are there any other things I have to do to take care of any possible buried files from my deletion of programs that were on my system prior to my reply #12 of August 10 (deleted due to my errant running of my Deluxe Shield anti virus and PC Tools Spyware Doctor)?  Those programs were:


                              1.  Super Antispyware (SAS)
                              2.  Malawarebytes
                              3.  DDS
                              4.  RKill
                              5.  Combo.fix
                              6.  Jotti's Malaware scan (I don't think this was a downloaded program?)


                              The following describes what I did at that time of deletion of those programs (from my reply #12 in August):

                              "I re-enabled my Deluxe Shield as well as my PC Tools Spyware Doctor antivirus checkers and ran them after the ComboFix scan.   I'm not sure I did a good thing.  The PC Tools Spyware caught a lot of items, though did not defined what items it caught, and fixed those files and the system does not run better."     
                               

                              Thank you,

                              Ken

                              SuperDave

                              • Malware Removal Specialist


                              • Genius
                              • Thanked: 1020
                              • Certifications: List
                              • Experience: Expert
                              • OS: Windows 10
                              Re: Google redirect problem
                              « Reply #25 on: September 23, 2011, 07:04:20 PM »
                              Quote
                              Do I delete or try to uninstall the following programs that are on my desktop that I downloaded at your direction?
                              Yes. If the programs are installed on your desktop, simply delete them or drag them to your Recycling bin. If not installed on your desktop, uninstall them.
                              Support-LogMeInRescue.exe is not one of the programs I asked you to install.
                              You may keep SAS and MBAM, if you wish. Update them and run them on a regular basis. All the others can go.
                              Windows 8 and Windows 10 dual boot with two SSD's

                              bicyclist

                                Topic Starter


                                Rookie

                                • Experience: Beginner
                                • OS: Windows XP
                                Re: Google redirect problem
                                « Reply #26 on: September 30, 2011, 06:25:17 PM »
                                Dave,

                                I got the other programs off my system per your direction.   My system is running very well--thank you. 

                                Sorry about the "Support-LogMeIn" program citing.  That was the Shield Deluxe anti-virus personnel log-in to help me install their new 2011 program after I thought I lost my password for the 2010 edition.  That was a big mess and totally my fault.   I now take better care of my passwords.

                                I think I have one last question.   To prevent the loss of my files on the hard drive, I saved some of my files (personal files and not programs I think) on thumb drives (two or three thumb drives up to 1GB capacity each) prior to all your work on my system.   I want to know if I can reuse those thumb drives without jeopardizing my system?   In other words, can I can plug those thumb drives back into my system, delete the contents, and reuse the thumb drives?   I thought I should be safe rather than sorry and ask you before I do this.

                                Ken   

                                SuperDave

                                • Malware Removal Specialist


                                • Genius
                                • Thanked: 1020
                                • Certifications: List
                                • Experience: Expert
                                • OS: Windows 10
                                Re: Google redirect problem
                                « Reply #27 on: October 01, 2011, 11:26:04 AM »
                                Quote
                                In other words, can I can plug those thumb drives back into my system, delete the contents, and reuse the thumb drives?   I thought I should be safe rather than sorry and ask you before I do this.
                                Yes. When you plug in the thumb drives hold the Shift key down for about 10 secs. while inserting them in the USB drive. Then, scan them with your AV and also with SAS and MBAM to be sure that they're clean.
                                I will lock this thread. If you need it re-opened, please send me a pm.
                                Windows 8 and Windows 10 dual boot with two SSD's