Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IE and Firefox Hijacked and Chrome won't connect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby jtjag03 » April 16th, 2010, 12:16 am

FYI, I'm still being re-directed after running combofix.
jtjag03
Regular Member
 
Posts: 28
Joined: April 8th, 2010, 8:43 pm
Advertisement
Register to Remove

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby jtjag03 » April 16th, 2010, 2:38 am

An AVG window just popped up stating there was a threat detected, Win32/Patched.DO, in the file C:\WINDOWS\system32\drivers\ftdisk.sys that you had me check earlier. I reran it at both sites listed before and got the same results. My only option for action to be taken was Ignore.
jtjag03
Regular Member
 
Posts: 28
Joined: April 8th, 2010, 8:43 pm

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby peku006 » April 16th, 2010, 3:39 am

Hi jtjag03

you have a rootkit called TDL3 and it can be very difficult to remove

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *ftdisk*
    *iastor*
    
     

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby jtjag03 » April 16th, 2010, 11:47 am

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 10:27 on 16/04/2010 by J....n J.....d (Administrator - Elevation successful)

========== filefind ==========

Searching for "*ftdisk*"
C:\cmdcons\FTDISK.SY_ --a--- 60791 bytes [18:52 17/08/2001] [18:52 17/08/2001] 345CA06DF0C008EA223F924391B4C205
C:\Documents and Settings\J....n J.....d\Local Settings\Temporary Internet Files\Content.IE5\8YKOEZHI\ftdisk.sys[1].htm --a--- 9866 bytes [06:11 16/04/2010] [06:11 16/04/2010] 2C6726E530CE409F7BB2DC9A9868A804
C:\WINDOWS\system32\dllcache\ftdisk.sys --a--c 125056 bytes [11:00 10/08/2004] [05:17 16/04/2010] 6AC26732762483366C3969C9E4D2259D
C:\WINDOWS\system32\drivers\ftdisk.sys --a--- 125056 bytes [11:00 10/08/2004] [05:17 16/04/2010] 6AC26732762483366C3969C9E4D2259D

Searching for "*iastor*"
C:\WINDOWS\dell\iastor\iastor.cat --a--- 8278 bytes [06:41 22/05/2006] [06:41 22/05/2006] 2E3C024419060C15DC9532C11FD8D73C
C:\WINDOWS\dell\iastor\iastor.inf --a--- 5742 bytes [16:18 11/05/2006] [16:18 11/05/2006] 6A9AB910B565B5108538C5E01CDECA43
C:\WINDOWS\dell\iastor\iastor.PNF --a--- 11516 bytes [19:15 17/09/2008] [19:15 17/09/2008] 492524055B3DC44849C9D6552FEFDF3B
C:\WINDOWS\dell\iastor\iastor.sys --a--- 247808 bytes [16:30 11/05/2006] [16:30 11/05/2006] 294110966CEDD127629C5BE48367C8CF
C:\WINDOWS\system32\drivers\iaStor.sys --a--- 247808 bytes [16:30 11/05/2006] [16:30 11/05/2006] 294110966CEDD127629C5BE48367C8CF

-=End Of File=-
jtjag03
Regular Member
 
Posts: 28
Joined: April 8th, 2010, 8:43 pm

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby peku006 » April 17th, 2010, 4:27 am

Hi

Download and run OTM

Download OTM by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Paste the following code under the Image area. Do not include the word Code.
    Code: Select all
    :Files
    C:\Documents and Settings\J....n J.....d\Local Settings\Temporary Internet Files\Content.IE5\8YKOEZHI\ftdisk.sys[1]
    
    :Commands
    
    [emptytemp]
    
    

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby jtjag03 » April 17th, 2010, 4:01 pm

I didn't realize until after I ran OTM that I hadn't corrected the "..." that I replaced my name with in the file name, so I ran it again after the reboot. I will post both logs. Also, over night at some point, XP Security Tool 2010 snuck on. AVG no longer loads and if I go to Control Panel => Security, I no longer have control over firewall settings.

Run 1
All processes killed
========== FILES ==========
File/Folder C:\Documents and Settings\J....n J.....d\Local Settings\Temporary Internet Files\Content.IE5\8YKOEZHI\ftdisk.sys[1] not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 84 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41 bytes

User: J....n J.....d
->Temp folder emptied: 978158 bytes
->Temporary Internet Files folder emptied: 17134061 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 82714536 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 1937374 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 378412 bytes
->Flash cache emptied: 4316 bytes

User: NetworkService
->Temp folder emptied: 896 bytes
->Temporary Internet Files folder emptied: 92708367 bytes
->Java cache emptied: 78 bytes
->Flash cache emptied: 21732 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1238856 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 78254132 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 19817860 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 282.00 mb

Run 2

All processes killed
========== FILES ==========
File/Folder C:\Documents and Settings\J....n J.....d\Local Settings\Temporary Internet Files\Content.IE5\8YKOEZHI\ftdisk.sys[1] not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: J....n J.....d
->Temp folder emptied: 31896 bytes
->Temporary Internet Files folder emptied: 59794 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17824045 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 641 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 896 bytes
->Temporary Internet Files folder emptied: 10439900 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1196 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 808 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 27.00 mb


OTM by OldTimer - Version 3.1.10.1 log created on 04172010_144106

Files moved on Reboot...
File move failed. C:\Documents and Settings\J....n J.....d\Local Settings\Temp\5sbBr21 scheduled to be moved on reboot.
C:\Documents and Settings\J....n J.....d\Local Settings\Temp\WCESLog.log moved successfully.
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RBI2SUH5\yp_demo[1].flv not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5XLW98UG\yp_com[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3G7GQKZN\blank[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1OXKOUPN\launch[1].txt moved successfully.

Registry entries deleted on Reboot...
Last edited by jtjag03 on April 19th, 2010, 1:51 am, edited 1 time in total.
jtjag03
Regular Member
 
Posts: 28
Joined: April 8th, 2010, 8:43 pm

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby peku006 » April 18th, 2010, 3:24 am

Hi jtjag03

Please do this:
  • Click on the Start button, then click on Run...
  • In the empty "Open:" box provided, type cmd and press Enter This will launch a Command Prompt window (looks like DOS).
  • Copy the entire blue text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).

    copy C:\WINDOWS\system32\drivers\ftdisk.sys c:\ftdisk.sys.sys
  • In the Command Prompt window, paste the copied text by right-clicking and selecting Paste.
  • Press Enter. When successfully, you should get this message within the Command Prompt: "1 file(s) copied"
  • Exit the Command Prompt window.
Now we need to boot into the Recovery Environment:

Reboot your computer. Combofix should have installed the recovery console so this should already be available.

Follow the instructions here to start it

Next

Type cd system32\drivers and press Enter.
Type ren ftdisk.sys ftdisk.vir and press Enter.
Then type copy C:\ftdisk.sys ftdisk.sys and press Enter.
Now type exit and press Enter to reboot your computer into normal mode.

Please run Gmer and post the log.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby jtjag03 » April 18th, 2010, 4:21 am

I've tried running recovery console 3 times. I get a BSOD every time with a Stop : 0x0000007B error.
jtjag03
Regular Member
 
Posts: 28
Joined: April 8th, 2010, 8:43 pm

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby peku006 » April 18th, 2010, 4:46 am

Hi

Please run Gmer and post the log.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby jtjag03 » April 19th, 2010, 12:11 am

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-18 23:09:45
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\JUSTIN~1\LOCALS~1\Temp\pxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\ftdisk.sys entry point in ".rsrc" section [0xB9F65314]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB83EB380, 0x34C81F, 0xE8000020]
init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xB0A72280]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[436] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B5000A
.text C:\WINDOWS\Explorer.EXE[436] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BF000A
.text C:\WINDOWS\Explorer.EXE[436] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B4000C
.text C:\Program Files\Java\jre6\bin\jusched.exe[648] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00F60001
.text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0098000A
.text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0099000A
.text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0097000C
.text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 026A000A
.text C:\WINDOWS\System32\svchost.exe[1240] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 0207000A
.text C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE[2100] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 011F0001
.text C:\WINDOWS\stsystra.exe[2240] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 016B0001
.text C:\Program Files\iTunes\iTunesHelper.exe[2332] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 02920001
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2340] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 010A0001
.text C:\WINDOWS\ehome\ehtray.exe[2392] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 016E0001
.text ...
.text C:\WINDOWS\system32\wuauclt.exe[3220] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0098000A
.text C:\WINDOWS\system32\wuauclt.exe[3220] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\wuauclt.exe[3220] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0097000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Fastfat \Fat A9AAAC8A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\iastor \Device\Harddisk0\DR0 8A65FAC8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys\modules@ESQULserv
Reg HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys\modules@ESQULl
Reg HKLM\SYSTEM\ControlSet001\Services\ESQULserv.sys\modules@ESQULclk

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\ftdisk.sys suspicious modification
File C:\WINDOWS\system32\drivers\iastor.sys suspicious modification

---- EOF - GMER 1.0.15 ----
jtjag03
Regular Member
 
Posts: 28
Joined: April 8th, 2010, 8:43 pm

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby jtjag03 » April 19th, 2010, 4:46 pm

BTW, I know I'm not supposed to run any scanners without being asked, but can I run the registry fix and malwarebytes so I don't have the XP antivirus 2010 opening every time I run something?
jtjag03
Regular Member
 
Posts: 28
Joined: April 8th, 2010, 8:43 pm

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby peku006 » April 20th, 2010, 9:54 am

Hi jtjag03

Sorry for delay, I have some "Internet connection problems"

Run Malwarebytes' Anti-Malware

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
    On the Scanner tab:
    1. Make sure the "Perform full scan" option is selected.
    2. Then click on the Scan button.
    3. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    4. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    5. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    6. Click OK to close the message box and continue with the removal process.
    Back at the main Scanner screen:
    1. Click on the Show Results button to see a list of any malware that was found.
    2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
      We will take care of the System Volume Information items later.
    3. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
      The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    5. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


2 - Status Check
Please reply with

description of any problems you are having with your PC

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby jtjag03 » April 20th, 2010, 4:23 pm

Ran a Quick then Full scan. Logs are below. I haven't been redirected yet when clicking on a google link, but I have had a random window popup.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4012

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

4/20/2010 12:42:40 PM
mbam-log-2010-04-20 (12-42-40).txt

Scan type: Quick scan
Objects scanned: 120263
Time elapsed: 8 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\J....n J.....d\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\IEXPLORE.EXE") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\J....n J.....d\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\J....n J.....d\Local Settings\Application Data\MSASCui.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\J....n J.....d\Local Settings\Application Data\av.exe (ROGUE.Win7Antispyware2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\J....n J.....d\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4013

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

4/20/2010 3:10:17 PM
mbam-log-2010-04-20 (15-10-17).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 285697
Time elapsed: 1 hour(s), 57 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\J....n J.....d\Local Settings\Temporary Internet Files\Content.IE5\23P1KUPF\update[1].exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
jtjag03
Regular Member
 
Posts: 28
Joined: April 8th, 2010, 8:43 pm

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby jtjag03 » April 20th, 2010, 4:37 pm

Figured it was only a matter of time. I'm getting redirected again.
jtjag03
Regular Member
 
Posts: 28
Joined: April 8th, 2010, 8:43 pm

Re: IE and Firefox Hijacked and Chrome won't connect

Unread postby peku006 » April 21st, 2010, 1:19 am

Hi jtjag03

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *ftdisk*
    *iastor*
    
     

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware