Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Having troubles with redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Having troubles with redirects

Unread postby grahams333 » October 29th, 2010, 12:04 pm

Thank you. I was able to complete the scan using NOD32. 11 Threats were found. See below.

C:\Program Files\Internet Explorer\audio3dupdate20080913.exe a variant of Win32/Mepaow.AA trojan
C:\Program Files\Internet Explorer\nbtstat20080918.exe a variant of Win32/Mepaow.AA trojan
C:\Program Files\Internet Explorer\nbtstat20080919.exe a variant of Win32/Mepaow.AA trojan
C:\Program Files\Internet Explorer\nbtstat20080921.exe a variant of Win32/Mepaow.AA trojan
C:\Program Files\Internet Explorer\nbtstat20080922.exe a variant of Win32/Mepaow.AA trojan
C:\Program Files\Internet Explorer\nbtstat20080926.exe a variant of Win32/Mepaow.AA trojan
C:\Program Files\Internet Explorer\spaceupdate20081029.exe a variant of Win32/Mepaow.AA trojan
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\xyadd.bak1.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\xyadd.bak2.vir Win32/Adware.Virtumonde.NEO application
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\xyadd.ini.vir Win32/Adware.Virtumonde.NEO application
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP1\A0000020.ini Win32/Adware.Virtumonde.NEO application
grahams333
Regular Member
 
Posts: 15
Joined: October 17th, 2010, 10:21 pm
Advertisement
Register to Remove

Re: Having troubles with redirects

Unread postby askey127 » October 29th, 2010, 2:53 pm

grahams333,
-------------------------------------------------------------
  • Open a new Notepad window (Start>All programs>accessories>notepad). Choose File, New.
  • Highlight the contents of the codebox below and press Ctrl+C to copy it to the clipboard. Do Not copy the word "Code".
    Code: Select all
    File::
    C:\Program Files\Internet Explorer\audio3dupdate20080913.exe
    C:\Program Files\Internet Explorer\nbtstat20080918.exe
    C:\Program Files\Internet Explorer\nbtstat20080919.exe
    C:\Program Files\Internet Explorer\nbtstat20080921.exe
    C:\Program Files\Internet Explorer\nbtstat20080922.exe
    C:\Program Files\Internet Explorer\nbtstat20080926.exe
    C:\Program Files\Internet Explorer\spaceupdate20081029.exe
    
  • Paste the contents of the clipboard into the Notepad window by pressing Ctrl+V or Edit, Paste
  • Save it to your desktop as CFScript.txt

    Image
  • Now drag and drop the CFScript.txt icon onto combofix.exe (zzz.exe) as in the picture above, and follow the prompts.
  • Then post the resultant log, C:\ComboFix.txt, in your next reply.
------------------------------------------------
This next step will get rid of the infections stored in the System Restore repository.
We don't need to get rid of the ones in C:\Qoobox\ That's a quarantine folder. You can empty that folder at leisure, just be sure not to activate anything while deleting.

Reset System Restore Points
  • Click Start, All Programs, Accessories, System Tools, System Restore
  • Click Create A Restore Point then click Next. Give it a name and then click Create, then Close.
  • Click Start, Run and type Cleanmgr
  • Select the Windows drive (usually C:), then click OK.
  • After it scans, Click the More Options tab.
  • Click Clean Up in the System Restore Section.
This will remove all previous restore points except the newly created one.

Reboot your machine to record the changes you have made.
This System Restore sequence is not to be done regularly, but only as a Special Case after the removal of malware or changes in the Restore settings.

Let's see if the ComboFix.txt log shows the Deletions.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Having troubles with redirects

Unread postby grahams333 » October 29th, 2010, 6:42 pm

Hi Askey127,

I hope I was able to do this correctly. When I dropped the CFScript file into ComboFix, it said I needed an update, so I did and then it ran the scan again.
Here are the results of the scan.
Thank you.

ComboFix 10-10-28.09 - Dani Allen 10/29/2010 14:42:41.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.254 [GMT -7:00]
Running from: c:\documents and settings\Dani Allen\Desktop\zzz.exe
Command switches used :: c:\documents and settings\Dani Allen\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\program files\Internet Explorer\audio3dupdate20080913.exe"
"c:\program files\Internet Explorer\nbtstat20080918.exe"
"c:\program files\Internet Explorer\nbtstat20080919.exe"
"c:\program files\Internet Explorer\nbtstat20080921.exe"
"c:\program files\Internet Explorer\nbtstat20080922.exe"
"c:\program files\Internet Explorer\nbtstat20080926.exe"
"c:\program files\Internet Explorer\spaceupdate20081029.exe"
.

((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-29 )))))))))))))))))))))))))))))))
.

2010-10-29 13:43 . 2010-10-29 13:43 -------- d-----w- c:\program files\ESET
2010-10-25 21:48 . 2010-10-25 21:48 -------- d-----w- c:\program files\Common Files\Java
2010-10-25 21:47 . 2010-10-25 21:46 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-25 21:47 . 2010-10-25 21:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-25 21:47 . 2010-10-25 21:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-21 05:29 . 2010-10-21 05:30 -------- d-----w- c:\documents and settings\Dani Allen\Local Settings\Application Data\Deployment
2010-10-21 01:02 . 2010-10-21 01:02 -------- d-----w- c:\documents and settings\Dani Allen\Application Data\ElevatedDiagnostics
2010-10-18 14:25 . 2010-10-18 14:25 -------- d-----w- c:\documents and settings\DESKTOP
2010-10-12 19:02 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-12 19:02 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-22 20:01 . 2004-03-19 22:38 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2010-09-24 21:58 . 2010-09-24 21:58 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-09-24 21:58 . 2010-09-24 21:58 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-24 21:58 . 2010-09-24 21:58 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-24 21:58 . 2010-09-24 21:58 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-18 19:23 . 2004-03-19 22:38 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-03-19 22:38 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-03-19 22:38 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-03-19 22:38 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-03-19 22:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-03-19 22:38 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-03-19 22:33 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2003-09-25 14:35 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-03-19 22:43 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-03-19 22:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2003-03-28 11:54 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 23:17 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-03-19 22:34 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-03-19 22:43 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-03-06 02:16 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-15 15:11 . 2010-07-15 15:11 1704744 ----a-w- c:\program files\SkypeSetup.exe
2010-02-13 23:35 . 2010-02-13 23:35 2107696 -c--a-w- c:\program files\Install_Facebook_Plug-In_1.0.1.exe
2010-01-29 21:04 . 2010-01-29 21:01 16194992 -c--a-w- c:\program files\pdf_creator.exe
2009-09-01 23:11 . 2009-09-01 23:08 44983296 -c--a-w- c:\program files\BookSmart_2.0.2.exe
2009-07-15 18:00 . 2009-07-15 17:53 75637184 -c--a-w- c:\program files\Quicken_Deluxe_2009.exe
2009-07-15 17:57 . 2009-07-15 17:54 13112552 -c--a-w- c:\program files\Quicken_WillMaker_Plus_2009.exe
2007-05-09 02:48 . 2007-05-09 02:47 1904913 -c--a-w- c:\program files\aac-setup.exe
2007-04-24 16:22 . 2007-04-24 16:22 37860928 -c--a-w- c:\program files\iTunesSetup.exe
2004-10-01 22:00 . 2007-04-25 17:57 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ExtremeSync Background Scheduler"="c:\program files\rsync.net Backup Agent\extremeSyncService.exe" [2008-11-22 6502400]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-09-24 21:58 12536 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HPAiODevice(hp psc 700 series) - 1.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 700 series) - 1.lnk
backup=c:\windows\pss\HPAiODevice(hp psc 700 series) - 1.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageMixer for HDD Camcorder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ImageMixer for HDD Camcorder.lnk
backup=c:\windows\pss\ImageMixer for HDD Camcorder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 23:51 177440 -c--a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 11:40 218032 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-13 00:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 -c--a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 03:24 32768 -c--a-w- c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"JavaQuickStarterService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AdobeActiveFileMonitor4.0"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" /startup
"PhotoShow Deluxe Media Manager"=c:\progra~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"PowerBar"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
"IgfxTray"=c:\windows\System32\igfxtray.exe
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r
"MMTray"=c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
"Microsoft Works Update Detection"=c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"mmtask"=c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe
"GoogleUpdate"=c:\program files\Internet Explorer\orz.EXE
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\cygwin\\bin\\rsync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 ntcdrdrv;ntcdrdrv;c:\windows\SYSTEM32\DRIVERS\ntcdrdrv.sys [5/8/2007 7:49 PM 13184]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [9/24/2010 2:58 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [9/24/2010 2:58 PM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [9/24/2010 2:57 PM 308136]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\SYSTEM32\DRIVERS\wdcsam.sys [5/6/2008 5:06 PM 11520]
.
Contents of the 'Scheduled Tasks' folder

2010-10-26 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2006-01-10 22:31]

2009-11-21 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-11-26 22:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mWindow Title =
uInternet Settings,ProxyOverride = *.local
TCP: {618F8427-67C7-4CFC-BFD9-E6762FAD1C69} = 8.8.8.8,4.2.2.1
FF - ProfilePath - c:\documents and settings\Dani Allen\Application Data\Mozilla\Firefox\Profiles\yoxpqzmn.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Dani Allen\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-29 15:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\1e2640d2-31c2-42ee-858b-071806cfe9a6.tmp 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3240)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-10-29 15:20:27
ComboFix-quarantined-files.txt 2010-10-29 22:19
ComboFix2.txt 2010-10-25 05:12

Pre-Run: 34,350,157,824 bytes free
Post-Run: 34,453,643,264 bytes free

- - End Of File - - 5A2791CDAC7DF372D1A29A2DA613D90A
grahams333
Regular Member
 
Posts: 15
Joined: October 17th, 2010, 10:21 pm

Re: Having troubles with redirects

Unread postby askey127 » October 29th, 2010, 8:46 pm

grahams333,
Rootkits sometimes corrupt Malwarebytes files. We may have to Uninstall, delete Program Files Folder, and re-install.
Before resoting to that, let's run RKill before Malwarebytes and see if it lets us do it.
------------------------------------------------
Download and Run Rkill
Please download and run the tool named Rkill, which may help in allowing other programs to run.
There are 4 different versions. If one of them won't run then download and try to run one of the other ones.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get ONE of these to run, not all of them. You may get warnings from your antivirus about any of these tools, ignore them or shutdown your antivirus.
Please download Rkill from one of the following links and save to your Desktop:
Rkill.exe
RKill.com
RKill.scr
Rkill.pif
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If ir does not, delete the desktop entry. Then download and use the one provided in the next link.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
------------------------------------------------------------
Run MalwareBytes' Anti-Malware
  • Start Malwarebytes' Anti-Malware.
  • Click on The Update tab. Choose Check for Updates.
  • If an update is found, it will download and install the latest version.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program is running, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it shows any malware items, Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any log listed to open its contents.
  • Recent logs are named by time/date stamp in this format : mbam-log-2010-mm-dd(hour-min-sec).txt
.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Having troubles with redirects

Unread postby grahams333 » October 30th, 2010, 12:39 pm

Hello,

I was able to get the 1st of the Rkills to run on my system.

But then I was unable to do the UPDATES to MalawareBytes due to ERRORCODE: 732(0,0)
However I ran the scan anyway. The results follow.

Thanks!

Malwarebytes' Anti-Malware 1.41
Database version: 3177
Windows 5.1.2600 Service Pack 3

10/30/2010 9:36:16 AM
mbam-log-2010-10-30 (09-36-16).txt

Scan type: Quick Scan
Objects scanned: 135324
Time elapsed: 7 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
grahams333
Regular Member
 
Posts: 15
Joined: October 17th, 2010, 10:21 pm

Re: Having troubles with redirects

Unread postby askey127 » October 30th, 2010, 5:11 pm

grahams333,
OK.
How is the system running?
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Having troubles with redirects

Unread postby grahams333 » October 30th, 2010, 11:02 pm

Everything seems alright! The redirects have stopped. YAY!

AVG seems to scan E-mail if it goes through Outlook, however I'm using Hotmail and one of my e-mail accounts has a virus. (It's sending pharmacy links to my contacts) I want to make sure that my AntiVirus software is up and running properly in case this virus attempts to come back to me and to compromise my system again.

Also, which of the programs that you had me install on my Desktop can I now safely remove?

Thank you for all your help! You've been a pleasure to work with!
grahams333
Regular Member
 
Posts: 15
Joined: October 17th, 2010, 10:21 pm

Re: Having troubles with redirects

Unread postby grahams333 » October 30th, 2010, 11:13 pm

Askey127,

I also wanted to ask, is it safe to say now that I can go through and do some of the "What to do if your computer is running slowly" techniques? I have quite a few older programs and such that I'd like to remove to improve speed on my system. (However, it's already better than when we first started this process!)

Thanks again!
grahams333
Regular Member
 
Posts: 15
Joined: October 17th, 2010, 10:21 pm

Re: Having troubles with redirects

Unread postby askey127 » October 31st, 2010, 7:32 am

grahams333,
Yes, it is OK to do the things in that Slow Computer thread.

There is one thing I would like you to do before we claim success.
You version of Malwarebytes is an old one, and should be replaced.
The new version will check to see that no new spyware has been hiding on your machine.
If you cannot get it to update and run properly, please tell me.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Malwarebytes Anti-Malware

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------------------------------------------
Download and Run MalwareBytes' Anti-Malware It is free for non-business use.
Please go here to the Download Location, click on Download.
  • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
  • Choose Desktop as the location to save the installer and click Save again.
  • You should now have a desktop icon named mbam-setup.exe. Double-click it.
  • Let it install the program where it wants to, with the default settings, and click Finish.
  • If an update is found, it will download and install the latest version.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program is running, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items. Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents.
  • Recent logs are named by time/date stamp in this format : mbam-log-2010-mm-dd(hour-min-sec).txt
  • You can now delete the installer icon, named mbam-setup.exe from your desktop.

Let me know how it goes
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Having troubles with redirects

Unread postby grahams333 » November 1st, 2010, 1:08 pm

Thank you, Results are below.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5015

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/1/2010 10:03:21 AM
mbam-log-2010-11-01 (10-03-21).txt

Scan type: Quick scan
Objects scanned: 192369
Time elapsed: 10 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5015

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/1/2010 10:03:21 AM
mbam-log-2010-11-01 (10-03-21).txt

Scan type: Quick scan
Objects scanned: 192369
Time elapsed: 10 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
grahams333
Regular Member
 
Posts: 15
Joined: October 17th, 2010, 10:21 pm

Re: Having troubles with redirects

Unread postby askey127 » November 1st, 2010, 3:20 pm

Looks good Grahams333.
I think you are free of malware.
I hope it goes well for you, and the tips in the "Slow Computer" thread help to speed it up.

This is extra security if you wish to do it:
-----------------------------------------------------------
Replace the Current HOSTS File with MVPs
You can read about HOSTS files here : http://www.mvps.org/winhelp2002/hosts.htm

  • Disable DNS Client Service. This is necessary when installing a large HOSTS file.
    From Start, or Start, Run
    Type services.msc in the box and hit <Enter>
    Give permission to continue if necessary.
    Scroll down to DNS Client on the list, Right Click it and choose Properties.
    Under Service Status, click Stop. Wait until it reports the service stopped.
    Under Startup Type, choose Disabled.
    Then click Apply, OK
  • Use HostsXpert to Install the HOSTS File
    Download HostsXpert and unzip (extract) it to your computer, somewhere where you can find it.
    • Double click on HostsXpert.exe to launch the program. Give whatever Permissions are required.
    • In the bottom half of the left pane, click on File Handling
    • If the first button at the top is labeled Make Writeable?, click on it so the label changes to Make Read Only
    • Click third button from the bottom, labeled Download. A couple new buttons will appear at the top.
    • Click on the top button labeled MVPs Hosts and choose Replace
    • When asked to verify if you want to Replace present Hosts file, click OK.
    • When it finishes, click on File Handling again.
    • Click the button at the top labeled Make Read Only, so the label changes to Make Writeable?
    • Hit the X in the upper right corner to exit HostsXpert

If you have a separate third party firewall, or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Having troubles with redirects

Unread postby grahams333 » November 4th, 2010, 3:24 pm

Thank you again for your help! I'm truly grateful that you were able to resolve this for me! I'll look into your suggestions above! =)

You all have a wonderful site and a heavy task load I'm sure! It's much appreciated, the work you're doing to clean up these malware and virus's!
grahams333
Regular Member
 
Posts: 15
Joined: October 17th, 2010, 10:21 pm

Re: Having troubles with redirects

Unread postby askey127 » November 4th, 2010, 4:11 pm

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware