Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Search Engine Results Redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Search Engine Results Redirect

Unread postby jtg.1983 » March 30th, 2011, 3:40 am

Good day,
I've been having quite a difficult time cleansing my system of a rather insidious bit of malware. It started with Windows Defender fake program.... (my mother clicking a "Hey, check out this picture" link on facebook. Facebook is a mine field for the over 40 crowd) which I was able to stop and remove by way of RKILL & some manual deleting.

Not sure if it is another sympton of Windows defender or something different all together, but the results from search engines appear, but attempting to view anything causes a redirect to any number of bogus search sites. I''ve tried AdAware, Malwarebytes, Avast, Superspyware, combofix, GMER, MS Malware, and probably a half dozen other such programs but to no avail. Curiously enough, the Roxio BOT (Back on Track) program has been fouled up suddenly as well, leaving me unable to restore a saved state either via windows, start --> Progs -->Roxio, etc. & F6 x 6 at start up. Bizarre. Any help would be most appreciated. I've downloaded OTL as well, having viewed a few other posts, in case you need an OTL report. Thank you for your time!
Best,
Jerry

DDS:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Family at 3:00:27.85 on Wed 03/30/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.580 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
svchost.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\syncables\syncables desktop\Syncables.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\syncables\syncables desktop\MigoMapi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Family\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "c:\documents and settings\family\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode
mRun: [Syncables] c:\program files\syncables\syncables desktop\Syncables.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resour ... se6886.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2009-5-6 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2009-5-6 15856]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [2008-9-25 103792]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2009-5-6 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2011-3-27 18816]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2008-12-12 125424]
R2 BOTService;BOTService;c:\program files\roxio\backontrack\instant restore\BOTService.exe [2009-3-19 203248]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-5-6 113664]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-2 38912]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-25 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"d:\lavasoft\ad-aware\aawservice.exe" --> d:\lavasoft\ad-aware\AAWService.exe [?]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6.tmp [2011-3-27 6144]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
.
=============== Created Last 30 ================
.
2011-03-30 06:47:06 388096 ----a-r- c:\docume~1\family\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-03-30 06:47:05 -------- d-----w- c:\program files\Trend Micro
2011-03-30 06:25:46 -------- d-----w- C:\fixwareout
2011-03-30 06:24:08 -------- d-sh--w- c:\documents and settings\family\PrivacIE
2011-03-30 06:23:28 -------- d-sh--w- c:\documents and settings\family\IETldCache
2011-03-30 06:18:13 -------- dc-h--w- c:\windows\ie8
2011-03-30 06:17:33 -------- d--h--w- c:\windows\msdownld.tmp
2011-03-30 06:05:38 -------- d-----w- C:\406d617140359f8588
2011-03-27 13:26:53 -------- d-s---w- C:\ComboFix
2011-03-27 13:03:41 98816 ----a-w- c:\windows\sed.exe
2011-03-27 13:03:41 89088 ----a-w- c:\windows\MBR.exe
2011-03-27 13:03:41 256512 ----a-w- c:\windows\PEV.exe
2011-03-27 13:03:41 161792 ----a-w- c:\windows\SWREG.exe
2011-03-27 12:37:22 -------- d-----w- c:\docume~1\family\applic~1\SUPERAntiSpyware.com
2011-03-27 12:37:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-03-27 12:37:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-27 12:27:26 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-03-27 12:15:04 6144 ------w- c:\windows\system32\6.tmp
2011-03-27 12:14:42 6144 ------w- c:\windows\system32\5.tmp
2011-03-27 12:14:28 6144 ------w- c:\windows\system32\4.tmp
2011-03-27 11:49:45 -------- d-----w- c:\program files\Sophos
2011-03-25 14:33:14 -------- d-----w- c:\program files\AVAST Software
2011-03-25 14:33:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-03-25 14:01:14 -------- d-----w- C:\22757301c2cec3b88f7921
2011-03-25 13:48:49 -------- d-----w- C:\34d5f23ccae87fa8543c203eb8
2011-03-21 01:34:14 -------- d-----w- c:\docume~1\family\applic~1\Malwarebytes
2011-03-21 01:17:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 3:01:38.09 ===============

ATTACH::
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/25/2009 8:41:37 PM
System Uptime: 3/30/2011 2:34:25 AM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 308F
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 136.973 GiB free.
D: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 3/27/2011 9:23:25 AM - System Checkpoint
RP2: 3/30/2011 2:47:03 AM - Installed HiJackThis
.
==== Installed Programs ======================
.
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.0.1
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Broadcom 802.11 Wireless LAN Adapter
Compatibility Pack for the 2007 Office system
Google Talk Plugin
Google Toolbar for Internet Explorer
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP BatteryCheck 2.10 A2
HP Doc Viewer
HP Help and Support
HP Mobile Broadband Setup Utility
HP Product Detection
HP User Guides 0139
HP Wireless Assistant
HpSdpAppCoreApp
IDT Audio
Intel(R) Graphics Media Accelerator Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSXML 6.0 Parser
Roxio BackOnTrack
Roxio Disaster Recovery
Roxio Instant Restore
Roxio Instant Restore Recovery Disk
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sophos Anti-Rootkit 1.5.4
SUPERAntiSpyware
Synaptics Pointing Device Driver
syncables desktop
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB2.0 Card Reader Software
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Backup Utility
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
.
==== Event Viewer Messages From Past Week ========
.
3/30/2011 2:17:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
3/30/2011 2:14:31 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
3/30/2011 2:13:59 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SaibVd32 SASDIFSV SASKUTIL
3/30/2011 2:10:17 AM, error: System Error [1003] - Error code 00000022, parameter1 43737953, parameter2 00000000, parameter3 00000540, parameter4 f73ecdb0.
3/27/2011 8:52:07 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips intelppm SaibVd32 SASDIFSV SASKUTIL
3/27/2011 8:05:18 AM, error: Service Control Manager [7034] - The Roxio SAIB Service service terminated unexpectedly. It has done this 1 time(s).
3/27/2011 8:04:55 AM, error: Service Control Manager [7034] - The BOTService service terminated unexpectedly. It has done this 1 time(s).
3/27/2011 1:24:12 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BOTService with arguments "" in order to run the server: {9A412B91-E641-4AF4-B2E5-D51F5A4C8C7F}
3/27/2011 1:22:02 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
3/27/2011 1:22:02 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/27/2011 1:21:24 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
3/27/2011 1:19:58 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/26/2011 9:54:30 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
3/26/2011 9:54:27 PM, error: SRService [104] - The System Restore initialization process failed.
3/26/2011 11:29:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips intelppm SaibVd32
3/26/2011 11:29:18 PM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The system cannot find the path specified.
3/26/2011 11:28:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/25/2011 8:48:40 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
.
==== End Of File ===========================
jtg.1983
Regular Member
 
Posts: 16
Joined: March 30th, 2011, 3:06 am
Advertisement
Register to Remove

Re: Search Engine Results Redirect

Unread postby melboy » April 1st, 2011, 7:01 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


=================================


As you've run combofix can you post me the logs found at:

  1. C:\combofix.txt
  2. C:\Qoobox\ComboFix-quarantined-files.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Search Engine Results Redirect

Unread postby jtg.1983 » April 2nd, 2011, 12:32 am

Thank you so very much for your time.

I should also add that my Roxio BackOnTrack Instant Restore program ceased functioning immediately after this all began. It remains non functional.... when accessed through Windows or when accessed right as the system boots (pressing F6 several times... in the same manner one would access safemode...)... I'm assuming that isn't a coincidence.

In another fun note, as a result of the system instability from the infection itself, as well as from my efforts to fix things (running the malware/spyware/etc. programs, attempting to uninstall internet explorer then re-install, doing the same with adobe acrobat reader for version X), I now experience blue screen fatal errors when not in safe mode on a fairly regular basis, and the occassional "Windows has recovered from a serious error, can we send a report?" error.

The computer in question is a netbook..... so I'm in the unfortunate position of being unable to just start over with backup disks and restore everything to it's factory settings. I'm willing to try whatever you can think of to fix this mess, regardless of the risk. It can't get any less useful than it already is. Thanks.

Logs...
ComboFix.txt
ComboFix 11-03-30.01 - Family 03/31/2011 0:41.2.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.625 [GMT -4:00]
Running from: c:\documents and settings\Family\Desktop\xxx.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-31 )))))))))))))))))))))))))))))))
.
.
2011-03-30 06:47 . 2011-03-30 06:47 388096 ----a-r- c:\documents and settings\Family\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-30 06:47 . 2011-03-30 06:47 -------- d-----w- c:\program files\Trend Micro
2011-03-30 06:25 . 2011-03-30 15:13 -------- d-----w- C:\fixwareout
2011-03-30 06:24 . 2011-03-30 06:24 -------- d-sh--w- c:\documents and settings\Family\PrivacIE
2011-03-30 06:23 . 2011-03-30 06:23 -------- d-sh--w- c:\documents and settings\Family\IETldCache
2011-03-30 06:18 . 2011-03-30 06:21 -------- dc-h--w- c:\windows\ie8
2011-03-30 06:17 . 2011-03-30 06:21 -------- d--h--w- c:\windows\msdownld.tmp
2011-03-30 06:05 . 2011-03-30 06:05 -------- d-----w- C:\406d617140359f8588
2011-03-27 12:37 . 2011-03-27 12:37 -------- d-----w- c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com
2011-03-27 12:37 . 2011-03-27 12:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-03-27 12:37 . 2011-03-27 12:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-03-27 12:27 . 2010-05-26 14:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-03-27 12:15 . 2010-05-26 14:39 6144 ------w- c:\windows\system32\6.tmp
2011-03-27 12:14 . 2010-05-26 14:39 6144 ------w- c:\windows\system32\5.tmp
2011-03-27 12:14 . 2010-05-26 14:39 6144 ------w- c:\windows\system32\4.tmp
2011-03-27 11:49 . 2011-03-27 11:49 -------- d-----w- c:\program files\Sophos
2011-03-27 03:10 . 2011-03-27 03:30 -------- d-----w- c:\program files\Windows Live Safety Center
2011-03-25 19:23 . 2011-03-25 19:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-03-25 14:35 . 2011-03-30 06:17 -------- d-----w- c:\program files\Google
2011-03-25 14:33 . 2011-03-27 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-03-25 14:33 . 2011-03-25 14:33 -------- d-----w- c:\program files\AVAST Software
2011-03-25 14:01 . 2011-03-25 14:01 -------- d-----w- C:\22757301c2cec3b88f7921
2011-03-25 13:48 . 2011-03-25 13:48 -------- d-----w- C:\34d5f23ccae87fa8543c203eb8
2011-03-21 01:34 . 2011-03-21 01:34 -------- d-----w- c:\documents and settings\Family\Application Data\Malwarebytes
2011-03-21 01:17 . 2011-03-21 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-21 01:11 . 2011-03-21 02:06 -------- d-----w- c:\documents and settings\Administrator
2011-03-13 23:30 . 2011-03-13 23:30 -------- d-----w- c:\documents and settings\Family\Application Data\Template
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2011-02-09 13:53 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2011-02-09 13:53 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2011-02-02 07:58 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2011-01-27 11:57 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2011-01-21 14:44 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2011-01-07 14:09 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2010-12-31 13:10 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-27_13.14.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-09-26 16:58 . 2009-01-07 22:21 26144 c:\windows\system32\spupdsvc.exe
+ 2006-09-26 16:58 . 2009-01-07 22:20 16928 c:\windows\system32\spmsg.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 46592 c:\windows\system32\pngfilt.dll
+ 2008-06-25 01:26 . 2011-03-31 04:29 71980 c:\windows\system32\perfc009.dat
+ 2009-01-07 22:20 . 2009-01-07 22:20 23552 c:\windows\system32\normaliz.dll
- 2006-06-30 07:05 . 2006-06-30 07:05 23552 c:\windows\system32\normaliz.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 24576 c:\windows\system32\nlsdl.dll
- 2006-06-29 16:59 . 2006-06-29 16:59 24576 c:\windows\system32\nlsdl.dll
- 2007-08-14 17:01 . 2007-08-14 17:01 48128 c:\windows\system32\mshtmler.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 48128 c:\windows\system32\mshtmler.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 66560 c:\windows\system32\mshtmled.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 45568 c:\windows\system32\mshta.exe
- 2007-08-14 17:32 . 2007-08-14 17:32 45568 c:\windows\system32\mshta.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 13312 c:\windows\system32\msfeedssync.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 43008 c:\windows\system32\licmgr10.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 25600 c:\windows\system32\jsproxy.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 94720 c:\windows\system32\inseng.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 34816 c:\windows\system32\imgutil.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 36864 c:\windows\system32\ieudinit.exe
+ 2009-03-08 08:32 . 2009-03-08 08:32 71680 c:\windows\system32\iesetup.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 55808 c:\windows\system32\iernonce.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 26112 c:\windows\system32\idndl.dll
- 2006-06-30 07:05 . 2006-06-30 07:05 26112 c:\windows\system32\idndl.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 59904 c:\windows\system32\icardie.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2009-03-08 08:24 . 2009-03-08 08:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 18944 c:\windows\system32\corpol.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 72704 c:\windows\system32\admparse.dll
+ 2011-03-30 06:26 . 2011-03-30 06:26 24064 c:\windows\Installer\3acbf.msi
+ 2011-03-30 06:20 . 2009-03-08 18:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2011-03-30 06:18 . 2010-12-20 23:08 44544 c:\windows\ie8\pngfilt.dll
+ 2011-03-30 06:18 . 2007-08-14 17:01 48128 c:\windows\ie8\mshtmler.dll
+ 2011-03-30 06:18 . 2007-08-14 17:32 45568 c:\windows\ie8\mshta.exe
+ 2011-03-30 06:18 . 2007-08-14 17:36 12288 c:\windows\ie8\msfeedssync.exe
+ 2011-03-30 06:18 . 2010-12-20 23:08 52224 c:\windows\ie8\msfeedsbs.dll
+ 2011-03-30 06:18 . 2007-08-14 17:44 40960 c:\windows\ie8\licmgr10.dll
+ 2011-03-30 06:18 . 2010-12-20 23:08 27648 c:\windows\ie8\jsproxy.dll
+ 2011-03-30 06:18 . 2007-08-14 17:39 92672 c:\windows\ie8\inseng.dll
+ 2011-03-30 06:18 . 2007-08-14 17:36 36352 c:\windows\ie8\imgutil.dll
+ 2011-03-30 06:18 . 2007-08-14 17:39 55296 c:\windows\ie8\iesetup.dll
+ 2011-03-30 06:18 . 2010-12-20 23:08 44544 c:\windows\ie8\iernonce.dll
+ 2011-03-30 06:18 . 2010-12-20 23:08 78336 c:\windows\ie8\ieencode.dll
+ 2011-03-30 06:18 . 2010-12-20 12:54 70656 c:\windows\ie8\ie4uinit.exe
+ 2011-03-30 06:18 . 2010-12-20 23:08 63488 c:\windows\ie8\icardie.dll
+ 2011-03-30 06:18 . 2007-08-14 17:18 60416 c:\windows\ie8\hmmapi.dll
+ 2011-03-30 06:18 . 2010-12-20 23:08 17408 c:\windows\ie8\corpol.dll
+ 2011-03-30 06:18 . 2007-08-14 17:39 71680 c:\windows\ie8\admparse.dll
- 2008-04-15 12:00 . 2008-04-15 12:00 121856 c:\windows\system32\xmllite.dll
+ 2009-01-07 22:21 . 2009-01-07 22:21 121856 c:\windows\system32\xmllite.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 914944 c:\windows\system32\wininet.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2009-03-08 08:34 . 2009-03-08 08:34 236544 c:\windows\system32\webcheck.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 420352 c:\windows\system32\vbscript.dll
- 2010-12-20 23:08 . 2010-12-20 23:08 105984 c:\windows\system32\url.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 105984 c:\windows\system32\url.dll
+ 2008-06-25 01:26 . 2011-03-31 04:29 442568 c:\windows\system32\perfh009.dat
+ 2009-03-08 08:34 . 2009-03-08 08:34 109568 c:\windows\system32\occache.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 193536 c:\windows\system32\msrating.dll
- 2007-08-14 17:54 . 2007-08-14 17:54 156160 c:\windows\system32\msls31.dll
+ 2009-03-08 08:22 . 2009-03-08 08:22 156160 c:\windows\system32\msls31.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 594432 c:\windows\system32\msfeeds.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 265720 c:\windows\system32\msdbg2.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2009-03-08 08:22 . 2009-03-08 08:22 164352 c:\windows\system32\ieui.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 183808 c:\windows\system32\iepeers.dll
+ 2009-03-08 18:09 . 2009-03-08 18:09 391536 c:\windows\system32\iedkcs32.dll
+ 2009-03-08 08:11 . 2009-03-08 08:11 445952 c:\windows\system32\ieapfltr.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 163840 c:\windows\system32\ieakui.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 229376 c:\windows\system32\ieaksie.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 125952 c:\windows\system32\ieakeng.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 173056 c:\windows\system32\ie4uinit.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 216064 c:\windows\system32\dxtrans.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 348160 c:\windows\system32\dxtmsft.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 914944 c:\windows\system32\dllcache\wininet.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 420352 c:\windows\system32\dllcache\vbscript.dll
- 2010-12-20 23:08 . 2010-12-20 23:08 105984 c:\windows\system32\dllcache\url.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 109568 c:\windows\system32\dllcache\occache.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2009-03-08 08:22 . 2009-03-08 08:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-03-08 18:09 . 2009-03-08 18:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 183808 c:\windows\system32\dllcache\iepeers.dll
+ 2009-03-08 18:09 . 2009-03-08 18:09 391536 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-03-08 08:11 . 2009-03-08 08:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2009-03-08 08:33 . 2009-03-08 08:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-03-08 08:31 . 2009-03-08 08:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2009-03-08 08:31 . 2009-03-08 08:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 128512 c:\windows\system32\advpack.dll
+ 2011-03-30 06:18 . 2010-12-20 23:08 832512 c:\windows\ie8\wininet.dll
+ 2011-03-30 06:18 . 2007-08-14 17:45 206336 c:\windows\ie8\winfxdocobj.exe
+ 2011-03-30 06:18 . 2010-12-20 23:08 233472 c:\windows\ie8\webcheck.dll
+ 2011-03-30 06:18 . 2008-05-27 17:23 765952 c:\windows\ie8\vgx.dll
+ 2011-03-30 06:18 . 2010-03-09 11:09 430080 c:\windows\ie8\vbscript.dll
+ 2011-03-30 06:18 . 2010-12-20 23:08 105984 c:\windows\ie8\url.dll
+ 2011-03-30 06:20 . 2009-01-07 22:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2011-03-30 06:20 . 2009-01-07 22:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2011-03-30 06:18 . 2010-12-20 23:08 102912 c:\windows\ie8\occache.dll
+ 2011-03-30 06:18 . 2010-12-20 23:08 671232 c:\windows\ie8\mstime.dll
+ 2011-03-30 06:18 . 2010-12-20 23:08 193024 c:\windows\ie8\msrating.dll
+ 2011-03-30 06:18 . 2007-08-14 17:54 156160 c:\windows\ie8\msls31.dll
+ 2011-03-30 06:18 . 2010-12-20 23:08 478208 c:\windows\ie8\mshtmled.dll
+ 2011-03-30 06:18 . 2010-12-20 23:08 468480 c:\windows\ie8\msfeeds.dll
+ 2011-03-30 06:18 . 2009-08-13 15:16 512000 c:\windows\ie8\jscript.dll
+ 2011-03-30 06:18 . 2010-12-20 11:25 634648 c:\windows\ie8\iexplore.exe
+ 2011-03-30 06:18 . 2007-08-14 17:54 180736 c:\windows\ie8\ieui.dll
+ 2011-03-30 06:18 . 2010-12-20 23:08 268288 c:\windows\ie8\iertutil.dll
+ 2011-03-30 06:18 . 2007-08-14 17:54 287744 c:\windows\ie8\ieproxy.dll
+ 2011-03-30 06:18 . 2010-12-20 23:08 192512 c:\windows\ie8\iepeers.dll
+ 2011-03-30 06:18 . 2010-12-20 23:08 384512 c:\windows\ie8\iedkcs32.dll
+ 2011-03-30 06:18 . 2010-12-20 23:08 380928 c:\windows\ie8\ieapfltr.dll
+ 2011-03-30 06:18 . 2010-12-20 11:23 161792 c:\windows\ie8\ieakui.dll
+ 2011-03-30 06:18 . 2010-12-20 23:08 230400 c:\windows\ie8\ieaksie.dll
+ 2011-03-30 06:18 . 2010-12-20 23:08 153088 c:\windows\ie8\ieakeng.dll
+ 2011-03-30 06:18 . 2010-12-20 23:08 214528 c:\windows\ie8\dxtrans.dll
+ 2011-03-30 06:18 . 2010-12-20 23:08 347136 c:\windows\ie8\dxtmsft.dll
+ 2011-03-30 06:18 . 2010-12-20 23:08 124928 c:\windows\ie8\advpack.dll
+ 2009-03-08 08:34 . 2009-03-08 08:34 1206784 c:\windows\system32\urlmon.dll
+ 2009-03-08 08:41 . 2009-03-08 08:41 5937152 c:\windows\system32\mshtml.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 1985024 c:\windows\system32\iertutil.dll
+ 2009-02-07 01:07 . 2009-02-07 01:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2009-03-08 08:34 . 2009-03-08 08:34 1206784 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-07 22:20 . 2009-01-07 22:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2009-03-08 08:41 . 2009-03-08 08:41 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2009-03-08 08:32 . 2009-03-08 08:32 1985024 c:\windows\system32\dllcache\iertutil.dll
+ 2009-02-07 01:07 . 2009-02-07 01:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-01-07 22:20 . 2009-01-07 22:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2011-03-30 06:47 . 2011-03-30 06:47 1094656 c:\windows\Installer\b801a.msi
+ 2011-03-30 06:18 . 2010-12-20 23:08 1168384 c:\windows\ie8\urlmon.dll
+ 2011-03-30 06:18 . 2010-12-20 23:08 3606528 c:\windows\ie8\mshtml.dll
+ 2011-03-30 06:18 . 2010-12-20 23:08 6075904 c:\windows\ie8\ieframe.dll
+ 2011-03-30 06:18 . 2009-06-29 08:33 2452872 c:\windows\ie8\ieapfltr.dat
+ 2009-03-08 08:39 . 2009-03-08 08:39 11063808 c:\windows\system32\ieframe.dll
+ 2009-03-08 08:39 . 2009-03-08 08:39 11063808 c:\windows\system32\dllcache\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-27 136176]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-30 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"HP Mobile Broadband"="c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2009-01-09 455224]
"Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2009-04-02 173360]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]
2009-02-18 21:41 737280 ----a-w- c:\windows\system32\AESTFltr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-15 21:46 159744 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-15 21:46 131072 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\syncables\\syncables desktop\\jre\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Family\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [5/6/2009 7:32 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [5/6/2009 7:32 PM 15856]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [9/25/2008 1:09 AM 103792]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [3/27/2011 8:27 AM 18816]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/2/2009 5:03 PM 38912]
S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [5/6/2009 7:32 PM 25584]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [12/12/2008 1:46 AM 125424]
S2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [3/19/2009 3:04 PM 203248]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/25/2011 10:36 AM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"d:\lavasoft\Ad-Aware\AAWService.exe" --> d:\lavasoft\Ad-Aware\AAWService.exe [?]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/6/2009 7:23 PM 113664]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6.tmp [3/27/2011 8:15 AM 6144]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PXHELP20
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-31 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2009-03-19 19:05]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-25 14:35]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3909066308-1455673721-3417402953-1006Core.job
- c:\documents and settings\Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 16:53]
.
2011-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3909066308-1455673721-3417402953-1006UA.job
- c:\documents and settings\Family\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-27 16:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Family\Application Data\Mozilla\Firefox\Profiles\6q6hckxy.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-31 00:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(772)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
c:\documents and settings\Family\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
.
- - - - - - - > 'explorer.exe'(1996)
c:\windows\system32\ieframe.dll
.
Completion time: 2011-03-31 00:50:44
ComboFix-quarantined-files.txt 2011-03-31 04:50
.
Pre-Run: 147,416,334,336 bytes free
Post-Run: 147,415,547,904 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 4BB662C2A5DC114C94FD2756D0856958

Quarantine
2011-03-27 13:15:25 . 2011-03-27 13:15:25 534 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-MCODS.reg.dat
2011-03-27 13:15:25 . 2011-03-27 13:15:25 546 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-mcmscsvc.reg.dat
2011-03-27 13:15:05 . 2011-03-27 13:15:05 317 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-HP BTW Detect Program.reg.dat
2011-03-27 13:15:05 . 2011-03-27 13:15:05 160 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SysTrayApp.reg.dat
2011-03-27 13:15:03 . 2011-03-27 13:15:03 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-WmxemlFoTcFj.reg.dat
2011-03-27 13:15:03 . 2011-03-27 13:15:03 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}.reg.dat
2011-03-27 13:10:49 . 2011-03-31 04:45:40 7,415 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-03-27 13:06:30 . 2011-03-27 13:06:30 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2011-03-27 05:34:00 . 2011-03-31 04:38:35 153 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-03-15 00:30:54 . 2011-03-21 00:17:53 71,680 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Shared\shared.sig.vir
2009-05-06 23:24:35 . 2009-03-30 23:02:08 319,488 ----a-w- C:\Qoobox\Quarantine\C\Program Files\HP\HPBTWD.exe.vir
jtg.1983
Regular Member
 
Posts: 16
Joined: March 30th, 2011, 3:06 am

Re: Search Engine Results Redirect

Unread postby melboy » April 2nd, 2011, 3:58 am

Hi

Please see if the file C:\qoobox\ComboFix2.txt exists. If so please post the contents in your next reply.



aswMBR


Download aswMBR and save it to your Desktop.

  • Double click aswMBR.exe to run it.
  • Click the Scan button.
  • After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • Two files will be created, aswMBR.txt & a file named MBR.dat
  • Save a copy of MBR.dat to a USB flash drive. This is a backup of your MBR. Do not delete this file.
  • NOTE: Do not click to fix anything at this stage!
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Search Engine Results Redirect

Unread postby jtg.1983 » April 3rd, 2011, 11:27 pm

No ComboFix2.txt is present. I had to run Combofix multiple times, as the system crashed during the first several attempts. Not sure if that is of any consequence, or if it is of any help.

I was able to download aswmbr.exe, run it, and save the files you listed, backing up aswmbr.dat on a flash drive. The text of aswmbr.exe follows...

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-03 23:16:22
-----------------------------
23:16:22.593 OS Version: Windows 5.1.2600 Service Pack 3
23:16:22.593 Number of processors: 2 586 0x1C02
23:16:22.593 ComputerName: KITCHENCPU UserName: Family
23:16:24.015 Initialize success
23:16:34.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:16:34.203 Disk 0 Vendor: ST9160827AS 3.AHC Size: 152627MB BusType: 3
23:16:36.250 Disk 0 MBR read successfully
23:16:36.265 Disk 0 MBR scan
23:16:38.281 Disk 0 scanning sectors +312560640
23:16:38.343 Disk 0 scanning C:\WINDOWS\system32\drivers
23:16:42.484 Service scanning
23:16:44.734 Disk 0 trace - called modules:
23:16:44.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x864ee1ed]<<
23:16:44.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86566ab8]
23:16:44.875 3 CLASSPNP.SYS[f75e8fd7] -> nt!IofCallDriver -> [0x8655dbb0]
23:16:44.890 \Driver\SahdIa32[0x86526a08] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x864ee1ed
23:16:44.906 Scan finished successfully
jtg.1983
Regular Member
 
Posts: 16
Joined: March 30th, 2011, 3:06 am

Re: Search Engine Results Redirect

Unread postby melboy » April 4th, 2011, 3:06 pm

Hi

With the copy of mbr.dat you have on your desktop:


Attachment

  1. Right click on the file mbr.dat
  2. Choose send to > Compressed (zipped) Folder

A folder named MBR.zip will be created.

  • Attach mbr.zip to your next post using the Upload Attachment feature

    Image

  • Browse to the file mbr.zip on your desktop and click open.
  • Click Add the file and wait for it to upload.
  • Then click Submit along with the mbam log.


TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.


Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Search Engine Results Redirect

Unread postby jtg.1983 » April 4th, 2011, 6:05 pm

Ran TFC.exe, restarted system as directed.

Ran Malwarebytes... no infected files detected. Log Below.

.dat file attached.

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Database version: 6269

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

4/4/2011 5:52:11 PM
mbam-log-2011-04-04 (17-52-11).txt

Scan type: Quick scan
Objects scanned: 151310
Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
You do not have the required permissions to view the files attached to this post.
jtg.1983
Regular Member
 
Posts: 16
Joined: March 30th, 2011, 3:06 am

Re: Search Engine Results Redirect

Unread postby melboy » April 5th, 2011, 12:46 pm

Hi
At the moment, although not conclusive the scans are pointing to a MBR (Master Boot Record) infection. With this being a netbook I want to be certain as your recovery options are limited in it not having a disk drive.


Gmer

Download GMER Rootkit Scanner from here.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
    See image below
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If GMER crashes or results in a BSoD, please inform me --

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Search Engine Results Redirect

Unread postby jtg.1983 » April 6th, 2011, 4:01 pm

Running GMER leads to BSoD.... though it should be noted that since this problem began, any scans that require more than 5 minutes or so cause a BSoD. Tried to run it in safe mode, but as safe mode alters the screen resolution, I can't get the full layout of GMER and can't save the log after it has run. I've tried tabbing my way to the "Save..." button, but that only cycles between "OK" & "Cancel". A silly problem, but a problem none the less.
jtg.1983
Regular Member
 
Posts: 16
Joined: March 30th, 2011, 3:06 am

Re: Search Engine Results Redirect

Unread postby melboy » April 6th, 2011, 4:34 pm

Hi

Not to worry, I fear it is the infection interfering.

Risk Advice - OEM MBR

Unfortunately you have an infected Master Boot Record (MBR)

Some OEM (Original Equipment Manufacturers) computers have a non-standard customised MBR that allows you to press a key on startup and restore your computer to it's factory delivered condition. If your computer had that option it is no longer available to you due to the infection.

Any attempted fix of this infection may result in the PC receiving a default Windows XP MBR. Whilst this will fix the infection, it will not restore the ability to restore your computer to it's factory delivered condition.

It may be possible to restore the original OEM MBR either before or after fixing the infection, but I would recommend that you contact manufacturer themselves for support with this.

If you would like to proceed with attempting to fix this infection I need you to recognise this does not come without risk. The MBR is a critical component of your PC - as the name suggests it is critical to booting the PC. If anything was to go wrong with the fix it could result in your computer no longer being able to boot up. Whilst an unbootable computer may be fixable, it can be lengthy and complicated procedure.


If you understand the possible risk involved and would like to attempt to fix this infection, I would urge you first to ensure you have first backed up any important data and then continue with the instructions below.
If you have any questions - Please ask them first.



TDSSKiller

Download tdsskiller.exe and save it to your desktop

  • Double click TDSSKiller.exe

    • Under "Objects to scan" ensure "Services and drivers" & "Boot Sectors" are checked.

  • Click Start scan and allow it to scan for Malicious objects.
  • If Malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt.
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents in your next reply
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Search Engine Results Redirect

Unread postby jtg.1983 » April 6th, 2011, 6:54 pm

Will TDSKiller.exe have the same effect if run in safe mode?
jtg.1983
Regular Member
 
Posts: 16
Joined: March 30th, 2011, 3:06 am

Re: Search Engine Results Redirect

Unread postby melboy » April 6th, 2011, 6:59 pm

Yes, it will run in safe mode. Are you unable to run it in normal mode?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Search Engine Results Redirect

Unread postby jtg.1983 » April 6th, 2011, 7:23 pm

I am unable to get TDSSKiller to initialize.... safe mode or otherwise. Tried downloading with a different name, to no avail.

I don't think I'll ever buy a netbook ever again... Emergency discs are an indispensable tool in the internet age.
jtg.1983
Regular Member
 
Posts: 16
Joined: March 30th, 2011, 3:06 am

Re: Search Engine Results Redirect

Unread postby NonSuch » April 6th, 2011, 10:31 pm

Pardon my interjection into this topic; however, jtg.1983 has registered here with an email address that appears to forward emails on to a different email address, located at AOL, which in turn is bouncing back all email notifications sent by this site. This causes the system to send me a notification of each rejection, which after a number of rejection notifications becomes exceedingly annoying.

In order to continue to have access to this site, it will be necessary for jtg.1983 to rectify this issue without delay.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California

Re: Search Engine Results Redirect

Unread postby jtg.1983 » April 6th, 2011, 10:59 pm

Interjection pardoned, issue rectified.
jtg.1983
Regular Member
 
Posts: 16
Joined: March 30th, 2011, 3:06 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: ataa92 and 56 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware