Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

redirects and windows security center

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

redirects and windows security center

Unread postby bladez87 » June 28th, 2011, 9:26 pm

i have tried kaspersky tdsskiller but nothing was detected.
avast, spybot, trend micro, hitman, and MBAM. each found something, but after deleting or remedying the problem, my redirect problem still stays.

so what do i need to do? thanks

edit: managed to resolved my problem by trying combofix. can someone check if everything has been cleared? thanks

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Run by Lea Hin PM at 15:44:14 on 2011-06-29
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.65.1033.18.4022.2174 [GMT 8:00]
.
AV: Trend Micro Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: IE2EMBHO Class: {0a0ddbd3-6641-40b9-873f-bbdd26d6c14e} - C:\Program Files (x86)\easyMule2\modules\IE2EM.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [BitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &D&ownload &with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
IE: Download by easyMule - C:\Program Files (x86)\easyMule2\IE2EM.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{DFCE220E-B7D2-4344-9609-FCCE311177AF} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E184E69C-7B81-414D-975A-5DA5218EE7FC} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: IE2EMBHO Class: {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} - C:\Program Files (x86)\easyMule2\modules\IE2EM.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO-X64: BitComet ClickCapture - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lea Hin PM\AppData\Roaming\Mozilla\Firefox\Profiles\neqks6iz.default\
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\Lea Hin PM\AppData\Roaming\Mozilla\Firefox\Profiles\neqks6iz.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension3.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
============= SERVICES / DRIVERS ===============
.
R0 dcsnap;dcsnap;C:\Windows\system32\drivers\dcsnap.sys --> C:\Windows\system32\drivers\dcsnap.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);C:\Windows\system32\DRIVERS\JME.sys --> C:\Windows\system32\DRIVERS\JME.sys [?]
R3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2010-10-26 917768]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 FARMNTIO;FARMNTIO;\??\c:\windows\system32\drivers\farmntio.sys --> c:\windows\system32\drivers\farmntio.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 PsSdk41;PsSdk41;\??\C:\Windows\system32\Drivers\pssdk41.sys --> C:\Windows\system32\Drivers\pssdk41.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 ZD1211BU(PLANEX COMMUNICATIONS INC.);PCI GW-US54GXS 54Mbps WLAN USB Adapter Driver(PLANEX COMMUNICATIONS INC.);C:\Windows\system32\DRIVERS\zd1211Bu.sys --> C:\Windows\system32\DRIVERS\zd1211Bu.sys [?]
S3 ZDPSp50a64;ZDPSp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\ZDPSp50a64.sys [2011-6-6 31744]
S4 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S4 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?]
S4 DCScheduler;DCScheduler;C:\Program Files (x86)\FarStone\TotalRecovery\Client\CBP\DCSchdlerSRVC.exe [2011-6-21 104976]
S4 FBAgent;File Backup Agent;C:\Program Files (x86)\FarStone\TotalRecovery\Client\Efb\FBPAgent.exe [2011-6-21 86016]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 135664]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-26 135664]
S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-6-21 1153368]
S4 Tran_Process_Proc;DCNTranProc;C:\Program Files (x86)\FarStone\TotalRecovery\Client\DCNTranProc.exe [2009-11-26 77824]
S4 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-8-7 118672]
S4 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-26 2314240]
.
=============== Created Last 30 ================
.
2011-06-29 06:11:40 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{9F98D5DB-FB14-44D2-A298-C2C4B345FECC}
2011-06-29 05:57:28 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-29 05:48:21 98816 ----a-w- C:\Windows\sed.exe
2011-06-29 05:48:21 518144 ----a-w- C:\Windows\SWREG.exe
2011-06-29 05:48:21 256512 ----a-w- C:\Windows\PEV.exe
2011-06-29 05:48:21 208896 ----a-w- C:\Windows\MBR.exe
2011-06-29 00:30:10 -------- d-----w- C:\ProgramData\AVAST Software
2011-06-29 00:30:10 -------- d-----w- C:\Program Files\AVAST Software
2011-06-29 00:22:05 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{96BA81E3-C461-47F2-885E-BE7C569BE753}
2011-06-29 00:08:01 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{E55E91AC-1007-4BBE-B2CE-477954B94D34}
2011-06-29 00:06:09 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2011-06-28 09:37:25 23112 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-06-28 09:36:47 -------- d-----w- C:\ProgramData\Hitman Pro
2011-06-28 08:23:36 -------- d-----w- C:\Windows\pss
2011-06-28 07:54:47 -------- d-----w- C:\Users\Lea Hin PM\AppData\Roaming\Malwarebytes
2011-06-28 07:54:43 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-28 07:54:42 -------- d-----w- C:\ProgramData\Malwarebytes
2011-06-28 07:54:38 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-28 07:54:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-28 01:14:16 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{A393771F-9BF7-4394-AC9B-E78AF3453BD9}
2011-06-27 23:58:55 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{97825FD6-EB2E-4008-9255-F53435E5F860}
2011-06-27 04:53:47 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{BCB4ECF4-4283-466B-BD8D-02AAEB904960}
2011-06-26 13:04:49 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{9DA1A8D5-6A6A-45D4-8893-A5B0C62FF2D8}
2011-06-26 01:04:27 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{931A2E49-0EF2-4291-8843-4871A4652FE9}
2011-06-25 06:38:50 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{A56182DE-3938-4471-B300-5A89853AA1B6}
2011-06-24 02:37:13 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{FA05E62C-1D34-4077-97C9-8E52C27CC8A4}
2011-06-23 15:27:27 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{F91E5213-DDA3-4BE4-A61E-51415FEFB336}
2011-06-22 23:11:56 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{AB86BEF4-9E0A-4F3D-8904-D5A17F59731B}
2011-06-22 11:11:08 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{5D0CB919-2C42-4527-ACF6-094E90870E5B}
2011-06-21 23:11:49 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{13D815ED-10ED-45F1-9A31-64029BE87268}
2011-06-21 11:11:08 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{50C76778-6A99-4135-B964-5C8B885D67D5}
2011-06-21 06:27:36 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6E3DD07C-C33C-4F9B-8E52-ED31D4D51EEF}\mpengine.dll
2011-06-21 05:55:44 -------- d-----w- C:\RITSoftwareProvider
2011-06-21 05:55:39 -------- d-----w- C:\ProgramData\Farstone
2011-06-21 05:55:38 -------- d-----w- C:\ProgramData\fscltdcn
2011-06-21 05:55:37 0 ---h--r- C:\logicinf.bin
2011-06-21 05:55:33 91152 ----a-w- C:\Windows\System32\drivers\dcsnap.sys
2011-06-21 05:55:33 512 ----a-w- C:\FARSBOOT.BIN
2011-06-21 05:53:27 -------- d-----w- C:\Program Files (x86)\FarStone
2011-06-21 05:49:45 23056 ----a-w- C:\Windows\System32\drivers\FarMntIo.sys
2011-06-20 23:53:13 -------- d-----w- C:\Program Files\CCleaner
2011-06-20 23:44:30 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-06-20 23:44:30 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-06-20 23:10:22 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{8F0540BA-F0AE-4CF0-8E0D-0644D42EE284}
2011-06-20 09:56:41 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{9874D405-2F3B-4DF2-A4CD-0553F2E8D0E3}
2011-06-19 05:32:40 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{782B2DC7-EF71-409D-8198-5AF7981C2AD4}
2011-06-18 02:51:51 -------- d-----w- C:\Program Files (x86)\D-Link
2011-06-18 02:48:27 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{E73025E4-C2F2-42C4-B371-B3DAFE3981CA}
2011-06-17 00:06:21 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{4A22D351-DF7F-4B1A-8AE5-FBA11A0292CD}
2011-06-15 23:49:58 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{4263AF29-F0E6-4C90-8A16-2CE756B1C947}
2011-06-15 00:14:36 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-06-15 00:14:36 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-06-15 00:14:31 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-06-15 00:14:31 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-06-15 00:14:30 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-06-15 00:14:27 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2011-06-15 00:14:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-06-15 00:14:15 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-15 00:14:14 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-06-15 00:02:13 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{4041B59A-2829-40D9-BAEC-FC6E8A20EA29}
2011-06-13 23:58:03 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{186ED4CB-0D64-4C2C-8CEB-C47BB7E200E9}
2011-06-12 23:54:43 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{D0A023E2-02E1-4C69-A1F7-6FD594009B5A}
2011-06-10 01:10:34 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{E41A18D0-E2A6-497F-9CD2-A2BE1EC3177B}
2011-06-08 23:49:47 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{FDFAB369-686B-4838-9A24-1BE45C8780FA}
2011-06-08 06:54:14 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-06-08 06:54:14 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-06-08 06:54:14 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-06-08 06:54:09 -------- d-----w- C:\Program Files\iTunes
2011-06-08 04:21:20 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\Macroplant
2011-06-08 04:18:07 -------- d-----w- C:\Program Files (x86)\iPhone Explorer
2011-06-08 04:07:22 -------- d-----w- C:\Users\Lea Hin PM\AppData\Roaming\WindSolutions
2011-06-08 04:07:21 -------- d-----w- C:\ProgramData\WindSolutions
2011-06-08 00:25:51 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-06-07 23:56:16 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{A767BC0B-451E-480C-959F-EA0EA84F8575}
2011-06-07 07:33:56 -------- d-----w- C:\Users\Lea Hin PM\AppData\Roaming\MobileSyncBrowser
2011-06-07 07:33:52 -------- d-----w- C:\Program Files (x86)\MobileSyncBrowser
2011-06-07 03:38:32 -------- d-----w- C:\Program Files (x86)\LibUSB-Win32
2011-06-07 02:31:33 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\Apple Computer
2011-06-07 02:29:42 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\Apple
2011-06-07 02:29:15 -------- d-----w- C:\Program Files\Bonjour
2011-06-07 02:29:15 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-06-06 23:53:04 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{4493283E-3E59-41F5-85D0-74BB548E4943}
2011-06-06 08:24:05 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\ElevatedDiagnostics
2011-06-06 08:20:14 51776 ----a-w- C:\Windows\System32\drivers\pssdk41.sys
2011-06-06 08:19:21 -------- d-----w- C:\Users\Lea Hin PM\AppData\Roaming\XLink Kai
2011-06-06 05:25:26 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-06-06 04:58:47 29184 ----a-w- C:\Windows\System32\drivers\BRGSp50a64.sys
2011-06-06 04:58:46 31744 ----a-w- C:\Windows\System32\drivers\ZDPSp50a64.sys
2011-06-06 04:58:45 15872 ----a-w- C:\Windows\System32\InsDrvZD64.dll
2011-06-06 04:58:39 545920 ----a-w- C:\Windows\System32\drivers\ZD1211BU.sys
2011-06-06 04:58:39 31744 ----a-w- C:\Windows\SysWow64\drivers\ZDPSp50a64.sys
2011-06-06 04:58:39 29184 ----a-w- C:\Windows\SysWow64\drivers\BRGSp50a64.sys
2011-06-06 04:58:39 20608 ----a-w- C:\Windows\SysWow64\drivers\BRGSp50.sys
2011-06-06 04:58:39 17664 ----a-w- C:\Windows\SysWow64\drivers\ZDPSp50.sys
2011-06-06 04:58:39 17151 ----a-w- C:\Windows\SysWow64\ZDPNDIS5.SYS
2011-06-06 04:58:38 -------- d-----w- C:\Program Files (x86)\bRoad Lanner Wave
2011-06-06 04:47:11 81920 ----a-w- C:\Windows\SysWow64\ZDPN50.DLL
2011-06-06 04:47:10 24576 ----a-w- C:\Windows\SysWow64\ZyDelReg.exe
2011-06-06 04:47:06 28672 ----a-w- C:\Windows\SysWow64\InsDrvZD.dll
2011-06-06 04:47:06 15872 ----a-w- C:\Windows\SysWow64\InsDrvZD64.DLL
2011-06-06 00:04:43 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-06-06 00:04:10 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-06-06 00:04:10 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-06-05 23:57:33 -------- d-----w- C:\Users\Lea Hin PM\AppData\Local\{31D57961-A1C6-411E-9F3B-49837057B4BD}
.
==================== Find3M ====================
.
2011-06-29 06:04:55 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:07:01 3133952 ----a-w- C:\Windows\System32\win32k.sys
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-27 02:57:40 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-04-25 05:32:22 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:44:02 499712 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 20:18:28 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 20:14:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-04-22 19:31:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-04-22 18:49:57 482816 ----a-w- C:\Windows\System32\html.iec
2011-04-22 18:23:59 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-04-09 06:45:48 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:13:06 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-06 08:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 08:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 08:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 08:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 08:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 08:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 08:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 08:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
.
============= FINISH: 15:45:12.53 ===============
You do not have the required permissions to view the files attached to this post.
bladez87
Active Member
 
Posts: 2
Joined: June 28th, 2011, 3:16 am
Advertisement
Register to Remove

Re: redirects and windows security center

Unread postby askey127 » July 1st, 2011, 7:46 pm

Looking at your logs.
Be back shortly.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: redirects and windows security center

Unread postby askey127 » July 1st, 2011, 8:08 pm

Hi bladez87,
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P programs BitComet and Easymule2 in the removal instructions below, so we are not wasting our time.
If you have used this, and your computer is infected, you can be fairly confident this is a principal reason.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, BitComet, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
(Limewire has been shut down by the courts).
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

easyMule2
Bitcomet

Take extra care in answering questions posed by any Uninstaller.
------------------------------------------------
Please download this file and save it to your desktop:
http://download.bleepingcomputer.com/reg/FixNCR.reg
Right click the icon and give the OK to merge with your Registry.
------------------------------------------------
Download and Run Rkill
Please download and run the tool named Rkill, which may help in allowing other programs to run.
There are 4 different versions. If one of them won't run then download and try to run one of the other ones.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get ONE of these to run, not all of them. You may get warnings from your antivirus about any of these tools, ignore them or shutdown your antivirus.
Please download Rkill from one of the following links (note the different names) and save to your Desktop:
Rkill.exe
eXplorer.exe
RKill.com
RKill.scr
Rkill.pif
  • Double-click on the Rkill or eXplorer desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If you get a Warning Message when you try to run it, run it again while the Warning Message is still displayed.
  • If it doesn't run on the first try, please try to run it another two or three times.
  • If it still does not run, delete the desktop entry. Then download and use the one provided in the next link.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided after trying each a few times, please let me know.
------------------------------------------------------------
Run MalwareBytes' Anti-Malware

As you already have Malwarebytes' Anti-Malware installed on your computer, could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab. Choose Check for Updates.
  • After the update have been completed, select the Settings tab, then the Scanner Settings tab
  • For Action for Potentially Unwanted Programs (PUP), choose Show in results list and check for removal
  • Select to the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: redirects and windows security center

Unread postby askey127 » July 4th, 2011, 8:16 am

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 122 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware