Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser Redirect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser Redirect

Unread postby ksmith825 » December 18th, 2011, 4:39 pm

The second report attach txt has a note saying, "UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG." So I didn't. While on a blog, I got hit with the 2012 Vista Security virus. I have run Malware bytes, Spybot, and TDSS Killer. I am still getting browser redirects and my comp starts up really slowly. I have two items in my tray, one is blocking Malware Bytes and the other references a hardware/software removal that is not there. I have also seen a blue screen where windows shut down. Any help is appreciated and thank you for taking the time to help.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_29
Run by Mary at 15:20:47 on 2011-12-18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3582.2112 [GMT -5:00]
.
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files\Razer\Naga\NagaTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Real\realplayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Users\Mary\AppData\Local\Apps\2.0\LNBZYMYW.LXH\LT0VRMPV.NQ8\curs..tion_eee711038731a406_0004.0000_2ad57790d5451048\CurseClient.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\hp\kbd\kbd.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\ping.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
mURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: MRI_DISABLED - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
uRun: [Device Doctor] "c:\program files\device doctor\DDLauncher.exe"
mRun: [hpsysdrv] "c:\hp\support\hpsysdrv.exe"
mRun: [KBD] "c:\hp\kbd\KbdStub.EXE"
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] "RtHDVCpl.exe"
mRun: [HP Health Check Scheduler] "c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe"
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [<NO NAME>]
mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe"
mRun: [Razer Naga Driver] "c:\program files\razer\naga\NagaTray.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] "c:\program files\brother\brmfcmon\BrMfcWnd.exe" /AUTORUN
mRun: [ControlCenter3] "c:\program files\brother\controlcenter3\brctrcen.exe" /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\mary\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\users\mary\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{CA13B93B-D0A0-456F-8AEC-5F6266AA1944} : DhcpNameServer = 68.87.68.166 68.87.74.166
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mary\appdata\roaming\mozilla\firefox\profiles\l0388vrp.default\
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\mary\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\mary\appdata\roaming\mozilla\firefox\profiles\l0388vrp.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-12-8 20376]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2011-7-1 20072]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-9-2 21504]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-19 2214504]
R2 ssfmonm;ssfmonm;c:\windows\system32\drivers\ssfmonm.sys [2010-9-7 45584]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-5-20 378472]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2011-12-6 2923392]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [2010-9-7 3996864]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\security\current\framework\WRConsumerService.exe [2011-7-28 3381184]
R3 RzSynapse;Razer Naga Driver;c:\windows\system32\drivers\RzSynapse.sys [2010-4-21 60032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9f677e2c38861;Google Update Service (gupdate1c9f677e2c38861);c:\program files\google\update\GoogleUpdate.exe [2009-6-26 133104]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-12-14 1153368]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-26 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-9-2 16896]
.
=============== Created Last 30 ================
.
2011-12-18 20:16:01 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-16 08:19:41 -------- d-s---w- C:\ComboFix
2011-12-14 16:24:09 -------- d-----w- C:\LJ_CP5520_Series
2011-12-14 16:17:56 -------- d-----w- c:\users\mary\appdata\roaming\Device Doctor
2011-12-14 16:17:56 -------- d-----w- c:\program files\Device Doctor
2011-12-14 16:07:12 -------- d-----w- c:\users\mary\appdata\local\SlimWare Utilities Inc
2011-12-14 14:40:39 -------- d-----w- c:\programdata\oI28300KcJkH28300
2011-12-14 06:39:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-14 06:39:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-14 03:12:49 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 03:12:47 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-13 19:23:22 -------- d-----w- c:\users\mary\appdata\local\ElevatedDiagnostics
2011-12-13 07:04:08 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{7d937e07-edc5-4d3b-8965-f59a623d4fbf}\mpengine.dll
2011-12-07 01:01:44 -------- d-----w- c:\users\mary\appdata\roaming\Mael
2011-12-07 00:57:59 -------- d-----w- c:\program files\HxD
2011-12-07 00:44:20 -------- d-----w- c:\program files\TeamViewer
2011-11-25 17:20:15 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-11-25 17:19:54 -------- d-----w- c:\program files\common files\xing shared
2011-11-25 17:19:39 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-11-25 17:19:28 108544 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
.
==================== Find3M ====================
.
2011-12-13 16:42:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 17:19:15 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-11-25 17:19:15 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 14:54:57 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-22 11:21:38 65536 ----a-w- c:\windows\system32\frapsvid.dll
2011-10-20 15:55:43 834048 ----a-w- c:\windows\system32\wininet.dll
2011-10-20 14:08:44 389632 ----a-w- c:\windows\system32\html.iec
2011-10-14 16:02:19 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-20 21:02:55 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 15:21:49.59 ===============
ksmith825
Active Member
 
Posts: 2
Joined: December 18th, 2011, 4:28 pm
Advertisement
Register to Remove

Re: Browser Redirect

Unread postby troy3636 » December 19th, 2011, 10:08 pm

Hello ksmith825,

Welcome to the Malware Removal Forum. My name is Troy and I will be assisting you with the malware issues on your computer.
Because I am still in training, all the advice I give must first be checked by an instructor, therefore there may be some delays in my replies.

A few things before we get started
  1. If you have not already done so Please read these forum rules.
  2. Please be aware that removing malware is not without risk and while unrecoverable damage to systems is rare, it can happen and require a re-format and re-install of your operating system. Because of this it is a good idea to back-up anything important saved on your computer.
  3. Any fixes I may post will be specific to your computer and should not be used on other computers.
  4. While we work on your computer please don't install any new programs, try any other fixes, or run any tools other than those requested.
  5. If at any time my instructions are not clear please ask before proceeding.
  6. Failure to respond within 3 days will result in this topic being closed - If you need more time to complete the steps required, please let me know.

Please post the Attach.txt log.
I am currently reviewing you logs and will reply with further instructions when approved by an instructor.

Troy
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: Browser Redirect

Unread postby ksmith825 » December 20th, 2011, 12:12 am

Hello Troy,

I have a local shop working on the computer now; I just got it back but I don't think they got rid of everything so I am taking it back in the morning. Having both you and the shop working on the problem will only create more. I will give them one more shot at it but can I repost if they are not able to fix it? I really appreciate your prompt reply but circumstances took my second comp away so I had to get the infected comp fixed fast. Thank you for your time.
ksmith825
Active Member
 
Posts: 2
Joined: December 18th, 2011, 4:28 pm

Re: Browser Redirect

Unread postby Wingman » December 21st, 2011, 11:42 am

As you have decided to take your computer to a repair facility, this topic is now closed.

If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14109
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware