Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirect Trouble...probably my own fault.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Redirect Trouble...probably my own fault.

Unread postby Stewie Griffin » December 2nd, 2010, 10:00 am

Hi guys, this is my first visit to your site (hopefully I won't have to make many more!) Reading old threads it seems that you are doing an amazing job. Problem is Google redirects, often unable to connect to my homepage and occasional system slowdown (I appreciate the last one may not be any virus/malware related issue). I also appreciate that this is entirely my own fault, I downloaded uTorrent around 2 weeks ago. I will delete it, but haven't yet done so as I would like to do it as per your instructions.

Thanks in advance,

Karl.

Trend Micro HijackThis v2.0.4
Scan saved at 13:43:27, on 02/12/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Thomson\SpeedTouch USB\dragdiag.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~1\samsung\SAMSUN~1\SUPNOT~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Users\Karl\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.karoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.karoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.karoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.skysports.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.karoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.karoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.karoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.karoo.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Karoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Windows Live ID Sign-in Helper - {3335659A-4F7D-199E-36EA-222274636EDD} - C:\Windows\system32\nddeaapi.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101103145447.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Rezip - Unknown owner - C:\Windows\SYSTEM32\Rezip.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 10495 bytes

µTorrent
2007 Microsoft Office system
Adobe AIR
Adobe AIR
Adobe Community Help
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.3
Agere Systems HDA Modem
Akamai NetSession Interface
Amazon MP3 Downloader 1.0.9
Atheros WLAN Client
BatteryLifeExtender
Business Contact Manager for Outlook 2007 SP2
Business Contact Manager for Outlook 2007 SP2
Catalyst Control Center - Branding
Combined Community Codec Pack 2010-10-10
CyberLink YouCam
CyberLink YouCam
Easy Battery Manager
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
Football Manager 2010
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
imagine digital freedom - Samsung
Intel PROSet Wireless
Intel® Matrix Storage Manager
Juniper Networks Setup Client Activex Control
Marvell Miniport Driver
McAfee Internet Security
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Namuga 1.3M Webcam
OGA Notifier 2.0.0048.0
PCTroubleshooting
PDF Settings CS5
Realtek High Definition Audio Driver
REALTEK Wireless LAN Software
Samsung Magic Doctor
Samsung Recovery Solution III
Samsung Update Plus
Samsung Update Plus
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Office Word 2007 (KB2344993)
SpeedTouch USB Software
Spelling Dictionaries Support For Adobe Reader 9
Steam
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Update for Outlook 2007 Junk Email Filter (KB2443839)
User Guide
WD Drive Manager (x86)
WinZip 15.0
Stewie Griffin
Active Member
 
Posts: 10
Joined: December 2nd, 2010, 9:30 am
Advertisement
Register to Remove

Re: Redirect Trouble...probably my own fault.

Unread postby askey127 » December 5th, 2010, 8:44 am

Hi Stewie,
As you are finding out, P2P programs can be a machine disaster.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

µTorrent

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Disable CD Emulator(s)
We need to use powerful tools to investigate your system. *If* you are are using a CD Emulator (Daemon Tools, Alcohol 120%, Astroburn, AnyDVD) be aware that they use hidden drivers with rootkit-like techniques to hide from other applications. When dealing with a malware infections, CD Emulators can interfere with investigative tools producing misleading or inaccurate scan results, false detection of legitimate files, cause unexpected crashes, BSODs, and general 'dross' which often makes it hard to differentiate between malicious rootkits and the legitimate drivers used by Emulators. Since the hidden drivers from CD Emulators can be seen as a rootkit, we need to remove or disable them until disinfection is completed.

Please download DeFogger by jpshortstuff and save it to your desktop.
  • Double click DeFogger.exe to run the tool.
  • The application window will appear.
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue.
  • A 'Finished!' message will appear.
  • Click OK...DeFogger will now ask to reboot the machine...click OK. If not, reboot manually.
  • Do not re-enable these drivers until instructed or your system has been cleaned.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Redirect Trouble...probably my own fault.

Unread postby Stewie Griffin » December 5th, 2010, 3:24 pm

Hi Askey, really appreciate your help.

2010/12/05 19:19:50.0784 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/05 19:19:50.0784 ================================================================================
2010/12/05 19:19:50.0784 SystemInfo:
2010/12/05 19:19:50.0784
2010/12/05 19:19:50.0784 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/05 19:19:50.0784 Product type: Workstation
2010/12/05 19:19:50.0784 ComputerName: KARL-PC
2010/12/05 19:19:50.0785 UserName: Karl
2010/12/05 19:19:50.0785 Windows directory: C:\Windows
2010/12/05 19:19:50.0785 System windows directory: C:\Windows
2010/12/05 19:19:50.0785 Processor architecture: Intel x86
2010/12/05 19:19:50.0785 Number of processors: 2
2010/12/05 19:19:50.0785 Page size: 0x1000
2010/12/05 19:19:50.0785 Boot type: Normal boot
2010/12/05 19:19:50.0785 ================================================================================
2010/12/05 19:19:51.0448 Initialize success
2010/12/05 19:20:30.0803 ================================================================================
2010/12/05 19:20:30.0803 Scan started
2010/12/05 19:20:30.0803 Mode: Manual;
2010/12/05 19:20:30.0803 ================================================================================
2010/12/05 19:20:31.0625 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/05 19:20:31.0824 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2010/12/05 19:20:31.0883 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2010/12/05 19:20:31.0940 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2010/12/05 19:20:31.0999 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2010/12/05 19:20:32.0146 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/05 19:20:32.0281 AgereSoftModem (1cfeba39fc613e45b49d3eddfbcda289) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/12/05 19:20:32.0415 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2010/12/05 19:20:32.0492 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/05 19:20:32.0815 alcan5wn (0940030d5a5869067ccc03e3b0b8dec7) C:\Windows\system32\DRIVERS\alcan5wn.sys
2010/12/05 19:20:32.0900 alcaudsl (4c9577888c53243e2991456f510488a1) C:\Windows\system32\DRIVERS\alcaudsl.sys
2010/12/05 19:20:32.0976 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2010/12/05 19:20:33.0055 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2010/12/05 19:20:33.0127 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2010/12/05 19:20:33.0202 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2010/12/05 19:20:33.0289 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2010/12/05 19:20:33.0341 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2010/12/05 19:20:33.0439 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2010/12/05 19:20:33.0491 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/05 19:20:33.0556 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/12/05 19:20:33.0769 atikmdag (45c45796caad4f3354496530329a7b10) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/05 19:20:34.0041 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2010/12/05 19:20:34.0129 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/05 19:20:34.0205 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2010/12/05 19:20:34.0265 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/05 19:20:34.0345 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/05 19:20:34.0386 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/05 19:20:34.0482 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/05 19:20:34.0525 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/05 19:20:34.0569 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/05 19:20:34.0664 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/05 19:20:34.0768 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/12/05 19:20:34.0822 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/05 19:20:34.0912 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2010/12/05 19:20:34.0978 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2010/12/05 19:20:35.0064 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2010/12/05 19:20:35.0282 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/05 19:20:35.0378 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/05 19:20:35.0519 cfwids (7e6f7da1c4de5680820f964562548949) C:\Windows\system32\drivers\cfwids.sys
2010/12/05 19:20:35.0632 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2010/12/05 19:20:35.0821 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/05 19:20:35.0938 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/05 19:20:36.0086 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2010/12/05 19:20:36.0146 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/05 19:20:36.0176 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2010/12/05 19:20:36.0219 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2010/12/05 19:20:36.0420 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/05 19:20:36.0571 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/05 19:20:36.0689 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/05 19:20:36.0878 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/05 19:20:36.0938 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/05 19:20:37.0101 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/05 19:20:37.0255 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2010/12/05 19:20:37.0321 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2010/12/05 19:20:37.0473 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/12/05 19:20:37.0517 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/12/05 19:20:37.0581 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/05 19:20:37.0647 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/05 19:20:37.0700 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/05 19:20:37.0763 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/05 19:20:37.0869 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/12/05 19:20:37.0976 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/05 19:20:38.0104 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/05 19:20:38.0219 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2010/12/05 19:20:38.0365 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/05 19:20:38.0523 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/05 19:20:38.0731 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/05 19:20:38.0906 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/05 19:20:38.0982 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2010/12/05 19:20:39.0272 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/12/05 19:20:39.0346 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2010/12/05 19:20:39.0469 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/05 19:20:40.0071 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/12/05 19:20:40.0316 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
2010/12/05 19:20:40.0404 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2010/12/05 19:20:40.0531 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/05 19:20:40.0872 IntcAzAudAddService (b4fd14f7b231e358bec6c71d1a6c2845) C:\Windows\system32\drivers\RTKVHDA.sys
2010/12/05 19:20:40.0960 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/12/05 19:20:40.0992 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/05 19:20:41.0213 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/05 19:20:41.0472 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/05 19:20:41.0557 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/05 19:20:41.0636 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/05 19:20:41.0854 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2010/12/05 19:20:42.0124 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/05 19:20:42.0212 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/05 19:20:42.0277 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/05 19:20:42.0360 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/05 19:20:42.0568 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2010/12/05 19:20:42.0629 KMDFMEMIO (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys
2010/12/05 19:20:42.0985 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/05 19:20:43.0120 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/05 19:20:43.0203 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/05 19:20:43.0249 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/05 19:20:43.0334 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/05 19:20:43.0407 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/05 19:20:43.0546 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2010/12/05 19:20:43.0618 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2010/12/05 19:20:43.0713 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\Windows\system32\drivers\mfeapfk.sys
2010/12/05 19:20:43.0797 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\Windows\system32\drivers\mfeavfk.sys
2010/12/05 19:20:43.0885 mfebopk (19161b1796cf74a6a326abde309062ba) C:\Windows\system32\drivers\mfebopk.sys
2010/12/05 19:20:43.0965 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\Windows\system32\drivers\mfefirek.sys
2010/12/05 19:20:44.0030 mfehidk (0efab2b91b27543fe589de700de07136) C:\Windows\system32\drivers\mfehidk.sys
2010/12/05 19:20:44.0104 mfenlfk (b4022e16569bbd1a85e68e7e78e68880) C:\Windows\system32\DRIVERS\mfenlfk.sys
2010/12/05 19:20:44.0153 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\Windows\system32\drivers\mferkdet.sys
2010/12/05 19:20:44.0208 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\Windows\system32\drivers\mferkdk.sys
2010/12/05 19:20:44.0304 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\Windows\system32\drivers\mfesmfk.sys
2010/12/05 19:20:44.0408 mfewfpk (183f32c79d1693170df3baecec611125) C:\Windows\system32\drivers\mfewfpk.sys
2010/12/05 19:20:44.0673 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/05 19:20:44.0725 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/05 19:20:44.0759 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/05 19:20:45.0004 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/05 19:20:45.0054 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/05 19:20:45.0115 MPFP (95675c3398dcc084c8d1dc35cc4e9e01) C:\Windows\system32\Drivers\Mpfp.sys
2010/12/05 19:20:45.0197 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2010/12/05 19:20:45.0308 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/05 19:20:45.0500 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/05 19:20:45.0544 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/05 19:20:45.0611 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/05 19:20:45.0726 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/05 19:20:45.0803 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/05 19:20:45.0877 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2010/12/05 19:20:45.0935 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2010/12/05 19:20:46.0132 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/05 19:20:46.0175 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/05 19:20:46.0264 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/05 19:20:46.0415 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/05 19:20:46.0463 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/05 19:20:46.0524 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/12/05 19:20:46.0563 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/05 19:20:46.0648 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/05 19:20:46.0683 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/12/05 19:20:46.0785 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/05 19:20:46.0897 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/12/05 19:20:46.0948 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/05 19:20:47.0002 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/05 19:20:47.0055 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/05 19:20:47.0093 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/05 19:20:47.0140 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/05 19:20:47.0241 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/05 19:20:47.0471 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2010/12/05 19:20:47.0603 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/05 19:20:47.0750 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/12/05 19:20:47.0871 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/05 19:20:47.0988 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/12/05 19:20:48.0055 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/05 19:20:48.0155 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/05 19:20:48.0316 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2010/12/05 19:20:48.0486 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2010/12/05 19:20:48.0553 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2010/12/05 19:20:48.0782 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/05 19:20:48.0927 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/05 19:20:48.0977 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/12/05 19:20:49.0055 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/05 19:20:49.0208 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/12/05 19:20:49.0271 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2010/12/05 19:20:49.0369 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/05 19:20:49.0451 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/05 19:20:49.0665 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/05 19:20:49.0744 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2010/12/05 19:20:49.0867 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/05 19:20:49.0961 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2010/12/05 19:20:50.0054 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/05 19:20:50.0250 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/05 19:20:50.0330 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/05 19:20:50.0399 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/05 19:20:50.0509 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/05 19:20:50.0576 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/05 19:20:50.0732 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/05 19:20:50.0850 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/05 19:20:51.0001 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2010/12/05 19:20:51.0077 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/05 19:20:51.0232 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/12/05 19:20:51.0380 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/12/05 19:20:51.0523 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/05 19:20:51.0595 rtl819xp (f2178d894501ced65509d8c7dbeb3f0f) C:\Windows\system32\DRIVERS\rtl819xp.sys
2010/12/05 19:20:51.0682 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/05 19:20:51.0838 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2010/12/05 19:20:51.0958 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/05 19:20:52.0020 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/05 19:20:52.0101 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/05 19:20:52.0274 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/05 19:20:52.0392 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2010/12/05 19:20:52.0474 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/05 19:20:52.0524 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/05 19:20:52.0733 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/05 19:20:52.0861 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2010/12/05 19:20:52.0950 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2010/12/05 19:20:53.0007 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2010/12/05 19:20:53.0171 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/12/05 19:20:53.0323 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/05 19:20:53.0492 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/12/05 19:20:53.0558 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/05 19:20:53.0635 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/05 19:20:53.0764 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/05 19:20:53.0881 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/05 19:20:53.0949 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/05 19:20:54.0020 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/05 19:20:54.0115 SynTP (71837fbce3fd8143953444b3ff7938dc) C:\Windows\system32\DRIVERS\SynTP.sys
2010/12/05 19:20:54.0401 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/12/05 19:20:54.0501 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/05 19:20:54.0657 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/05 19:20:54.0823 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/05 19:20:54.0953 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/05 19:20:55.0041 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/05 19:20:55.0121 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/05 19:20:55.0259 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/05 19:20:55.0336 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/05 19:20:55.0513 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/05 19:20:55.0773 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2010/12/05 19:20:55.0901 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/05 19:20:56.0003 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/05 19:20:56.0129 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2010/12/05 19:20:56.0222 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/05 19:20:56.0283 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/05 19:20:56.0372 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/05 19:20:56.0452 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/05 19:20:56.0550 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/05 19:20:56.0591 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/05 19:20:56.0702 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/05 19:20:56.0860 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/05 19:20:56.0994 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/12/05 19:20:57.0054 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2010/12/05 19:20:57.0272 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/05 19:20:57.0386 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/05 19:20:57.0528 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/05 19:20:57.0633 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/05 19:20:57.0825 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/05 19:20:58.0059 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2010/12/05 19:20:58.0110 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2010/12/05 19:20:58.0162 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2010/12/05 19:20:58.0264 VMC326 (20a559a25c4ae3f9b35f8229636ee5a7) C:\Windows\system32\Drivers\VMC326.sys
2010/12/05 19:20:58.0500 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/05 19:20:58.0812 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/12/05 19:20:58.0971 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/12/05 19:20:59.0040 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2010/12/05 19:20:59.0197 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/05 19:20:59.0248 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/05 19:20:59.0281 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/05 19:20:59.0356 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2010/12/05 19:20:59.0430 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/05 19:20:59.0708 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2010/12/05 19:20:59.0919 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/05 19:20:59.0996 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/05 19:21:00.0107 yukonwlh (6d16a5c05d4fa06fade1d97580986803) C:\Windows\system32\DRIVERS\yk60x86.sys
2010/12/05 19:21:00.0746 ================================================================================
2010/12/05 19:21:00.0746 Scan finished
2010/12/05 19:21:00.0746 ================================================================================
2010/12/05 19:22:26.0060 Deinitialize success
Stewie Griffin
Active Member
 
Posts: 10
Joined: December 2nd, 2010, 9:30 am

Re: Redirect Trouble...probably my own fault.

Unread postby askey127 » December 5th, 2010, 7:44 pm

Stewie,
Good, no TDSS rootkit.
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
In the first section on the page, labeled JDK 6 Update 22 (JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
Select the Platform Windows and check the box to agree to the license.
Choose the Windows Offline installation version and click on the link.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, (or right click and choose "Run as administrator") and it will install the newest version of Java for you to use.
You can then remove the Installer from your desktop.
----------------------------------------------
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Now Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
-----------------------------------------------------
Let's check whether you have any other leftover infected files or settings.
This scan can take a long time (hours), but it is very thorough. Please start it when you can let it finish.
It doesn't remove anything. The report, however, is very valuable.

Run an Online Kaspersky WebScan
  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the Program and Database downloads have finished, (may take a while), Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post the contents of this log in your next reply.

So we are looking for the log from Gooredfix, and the Kaspersky log.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Redirect Trouble...probably my own fault.

Unread postby Stewie Griffin » December 6th, 2010, 7:56 am

Askey,

Laptop is essential for my work, is it possible to leave the Kaspersky scan running overnight? It will probably enter sleep mode after so long, is this a problem?
Stewie Griffin
Active Member
 
Posts: 10
Joined: December 2nd, 2010, 9:30 am

Re: Redirect Trouble...probably my own fault.

Unread postby askey127 » December 6th, 2010, 8:48 am

Stewie,
Let's postpone any Kaspersky scan.

By the way, we don't do business computers here. If you use the PC to communicate, etc. with work that's OK.
If you use it to store business data, we don't want any part of it, due to possible liability and other entanglements.

Please post the GooredFix log.

Another possibility:
------------------------------------------------
Side Note:
If you use a router, wireless or wired, make sure that the administrator password for the router installation has been changed to one that you chose.
If the default password is retained, a remote attacker can install his own server address in between you and your Internet Provider. (The default passwords are published).
In case the router has been hacked, other machines connected to the same router will see the same type of redirect symptoms.
If you go into the router installation routine, you can take a quick look at the IP addresses in the router setup to make sure no extras have been added.
You may need Tech Help from your Internet Provider, or the original instructions, to make sure this is correct.

Are you noticing any other machines on the same router having redirects?

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Redirect Trouble...probably my own fault.

Unread postby Stewie Griffin » December 6th, 2010, 9:39 am

Sorry, I was misleading with 'work'. I am a postgraduate research student so when I said 'work' I meant doing my research and writing it up, not 'work' in a business sense.

Don't think it is my router, I changed the default password when I set it up and it has been fine since. Must be P2P software, the timing of my redirect troubles coincides with my stupid decision to look at this wonderful P2P I've heard so much about. Needless to say, my lesson has been learned.

GooredFix Scan:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 13:32 on 06/12/2010 (Karl)
Firefox version [Unable to determine]

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [10:05 08/06/2009]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [12:13 26/01/2010]

-=E.O.F=-
Stewie Griffin
Active Member
 
Posts: 10
Joined: December 2nd, 2010, 9:30 am

Re: Redirect Trouble...probably my own fault.

Unread postby askey127 » December 6th, 2010, 11:47 am

Stewie,
----------------------------------------------------------------------------------
Download and Run MalwareBytes' Anti-Malware
Please go here to the Download Location, click on Download.
  • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
  • Click the browse folders button, then click on Desktop on the left as the location for the installer and click Save again. Close the dialog when the download is complete.
  • You should now have a desktop icon named mbam-setup.exe.
  • Right click it, choose Run as administrator and Continue
  • Let it install where it wants to, with the default settings, and click Finish.
  • If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program has started up, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items, check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents. The logs are listed and named by time/date stamp.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it. Give permissions if asked.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Main
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects  /s 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins  /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search  /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar  /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Redirect Trouble...probably my own fault.

Unread postby Stewie Griffin » December 6th, 2010, 3:34 pm

Askey, I didn't remove the following files from the MalwareBytes scan:

c:\Windows\System32\MdRees.exe
c:\Windows\System32\nddeaapi.dll
c:\Windows\System32\ndeaapi.dll

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5256

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

06/12/2010 19:24:44
mbam-log-2010-12-06 (19-24-44).txt

Scan type: Quick scan
Objects scanned: 145504
Time elapsed: 8 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Windows\System32\nddeaapi.dll (Trojan.Agent) -> Not selected for removal.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{3335659A-4F7D-199E-36EA-222274636EDD} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3335659A-4F7D-199E-36EA-222274636EDD} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3335659A-4F7D-199E-36EA-222274636EDD} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\nddeaapi.dll (Trojan.Agent) -> Not selected for removal.
c:\Windows\System32\MdRees.exe (Trojan.Dropper) -> Not selected for removal.

SystemLook 04.09.10 by jpshortstuff
Log created at 19:26 on 06/12/2010 by Karl
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Main]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
@="AcroIEHelperStub"
"NoExplorer"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
@="McAfee Phishing Filter"
"NoExplorer"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
@="scriptproxy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
"NoExplorer"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"NoExplorer"= 0x0000000001 (1)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\MIME]
(No values found)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
(Unable to open key - key not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"="McAfee SiteAdvisor"
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=00 (REG_BINARY)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
(Unable to open key - key not found)

-= EOF =-
Stewie Griffin
Active Member
 
Posts: 10
Joined: December 2nd, 2010, 9:30 am

Re: Redirect Trouble...probably my own fault.

Unread postby askey127 » December 6th, 2010, 4:07 pm

Run Malware bytes Anti-Malware again. This time tell it to quarantine or remove everything it finds.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Redirect Trouble...probably my own fault.

Unread postby Stewie Griffin » December 6th, 2010, 4:34 pm

Sorry, didn't know if they were the files you said not to remove. New log:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5256

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

06/12/2010 20:25:22
mbam-log-2010-12-06 (20-25-22).txt

Scan type: Quick scan
Objects scanned: 145994
Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Windows\System32\nddeaapi.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\nddeaapi.dll (Trojan.Agent) -> Delete on reboot.
c:\Windows\System32\MdRees.exe (Trojan.Dropper)
Stewie Griffin
Active Member
 
Posts: 10
Joined: December 2nd, 2010, 9:30 am

Re: Redirect Trouble...probably my own fault.

Unread postby askey127 » December 6th, 2010, 5:03 pm

Ok. Now, tell me what you are seeing for redirects and any other misbehavior.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Redirect Trouble...probably my own fault.

Unread postby Stewie Griffin » December 8th, 2010, 11:11 am

No longer seem to be having any redirect trouble
Stewie Griffin
Active Member
 
Posts: 10
Joined: December 2nd, 2010, 9:30 am

Re: Redirect Trouble...probably my own fault.

Unread postby askey127 » December 8th, 2010, 1:27 pm

I think your system is clean.

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers should now re-enabled.

You can delete GooredFix and TDSSKiller from your desktop.
Good luck,
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Redirect Trouble...probably my own fault.

Unread postby Stewie Griffin » December 9th, 2010, 6:49 am

Received an error message, did not ask to reboot.

defogger_enable by jpshortstuff (23.02.10.1)
Log created at 10:47 on 09/12/2010 (Karl)

Parsing file...


-=E.O.F=-
Stewie Griffin
Active Member
 
Posts: 10
Joined: December 2nd, 2010, 9:30 am
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 270 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware