SturmScourge
Posts: 12 +0
Hello!
I have two computers that have Google searches redirected while using Firefox; I don't use IE at all. My Work computer has been doing it for a few months now, but now my Home computer just started last night. I understand that each computer is different, so I will start with the Home computer and get it cleaned up first. I will post logs per the 5-step prelim instructions. I ran MBAM 3 times, so I will include all 3 logs. Please note that after I had run MBAM each time, I opened Firefox and Google searches were still being redirected. I will attach the GMER and DDS logs in a minute here after I run them.
Thanks!
Franklin
>>> MBAM Log 1:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.10.03
Windows 7 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
SturmScourge :: MIRRORBEACH [administrator]
8/9/2012 10:49:30 PM
mbam-log-2012-08-09 (22-49-30).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191326
Time elapsed: 3 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Diagnostics (Trojan.RedirRdll3.Gen) -> Data: rundll32.exe "C:\Users\SturmScourge\AppData\Local\EgisTec IPS\Diagnostics\svtdizb.dll",CreateInstance -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\SturmScourge\AppData\Local\Temp\0.6678930628709964 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Users\SturmScourge\AppData\Local\EgisTec IPS\Diagnostics\svtdizb.dll (Trojan.RedirRdll3.Gen) -> Quarantined and deleted successfully.
(end)
>>> MBAM Log 2:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.10.03
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
SturmScourge :: MIRRORBEACH [administrator]
8/9/2012 11:09:22 PM
mbam-log-2012-08-09 (23-09-22).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191384
Time elapsed: 4 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
>>> and MBAM Log 3:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.10.03
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
SturmScourge :: MIRRORBEACH [administrator]
8/9/2012 11:15:05 PM
mbam-log-2012-08-09 (23-15-05).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 562814
Time elapsed: 4 hour(s), 51 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
E:\Seagate Backup\MIRRORBEACH\History\Level2\C\Downloads\Samsung PC Studio 3.2.2\SoftonicDownloader_for_samsung-pc-studio.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
(end)
I have two computers that have Google searches redirected while using Firefox; I don't use IE at all. My Work computer has been doing it for a few months now, but now my Home computer just started last night. I understand that each computer is different, so I will start with the Home computer and get it cleaned up first. I will post logs per the 5-step prelim instructions. I ran MBAM 3 times, so I will include all 3 logs. Please note that after I had run MBAM each time, I opened Firefox and Google searches were still being redirected. I will attach the GMER and DDS logs in a minute here after I run them.
Thanks!
Franklin
>>> MBAM Log 1:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.10.03
Windows 7 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
SturmScourge :: MIRRORBEACH [administrator]
8/9/2012 10:49:30 PM
mbam-log-2012-08-09 (22-49-30).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191326
Time elapsed: 3 minute(s), 3 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Diagnostics (Trojan.RedirRdll3.Gen) -> Data: rundll32.exe "C:\Users\SturmScourge\AppData\Local\EgisTec IPS\Diagnostics\svtdizb.dll",CreateInstance -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 2
C:\Users\SturmScourge\AppData\Local\Temp\0.6678930628709964 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Users\SturmScourge\AppData\Local\EgisTec IPS\Diagnostics\svtdizb.dll (Trojan.RedirRdll3.Gen) -> Quarantined and deleted successfully.
(end)
>>> MBAM Log 2:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.10.03
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
SturmScourge :: MIRRORBEACH [administrator]
8/9/2012 11:09:22 PM
mbam-log-2012-08-09 (23-09-22).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191384
Time elapsed: 4 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
>>> and MBAM Log 3:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.10.03
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
SturmScourge :: MIRRORBEACH [administrator]
8/9/2012 11:15:05 PM
mbam-log-2012-08-09 (23-15-05).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 562814
Time elapsed: 4 hour(s), 51 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
E:\Seagate Backup\MIRRORBEACH\History\Level2\C\Downloads\Samsung PC Studio 3.2.2\SoftonicDownloader_for_samsung-pc-studio.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
(end)