Google redirect - on every PC in the house

Solved
By merm8fan
Sep 5, 2010
Topic Status:
Not open for further replies.
  1. merm8fan

    merm8fan Newcomer, in training Topic Starter Posts: 37

    Latest MBR check, pre-reboot

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 160):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF7BA7000 \WINDOWS\system32\KDCOM.DLL
    0xF7AB7000 \WINDOWS\system32\BOOTVID.dll
    0xF7658000 ACPI.sys
    0xF7BA9000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7647000 pci.sys
    0xF76A7000 isapnp.sys
    0xF7ABB000 compbatt.sys
    0xF7ABF000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7C6F000 pciide.sys
    0xF7927000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7BAB000 aliide.sys
    0xF7BAD000 cmdide.sys
    0xF7BAF000 toside.sys
    0xF7BB1000 viaide.sys
    0xF7BB3000 intelide.sys
    0xF76B7000 MountMgr.sys
    0xF7628000 ftdisk.sys
    0xF7AC3000 ACPIEC.sys
    0xF7C70000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xF792F000 PartMgr.sys
    0xF76C7000 VolSnap.sys
    0xF7AC7000 cpqarray.sys
    0xF7610000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    0xF75F8000 atapi.sys
    0xF7ACB000 aha154x.sys
    0xF7937000 sparrow.sys
    0xF7ACF000 symc810.sys
    0xF76D7000 aic78xx.sys
    0xF7AD3000 dac960nt.sys
    0xF76E7000 ql10wnt.sys
    0xF7AD7000 amsint.sys
    0xF793F000 asc.sys
    0xF7ADB000 asc3550.sys
    0xF7947000 mraid35x.sys
    0xF794F000 i2omp.sys
    0xF7ADF000 ini910u.sys
    0xF76F7000 ql1240.sys
    0xF7707000 aic78u2.sys
    0xF7957000 symc8xx.sys
    0xF795F000 sym_hi.sys
    0xF7967000 sym_u3.sys
    0xF796F000 ABP480N5.SYS
    0xF7977000 asc3350p.sys
    0xF7BB5000 cd20xrnt.sys
    0xF7717000 ultra.sys
    0xF75DF000 adpu160m.sys
    0xF797F000 dpti2o.sys
    0xF7727000 ql1080.sys
    0xF7737000 ql1280.sys
    0xF7747000 ql12160.sys
    0xF7987000 perc2.sys
    0xF7BB7000 perc2hib.sys
    0xF798F000 hpn.sys
    0xF7AE3000 cbidf2k.sys
    0xF75B3000 dac2w2k.sys
    0xF7757000 disk.sys
    0xF7767000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7593000 fltMgr.sys
    0xF7581000 sr.sys
    0xF755D000 Fastfat.sys
    0xF7546000 KSecDD.sys
    0xF7519000 NDIS.sys
    0xF7777000 sisagp.sys
    0xF7787000 viaagp.sys
    0xF74FF000 Mup.sys
    0xF7797000 alim1541.sys
    0xF77A7000 amdagp.sys
    0xF77B7000 agp440.sys
    0xF77C7000 agpCPQ.sys
    0xF77E7000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF7B63000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF6E37000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
    0xF6E23000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF6DFB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF6DDF000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    0xF6C9E000 \SystemRoot\system32\DRIVERS\athw.sys
    0xF6C87000 \SystemRoot\system32\DRIVERS\jmcr.sys
    0xF79FF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF6C63000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7A07000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF77F7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF7A0F000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
    0xF7A17000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF6C2C000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xF7BB9000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF7A1F000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7B67000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0xF7CDF000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF7807000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7B6B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF6C15000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF7817000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF7827000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF7A27000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF6C04000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF7837000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7A2F000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF7A37000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF7847000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7BBB000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF6BE1000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF6B83000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7B73000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF7857000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF7877000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xAA303000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xAA2DF000 \SystemRoot\system32\drivers\portcls.sys
    0xF7887000 \SystemRoot\system32\drivers\drmk.sys
    0xF7496000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF7BBF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7D46000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7BC1000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF7A77000 \SystemRoot\System32\drivers\vga.sys
    0xF7BC3000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7BC5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF7A7F000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7A87000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF7492000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xAA16C000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xAA113000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF78B7000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xAA0ED000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF78C7000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xAA0C5000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xAA0A3000 \SystemRoot\System32\drivers\afd.sys
    0xF78D7000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xAA081000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0xF7A8F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0xAA056000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA9FE6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF7907000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA9FBF000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xF7A9F000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xA9DE6000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
    0xF745D000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0xF7AA7000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
    0xA9DCE000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7BC9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xAA22F000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF7AAF000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7D29000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF024000 \SystemRoot\System32\igxpgd32.dll
    0xBF012000 \SystemRoot\System32\igxprd32.dll
    0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
    0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xA9DA6000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xA9CAE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA9B0F000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xA98B2000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA9875000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA9A87000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA94AE000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA90AD000 \SystemRoot\System32\Drivers\HTTP.sys
    0xAA1CF000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x7C900000 \WINDOWS\System32\ntdll.dll

    Processes (total 37):
    0 System Idle Process
    4 System
    676 C:\WINDOWS\System32\smss.exe
    736 csrss.exe
    760 C:\WINDOWS\System32\winlogon.exe
    804 C:\WINDOWS\System32\services.exe
    816 C:\WINDOWS\System32\lsass.exe
    980 C:\WINDOWS\System32\svchost.exe
    1044 svchost.exe
    1104 C:\WINDOWS\System32\svchost.exe
    1188 svchost.exe
    1272 svchost.exe
    1444 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1792 C:\WINDOWS\System32\spoolsv.exe
    516 svchost.exe
    664 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    724 C:\WINDOWS\Explorer.EXE
    820 C:\Program Files\Bonjour\mDNSResponder.exe
    1140 C:\Program Files\Java\jre6\bin\jqs.exe
    244 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    1528 C:\WINDOWS\System32\svchost.exe
    556 C:\WINDOWS\System32\wuauclt.exe
    1264 C:\WINDOWS\RTHDCPL.EXE
    1228 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    1888 C:\Program Files\Launch Manager\QtZgAcer.EXE
    2148 C:\Program Files\iTunes\iTunesHelper.exe
    2160 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    2192 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    2212 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    2236 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    2252 C:\WINDOWS\System32\ctfmon.exe
    2348 C:\WINDOWS\System32\igfxext.exe
    2388 C:\WINDOWS\System32\igfxsrvc.exe
    2660 alg.exe
    2900 C:\Program Files\iPod\bin\iPodService.exe
    3180 C:\Documents and Settings\Mar\Local Settings\Temp\RtkBtMnt.exe
    2540 C:\Documents and Settings\Mar\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (FAT32)

    PhysicalDrive0 Model Number: SSDPAMM0008G1, Rev: Ver2.I0K

    Size Device Name MBR Status
    --------------------------------------------
    7 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 00DA077E92625BC67BBA239DB4218A4A12648922


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Options:
    [1] Dump the MBR of a physical disk to file.
    [2] Restore the MBR of a physical disk with a standard boot code.
    [3] Exit.

    Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel

    Please select the MBR code to write to this drive: 1
    Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
    Successfully wrote new MBR code!
    Please reboot your computer to complete the fix.


    Done!
  2. merm8fan

    merm8fan Newcomer, in training Topic Starter Posts: 37

    MBR check, post reboot.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 166):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF7BA7000 \WINDOWS\system32\KDCOM.DLL
    0xF7AB7000 \WINDOWS\system32\BOOTVID.dll
    0xF7658000 ACPI.sys
    0xF7BA9000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7647000 pci.sys
    0xF76A7000 isapnp.sys
    0xF7ABB000 compbatt.sys
    0xF7ABF000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7C6F000 pciide.sys
    0xF7927000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7BAB000 aliide.sys
    0xF7BAD000 cmdide.sys
    0xF7BAF000 toside.sys
    0xF7BB1000 viaide.sys
    0xF7BB3000 intelide.sys
    0xF76B7000 MountMgr.sys
    0xF7628000 ftdisk.sys
    0xF7AC3000 ACPIEC.sys
    0xF7C70000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xF792F000 PartMgr.sys
    0xF76C7000 VolSnap.sys
    0xF7AC7000 cpqarray.sys
    0xF7610000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    0xF75F8000 atapi.sys
    0xF7ACB000 aha154x.sys
    0xF7937000 sparrow.sys
    0xF7ACF000 symc810.sys
    0xF76D7000 aic78xx.sys
    0xF7AD3000 dac960nt.sys
    0xF76E7000 ql10wnt.sys
    0xF7AD7000 amsint.sys
    0xF793F000 asc.sys
    0xF7ADB000 asc3550.sys
    0xF7947000 mraid35x.sys
    0xF794F000 i2omp.sys
    0xF7ADF000 ini910u.sys
    0xF76F7000 ql1240.sys
    0xF7707000 aic78u2.sys
    0xF7957000 symc8xx.sys
    0xF795F000 sym_hi.sys
    0xF7967000 sym_u3.sys
    0xF796F000 ABP480N5.SYS
    0xF7977000 asc3350p.sys
    0xF7BB5000 cd20xrnt.sys
    0xF7717000 ultra.sys
    0xF75DF000 adpu160m.sys
    0xF797F000 dpti2o.sys
    0xF7727000 ql1080.sys
    0xF7737000 ql1280.sys
    0xF7747000 ql12160.sys
    0xF7987000 perc2.sys
    0xF7BB7000 perc2hib.sys
    0xF798F000 hpn.sys
    0xF7AE3000 cbidf2k.sys
    0xF75B3000 dac2w2k.sys
    0xF7757000 disk.sys
    0xF7767000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7593000 fltMgr.sys
    0xF7581000 sr.sys
    0xF755D000 Fastfat.sys
    0xF7546000 KSecDD.sys
    0xF7519000 NDIS.sys
    0xF7777000 sisagp.sys
    0xF7787000 viaagp.sys
    0xF74FF000 Mup.sys
    0xF7797000 alim1541.sys
    0xF77A7000 amdagp.sys
    0xF77B7000 agp440.sys
    0xF77C7000 agpCPQ.sys
    0xF77E7000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF7B63000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF6E37000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
    0xF6E23000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF6DFB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF6DDF000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    0xF6C9E000 \SystemRoot\system32\DRIVERS\athw.sys
    0xF6C87000 \SystemRoot\system32\DRIVERS\jmcr.sys
    0xF79FF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF6C63000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7A07000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF77F7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF7A0F000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
    0xF7A17000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF6C2C000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xF7BB9000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF7A1F000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7B67000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0xF7CDF000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF7807000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7B6B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF6C15000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF7817000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF7827000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF7A27000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF6C04000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF7837000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7A2F000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF7A37000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF7847000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7BBB000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF6BE1000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF6B83000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7B73000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF7857000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF7877000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xAA303000 \SystemRoot\system32\drivers\RtkHDAud.sys
    0xAA2DF000 \SystemRoot\system32\drivers\portcls.sys
    0xF7887000 \SystemRoot\system32\drivers\drmk.sys
    0xF7496000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF7BBF000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7D46000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7BC1000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF7A77000 \SystemRoot\System32\drivers\vga.sys
    0xF7BC3000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7BC5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF7A7F000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7A87000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF7492000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xAA16C000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xAA113000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xF78B7000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xAA0ED000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF78C7000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xAA0C5000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xAA0A3000 \SystemRoot\System32\drivers\afd.sys
    0xF78D7000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xAA081000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0xF7A8F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0xAA056000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA9FE6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF7907000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA9FBF000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xF7A9F000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xA9DE6000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
    0xF745D000 \SystemRoot\system32\DRIVERS\STREAM.SYS
    0xF7AA7000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
    0xA9DCE000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7BC9000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xAA233000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF7AAF000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7D29000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF024000 \SystemRoot\System32\igxpgd32.dll
    0xBF012000 \SystemRoot\System32\igxprd32.dll
    0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
    0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xA9DA6000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xA9CAA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA9A97000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xA98B2000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA96CB000 \SystemRoot\system32\DRIVERS\srv.sys
    0xF79E7000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0xA9396000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA97AA000 \SystemRoot\system32\drivers\sysaudio.sys
    0xF7C49000 \SystemRoot\system32\drivers\splitter.sys
    0xA9373000 \SystemRoot\system32\drivers\aec.sys
    0xA97DA000 \SystemRoot\system32\drivers\swmidi.sys
    0xAA25F000 \SystemRoot\system32\drivers\DMusic.sys
    0xA9348000 \SystemRoot\system32\drivers\kmixer.sys
    0xF7CC4000 \SystemRoot\system32\drivers\drmkaud.sys
    0xA9215000 \SystemRoot\System32\Drivers\HTTP.sys
    0x7C900000 \WINDOWS\System32\ntdll.dll

    Processes (total 38):
    0 System Idle Process
    4 System
    676 C:\WINDOWS\System32\smss.exe
    732 csrss.exe
    756 C:\WINDOWS\System32\winlogon.exe
    800 C:\WINDOWS\System32\services.exe
    812 C:\WINDOWS\System32\lsass.exe
    980 C:\WINDOWS\System32\svchost.exe
    1044 svchost.exe
    1100 C:\WINDOWS\System32\svchost.exe
    1164 svchost.exe
    1264 svchost.exe
    1448 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1784 C:\WINDOWS\System32\spoolsv.exe
    540 svchost.exe
    572 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    604 C:\Program Files\Bonjour\mDNSResponder.exe
    600 C:\Program Files\Java\jre6\bin\jqs.exe
    1156 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    1212 C:\WINDOWS\System32\svchost.exe
    500 alg.exe
    2540 C:\WINDOWS\Explorer.EXE
    2820 C:\WINDOWS\RTHDCPL.EXE
    2860 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2872 C:\Program Files\Launch Manager\QtZgAcer.EXE
    2976 C:\Program Files\iTunes\iTunesHelper.exe
    2992 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    3016 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3052 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3076 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    3092 C:\WINDOWS\System32\ctfmon.exe
    3184 C:\WINDOWS\System32\igfxext.exe
    3248 C:\WINDOWS\System32\igfxsrvc.exe
    3484 C:\Program Files\iPod\bin\iPodService.exe
    3596 C:\Documents and Settings\Mar\Local Settings\Temp\RtkBtMnt.exe
    2768 C:\Program Files\Mozilla Firefox\firefox.exe
    3420 C:\Program Files\Mozilla Firefox\plugin-container.exe
    2032 C:\Documents and Settings\Mar\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (FAT32)

    PhysicalDrive0 Model Number: SSDPAMM0008G1, Rev: Ver2.I0K

    Size Device Name MBR Status
    --------------------------------------------
    7 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 00DA077E92625BC67BBA239DB4218A4A12648922


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  3. crunchie

    crunchie Malware Helper Posts: 761

    XP CD would be nice. We can then use it to repair the MBR.

    Try this instead:

    Please download Mebrootfix.exe by noahdfear and save to your desktop
    Close out all other open programs and windows.
    Double-click on it to run the tool and follow any prompts.
    If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
    Upon restarting, please wait about 5 minutes, go to > Run..., and in the Open dialog box, type: helpasst -mbrt
    Make sure you leave a space between helpasst -mbrt.

    Click OK or press Enter.
    HelpAsst fix will create and open a log when done.
    Copy and paste the contents of that log into your next reply.
    In the event the tool does not detect an mbr infection and completes, do this:
    Go to > Run> in the Open dialog box type: mbr -f
    Click OK or press Enter.
    Now, please do the Start > Run > mbr -f command a second time.
    Shut down the computer
    (do not restart, but shut it down). Wait about five minutes, then start it back up.
    After restart go to > Run > in the Open dialog box, type: helpasst -mbrt
    Make sure you leave a space between helpasst and -mbrt.
    Click OK or press Enter.
    HelpAsst fix will create and open a log when done.
    Copy and paste the contents of that log into your next reply.
  4. merm8fan

    merm8fan Newcomer, in training Topic Starter Posts: 37

    The url for the download at the start of your last post results in a 'Bad Request / 404 Not Found' message.
  5. crunchie

    crunchie Malware Helper Posts: 761

    Try now...........
  6. merm8fan

    merm8fan Newcomer, in training Topic Starter Posts: 37

    Tool did not detect an infection, proceeded with scenario 2

    C:\Documents and Settings\Mar\Desktop\HelpAsst_mebroot_fix.exe
    Tue 09/07/2010 at 2:25:15.25

    HelpAssistant account Inactive

    ~~ Checking for termsrv32.dll ~~

    termsrv32.dll not found

    ~~ Checking firewall ports ~~


    HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list

    ~~ Checking profile list ~~

    No HelpAssistant profile in registry

    ~~ Checking mbr ~~

    user & kernel MBR OK

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Status check on Tue 09/07/2010 at 2:44:47.07

    Account active No
    Local Group Memberships

    ~~ Checking mbr ~~

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    kernel: MBR read successfully
    user & kernel MBR OK

    ~~ Checking for termsrv32.dll ~~

    termsrv32.dll not found


    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
    ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

    ~~ Checking profile list ~~

    No HelpAssistant profile in registry

    ~~ Checking for HelpAssistant directories ~~

    none found

    ~~ Checking firewall ports ~~

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]


    ~~ EOF ~~
  7. crunchie

    crunchie Malware Helper Posts: 761

    Looks like the MBR is ok. Are you still being re-directed on this PC?

    Have you run Bootkit Remover on the other PC's?
  8. merm8fan

    merm8fan Newcomer, in training Topic Starter Posts: 37

    Yes, still being redirected

    Clicking a Google search result for an ESPN (go.espn.com) article resulted in a new browser tab being opened. The 'activity' info on the bottom left of the browser window said 'waiting for results5.google.com' and the actual url for the tab went through a few different identities before ending up at a Liberty Mutual page for a coach of the year contest (http://www.coachoftheyear.com/?src=lmcm-s-lks1005000394) - actually one of the more legitimate sites it has ever redirected to, but still not what I clicked on.

    As for my other PCs, no - I have not run bootkit on them. Is that recommended, when it failed to fix the issue on this netbook? I figured that it would be easier to diagnose an issue on this machine, with far less programs, files, data, etc. than it would be to run the various scans on the 'bigger' PCs.

    Let me know if you want me to switch to a different machine or go ahead and run bootkit on the others. I am a bit curious as to why the issue is common amongst all of them, and is still happening on this one, too.

    Thanks again for all of your help so far!
  9. crunchie

    crunchie Malware Helper Posts: 761

    No worries.

    Are these machines networked together? If so, they can end up re-infecting each other.

    =======

    Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

    ============

    Please download and save SecurityCheck.exe to your Desktop from one of the links below.

    Link 1
    Link 2

    Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    A Notepad document should open automatically called checkup.txt
    Please post the contents of that document in your next reply.
  10. merm8fan

    merm8fan Newcomer, in training Topic Starter Posts: 37

    We do not have a home network set up. We have a single DSL modem and a single router for wired and wireless internet, though, so all PCs connect to the web via the same modem/router pair.

    I will run the two new downloads now. :)
  11. merm8fan

    merm8fan Newcomer, in training Topic Starter Posts: 37

    GooredFix log

    GooredFix by jpshortstuff (03.07.10.1)
    Log created at 03:46 on 07/09/2010 (Mar)
    Firefox version 3.6.8 (en-US)

    ========== GooredScan ==========


    ========== GooredLog ==========

    C:\Program Files\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [06:21 23/05/2009]
    {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [03:20 14/06/2009]
    {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [03:54 16/04/2010]
    {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [05:39 20/08/2010]
    {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [06:35 05/08/2009]
    {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [06:58 13/11/2009]

    C:\Documents and Settings\Mar\Application Data\Mozilla\Firefox\Profiles\zkxcevll.default\extensions\
    {20a82645-c095-46ed-80e3-08825760534b} [05:06 27/04/2010]

    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [21:23 09/08/2009]
    "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [03:19 14/06/2009]

    -=E.O.F=-
     
  12. merm8fan

    merm8fan Newcomer, in training Topic Starter Posts: 37

    SecurityCheck log

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    ESET Online Scanner v3
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 21
    Adobe Flash Player 10.1.82.76
    Mozilla Firefox (3.6.8)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Alwil Software Avast5 AvastSvc.exe
    ALWILS~1 Avast5 avastUI.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
  13. crunchie

    crunchie Malware Helper Posts: 761

    Looks ok.

    Download Delete Domains from here and run it. It will delete all entries from the trusted and restricted zone.

    Reboot and check for the re-directs again.
  14. merm8fan

    merm8fan Newcomer, in training Topic Starter Posts: 37

    OK, I am feeling pretty dense here. The DelDomains.inf only saves as a txt file, which does not have an 'install' option when right-clicked. I also tried saving as type All Files, and it still ended up a txt, and I tried opening in Explorer, but still no 'install' option.

    What am I missing?
  15. crunchie

    crunchie Malware Helper Posts: 761

    Right click the file to download and then save it to a destination. Mine is the desktop.
    Which browser are you using to download? SS's are from IE.
    DelDom.jpg
    Save.jpg
  16. merm8fan

    merm8fan Newcomer, in training Topic Starter Posts: 37

    I use Firefox as a default, I will try again with IE. It was saving to my desktop fine, just as a .txt file. BRB
  17. merm8fan

    merm8fan Newcomer, in training Topic Starter Posts: 37

    OK, the DelDomains file worked as expected via IE, but upon reboot and recheck of the browser - the redirects are still happening. Checked in both IE and Firefox, and was still redirected off google and yahoo results.
  18. crunchie

    crunchie Malware Helper Posts: 761

    Ok. Please delete the version of combofix you have on there now, then download the latest and we will see if anything else is picked up.
    Same link as before will work.
     
  19. merm8fan

    merm8fan Newcomer, in training Topic Starter Posts: 37

    ComboFix deleted and re-downloaded, log below

    ComboFix 10-09-08.01 - Mar 09/08/2010 22:14:52.2.2 - FAT32x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.667 [GMT -6:00]
    Running from: c:\documents and settings\Mar\Desktop\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2010-08-09 to 2010-09-09 )))))))))))))))))))))))))))))))
    .

    2010-09-06 21:25 . 2010-09-06 21:25 -------- d-----w- c:\program files\7-Zip
    2010-09-06 02:33 . 2010-09-06 02:33 -------- d-----w- c:\program files\ESET
    2010-09-05 21:36 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-05 21:36 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-08-20 05:40 . 2010-08-20 05:40 -------- d-----w- c:\program files\Common Files\Java
    2010-08-16 06:02 . 2010-08-16 06:02 503808 ----a-w- c:\documents and settings\Mar\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-51dab748-n\msvcp71.dll
    2010-08-16 06:02 . 2010-08-16 06:02 499712 ----a-w- c:\documents and settings\Mar\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-51dab748-n\jmc.dll
    2010-08-16 06:02 . 2010-08-16 06:02 348160 ----a-w- c:\documents and settings\Mar\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-51dab748-n\msvcr71.dll
    2010-08-16 06:02 . 2010-08-16 06:02 61440 ----a-w- c:\documents and settings\Mar\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a3d3156-n\decora-sse.dll
    2010-08-16 06:02 . 2010-08-16 06:02 12800 ----a-w- c:\documents and settings\Mar\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2a3d3156-n\decora-d3d.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-05 22:10 . 2010-01-13 05:33 284 ----a-w- c:\documents and settings\Mar\Application Data\wklnhst.dat
    2010-09-05 05:45 . 2009-05-14 04:21 90112 ----a-w- c:\windows\DUMP2c01.tmp
    2010-08-30 03:16 . 2010-04-30 07:19 63488 ----a-w- c:\documents and settings\Mar\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-08-30 03:16 . 2010-04-30 07:18 117760 ----a-w- c:\documents and settings\Mar\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-08-06 06:04 . 2010-08-06 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-07-17 11:00 . 2010-04-16 03:54 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-06-30 12:31 . 2008-11-27 01:22 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-28 20:57 . 2010-08-06 06:06 38848 ----a-w- c:\windows\avastSS.scr
    2010-06-28 20:57 . 2009-05-14 05:33 165032 ----a-w- c:\windows\system32\aswBoot.exe
    2010-06-28 20:37 . 2009-05-14 05:34 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-06-28 20:37 . 2009-05-14 05:34 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-06-28 20:33 . 2009-05-14 05:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-06-28 20:32 . 2009-05-14 05:34 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-06-28 20:32 . 2009-05-14 05:34 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-06-28 20:32 . 2009-05-14 05:34 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-06-28 20:32 . 2009-05-14 05:34 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-06-24 12:15 . 2008-11-27 01:22 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 12:15 . 2008-11-27 01:21 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-06-24 12:15 . 2008-11-27 01:21 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-06-23 13:44 . 2008-11-27 01:22 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2008-11-27 01:22 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2008-11-27 01:21 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2008-11-27 01:37 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
    2010-06-14 07:41 . 2008-11-27 01:22 1172480 ----a-w- c:\windows\system32\msxml3.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-09-05_21.58.31 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-09-08 05:01 . 2010-09-08 05:01 16384 c:\windows\Temp\Perflib_Perfdata_260.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-05 2424560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
    "AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-24 1044480]
    "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/13/2009 11:34 PM 165456]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/27/2010 5:30 PM 67656]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/13/2009 11:34 PM 17744]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [11/26/2008 7:22 PM 96856]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
    .
    .
    ------- Supplementary Scan -------
    .
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0409&m=aoa110
    uInternet Settings,ProxyOverride = *.local
    FF - ProfilePath - c:\documents and settings\Mar\Application Data\Mozilla\Firefox\Profiles\zkxcevll.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-08 22:19
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(760)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    c:\windows\system32\igfxdev.dll

    - - - - - - - > 'explorer.exe'(660)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2010-09-08 22:23:14
    ComboFix-quarantined-files.txt 2010-09-09 04:23
    ComboFix2.txt 2010-09-05 22:01

    Pre-Run: 393,228,288 bytes free
    Post-Run: 403,537,920 bytes free

    - - End Of File - - E0E8F5150DA70B58660032EA9277F1C0
  20. crunchie

    crunchie Malware Helper Posts: 761

    Any difference?
  21. merm8fan

    merm8fan Newcomer, in training Topic Starter Posts: 37

    Sorry for the delayed response!

    No change - in fact, even just clicking the techspot 'post reply' button resulted in a new IE window being opened. This is another type of redirect that I run into. The original window/tab goes to the intended destination, but something pops a whole new window/tab and that one redirects just as if I had clicked a Google/Yahoo/Bing search result link.

    The URL was first: http://results.googlesyndication.com/

    And ended up at Argosy University: http://www.argosy.edu/LP/1208/education.aspx?source=LKSMT&cid=SERCH_AUWA_096_SRCH_003&keyword=[*searchterm*]&publisherSite=DS[*Part_Site*]&DS_KWID=[*KeywordID*]
  22. crunchie

    crunchie Malware Helper Posts: 761

    Please go to: Start | Run and type cmd then hit enter. At the C prompt type ipconfig /flushdns and hit enter.

    Please update MBA-M and do a full scan and post the results.
  23. merm8fan

    merm8fan Newcomer, in training Topic Starter Posts: 37

    Did the flushdns, but am still unable to update MBAM - same error of 'MBAM_ERROR_UPDATING (12007, 0, WinHttpSendRequest)'

    I was able to uninstall and reinstall MBAM, which resulted in a newer version, though. Here's the log:


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    9/15/2010 3:26:15 PM
    mbam-log-2010-09-15 (15-26-15).txt

    Scan type: Quick scan
    Objects scanned: 111289
    Time elapsed: 6 minute(s), 26 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  24. merm8fan

    merm8fan Newcomer, in training Topic Starter Posts: 37

    Ooops! Here's the log of the FULL scan

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    9/15/2010 3:54:54 PM
    mbam-log-2010-09-15 (15-54-54).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 141900
    Time elapsed: 20 minute(s), 30 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  25. crunchie

    crunchie Malware Helper Posts: 761

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.