Google redirected

Solved
By bearone100
Aug 16, 2010
Topic Status:
Not open for further replies.
  1. google is redirected 2/3 of the time any help would be great

    Attached Files:

  2. bearone100

    bearone100 Newcomer, in training Topic Starter Posts: 54

    i see that you ned to run combofix so i have done that here is the log

    Attached Files:

  3. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Our instructions don't say anything about it.
    Never run Combofix on your own.

    =====================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
  4. bearone100

    bearone100 Newcomer, in training Topic Starter Posts: 54

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 6.0.6000
    Internet Explorer 7.0.6000.16386

    16/08/2010 10:01:06 AM
    mbam-log-2010-08-16 (10-01-06).txt

    Scan type: Quick scan
    Objects scanned: 109834
    Time elapsed: 4 minute(s), 39 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  5. bearone100

    bearone100 Newcomer, in training Topic Starter Posts: 54

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: (build 6000), 32-bit
    Logical Drives Mask: 0x000001fc

    Kernel Drivers (total 147):
    0x81C00000 \SystemRoot\system32\ntkrnlpa.exe
    0x81FA1000 \SystemRoot\system32\hal.dll
    0x804C6000 \SystemRoot\system32\kdcom.dll
    0x804BD000 \SystemRoot\system32\PSHED.dll
    0x804B5000 \SystemRoot\system32\BOOTVID.dll
    0x8047A000 \SystemRoot\system32\CLFS.SYS
    0x8071F000 \SystemRoot\system32\CI.dll
    0x806A4000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8046D000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8042A000 \SystemRoot\system32\drivers\acpi.sys
    0x80421000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x80419000 \SystemRoot\system32\drivers\msisadrv.sys
    0x8067F000 \SystemRoot\system32\drivers\pci.sys
    0x8040A000 \SystemRoot\system32\drivers\volmgr.sys
    0x8066F000 \SystemRoot\System32\drivers\mountmgr.sys
    0x80403000 \SystemRoot\system32\drivers\pciide.sys
    0x80661000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x8065D000 \SystemRoot\System32\Drivers\UBHelper.sys
    0x80613000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8060B000 \SystemRoot\system32\drivers\atapi.sys
    0x81BE2000 \SystemRoot\system32\drivers\ataport.SYS
    0x81BC8000 \SystemRoot\system32\drivers\nvstor32.sys
    0x81B88000 \SystemRoot\system32\drivers\storport.sys
    0x81B57000 \SystemRoot\system32\drivers\fltmgr.sys
    0x81B47000 \SystemRoot\system32\drivers\fileinfo.sys
    0x80400000 \SystemRoot\system32\DRIVERS\psdfilter.sys
    0x81A43000 \SystemRoot\system32\drivers\ndis.sys
    0x81A18000 \SystemRoot\system32\drivers\msrpc.sys
    0x825C7000 \SystemRoot\system32\drivers\NETIO.SYS
    0x824BF000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x82455000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8241F000 \SystemRoot\system32\drivers\volsnap.sys
    0x80603000 \SystemRoot\System32\Drivers\spldr.sys
    0x81A06000 \SystemRoot\system32\drivers\psdvdisk.sys
    0x80601000 \SystemRoot\system32\drivers\PSDNServ.sys
    0x82410000 \SystemRoot\System32\drivers\partmgr.sys
    0x82401000 \SystemRoot\System32\Drivers\mup.sys
    0x827DB000 \SystemRoot\System32\drivers\ecache.sys
    0x827CA000 \SystemRoot\system32\drivers\disk.sys
    0x827A9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x827A0000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8C6B5000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8C6DF000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x831E8000 \SystemRoot\system32\DRIVERS\amdk8.sys
    0x8C6AB000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x8C66E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8C660000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8C608000 \SystemRoot\system32\DRIVERS\VSTBS23.SYS
    0x8CDD6000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8CCD2000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
    0x8CC1F000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
    0x8C7F3000 \SystemRoot\system32\drivers\modem.sys
    0x8A722000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x8CC11000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x8CF9E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8CF86000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x83046000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
    0x8CF52000 \SystemRoot\system32\DRIVERS\yk60x86.sys
    0x8D1C0000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8CEB6000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8CC04000 \SystemRoot\System32\drivers\watchdog.sys
    0x8CE9C000 \SystemRoot\system32\DRIVERS\serial.sys
    0x8CE92000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x8CE7A000 \SystemRoot\system32\DRIVERS\parport.sys
    0x8CE4F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8CE44000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8CE2D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8CE22000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8D19D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8CE13000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8CE00000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8D191000 \SystemRoot\System32\Drivers\pcouffin.sys
    0x8D16A000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8D186000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8D15F000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8303C000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8D155000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8D179000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8D051000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8A762000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8D66F000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x8D024000 \SystemRoot\system32\drivers\portcls.sys
    0x8D64A000 \SystemRoot\system32\drivers\drmk.sys
    0x8C6F1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8A658000 \SystemRoot\System32\Drivers\Null.SYS
    0x8A65F000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8A666000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8D018000 \SystemRoot\System32\drivers\vga.sys
    0x8D9DF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8314C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x83104000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8D00D000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8D9B1000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8C703000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8D8E0000 \SystemRoot\System32\drivers\tcpip.sys
    0x8D8C7000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8D8B2000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8D89E000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8D864000 \SystemRoot\System32\Drivers\avgtdix.sys
    0x8D832000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8DDB9000 \SystemRoot\system32\drivers\afd.sys
    0x8D81C000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8D80E000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8DDA6000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8DD6B000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8D003000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8DD14000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8A79A000 \SystemRoot\System32\Drivers\avgmfx86.sys
    0x8DCE0000 \SystemRoot\System32\Drivers\avgldx86.sys
    0x8DCC9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x8302A000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8C715000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x8A682000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x8C71E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x8DCB7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x83114000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x8D092000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8A7E2000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x8C6C0000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
    0x92000000 \SystemRoot\System32\win32k.sys
    0x8D600000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8DC98000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x94A00000 \SystemRoot\System32\TSDDD.dll
    0x94A10000 \SystemRoot\System32\cdd.dll
    0x95305000 \SystemRoot\system32\drivers\luafv.sys
    0x95802000 \SystemRoot\system32\drivers\spsys.sys
    0x8A6F2000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x95CBB000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x96D5A000 \SystemRoot\system32\drivers\HTTP.sys
    0x96C4F000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x95C22000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x974EC000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x974CD000 \SystemRoot\system32\drivers\mrxdav.sys
    0x974AF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x97476000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x95C10000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x97452000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x97406000 \SystemRoot\System32\DRIVERS\srv.sys
    0x8307B000 \SystemRoot\system32\DRIVERS\parvdm.sys
    0x9794F000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
    0x97851000 \SystemRoot\system32\drivers\peauth.sys
    0x92392000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x96C80000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9800B000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x9836E000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
    0x95D5C000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x77290000 \Windows\System32\ntdll.dll

    Processes (total 52):
    0 System Idle Process
    4 System
    496 C:\Windows\System32\smss.exe
    564 csrss.exe
    616 C:\Windows\System32\wininit.exe
    628 csrss.exe
    660 C:\Windows\System32\services.exe
    672 C:\Windows\System32\lsass.exe
    684 C:\Windows\System32\lsm.exe
    788 C:\Windows\System32\winlogon.exe
    872 C:\Windows\System32\svchost.exe
    928 C:\Windows\System32\svchost.exe
    1024 C:\Windows\System32\svchost.exe
    1056 C:\Windows\System32\svchost.exe
    1068 C:\Windows\System32\svchost.exe
    1148 C:\Windows\System32\audiodg.exe
    1176 C:\Windows\System32\SLsvc.exe
    1216 C:\Windows\System32\svchost.exe
    1316 C:\Windows\System32\svchost.exe
    1580 C:\Windows\System32\spoolsv.exe
    1612 C:\Windows\System32\svchost.exe
    1840 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    1904 C:\Program Files\AVG\AVG9\avgwdsvc.exe
    1944 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    2044 C:\Windows\System32\svchost.exe
    424 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    568 C:\Windows\System32\svchost.exe
    1044 C:\Windows\System32\svchost.exe
    1208 C:\Windows\System32\SearchIndexer.exe
    1448 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    1880 WUDFHost.exe
    2096 C:\Program Files\AVG\AVG9\avgemc.exe
    2164 C:\Program Files\AVG\AVG9\avgnsx.exe
    2264 C:\Program Files\AVG\AVG9\avgcsrvx.exe
    2480 C:\Windows\System32\taskeng.exe
    2628 WmiPrvSE.exe
    2708 C:\Program Files\AVG\AVG9\avgchsvx.exe
    2740 C:\Program Files\AVG\AVG9\avgrsx.exe
    2768 C:\Program Files\AVG\AVG9\avgcsrvx.exe
    3356 C:\Windows\System32\taskeng.exe
    3432 C:\Windows\System32\dwm.exe
    3544 C:\Windows\explorer.exe
    3704 C:\Windows\RtHDVCpl.exe
    3740 C:\Windows\System32\SysMonitor.exe
    3940 C:\Program Files\AVG\AVG9\avgtray.exe
    2392 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    2444 C:\Windows\System32\rundll32.exe
    1492 C:\Program Files\Mozilla Firefox\firefox.exe
    2468 C:\Windows\System32\SearchProtocolHost.exe
    2000 C:\Windows\System32\SearchFilterHost.exe
    3928 C:\Users\DARREN\Downloads\MBRCheck.exe
    2664 C:\Windows\System32\conime.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`b550f800 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`28872a00 (NTFS)

    PhysicalDrive0 Model Number: HitachiHDT725032VLA, Rev: V54O

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  6. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Run MBRCheck again.

    When it's done you'll see the following line:
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    Pres the Y key and then press Enter

    When the program asks you to Enter your choice, enter 2 and press the Enter key.

    Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
    Enter 0 (zero) and press the Enter key.

    Next the program will show Available MBR codes:, followed by a list of operating systems.
    Please enter 3 for Windows Vista, and then press Enter.

    Next the program will prompt for confirmation.
    Type YES and hit Enter.

    When it's done there should be a text file with the results on your desktop.
    Please copy and paste it back here.

    Then reboot, run MBRCheck again and post new log.
  7. bearone100

    bearone100 Newcomer, in training Topic Starter Posts: 54

    i re ran the scan but when i did the reboot of my computer it will not turn on it goes as far as verifying dim pool and then restarts
  8. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    "verifying dmi pool data" error may be caused by number of reasons (http://www.computerhope.com/issues/ch000474.htm), but I think it's just simply our infection playing games.
    When major system files (winlogon.exe, explorer.exe) are patched (edited) by a malware, it's a tough situation.

    I really don't want to use any more tricks, because we may cause your computer to be not bootable anymore and you'll have to find some other ways to backup your data.

    At this point, I strongly suggest, you use system restore one more time.
    Backup your data and perform clean Windows installation.
  9. bearone100

    bearone100 Newcomer, in training Topic Starter Posts: 54

    doing the restore now will let you know how it works
  10. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    We can try one more option, if you didn't go too far yet...

    If you have Vista/7 DVD...

    start with step 2

    If you don't have Vista/7 DVD...

    1. Create Vista/7 Recovery Disc.

    Option 1 :
    Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
    Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

    Option 2:
    Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
    Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
    Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning ISO Images to a CD or DVD

    2. Boot from created disk.
    At first screen click on Repair your computer:
    [​IMG]
    This will bring you to a new screen where the repair process will look for all Windows Vista installations on your computer. When done you will be presented with the System Recovery Options dialog box:
    [​IMG]
    After this, it will present you with a list of options including startup repair, system restore and command prompt:
    [​IMG]
    Select Command Prompt

    Type in:
    bootrec /FixMbr (<--- there is a "space" after "bootrec")
    and then press Enter

    Once completed then type Exit, press Enter and restart computer.

    Post fresh MBRCheck log.
  11. bearone100

    bearone100 Newcomer, in training Topic Starter Posts: 54

    got the restore to work with the restore disk but the google redirect is still present im going to start from the top again and repost all the scan results by order
     
  12. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    OK :)..........
  13. bearone100

    bearone100 Newcomer, in training Topic Starter Posts: 54

    should i close this post and open a new one since im starting over ?
  14. bearone100

    bearone100 Newcomer, in training Topic Starter Posts: 54

    here is the first log from running the antvirous software

    Avira AntiVir Personal
    Report file date: August-17-10 20:14

    Scanning for 2724817 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows Vista
    Windows version : (plain) [6.0.6000]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : ME-PC

    Version information:
    BUILD.DAT : 10.0.0.567 32097 Bytes 19/04/2010 15:07:00
    AVSCAN.EXE : 10.0.3.0 433832 Bytes 01/04/2010 17:37:40
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 17:57:06
    LUKE.DLL : 10.0.2.3 104296 Bytes 07/03/2010 23:33:06
    LUKERES.DLL : 10.0.0.1 12648 Bytes 11/02/2010 04:40:50
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 14:05:36
    VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 00:27:50
    VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 22:37:44
    VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 21:37:44
    VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 16:29:04
    VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 00:10:58
    VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 00:11:05
    VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 00:11:19
    VBASE008.VDF : 7.10.9.166 2048 Bytes 23/07/2010 00:11:19
    VBASE009.VDF : 7.10.9.167 2048 Bytes 23/07/2010 00:11:19
    VBASE010.VDF : 7.10.9.168 2048 Bytes 23/07/2010 00:11:19
    VBASE011.VDF : 7.10.9.169 2048 Bytes 23/07/2010 00:11:20
    VBASE012.VDF : 7.10.9.170 2048 Bytes 23/07/2010 00:11:20
    VBASE013.VDF : 7.10.9.198 157696 Bytes 26/07/2010 00:11:20
    VBASE014.VDF : 7.10.9.255 997888 Bytes 29/07/2010 00:11:23
    VBASE015.VDF : 7.10.10.28 139264 Bytes 02/08/2010 00:11:24
    VBASE016.VDF : 7.10.10.52 127488 Bytes 03/08/2010 00:11:24
    VBASE017.VDF : 7.10.10.84 137728 Bytes 06/08/2010 00:11:25
    VBASE018.VDF : 7.10.10.107 176640 Bytes 09/08/2010 00:11:25
    VBASE019.VDF : 7.10.10.130 132608 Bytes 10/08/2010 00:11:26
    VBASE020.VDF : 7.10.10.158 131072 Bytes 12/08/2010 00:11:26
    VBASE021.VDF : 7.10.10.190 136704 Bytes 16/08/2010 00:11:27
    VBASE022.VDF : 7.10.10.191 2048 Bytes 16/08/2010 00:11:27
    VBASE023.VDF : 7.10.10.192 2048 Bytes 16/08/2010 00:11:27
    VBASE024.VDF : 7.10.10.193 2048 Bytes 16/08/2010 00:11:27
    VBASE025.VDF : 7.10.10.194 2048 Bytes 16/08/2010 00:11:27
    VBASE026.VDF : 7.10.10.195 2048 Bytes 16/08/2010 00:11:28
    VBASE027.VDF : 7.10.10.196 2048 Bytes 16/08/2010 00:11:28
    VBASE028.VDF : 7.10.10.197 2048 Bytes 16/08/2010 00:11:28
    VBASE029.VDF : 7.10.10.198 2048 Bytes 16/08/2010 00:11:28
    VBASE030.VDF : 7.10.10.199 2048 Bytes 16/08/2010 00:11:28
    VBASE031.VDF : 7.10.10.206 55808 Bytes 17/08/2010 00:11:28
    Engineversion : 8.2.4.34
    AEVDF.DLL : 8.1.2.1 106868 Bytes 18/08/2010 00:11:39
    AESCRIPT.DLL : 8.1.3.42 1364347 Bytes 18/08/2010 00:11:39
    AESCN.DLL : 8.1.6.1 127347 Bytes 18/08/2010 00:11:38
    AESBX.DLL : 8.1.3.1 254324 Bytes 18/08/2010 00:11:40
    AERDL.DLL : 8.1.8.2 614772 Bytes 18/08/2010 00:11:38
    AEPACK.DLL : 8.2.3.5 471412 Bytes 18/08/2010 00:11:37
    AEOFFICE.DLL : 8.1.1.8 201081 Bytes 18/08/2010 00:11:36
    AEHEUR.DLL : 8.1.2.11 2834805 Bytes 18/08/2010 00:11:35
    AEHELP.DLL : 8.1.13.2 242039 Bytes 18/08/2010 00:11:32
    AEGEN.DLL : 8.1.3.19 393587 Bytes 18/08/2010 00:11:31
    AEEMU.DLL : 8.1.2.0 393588 Bytes 18/08/2010 00:11:30
    AECORE.DLL : 8.1.16.2 192887 Bytes 18/08/2010 00:11:30
    AEBB.DLL : 8.1.1.0 53618 Bytes 18/08/2010 00:11:30
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 17:03:40
    AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 17:03:36
    AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 21:47:42
    AVREG.DLL : 10.0.3.0 53096 Bytes 01/04/2010 17:35:48
    AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01/04/2010 17:39:52
    AVARKT.DLL : 10.0.0.14 227176 Bytes 01/04/2010 17:22:14
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 14:53:32
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 17:58:00
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 20:38:58
    NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 19:41:02
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 18:10:22
    RCTEXT.DLL : 10.0.53.0 97128 Bytes 09/04/2010 19:14:30

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, D:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: August-17-10 20:14

    Starting search for hidden objects.
    c:\acer\empowering technology\erecovery\mbrwrwin.exe
    c:\Acer\Empowering Technology\eRecovery\MBRwrWin.exe
    [NOTE] The process is not visible.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '77' Module(s) have been scanned
    Scan process 'svchost.exe' - '30' Module(s) have been scanned
    Scan process 'vssvc.exe' - '48' Module(s) have been scanned
    Scan process 'werfault.exe' - '34' Module(s) have been scanned
    Scan process 'werfault.exe' - '30' Module(s) have been scanned
    Scan process 'avcenter.exe' - '64' Module(s) have been scanned
    Scan process 'avgnt.exe' - '53' Module(s) have been scanned
    Scan process 'sched.exe' - '56' Module(s) have been scanned
    Scan process 'avshadow.exe' - '33' Module(s) have been scanned
    Scan process 'avguard.exe' - '64' Module(s) have been scanned
    Scan process 'svchost.exe' - '54' Module(s) have been scanned
    Scan process 'ERAGENT.EXE' - '31' Module(s) have been scanned
    Scan process 'rundll32.exe' - '29' Module(s) have been scanned
    Scan process 'SysMonitor.exe' - '28' Module(s) have been scanned
    Scan process 'RtHDVCpl.exe' - '44' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '133' Module(s) have been scanned
    Scan process 'Dwm.exe' - '37' Module(s) have been scanned
    Scan process 'taskeng.exe' - '61' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '46' Module(s) have been scanned
    Scan process 'eRecoveryService.exe' - '45' Module(s) have been scanned
    Scan process 'WUDFHost.exe' - '34' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '63' Module(s) have been scanned
    Scan process 'svchost.exe' - '27' Module(s) have been scanned
    Scan process 'svchost.exe' - '43' Module(s) have been scanned
    Scan process 'RichVideo.exe' - '22' Module(s) have been scanned
    Scan process 'svchost.exe' - '39' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '20' Module(s) have been scanned
    Scan process 'MemCheck.exe' - '33' Module(s) have been scanned
    Scan process 'svchost.exe' - '59' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '78' Module(s) have been scanned
    Scan process 'svchost.exe' - '90' Module(s) have been scanned
    Scan process 'svchost.exe' - '67' Module(s) have been scanned
    Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
    Scan process 'svchost.exe' - '145' Module(s) have been scanned
    Scan process 'svchost.exe' - '98' Module(s) have been scanned
    Scan process 'svchost.exe' - '61' Module(s) have been scanned
    Scan process 'svchost.exe' - '33' Module(s) have been scanned
    Scan process 'svchost.exe' - '40' Module(s) have been scanned
    Scan process 'winlogon.exe' - '31' Module(s) have been scanned
    Scan process 'lsm.exe' - '22' Module(s) have been scanned
    Scan process 'lsass.exe' - '61' Module(s) have been scanned
    Scan process 'services.exe' - '33' Module(s) have been scanned
    Scan process 'csrss.exe' - '14' Module(s) have been scanned
    Scan process 'wininit.exe' - '26' Module(s) have been scanned
    Scan process 'csrss.exe' - '14' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!
    Master boot sector HD3
    [INFO] No virus was found!
    Master boot sector HD4
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '568' files ).


    Starting the file scan:

    Begin scan in 'C:\' <ACER>
    Begin scan in 'D:\' <DATA>


    End of the scan: August-17-10 20:25
    Used time: 10:36 Minute(s)

    The scan has been done completely.

    8224 Scanned directories
    109147 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    109147 Files not concerned
    747 Archives were scanned
    0 Warnings
    0 Notes
    241306 Objects were scanned with rootkit scan
    1 Hidden objects were found
  15. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Yes, continue here...
  16. bearone100

    bearone100 Newcomer, in training Topic Starter Posts: 54

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 6.0.6000
    Internet Explorer 7.0.6000.16386

    17/08/2010 9:30:45 PM
    mbam-log-2010-08-17 (21-30-45).txt

    Scan type: Quick scan
    Objects scanned: 109845
    Time elapsed: 3 minute(s), 47 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  17. bearone100

    bearone100 Newcomer, in training Topic Starter Posts: 54

    here are the scan results I will now wait to see whats next thanks

    Attached Files:

  18. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    OK....

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
  19. bearone100

    bearone100 Newcomer, in training Topic Starter Posts: 54

    ok here it is

    Attached Files:

  20. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    Looks good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  21. bearone100

    bearone100 Newcomer, in training Topic Starter Posts: 54

    here is the combofix log the redirect is really bad now every time i go near google i get new sites poping up

    Attached Files:

  22. bearone100

    bearone100 Newcomer, in training Topic Starter Posts: 54

    in tools in explorer i found popupmgr in the allow sit settings
  23. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
    c:\program files\Common Files\Symantec Shared
    c:\programdata\Symantec
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "????r"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  24. bearone100

    bearone100 Newcomer, in training Topic Starter Posts: 54

    ok here is the new combofix

    Attached Files:

  25. Broni

    Broni Malware Annihilator Posts: 46,127   +251

    I can see possible culprit, but we'll try to use another program to see it better.

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.