Solved Google redirecting

Status
Not open for further replies.
Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

=======================================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



/md5start
atapi.sys
/md5stop
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Extras text

OTL Extras logfile created on: 6/30/2010 6:19:36 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Joe\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 32.00 Gb Total Space | 12.40 Gb Free Space | 38.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAWNB
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{152BF35B-56D7-4652-B519-1661AAC270EE}" = The Print Shop 20
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F64D075-84F1-4EBC-A842-F2EF9C58009A}" = The Print Shop Premium Fonts
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21F0CBB8-A158-435A-BBB6-9E2BE6D6D449}" = BlackBerry Device Software v4.6.1 for the BlackBerry 8520 smartphone
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3643EF5F-D28D-4B25-9FA1-8859FC303710}" = Coby Media Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7732DA71-2FB6-5C99-D0D9-58A2DB360895}" = FlipShare
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8F1A20DC-251D-47B0-91B7-DCA2523EE6C9}" = McAfee Virtual Technician
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2DD5ED2-1ADC-44FC-AEBD-E0787FBC02F6}" = ArcSoft Software Suite
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"ATT-SST" = AT&T Self Support Tool
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_HSF" = PCI SoftV92 Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"eMusic Download Manager" = eMusic Download Manager 4.1.4
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lexmark X1100 Series" = Lexmark X1100 Series
"LimeWire" = LimeWire 5.4.6
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoShow Deluxe" = PhotoShow Deluxe
"QcDrv" = Logitech® Camera Driver
"Shockwave" = Shockwave
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Applications" = AT&T Yahoo! Applications

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/26/2010 2:07:35 PM | Computer Name = DAWNB | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 6/28/2010 1:36:30 PM | Computer Name = DAWNB | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 144 (0x90) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Documents and Settings\All
Users\Application Data\Alwil Software\Avast5\journal\journal06130DE3 by C:\Program
Files\Alwil Software\Avast5\AvastSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)
7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 6/28/2010 1:40:38 PM | Computer Name = DAWNB | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 14.0.8089.726, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/28/2010 1:40:41 PM | Computer Name = DAWNB | Source = Application Hang | ID = 1002
Description = Hanging application msnmsgr.exe, version 14.0.8089.726, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/28/2010 1:56:44 PM | Computer Name = DAWNB | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 1280 (0x500) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\VirusScan\1033\vslogres.dll

by C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 6/28/2010 1:58:13 PM | Computer Name = DAWNB | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 6/28/2010 1:58:13 PM | Computer Name = DAWNB | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 6/28/2010 6:06:47 PM | Computer Name = DAWNB | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/28/2010 6:26:07 PM | Computer Name = DAWNB | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2304 (0x900) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\VirusScan\1033\vslogres.dll

by C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 6/28/2010 9:37:38 PM | Computer Name = DAWNB | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 1336 (0x538) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\VirusScan\1033\vslogres.dll

by C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

[ System Events ]
Error - 6/30/2010 12:46:20 AM | Computer Name = DAWNB | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/30/2010 12:46:20 AM | Computer Name = DAWNB | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/30/2010 12:46:20 AM | Computer Name = DAWNB | Source = Service Control Manager | ID = 7034
Description = The SNMP Service service terminated unexpectedly. It has done this
1 time(s).

Error - 6/30/2010 12:48:58 AM | Computer Name = DAWNB | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%2

Error - 6/30/2010 12:49:18 AM | Computer Name = DAWNB | Source = System Error | ID = 1003
Description = Error code c0000145, parameter1 c0000005, parameter2 00000000, parameter3
00000000, parameter4 00000000.

Error - 6/30/2010 8:47:07 AM | Computer Name = DAWNB | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%2

Error - 6/30/2010 8:47:59 AM | Computer Name = DAWNB | Source = System Error | ID = 1003
Description = Error code 000000f4, parameter1 00000003, parameter2 8a19e3b8, parameter3
8a19e52c, parameter4 805fb146.

Error - 6/30/2010 6:58:06 PM | Computer Name = DAWNB | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%2

Error - 6/30/2010 7:20:48 PM | Computer Name = DAWNB | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 6/30/2010 7:20:48 PM | Computer Name = DAWNB | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >
 
I don't know if this is useful to you, but I just received this from the mcafee site advisor....

67.201.36.16/redir2?cid=10796109 may cause a breach of browser security.
Why were you redirected to this page?

When we tested 67.201.36.16/redir2?cid=10796109, it attempted to make unauthorized changes to our test computer by exploiting a browser security vulnerability. This is a serious security threat which could lead to an infection of your computer.
 
You posted Extras.txt twice.
I still need OTL.txt log.

Which browser is getting redirected?
 
OTL text

oops...sorry about that...got it right this time :) had to attach as it was too big. my IE browser is redirecting. I have firefox as well but rarely use it (only used when a program runs better on it). Also, quick question....can I adjust my security settings? I know we aren't supposed to do anything until we are totally clean, but I noticed they are set to custom, when I usually have them set to default to medium-high. I just don't want to change without your go ahead....thanx again...
 

Attachments

  • OTL.Txt
    126.1 KB · Views: 2
Medium-high would be fine.
While I'm checking your OTL log, can you check, if Firefox is redirecting too?
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    SRV - File not found [On_Demand | Stopped] --  -- (LiveUpdate)
    SRV - File not found [Auto | Stopped] --  -- (Automatic LiveUpdate Scheduler)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\bw+0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw+0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw-0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw00 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw00s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw-0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw10 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw10s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw20 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw20s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw30 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw30s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw40 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw40s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw50 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw50s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw60 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw60s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw70 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw70s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw80 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw80s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw90 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bw90s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwa0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwa0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwb0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwb0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwc0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwc0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwd0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwd0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwe0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwe0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwf0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwf0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwg0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwg0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwh0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwh0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwi0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwi0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwj0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwj0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwk0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwk0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwl0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwl0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwm0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwm0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwn0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwn0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwo0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwo0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwp0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwp0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwq0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwq0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwr0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwr0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bws0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bws0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwt0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwt0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwu0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwu0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwv0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwv0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bww0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bww0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwx0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwx0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwy0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwy0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwz0 {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.                         )
    O18 - Protocol\Handler\bwz0s {2941734c-b96e-429c-8cda-c10e002daa66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.
    O18 - Protocol\Handler\offline-8876480 {2941734C-B96E-429C-8CDA-C10E002DAA66} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc.  
    @Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
    
    :Services
    
    :Reg
    
    :Files
    C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\ServicePackFiles\i386\atapi.sys /replace
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [resethosts]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
 
run fix log

ok...I did a lil boo-boo...I pasted the info you needed for custom scan and instead of hitting run fix first, I hit quick scan but realized a few seconds in that I did that. so I then hit run fix...hope I didn't mess u up....sorry :( and yes, firefox redirecting as well. here's the log....going to run the quick scan now....
 

Attachments

  • 06302010_204611.log
    74.6 KB · Views: 2
Download Kenco.exe to your desktop
  • Close all windows and run the program.
  • It wont take long to run.
  • Kenco will reboot the system if it finds anything.
  • Post the log it gives you ( it will be saved in the same place as Kenco.exe).
 
kenco log

that one was super fast. here's the log.

Kenco by jpshortstuff (31.12.09.1)
Log created at 21:58 on 30/06/2010 (Joe)

========== Task Unlocker ==========

========== KencoScan ==========

========== C:\WINDOWS\Tasks ==========
AppleSoftwareUpdate.job -> [04:53 12/11/2008] 284 bytes
Google Software Updater.job -> [21:53 23/06/2010] 868 bytes
GoogleUpdateTaskMachineCore.job -> [22:26 01/02/2010] 882 bytes
GoogleUpdateTaskMachineUA.job -> [22:26 01/02/2010] 886 bytes
McDefragTask.job -> [05:37 12/04/2009] 338 bytes
McQcTask.job -> [05:37 12/04/2009] 330 bytes

-=E.O.F=-
 
1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.


2. Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

  • Spyware, Adware, Dialers, and other potentially dangerous programs
    [*] Archives
    [*] Mail databases
6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
 
quick question....after i finish the Kaspersky scan, can i turn back on my AV protection and do i unistall Kapersky??
 
kaspersky log

KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, July 1, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, July 01, 2010 02:26:30
Records in database: 4263743
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 78172
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 04:26:26

No threats found. Scanned area is clean.

Selected area has been scanned.
 
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

Check for redirection.
 
pasted the info...seemed to be a problem with the one that said renew. came back saying couldn't find something. unplugged everything, restarted and unfortunately still redirecting.
 
this time it didn't say it was finding anything at renew...

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Joe>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Joe>
C:\Documents and Settings\Joe>ipconfig /registerdns

Windows IP Configuration

Registration of the DNS resource records for all adapters of this computer has b
een initiated. Any errors will be reported in the Event Viewer in 15 minutes..

C:\Documents and Settings\Joe>ipconfig /release

Windows IP Configuration


Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
IP Address. . . . . . . . . . . . : fe80::202:e3ff:fe33:2cf2%4
Default Gateway . . . . . . . . . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
Default Gateway . . . . . . . . . : ::

C:\Documents and Settings\Joe>ipconfig /renew

Windows IP Configuration


Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Belkin
IP Address. . . . . . . . . . . . : 192.168.2.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fe80::202:e3ff:fe33:2cf2%4
Default Gateway . . . . . . . . . : 192.168.2.1

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
Default Gateway . . . . . . . . . : ::

C:\Documents and Settings\Joe>net stop "dns client"

The DNS Client service was stopped successfully.


C:\Documents and Settings\Joe>net start "dns client"
The DNS Client service is starting.
The DNS Client service was started successfully.


C:\Documents and Settings\Joe>
 
At command prompt type in:

ipconfig /all

Press Enter.

Post back with results.
 
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Joe>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : DawnB
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Cont
roller
Physical Address. . . . . . . . . : 00-02-E3-33-2C-F2
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.2.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : fe80::202:e3ff:fe33:2cf2%4
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
Lease Obtained. . . . . . . . . . : Thursday, July 01, 2010 5:27:14 PM
Lease Expires . . . . . . . . . . : Monday, January 18, 2038 10:14:07 PM


Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-51-39-B4-FF-1A-E0
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 2001:0:5ef5:73ba:0:5139:b4ff:1ae0
IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-02-03
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : fe80::5efe:192.168.2.3%2
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Disabled

C:\Documents and Settings\Joe>
 
I'm not sure, what's going on here.
Your computer is perfectly clean and I'm pretty sure, the whole redirection issue is caused by your router.
I'm not a networking expert, but your IP Address looks strange.

Try couple of things.
Your router should have a small pinhole, which you can push to reset the router.
Do it with the computer being off.

Also, try to connect your computer straight to the modem, bypassing router and see, if redirection still happens.
 
router disconnected

ok broni, i bypassed router and so far it doesn't seem to be redirecting... :) i've never had this problem before with the router so what would make this happen that maybe we can correct? it is used so my son can connect with his ps3. and should i be doing anything to see about that funky ip address you saw? for now i'm leaving router bypassed until you suggest what i should do next....thanx so much!

oh....also....i don't think you answered yet if that boot scan trojan issue resolved now since nothing seems to be coming up?
 
You're very welcome :)
It looks like my suspicion was correct.

Your router should have a small pinhole, which you can push to reset the router.
Do it with the computer being off.
 
finished?

well i haven't connected back the router yet to see if it still happens, but if it does is it compromising my security and what should i do if it still redirects with router? and i edited my last post so i don't think you saw that last part, but is that boot scan trojan issue resolved and what about that ip address that you said looked strange... so basically where do i stand now...what more needs to be done if anything? i know, alot of questions i just threw out at you...lol...but i do appreciate your help!
 
Status
Not open for further replies.
Back