TechSpot

Redirecting and crashing on search

By melv1985
May 4, 2011
  1. Hello,
    My name is Mario, and I am working on my job pc. Our tech person is not coming regularly to work so I'm trying to fix it. I've been having problems when browsing online. I have google chrome and it has been redirecting my search from time to time and now its been crashing from time to time too. The Antivirus on this pc is Microsoft Security Essentials and I can not open it because its blocked. I guess I have some sort of spyware. I try to follow the 8 step spyware removal but after the steps I still have the same problem. Anyway I can fix this by my own with some help?

    Thanks
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot Mario. It is not unusual for the preliminary scans not to handle all malware- but it's a start. If you ran the scans, I need to see the logs. Please paste them in your next reply.

    If you need the links again:
    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. melv1985

    melv1985 TS Rookie Topic Starter

    Thanks

    here are the logs


    GMER 1.0.15.15627 - http://www.gmer.net
    Rootkit scan 2011-05-04 09:41:55
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD8000AARS-00Y5B1 rev.80.00A80
    Running: ueffewdr.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\pxlyypow.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    ? kykravx.sys The system cannot find the file specified. !
    .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB58A0000, 0x2326C7, 0xE8000020]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
    AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)

    ---- EOF - GMER 1.0.15 ----

    next one is:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/25/2010 6:16:00 AM
    System Uptime: 5/4/2011 10:21:18 AM (0 hours ago)
    .
    Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | 880GM-E43 (MS-7596)
    Processor: AMD Athlon(tm) II X2 210e Processor | CPU1 | 2600/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 648 GiB total, 605.093 GiB free.
    D: is FIXED (NTFS) - 98 GiB total, 97.596 GiB free.
    E: is CDROM ()
    Q: is NetworkDisk (NTFS) - 931 GiB total, 751.093 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_791A&SUBSYS_00791A00&REV_1000\5&102BC33E&0&0001
    Manufacturer:
    Name:
    PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_791A&SUBSYS_00791A00&REV_1000\5&102BC33E&0&0001
    Service:
    .
    ==== System Restore Points ===================
    .
    RP1: 4/25/2011 8:21:17 AM - System Checkpoint
    RP2: 4/25/2011 9:13:58 AM - Software Distribution Service 3.0
    RP3: 4/26/2011 1:16:49 PM - System Checkpoint
    RP4: 4/27/2011 2:38:47 PM - System Checkpoint
    RP5: 4/27/2011 3:52:45 PM - Software Distribution Service 3.0
    RP6: 4/29/2011 9:36:40 AM - System Checkpoint
    RP7: 5/2/2011 10:58:44 AM - System Checkpoint
    RP8: 5/3/2011 10:16:45 AM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Adobe AIR
    Adobe Reader X (10.0.1)
    AMD Processor Driver
    AMD USB Filter Driver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Install Manager
    AVS Update Manager 1.0
    AVS Video Converter 7
    AVS4YOU Software Navigator 1.4
    Bonjour
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Crystal Reports 2008 Runtime SP1
    CutePDF Writer 2.8
    FormatFactory 2.60
    Free M4a to MP3 Converter 6.2
    Freecorder
    Freecorder Toolbar
    Google Chrome
    Google Earth
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB954550-v5)
    InfraRecorder
    iTunes
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Office Professional Edition 2003
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MobileMe Control Panel
    Mozilla Firefox (3.6.13)
    Mozilla Thunderbird (3.1.7)
    Peachtree Accounting 2011
    PeachTree Signature Ready Forms
    Pervasive PSQL v10 SP2 Workgroup (32-bit)
    QuickTime
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    Safari
    Sage Exchange
    Sage Integration Services
    Sage Message Center
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2416400)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2483614)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB982132)
    Skins
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    VLC media player 1.1.5
    WD Align - Powered by Acronis
    WebFldrs XP
    Winamp
    Winamp Detector Plug-in
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    WinRAR archiver
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/4/2011 9:51:39 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM Fips MpFilter
    5/4/2011 9:16:45 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    5/4/2011 8:52:21 AM, error: Service Control Manager [7034] - The Pervasive PSQL Workgroup Engine service terminated unexpectedly. It has done this 1 time(s).
    5/4/2011 8:52:21 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    5/4/2011 8:52:21 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    5/4/2011 8:52:21 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
    5/4/2011 8:52:21 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/2/2011 3:11:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    .
    ==== End Of File ===========================


    and last one i do not have which is malaware bytes I have uninstalled
     
  4. melv1985

    melv1985 TS Rookie Topic Starter

    Sorry

    But After using the 8 step and not seeing improvement I spoke with some friends and one suggested me spyware doctor or something like that. I installed it and did but It asked to register so I uninstalled it.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36



    It is not unusual for the preliminary scan to find and remove all malware. But the logs from the scans show us what is on the system and help us determine what should be done next.

    Please find the other log for DDS, named DDS.txt and paste intro your next reply.
    =======================================================
    [​IMG]
    Malwarebytes' Anti-Malware
    • Please download Malwarebytes' Anti-Malware from from HERE
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      [o] Update Malwarebytes' Anti-Malware
      [o] and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick scan, then click Scan.
      * When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach this log with your reply
      [o] If you accidentally close it, the log file is saved here and will be named like this:
      [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    ========================
    I don't have enough information to determine if the redirects and crashes are related. Please follow the instructions I have given.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...