Solved Google redirected

Status
Not open for further replies.

bearone100

Posts: 54   +0
Google is redirected 2/3 of the time any help would be great
 

Attachments

  • save file.txt
    2.7 KB · Views: 1
  • gmer.log
    6 KB · Views: 2
  • DDS.txt
    14.3 KB · Views: 1
  • mbam-log-2010-08-16 (10-01-06).txt
    881 bytes · Views: 1
I see that you ned to run combofix so I have done that here is the log
 

Attachments

  • combofix log.txt
    11.9 KB · Views: 1
i see that you ned to run combofix
Our instructions don't say anything about it.
Never run Combofix on your own.

=====================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6000
Internet Explorer 7.0.6000.16386

16/08/2010 10:01:06 AM
mbam-log-2010-08-16 (10-01-06).txt

Scan type: Quick scan
Objects scanned: 109834
Time elapsed: 4 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: (build 6000), 32-bit
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 147):
0x81C00000 \SystemRoot\system32\ntkrnlpa.exe
0x81FA1000 \SystemRoot\system32\hal.dll
0x804C6000 \SystemRoot\system32\kdcom.dll
0x804BD000 \SystemRoot\system32\PSHED.dll
0x804B5000 \SystemRoot\system32\BOOTVID.dll
0x8047A000 \SystemRoot\system32\CLFS.SYS
0x8071F000 \SystemRoot\system32\CI.dll
0x806A4000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8046D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8042A000 \SystemRoot\system32\drivers\acpi.sys
0x80421000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80419000 \SystemRoot\system32\drivers\msisadrv.sys
0x8067F000 \SystemRoot\system32\drivers\pci.sys
0x8040A000 \SystemRoot\system32\drivers\volmgr.sys
0x8066F000 \SystemRoot\System32\drivers\mountmgr.sys
0x80403000 \SystemRoot\system32\drivers\pciide.sys
0x80661000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8065D000 \SystemRoot\System32\Drivers\UBHelper.sys
0x80613000 \SystemRoot\System32\drivers\volmgrx.sys
0x8060B000 \SystemRoot\system32\drivers\atapi.sys
0x81BE2000 \SystemRoot\system32\drivers\ataport.SYS
0x81BC8000 \SystemRoot\system32\drivers\nvstor32.sys
0x81B88000 \SystemRoot\system32\drivers\storport.sys
0x81B57000 \SystemRoot\system32\drivers\fltmgr.sys
0x81B47000 \SystemRoot\system32\drivers\fileinfo.sys
0x80400000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x81A43000 \SystemRoot\system32\drivers\ndis.sys
0x81A18000 \SystemRoot\system32\drivers\msrpc.sys
0x825C7000 \SystemRoot\system32\drivers\NETIO.SYS
0x824BF000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82455000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8241F000 \SystemRoot\system32\drivers\volsnap.sys
0x80603000 \SystemRoot\System32\Drivers\spldr.sys
0x81A06000 \SystemRoot\system32\drivers\psdvdisk.sys
0x80601000 \SystemRoot\system32\drivers\PSDNServ.sys
0x82410000 \SystemRoot\System32\drivers\partmgr.sys
0x82401000 \SystemRoot\System32\Drivers\mup.sys
0x827DB000 \SystemRoot\System32\drivers\ecache.sys
0x827CA000 \SystemRoot\system32\drivers\disk.sys
0x827A9000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x827A0000 \SystemRoot\system32\drivers\crcdisk.sys
0x8C6B5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8C6DF000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x831E8000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8C6AB000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8C66E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8C660000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8C608000 \SystemRoot\system32\DRIVERS\VSTBS23.SYS
0x8CDD6000 \SystemRoot\system32\DRIVERS\ks.sys
0x8CCD2000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
0x8CC1F000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
0x8C7F3000 \SystemRoot\system32\drivers\modem.sys
0x8A722000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8CC11000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8CF9E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8CF86000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x83046000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8CF52000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8D1C0000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8CEB6000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CC04000 \SystemRoot\System32\drivers\watchdog.sys
0x8CE9C000 \SystemRoot\system32\DRIVERS\serial.sys
0x8CE92000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8CE7A000 \SystemRoot\system32\DRIVERS\parport.sys
0x8CE4F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8CE44000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CE2D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8CE22000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D19D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8CE13000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8CE00000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D191000 \SystemRoot\System32\Drivers\pcouffin.sys
0x8D16A000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D186000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D15F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8303C000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D155000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D179000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D051000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8A762000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D66F000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8D024000 \SystemRoot\system32\drivers\portcls.sys
0x8D64A000 \SystemRoot\system32\drivers\drmk.sys
0x8C6F1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8A658000 \SystemRoot\System32\Drivers\Null.SYS
0x8A65F000 \SystemRoot\System32\Drivers\Beep.SYS
0x8A666000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8D018000 \SystemRoot\System32\drivers\vga.sys
0x8D9DF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8314C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x83104000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D00D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D9B1000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C703000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D8E0000 \SystemRoot\System32\drivers\tcpip.sys
0x8D8C7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8D8B2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D89E000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D864000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8D832000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DDB9000 \SystemRoot\system32\drivers\afd.sys
0x8D81C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D80E000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8DDA6000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8DD6B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D003000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8DD14000 \SystemRoot\System32\Drivers\dfsc.sys
0x8A79A000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x8DCE0000 \SystemRoot\System32\Drivers\avgldx86.sys
0x8DCC9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8302A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C715000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8A682000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8C71E000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8DCB7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x83114000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8D092000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8A7E2000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8C6C0000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x92000000 \SystemRoot\System32\win32k.sys
0x8D600000 \SystemRoot\System32\drivers\Dxapi.sys
0x8DC98000 \SystemRoot\system32\DRIVERS\monitor.sys
0x94A00000 \SystemRoot\System32\TSDDD.dll
0x94A10000 \SystemRoot\System32\cdd.dll
0x95305000 \SystemRoot\system32\drivers\luafv.sys
0x95802000 \SystemRoot\system32\drivers\spsys.sys
0x8A6F2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x95CBB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x96D5A000 \SystemRoot\system32\drivers\HTTP.sys
0x96C4F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x95C22000 \SystemRoot\system32\DRIVERS\bowser.sys
0x974EC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x974CD000 \SystemRoot\system32\drivers\mrxdav.sys
0x974AF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x97476000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x95C10000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x97452000 \SystemRoot\System32\DRIVERS\srv2.sys
0x97406000 \SystemRoot\System32\DRIVERS\srv.sys
0x8307B000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9794F000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0x97851000 \SystemRoot\system32\drivers\peauth.sys
0x92392000 \SystemRoot\System32\Drivers\secdrv.SYS
0x96C80000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9800B000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9836E000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x95D5C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77290000 \Windows\System32\ntdll.dll

Processes (total 52):
0 System Idle Process
4 System
496 C:\Windows\System32\smss.exe
564 csrss.exe
616 C:\Windows\System32\wininit.exe
628 csrss.exe
660 C:\Windows\System32\services.exe
672 C:\Windows\System32\lsass.exe
684 C:\Windows\System32\lsm.exe
788 C:\Windows\System32\winlogon.exe
872 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1148 C:\Windows\System32\audiodg.exe
1176 C:\Windows\System32\SLsvc.exe
1216 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\svchost.exe
1580 C:\Windows\System32\spoolsv.exe
1612 C:\Windows\System32\svchost.exe
1840 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
1904 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1944 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2044 C:\Windows\System32\svchost.exe
424 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
568 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\SearchIndexer.exe
1448 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
1880 WUDFHost.exe
2096 C:\Program Files\AVG\AVG9\avgemc.exe
2164 C:\Program Files\AVG\AVG9\avgnsx.exe
2264 C:\Program Files\AVG\AVG9\avgcsrvx.exe
2480 C:\Windows\System32\taskeng.exe
2628 WmiPrvSE.exe
2708 C:\Program Files\AVG\AVG9\avgchsvx.exe
2740 C:\Program Files\AVG\AVG9\avgrsx.exe
2768 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3356 C:\Windows\System32\taskeng.exe
3432 C:\Windows\System32\dwm.exe
3544 C:\Windows\explorer.exe
3704 C:\Windows\RtHDVCpl.exe
3740 C:\Windows\System32\SysMonitor.exe
3940 C:\Program Files\AVG\AVG9\avgtray.exe
2392 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
2444 C:\Windows\System32\rundll32.exe
1492 C:\Program Files\Mozilla Firefox\firefox.exe
2468 C:\Windows\System32\SearchProtocolHost.exe
2000 C:\Windows\System32\SearchFilterHost.exe
3928 C:\Users\DARREN\Downloads\MBRCheck.exe
2664 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`b550f800 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`28872a00 (NTFS)

PhysicalDrive0 Model Number: HitachiHDT725032VLA, Rev: V54O

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
 
Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Pres the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 0 (zero) and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 3 for Windows Vista, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot, run MBRCheck again and post new log.
 
i re ran the scan but when i did the reboot of my computer it will not turn on it goes as far as verifying dim pool and then restarts
 
"verifying dmi pool data" error may be caused by number of reasons (http://www.computerhope.com/issues/ch000474.htm), but I think it's just simply our infection playing games.
When major system files (winlogon.exe, explorer.exe) are patched (edited) by a malware, it's a tough situation.

I really don't want to use any more tricks, because we may cause your computer to be not bootable anymore and you'll have to find some other ways to backup your data.

At this point, I strongly suggest, you use system restore one more time.
Backup your data and perform clean Windows installation.
 
We can try one more option, if you didn't go too far yet...

If you have Vista/7 DVD...

start with step 2

If you don't have Vista/7 DVD...

1. Create Vista/7 Recovery Disc.

Option 1 :
Vista: http://www.c4consulting.com.au/soluctions/vista/VISTA SOLUCTIONS.htm
Windows 7: http://www.guidingtech.com/3816/system-repair-recovery-disc-windows-7/

Option 2:
Download Vista Recovery Disc iso image: http://neosmart.net/blog/2008/windows-vista-recovery-disc-download/
Download Windows 7 Recovery Disc iso image: http://neosmart.net/blog/2009/windows-7-system-repair-discs/
Burn it to CD, or DVD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

2. Boot from created disk.
At first screen click on Repair your computer:
setup-option.jpg

This will bring you to a new screen where the repair process will look for all Windows Vista installations on your computer. When done you will be presented with the System Recovery Options dialog box:
system-recovery-options.jpg

After this, it will present you with a list of options including startup repair, system restore and command prompt:
systemrecovery.jpg

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh MBRCheck log.
 
got the restore to work with the restore disk but the google redirect is still present im going to start from the top again and repost all the scan results by order
 
here is the first log from running the antvirous software

Avira AntiVir Personal
Report file date: August-17-10 20:14

Scanning for 2724817 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (plain) [6.0.6000]
Boot mode : Normally booted
Username : SYSTEM
Computer name : ME-PC

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 19/04/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 01/04/2010 17:37:40
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 17:57:06
LUKE.DLL : 10.0.2.3 104296 Bytes 07/03/2010 23:33:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 11/02/2010 04:40:50
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 14:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 00:27:50
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 22:37:44
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 21:37:44
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 16:29:04
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 00:10:58
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 00:11:05
VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/07/2010 00:11:19
VBASE008.VDF : 7.10.9.166 2048 Bytes 23/07/2010 00:11:19
VBASE009.VDF : 7.10.9.167 2048 Bytes 23/07/2010 00:11:19
VBASE010.VDF : 7.10.9.168 2048 Bytes 23/07/2010 00:11:19
VBASE011.VDF : 7.10.9.169 2048 Bytes 23/07/2010 00:11:20
VBASE012.VDF : 7.10.9.170 2048 Bytes 23/07/2010 00:11:20
VBASE013.VDF : 7.10.9.198 157696 Bytes 26/07/2010 00:11:20
VBASE014.VDF : 7.10.9.255 997888 Bytes 29/07/2010 00:11:23
VBASE015.VDF : 7.10.10.28 139264 Bytes 02/08/2010 00:11:24
VBASE016.VDF : 7.10.10.52 127488 Bytes 03/08/2010 00:11:24
VBASE017.VDF : 7.10.10.84 137728 Bytes 06/08/2010 00:11:25
VBASE018.VDF : 7.10.10.107 176640 Bytes 09/08/2010 00:11:25
VBASE019.VDF : 7.10.10.130 132608 Bytes 10/08/2010 00:11:26
VBASE020.VDF : 7.10.10.158 131072 Bytes 12/08/2010 00:11:26
VBASE021.VDF : 7.10.10.190 136704 Bytes 16/08/2010 00:11:27
VBASE022.VDF : 7.10.10.191 2048 Bytes 16/08/2010 00:11:27
VBASE023.VDF : 7.10.10.192 2048 Bytes 16/08/2010 00:11:27
VBASE024.VDF : 7.10.10.193 2048 Bytes 16/08/2010 00:11:27
VBASE025.VDF : 7.10.10.194 2048 Bytes 16/08/2010 00:11:27
VBASE026.VDF : 7.10.10.195 2048 Bytes 16/08/2010 00:11:28
VBASE027.VDF : 7.10.10.196 2048 Bytes 16/08/2010 00:11:28
VBASE028.VDF : 7.10.10.197 2048 Bytes 16/08/2010 00:11:28
VBASE029.VDF : 7.10.10.198 2048 Bytes 16/08/2010 00:11:28
VBASE030.VDF : 7.10.10.199 2048 Bytes 16/08/2010 00:11:28
VBASE031.VDF : 7.10.10.206 55808 Bytes 17/08/2010 00:11:28
Engineversion : 8.2.4.34
AEVDF.DLL : 8.1.2.1 106868 Bytes 18/08/2010 00:11:39
AESCRIPT.DLL : 8.1.3.42 1364347 Bytes 18/08/2010 00:11:39
AESCN.DLL : 8.1.6.1 127347 Bytes 18/08/2010 00:11:38
AESBX.DLL : 8.1.3.1 254324 Bytes 18/08/2010 00:11:40
AERDL.DLL : 8.1.8.2 614772 Bytes 18/08/2010 00:11:38
AEPACK.DLL : 8.2.3.5 471412 Bytes 18/08/2010 00:11:37
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 18/08/2010 00:11:36
AEHEUR.DLL : 8.1.2.11 2834805 Bytes 18/08/2010 00:11:35
AEHELP.DLL : 8.1.13.2 242039 Bytes 18/08/2010 00:11:32
AEGEN.DLL : 8.1.3.19 393587 Bytes 18/08/2010 00:11:31
AEEMU.DLL : 8.1.2.0 393588 Bytes 18/08/2010 00:11:30
AECORE.DLL : 8.1.16.2 192887 Bytes 18/08/2010 00:11:30
AEBB.DLL : 8.1.1.0 53618 Bytes 18/08/2010 00:11:30
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 17:03:40
AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 17:03:36
AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 21:47:42
AVREG.DLL : 10.0.3.0 53096 Bytes 01/04/2010 17:35:48
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01/04/2010 17:39:52
AVARKT.DLL : 10.0.0.14 227176 Bytes 01/04/2010 17:22:14
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 14:53:32
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 17:58:00
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 20:38:58
NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 19:41:02
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 18:10:22
RCTEXT.DLL : 10.0.53.0 97128 Bytes 09/04/2010 19:14:30

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: August-17-10 20:14

Starting search for hidden objects.
c:\acer\empowering technology\erecovery\mbrwrwin.exe
c:\Acer\Empowering Technology\eRecovery\MBRwrWin.exe
[NOTE] The process is not visible.

The scan of running processes will be started
Scan process 'avscan.exe' - '77' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'werfault.exe' - '34' Module(s) have been scanned
Scan process 'werfault.exe' - '30' Module(s) have been scanned
Scan process 'avcenter.exe' - '64' Module(s) have been scanned
Scan process 'avgnt.exe' - '53' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'avguard.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '54' Module(s) have been scanned
Scan process 'ERAGENT.EXE' - '31' Module(s) have been scanned
Scan process 'rundll32.exe' - '29' Module(s) have been scanned
Scan process 'SysMonitor.exe' - '28' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '44' Module(s) have been scanned
Scan process 'Explorer.EXE' - '133' Module(s) have been scanned
Scan process 'Dwm.exe' - '37' Module(s) have been scanned
Scan process 'taskeng.exe' - '61' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '46' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '45' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '34' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '63' Module(s) have been scanned
Scan process 'svchost.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'RichVideo.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '20' Module(s) have been scanned
Scan process 'MemCheck.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'spoolsv.exe' - '78' Module(s) have been scanned
Scan process 'svchost.exe' - '90' Module(s) have been scanned
Scan process 'svchost.exe' - '67' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '145' Module(s) have been scanned
Scan process 'svchost.exe' - '98' Module(s) have been scanned
Scan process 'svchost.exe' - '61' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '61' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '568' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
Begin scan in 'D:\' <DATA>


End of the scan: August-17-10 20:25
Used time: 10:36 Minute(s)

The scan has been done completely.

8224 Scanned directories
109147 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
109147 Files not concerned
747 Archives were scanned
0 Warnings
0 Notes
241306 Objects were scanned with rootkit scan
1 Hidden objects were found
 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6000
Internet Explorer 7.0.6000.16386

17/08/2010 9:30:45 PM
mbam-log-2010-08-17 (21-30-45).txt

Scan type: Quick scan
Objects scanned: 109845
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Here are the scan results I will now wait to see whats next thanks
 

Attachments

  • gmer.log
    51 KB · Views: 1
  • Attach.txt
    15.4 KB · Views: 0
  • DDS.txt
    7.8 KB · Views: 1
OK....

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
Looks good :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Here is the combofix log the redirect is really bad now every time I go near google I get new sites poping up
 

Attachments

  • combofix.txt
    8.9 KB · Views: 1
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
Folder::
c:\program files\Common Files\Symantec Shared
c:\programdata\Symantec

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\?????????]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
I can see possible culprit, but we'll try to use another program to see it better.

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Status
Not open for further replies.
Back