Solved Redirected in search engine even after reinstal

appleybridger · Nov 11, 2010

MBR log after reboot

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF79A6000 \WINDOWS\system32\KDCOM.DLL
0xF78B6000 \WINDOWS\system32\BOOTVID.dll
0xF7377000 ACPI.sys
0xF79A8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7366000 pci.sys
0xF74A6000 isapnp.sys
0xF78BA000 compbatt.sys
0xF78BE000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A6E000 pciide.sys
0xF7726000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7348000 pcmcia.sys
0xF74B6000 MountMgr.sys
0xF7329000 ftdisk.sys
0xF78C2000 ACPIEC.sys
0xF7A6F000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF772E000 PartMgr.sys
0xF78C6000 UBHelper.sys
0xF74C6000 VolSnap.sys
0xF7311000 atapi.sys
0xF74D6000 disk.sys
0xF74E6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72F1000 fltmgr.sys
0xF72DF000 sr.sys
0xF72BB000 Fastfat.sys
0xF72A4000 KSecDD.sys
0xF7277000 NDIS.sys
0xF74F6000 uagp35.sys
0xF7506000 SISAGPX.sys
0xF725D000 Mup.sys
0xF7526000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF71C5000 \SystemRoot\system32\DRIVERS\sisgrp.sys
0xF71B1000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7536000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7746000 \SystemRoot\System32\Drivers\DKbFltr.sys
0xF774E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7183000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79AA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7756000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7546000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7556000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7566000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7160000 \SystemRoot\system32\DRIVERS\ks.sys
0xF79AC000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0xF712F000 \SystemRoot\system32\DRIVERS\HSFHWSIS.sys
0xF7031000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6F85000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF775E000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6D50000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF6D2C000 \SystemRoot\system32\drivers\portcls.sys
0xF7576000 \SystemRoot\system32\drivers\drmk.sys
0xF7766000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6D08000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF776E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7776000 \SystemRoot\system32\DRIVERS\sisnicxp.sys
0xF6CAD000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF7946000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7B2D000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7586000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF794A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6C96000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7596000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF75A6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF777E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6C85000 \SystemRoot\system32\DRIVERS\psched.sys
0xF75B6000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7786000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF778E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF75C6000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79AE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6BFF000 \SystemRoot\system32\DRIVERS\update.sys
0xF795A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF75D6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7626000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79B2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B7B000 \SystemRoot\System32\Drivers\Null.SYS
0xF79B4000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77D6000 \SystemRoot\System32\drivers\vga.sys
0xF79B6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79B8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77DE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77E6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7982000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAD72D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAD6D4000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF7636000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAD684000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAD662000 \SystemRoot\System32\drivers\afd.sys
0xF7646000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF798A000 \SystemRoot\system32\DRIVERS\srvkp.sys
0xAD637000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAD5C7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7656000 \SystemRoot\System32\Drivers\Fips.SYS
0xAD5A1000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7666000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAD57A000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF77F6000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF7224000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7686000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF77FE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7220000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAD367000 \SystemRoot\System32\Drivers\Ntfs.SYS
0xF7696000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAD2AF000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79BA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6C7D000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7806000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xAD438000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\SiSGRV.dll
0xAD28B000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xAD193000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xACFA8000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xACE13000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xACD36000 \SystemRoot\system32\drivers\wdmaud.sys
0xAD1BF000 \SystemRoot\system32\drivers\sysaudio.sys
0xACCC0000
0xF79EA000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xACE48000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF79EC000 \??\C:\WINDOWS\system32\drivers\osaio.sys
0xF7BE7000 \??\C:\WINDOWS\system32\drivers\osanbm.sys
0xACB21000 \SystemRoot\system32\DRIVERS\srv.sys
0xF7816000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xAC6A8000 \SystemRoot\System32\Drivers\HTTP.sys
0xAC57F000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0x7C900000 \WINDOWS\System32\ntdll.dll

Processes (total 36):
0 System Idle Process
4 System
572 C:\WINDOWS\System32\SMSS.EXE
620 CSRSS.EXE
648 C:\WINDOWS\System32\WINLOGON.EXE
692 C:\WINDOWS\System32\SERVICES.EXE
704 C:\WINDOWS\System32\LSASS.EXE
852 C:\WINDOWS\System32\SVCHOST.EXE
900 SVCHOST.EXE
940 C:\WINDOWS\System32\SVCHOST.EXE
1004 SVCHOST.EXE
1152 SVCHOST.EXE
1284 C:\WINDOWS\EXPLORER.EXE
1560 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1776 C:\WINDOWS\System32\SPOOLSV.EXE
1852 SVCHOST.EXE
1880 C:\Acer\eManager\anbmServ.exe
212 C:\Program Files\Java\JRE6\BIN\JQS.EXE
344 C:\WINDOWS\System32\WUAUCLT.EXE
1896 alg.exe
376 C:\WINDOWS\System32\Keyhook.exe
152 C:\WINDOWS\SOUNDMAN.EXE
120 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
1088 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
708 C:\Program Files\Arcade\PCMService.exe
1080 C:\Acer\Empowering Technology\eRecovery\Monitor.exe
1260 C:\Program Files\Real\RealPlayer\REALPLAY.EXE
1176 C:\Program Files\QuickTime\QTTASK.EXE
1308 C:\Program Files\Launch Manager\QtZgAcer.EXE
1072 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
460 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
808 C:\Program Files\Common Files\Java\Java Update\JUSCHED.EXE
1948 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2148 C:\WINDOWS\System32\SISTRAY.EXE
2436 C:\Documents and Settings\Denis\Desktop\MBRCheck.exe
2812 C:\Program Files\Alwil Software\Avast5\Setup\avast.setup

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`f98b7a00 (FAT32)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`bdfa3e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800UE-22HCT0, Rev: 09.07D09

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 6A37CCD118436B688B51F6BD4C2B47A895EBDF7F

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

crunchie · Nov 11, 2010

Didn't work. You will have to do it the hard way.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.
Double click on NTBR_CD.exe file and a folder of the same name will appear.
Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.
Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
Read the warning and then continue as prompted.
You first need to select your keyboard layout - press Enter for English.
Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
On the following screen enter 5 to select Install Standard MBR code.
Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
When asked to confirm please do so.
Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

Let me know how the PC is.

appleybridger · Nov 11, 2010

Done that. Here's the log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 116):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF79A6000 \WINDOWS\system32\KDCOM.DLL
0xF78B6000 \WINDOWS\system32\BOOTVID.dll
0xF7377000 ACPI.sys
0xF79A8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7366000 pci.sys
0xF74A6000 isapnp.sys
0xF78BA000 compbatt.sys
0xF78BE000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A6E000 pciide.sys
0xF7726000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7348000 pcmcia.sys
0xF74B6000 MountMgr.sys
0xF7329000 ftdisk.sys
0xF78C2000 ACPIEC.sys
0xF7A6F000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF772E000 PartMgr.sys
0xF78C6000 UBHelper.sys
0xF74C6000 VolSnap.sys
0xF7311000 atapi.sys
0xF74D6000 disk.sys
0xF74E6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72F1000 fltmgr.sys
0xF72DF000 sr.sys
0xF72BB000 Fastfat.sys
0xF72A4000 KSecDD.sys
0xF7277000 NDIS.sys
0xF74F6000 uagp35.sys
0xF7506000 SISAGPX.sys
0xF725D000 Mup.sys
0xF7526000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF71C5000 \SystemRoot\system32\DRIVERS\sisgrp.sys
0xF71B1000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7536000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7746000 \SystemRoot\System32\Drivers\DKbFltr.sys
0xF774E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7183000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79AA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7756000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7546000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7556000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7566000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7160000 \SystemRoot\system32\DRIVERS\ks.sys
0xF79AC000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0xF712F000 \SystemRoot\system32\DRIVERS\HSFHWSIS.sys
0xF7031000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6F85000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF775E000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6D50000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF6D2C000 \SystemRoot\system32\drivers\portcls.sys
0xF7576000 \SystemRoot\system32\drivers\drmk.sys
0xF7766000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6D08000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF776E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7776000 \SystemRoot\system32\DRIVERS\sisnicxp.sys
0xF6CAD000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF7946000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7B2D000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7586000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF794A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6C96000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7596000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF75A6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF777E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6C85000 \SystemRoot\system32\DRIVERS\psched.sys
0xF75B6000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7786000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF778E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF75C6000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79AE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6BFF000 \SystemRoot\system32\DRIVERS\update.sys
0xF795A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF75D6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7626000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79B2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B7B000 \SystemRoot\System32\Drivers\Null.SYS
0xF79B4000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77D6000 \SystemRoot\System32\drivers\vga.sys
0xF79B6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79B8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77DE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77E6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7982000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAD72D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAD6D4000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF7636000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAD684000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAD662000 \SystemRoot\System32\drivers\afd.sys
0xF7646000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF798A000 \SystemRoot\system32\DRIVERS\srvkp.sys
0xAD637000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAD5C7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7656000 \SystemRoot\System32\Drivers\Fips.SYS
0xAD5A1000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7666000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAD57A000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF77F6000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF7224000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7686000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF77FE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7220000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAD38F000 \SystemRoot\System32\Drivers\Ntfs.SYS
0xF7696000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAD2D7000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79BA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6C7D000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7806000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xAD45E000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\SiSGRV.dll
0xF720C000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xAD1C3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xACFF8000 \SystemRoot\System32\Drivers\aswMon2.SYS
0x7C900000 \WINDOWS\System32\ntdll.dll

Processes (total 36):
0 System Idle Process
4 System
572 C:\WINDOWS\System32\SMSS.EXE
620 CSRSS.EXE
644 C:\WINDOWS\System32\WINLOGON.EXE
688 C:\WINDOWS\System32\SERVICES.EXE
700 C:\WINDOWS\System32\LSASS.EXE
848 C:\WINDOWS\System32\SVCHOST.EXE
896 SVCHOST.EXE
936 C:\WINDOWS\System32\SVCHOST.EXE
1008 SVCHOST.EXE
1092 SVCHOST.EXE
1464 C:\WINDOWS\EXPLORER.EXE
1500 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1612 C:\WINDOWS\System32\Keyhook.exe
1620 C:\WINDOWS\SOUNDMAN.EXE
1628 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
1636 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1644 C:\Program Files\Arcade\PCMService.exe
1684 C:\Program Files\Real\RealPlayer\REALPLAY.EXE
1692 C:\Program Files\QuickTime\QTTASK.EXE
1700 C:\Program Files\Launch Manager\QtZgAcer.EXE
1716 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1736 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
1740 C:\Acer\Empowering Technology\eRecovery\Monitor.exe
1816 C:\Program Files\Common Files\Java\Java Update\JUSCHED.EXE
1872 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
1988 C:\WINDOWS\System32\SISTRAY.EXE
616 C:\WINDOWS\System32\SPOOLSV.EXE
612 C:\Documents and Settings\Denis\Desktop\MBRCheck.exe
1956 SVCHOST.EXE
2016 C:\Acer\eManager\anbmServ.exe
1708 C:\Program Files\Java\JRE6\BIN\jqs.exe
1980 C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
1220 <unknown>
1420 C:\WINDOWS\System32\wuauclt.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`f98b7a00 (FAT32)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`bdfa3e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800UE-22HCT0, Rev: 09.07D09

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

appleybridger · Nov 11, 2010

Hi just noticed that when I click on a search result link in google and the blank page opens if I then close the blank page and click on the same link in the google search result the page then opens.

This is the only problem (Fingers crossed) that I am having at the moment with google.Not had any redirects for a while.

On occassion when I close the browser screens one by one the last one is a blank screen with the following examples of the web address
http://www.epoclick.com/?ad=1289466429

http://www.epoclick.com/?ad=1289473819

http://www.epoclick.com/?ad=1289486226

Also webpages showing googlesyndication and google-analytics

Am still getting the screen with the windows recovery console option on re boot.

crunchie · Nov 11, 2010

Which browser is playing up?

appleybridger · Nov 11, 2010

Am currently using IE6.Normally have IE and firefox installed but usually use Firefox Didn't download it or update to IE8 while I had the trouble.

crunchie · Nov 11, 2010

I would either update to IE7 to see if the problem is rectified, (you should anyway for security reasons) or go to Tools > Internet Options and under the Advanced Tab, select the Reset button, reboot and see how it is.

appleybridger · Nov 12, 2010

Updated to IE7.and tried various random searches.When I clicked on a search result I was taken to the page 1st time.On a number of occassions IE started to load a page then said it was unable to load the page.

On another occassion a web page for TheClickCheck.com appeared as I clicked a link
(web address http://www.theclickcheck.com/?sub=1...cmM9MjA0ODgxJmNpZD0yMzA2JnI9MSZub3BvcHVw PTE=)

Unfortunately I have also started getting redirected to K-Directory and other sites.

crunchie · Nov 12, 2010

Can you run MBRcheck again please. post the log when done.

appleybridger · Nov 12, 2010

Heres MBR log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 128):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF79A6000 \WINDOWS\system32\KDCOM.DLL
0xF78B6000 \WINDOWS\system32\BOOTVID.dll
0xF7377000 ACPI.sys
0xF79A8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7366000 pci.sys
0xF74A6000 isapnp.sys
0xF78BA000 compbatt.sys
0xF78BE000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A6E000 pciide.sys
0xF7726000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7348000 pcmcia.sys
0xF74B6000 MountMgr.sys
0xF7329000 ftdisk.sys
0xF78C2000 ACPIEC.sys
0xF7A6F000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF772E000 PartMgr.sys
0xF78C6000 UBHelper.sys
0xF74C6000 VolSnap.sys
0xF7311000 atapi.sys
0xF74D6000 disk.sys
0xF74E6000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72F1000 fltmgr.sys
0xF72DF000 sr.sys
0xF72BB000 Fastfat.sys
0xF72A4000 KSecDD.sys
0xF7277000 NDIS.sys
0xF74F6000 uagp35.sys
0xF7506000 SISAGPX.sys
0xF725D000 Mup.sys
0xF7526000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF70F3000 \SystemRoot\system32\DRIVERS\sisgrp.sys
0xF70DF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7536000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7746000 \SystemRoot\System32\Drivers\DKbFltr.sys
0xF774E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF70B1000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF79AA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7756000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7546000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7556000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7566000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF708E000 \SystemRoot\system32\DRIVERS\ks.sys
0xF79AC000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0xF705D000 \SystemRoot\system32\DRIVERS\HSFHWSIS.sys
0xF6F5F000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6EB3000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF775E000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6C7E000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF6C5A000 \SystemRoot\system32\drivers\portcls.sys
0xF7576000 \SystemRoot\system32\drivers\drmk.sys
0xF7766000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6C36000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF776E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7776000 \SystemRoot\system32\DRIVERS\sisnicxp.sys
0xF6BDB000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF7946000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF718C000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7586000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF794A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6BC4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7596000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF75A6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF777E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6BB3000 \SystemRoot\system32\DRIVERS\psched.sys
0xF75B6000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7786000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF778E000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF75C6000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79AE000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6B2D000 \SystemRoot\system32\DRIVERS\update.sys
0xF795A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF75D6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7626000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79B2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7165000 \SystemRoot\System32\Drivers\Null.SYS
0xF79B4000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77D6000 \SystemRoot\System32\drivers\vga.sys
0xF79B6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79B8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF77DE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77E6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7982000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAD72D000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAD6D4000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF7636000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAD684000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAD662000 \SystemRoot\System32\drivers\afd.sys
0xF7646000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF798A000 \SystemRoot\system32\DRIVERS\srvkp.sys
0xAD637000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAD5C7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7656000 \SystemRoot\System32\Drivers\Fips.SYS
0xAD5A1000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7666000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAD57A000 \SystemRoot\System32\Drivers\aswSP.SYS
0xF77F6000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xAD4C5000 \SystemRoot\System32\Drivers\Ntfs.SYS
0xF7218000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7686000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF77FE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7214000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF7696000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAD40D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79BA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6BAB000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7806000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF71B9000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\SiSGRV.dll
0xF793E000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xAD399000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAD12E000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xACF61000 \SystemRoot\system32\drivers\wdmaud.sys
0xAD2FD000 \SystemRoot\system32\drivers\sysaudio.sys
0xACE1E000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7A10000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xACFB6000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF7A1C000 \??\C:\WINDOWS\system32\drivers\osaio.sys
0xF7B0C000 \??\C:\WINDOWS\system32\drivers\osanbm.sys
0xACC0F000 \SystemRoot\system32\DRIVERS\srv.sys
0xAC80E000 \SystemRoot\System32\Drivers\HTTP.sys
0xF782E000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xAC6BD000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xAC5C7000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\System32\ntdll.dll

Processes (total 36):
0 System Idle Process
4 System
556 C:\WINDOWS\System32\SMSS.EXE
620 CSRSS.EXE
644 C:\WINDOWS\System32\WINLOGON.EXE
688 C:\WINDOWS\System32\SERVICES.EXE
700 C:\WINDOWS\System32\LSASS.EXE
848 C:\WINDOWS\System32\SVCHOST.EXE
896 SVCHOST.EXE
936 C:\WINDOWS\System32\SVCHOST.EXE
1004 SVCHOST.EXE
1116 SVCHOST.EXE
1348 C:\WINDOWS\EXPLORER.EXE
1508 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
172 C:\WINDOWS\System32\SPOOLSV.EXE
1440 SVCHOST.EXE
1544 C:\Acer\eManager\anbmServ.exe
1644 C:\WINDOWS\System32\Keyhook.exe
1652 C:\WINDOWS\SOUNDMAN.EXE
1660 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
1676 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1688 C:\Program Files\Arcade\PCMService.exe
1568 C:\Acer\Empowering Technology\eRecovery\Monitor.exe
2004 C:\Program Files\Java\JRE6\BIN\JQS.EXE
2020 C:\Program Files\Real\RealPlayer\REALPLAY.EXE
2028 C:\Program Files\QuickTime\QTTASK.EXE
268 C:\Program Files\Launch Manager\QtZgAcer.EXE
480 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
544 C:\Program Files\Common Files\Java\Java Update\JUSCHED.EXE
796 C:\WINDOWS\System32\SISTRAY.EXE
2520 alg.exe
1800 C:\WINDOWS\System32\WUAUCLT.EXE
1768 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2452 C:\WINDOWS\System32\ctfmon.exe
3352 C:\Program Files\Internet Explorer\IEXPLORE.EXE
1620 C:\Documents and Settings\Denis\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`f98b7a00 (FAT32)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`bdfa3e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800UE-22HCT0, Rev: 09.07D09

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

crunchie · Nov 12, 2010

Looks ok still.

Go to Start > Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"

Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE

============

See how it is now.

appleybridger · Nov 12, 2010

Did as suggested but on one site had the following message after IE started loading page

Internet explorer cannot open the site http://www.laptopsdirect.co.uk/.

Operation aborted.

After this a couple of sites gave the same message and then on further searches I got redirected.

crunchie · Nov 12, 2010

Download Delete Domains from here and run it. It will delete all entries from the trusted and restricted zone.
Still re-directed?

appleybridger · Nov 12, 2010

Still getting warning sying IE cannot open web page .Operation aborted.

Still redirected when page does open

crunchie · Nov 12, 2010

Can you delete the version of combofix you have and then download and run the latest version from here;

https://www.techspot.com/downloads/5587-combofix.html

http://subs.geekstogo.com/ComboFix.exe

appleybridger · Nov 13, 2010

Having trouble with bot cable modem and router.Will do asap.

appleybridger · Nov 13, 2010

Hi had to reset router and modem as I trouble accessing internet.Not tried any searches since I did this so don't know if I'm still getting redirected.But IE seems a bit sluggish loading my homepage (Google) and this forums page.

Heres Combofix log.

ComboFix 10-11-12.04 - Denis 13/11/2010 12:05:59.2.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.445.239 [GMT 0:00]
Running from: c:\documents and settings\Denis\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-10-13 to 2010-11-13 )))))))))))))))))))))))))))))))
.

2010-11-10 20:49 . 2010-11-10 20:49 -------- d-----w- C:\_OTL
2010-11-10 11:06 . 2010-11-10 11:06 -------- d-----w- c:\program files\Common Files\Java
2010-11-10 11:04 . 2010-11-10 11:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-10 11:04 . 2010-11-10 11:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-10 11:04 . 2010-11-10 11:04 -------- d-----w- c:\program files\Java
2010-11-10 11:01 . 2010-11-10 11:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-09 14:20 . 2010-11-09 14:20 -------- d-----w- c:\program files\CCleaner
2010-11-09 14:16 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-09 14:16 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-09 14:16 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-09 14:16 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-09 14:16 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-09 14:16 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-09 14:16 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-09 14:16 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-09 14:16 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-09 14:16 . 2010-11-09 14:16 -------- d-----w- c:\program files\Alwil Software
2010-11-09 14:16 . 2010-11-09 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-11-09 14:12 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-09 14:12 . 2010-11-09 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-09 14:12 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-09 14:12 . 2010-11-09 14:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-09 14:08 . 2010-11-09 14:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-09 14:08 . 2010-11-09 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-09 14:06 . 2010-11-09 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-11-09 14:06 . 2010-11-09 14:06 -------- d-----w- c:\program files\SpywareBlaster
2010-11-09 14:04 . 2004-08-04 05:00 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2010-11-09 11:45 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2010-11-09 11:44 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-11-09 11:44 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-11-09 11:42 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-11-09 11:40 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-11-09 11:40 . 2010-06-21 15:27 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-11-09 11:39 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-11-09 11:37 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-11-09 11:35 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-11-09 11:35 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-11-09 11:35 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-11-09 11:31 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-11-09 11:27 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-11-09 11:26 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-11-09 11:26 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-11-09 11:26 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-11-09 10:59 . 2010-11-09 10:59 -------- d-----w- c:\windows\system32\scripting
2010-11-09 10:59 . 2010-11-09 10:59 -------- d-----w- c:\windows\l2schemas
2010-11-09 10:59 . 2010-11-09 10:59 -------- d-----w- c:\windows\system32\en
2010-11-09 10:59 . 2010-11-09 10:59 -------- d-----w- c:\windows\system32\bits
2010-11-09 10:57 . 2010-11-09 10:57 -------- d-----w- c:\windows\ServicePackFiles
2010-11-09 10:50 . 2010-11-09 10:50 -------- d-----w- c:\windows\EHome
2010-11-09 10:37 . 2004-08-03 22:41 13240 ------w- c:\windows\system32\drivers\slwdmsup.sys
2010-11-09 10:37 . 2004-08-03 22:29 104960 ------w- c:\windows\system32\drivers\atinrvxx.sys
2010-11-09 10:37 . 2004-08-03 22:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2010-11-09 10:37 . 2004-08-03 22:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2010-11-09 10:37 . 2004-08-03 22:41 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
2010-11-09 10:37 . 2004-08-03 22:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2010-11-09 10:37 . 2004-08-03 22:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2010-11-09 10:37 . 2004-08-03 22:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2010-11-09 10:37 . 2004-08-03 22:29 36463 ------w- c:\windows\system32\drivers\ati1tuxx.sys
2010-11-09 10:37 . 2004-08-03 22:29 31744 ------w- c:\windows\system32\drivers\atinxbxx.sys
2010-11-09 10:37 . 2004-08-03 22:29 28672 ------w- c:\windows\system32\drivers\atinsnxx.sys
2010-11-09 10:25 . 2007-07-27 23:11 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-11-09 10:22 . 2009-08-06 19:24 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2010-11-09 10:22 . 2009-08-06 19:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-11-09 10:22 . 2009-08-06 19:24 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2010-11-09 10:22 . 2009-08-06 19:24 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-11-09 10:22 . 2009-08-06 19:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-11-09 07:07 . 2005-09-26 16:40 258048 ----a-w- c:\windows\system32\Uninstall_eRecovery.exe
2010-11-09 07:06 . 2010-11-09 07:06 -------- d-----w- c:\program files\Launch Manager
2010-11-09 07:06 . 2004-12-10 11:49 147456 ----a-w- c:\windows\UNINST32.EXE
2010-11-09 07:06 . 2004-12-08 14:10 16896 ----a-w- c:\windows\system32\drivers\DKbFltr.SYS
2010-11-09 07:06 . 2002-12-19 15:58 49152 ----a-w- c:\windows\system32\QtBtLib.dll
2010-11-09 07:05 . 2010-11-09 07:05 -------- d-----w- c:\documents and settings\Denis
2010-11-08 23:00 . 2001-08-17 13:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-11-08 23:00 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-11-08 22:17 . 2006-02-23 22:00 5010672 ----a-w- c:\windows\KB912945.EXE
2010-11-08 22:17 . 2004-08-26 03:23 163840 ----a-w- c:\windows\AExec.exe
2010-11-08 22:17 . 2004-08-24 22:48 589824 ----a-w- c:\windows\AntiV.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-08 22:17 . 2004-06-25 17:13 925 ----a-w- c:\windows\HotFix.bat
2010-11-08 22:17 . 2005-03-10 12:12 657 ----a-w- c:\windows\CLEANUP.CMD
2010-09-18 12:23 . 2004-08-04 05:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 05:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 05:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 05:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16 . 2004-08-04 05:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49 . 2004-08-04 05:00 369664 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2004-08-04 05:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 05:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-04 05:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-23 16:12 . 2004-08-04 05:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-04 05:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 05:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SiSPower"="SiSPower.dll" [2005-02-25 49152]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-03-04 32768]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 77824]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"PCMService"="c:\program files\Arcade\PCMService.exe" [2005-03-09 49152]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-12-29 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-29 98304]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-03-28 315392]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 393216]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-1-4 331776]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [09/11/2010 14:16 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [09/11/2010 14:16 17744]
R3 HSFHWSIS;HSFHWSIS;c:\windows\system32\drivers\HSFHWSIS.sys [15/12/2004 15:18 200576]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - INT15.SYS
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-13 12:09
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2972)
c:\program files\CyberLink\Shared Files\CLRCEngine.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: 2010-11-13 12:10:31
ComboFix-quarantined-files.txt 2010-11-13 12:10

Pre-Run: 30,027,415,552 bytes free
Post-Run: 30,047,043,584 bytes free

- - End Of File - - 62B9A9D392B82F16B3258A81A6C06579

crunchie · Nov 13, 2010

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

c:\windows\AExec.exe
c:\windows\AntiV.EXE

appleybridger · Nov 13, 2010

Both files scanned and nothing found.

appleybridger · Nov 13, 2010

Just an update.Been browsing most of the afternoon and(Touch wood) had no redirects.Also deleted some cookies and temp files and IE seems a lot faster now.

crunchie · Nov 13, 2010

Sounds good. Just give it a little more time and let me know if anything changes

.

appleybridger · Nov 20, 2010

Had a week of use now and had no re directs.

crunchie · Nov 20, 2010

Good news. Thanks for getting back.

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

appleybridger · Nov 21, 2010

Done that.

crunchie · Nov 21, 2010

No worries. Safe surfing

Solved Redirected in search engine even after reinstal

Posts: 33 +0

Posts: 728 +0

Posts: 33 +0

Posts: 33 +0

Posts: 728 +0

Posts: 33 +0

Posts: 728 +0

Posts: 33 +0

Posts: 728 +0

Posts: 33 +0

Posts: 728 +0

Posts: 33 +0

Posts: 728 +0

Posts: 33 +0

Posts: 728 +0

Posts: 33 +0

Posts: 33 +0

Posts: 728 +0

Posts: 33 +0

Posts: 33 +0

Posts: 728 +0

Posts: 33 +0

Posts: 728 +0

Posts: 33 +0

Posts: 728 +0

Similar threads