Inactive System check virus? IE being redirected randomly

cricket04

Posts: 32   +0
Hello everybody,

last week I had "system check" pop up on my laptop. I closed the window without clicking on it but it would randomly popup when searching the internet. I found the program folder and deleted it which has removed that problem. The new problem I'm having is being redirected to sites different than ones I click on.

Anyhelp is greatly appreciated,
Thanks

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.29.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
T & L :: DELL_LAPTOP [administrator]

Protection: Enabled

28-Mar-12 11:00:11 PM
mbam-log-2012-03-28 (23-00-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194375
Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-29 16:22:49
Windows 6.1.7601 Service Pack 1
Running: rebdn1u3.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004eeb0139
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004eeb0139 (not active ControlSet)

---- EOF - GMER 1.0.15 ----


I can't get DDS to run. A black box flashes that says:

'C:\Users\T' is not recognized as an internal or external command, operable program or batch file. The system cannot find the path specified.


Please advise what to do next,
Thanks
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==============================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
aswMBR

dowloaded but won't run when i double click it.

I'm running windows 7 and have Zonealarm Extreme Security running. Do I need to shut down Zonealarm??

Do you want me to download/run Bootkit Remover now or wait?

Patiently waiting...
 
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`afd00000

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
 
just had blue screen come up and then windows restarted asking me if i want to restore using system restore.

Help
 
No.
Turn the computer off.
Wait one minute.
Start normally.
If normal mode doesn't work try safe mode.
 
Restarted laptop and i have the windows Error Recover black screen saying

" Windoows failed to start. A recent hardware or software change miight be the cause.

If windows files have been damaged or configured incorrectly, startup Repair can help diagnose and fix the problem. If power was interrupted during startup, choose start windows Normally"

-Launch Startup Repair (recommended)
-Start Windows Normally
 
Start windows normally wouldn't work had to choose repair.

Now it's back to the restore screen with the option to Restore or Cancel??
 
Startup Repair
Windows cannot repair this computer automatically.

-send information about this problem (recommended)
-Don't send
 
Problem signature:

Problem Event Name: Startup Repair Offline
Problem Signature 01 6.1.7600.16385
Problem Signature 02 6.1.7600.16385
Problem Signature 03 Unknown
Problem Signature 04 328
Problem Signature 05 AutoFailover
Problem Signature 06 1
Problem Signature 07 0x109
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033
 
Back