Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Google redirect (DDS included)

  1. #1
    Junior Member
    Join Date
    Jun 2011
    Posts
    10

    Default Google redirect (DDS included)

    Hi guys i keep getting redirected when using any search engine.

    Let me know what information you require to help.





    .
    DDS (Ver_2011-06-23.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_25
    Run by HOME at 16:31:06 on 2011-06-25
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8175.7161 [GMT 10:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\viakaraokesrv.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    F:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Users\HOME\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\HOME\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Users\HOME\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\HOME\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit=userinit.exe,
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    uRun: [SmartRAM] "F:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
    uRun: [EPSON TX550W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIP.EXE /FU "D:\temp\E_S2599.tmp" /EF "HKCU"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://qaccess.qantas.com.au/aussyd13/dwa7W.cab
    TCP: Interfaces\{9611E342-2175-48BF-B455-4A737775D0BB} : NameServer = 61.9.134.49,61.9.133.193
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\HOME\AppData\Roaming\Mozilla\Firefox\Profiles\kt5skon0.default\
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Users\HOME\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-5 366640]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-4-29 2218600]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-7 378472]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-12 2656280]
    R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\system32\viakaraokesrv.exe --> C:\Windows\system32\viakaraokesrv.exe [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-7 136176]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-6-5 1153368]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-7 136176]
    S3 npusbio;npusbio;C:\Windows\system32\Drivers\npusbio_x64.sys --> C:\Windows\system32\Drivers\npusbio_x64.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-06-17 13:00:21 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2011-06-17 12:58:04 -------- d-----w- C:\Users\HOME\AppData\Local\LogMeIn Hamachi
    2011-06-17 12:42:39 -------- d-----w- C:\Users\HOME\AppData\Roaming\PFStaticIP
    2011-06-17 12:40:48 -------- d-----w- C:\Program Files (x86)\PFStaticIP
    2011-06-17 11:50:11 -------- d-----w- C:\Users\HOME\AppData\Local\Western Digital
    2011-06-17 10:01:57 205824 ----a-w- C:\Windows\patchw32.dll
    2011-06-17 10:01:11 205824 ----a-w- C:\Windows\pw32a.dll
    2011-06-17 10:01:10 28 ----a-w- C:\Windows\SysWow64\copytowin.bat
    2011-06-17 10:01:10 205824 ----a-w- C:\Windows\SysWow64\pw32a.dll
    2011-06-07 06:39:54 -------- d-----w- C:\Windows\pss
    2011-06-07 06:33:08 32136 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
    2011-06-07 06:33:08 18232 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
    2011-06-05 10:04:21 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2011-06-05 10:04:21 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2011-06-05 07:05:27 -------- d-----w- C:\Users\HOME\AppData\Roaming\TS3Client
    2011-06-05 06:59:12 -------- d-----w- C:\Program Files\TeamSpeak 3 Client
    2011-06-05 06:06:14 -------- d-----w- C:\Users\HOME\AppData\Local\Deployment
    2011-06-05 06:06:14 -------- d-----w- C:\Users\HOME\AppData\Local\Apps
    2011-06-05 05:33:11 -------- d-----w- C:\Users\HOME\AppData\Roaming\Malwarebytes
    2011-06-05 05:33:06 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-06-05 05:33:05 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-06-05 05:33:03 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-06-05 05:33:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-06-04 07:42:48 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
    2011-06-04 07:37:18 -------- d-----w- C:\Program Files (x86)\Lavasoft
    2011-06-04 07:05:54 -------- d-----w- C:\Users\HOME\AppData\Roaming\Adware Alert
    2011-06-04 04:37:54 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2011-06-04 04:37:48 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-06-04 04:37:48 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-06-04 04:37:13 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
    2011-06-04 04:37:13 31232 ----a-w- C:\Windows\System32\prevhost.exe
    2011-06-04 04:37:06 2871808 ----a-w- C:\Windows\explorer.exe
    2011-06-04 04:37:06 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
    2011-06-04 04:37:00 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-06-04 04:37:00 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-06-04 04:36:51 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2011-06-04 04:36:51 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2011-06-04 04:36:51 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2011-06-04 04:36:51 1139200 ----a-w- C:\Windows\System32\FntCache.dll
    2011-06-04 04:36:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2011-06-04 04:36:26 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
    2011-06-04 04:36:26 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2011-06-03 06:48:44 135168 --sha-r- C:\Windows\SysWow64\msxml4G.dll
    2011-05-31 23:07:29 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{513A8BEB-B3FA-4AA3-9620-8DF8A7B074E1}\mpengine.dll
    .
    ==================== Find3M ====================
    .
    2011-06-04 04:37:39 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2011-06-04 04:37:39 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\System32\win32k.sys
    2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-05-13 08:14:55 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-05-08 13:17:48 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    2011-04-22 22:08:29 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2011-04-22 19:10:01 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-04-15 01:42:32 98304 ----a-w- C:\Windows\system32CmdLineExt.dll
    2011-04-12 12:32:33 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-04-12 12:32:33 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-04-07 13:19:38 117864 ----a-w- C:\Windows\System32\nvmctray.dll
    2011-04-07 13:19:36 797288 ----a-w- C:\Windows\System32\easyUpdatusAPIU64.dll
    2011-04-07 13:19:36 61032 ----a-w- C:\Windows\System32\nvshext.dll
    2011-04-07 13:19:36 1012328 ----a-w- C:\Windows\System32\nvvsvc.exe
    2011-04-07 13:19:26 6338152 ----a-w- C:\Windows\System32\nvcpl.dll
    2011-04-07 13:19:08 3041384 ----a-w- C:\Windows\System32\nvsvc64.dll
    .
    ============= FINISH: 16:31:37.84 ===============

  2. #2
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Hi mark1eo,

    Welcome to Safer Networking. My name is Blottedisk and I will be helping you with your malware issues.


    • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Thread Tools box to the top right of your topic title and then choosing Suscribe to this Thread (then choose Instant Notification by email). If the button says Unsuscribe from this Thread, then you are already subscribed.
    • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.


    The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then the thread will be locked due to inactivity. However, if you will be away, let us know and we will be sure to keep the thread open.


    Please follow these steps in order:


    Step 1 | Please download GMER from one of the following locations and save it to your desktop:

    Main Mirror - This version will download a randomly named file (Recommended)
    Zipped Mirror - This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

    --------------------------------------------------------------------

    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.


    Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.



    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Make sure all options are checked except:
      • IAT/EAT
      • Drives/Partition other than Systemdrive, which is typically C:\
      • Show All (This is important, so do not miss it.)



    Click the image to enlarge it

    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and re-enable all active protection when done.

    -- If you encounter any problems, try running GMER in Safe Mode.

    Step 2 | Please download aswMBR to your desktop.

    • Double click the aswMBR icon to run it.
      Vista and Windows 7 users right click the icon and choose "Run as administrator".
    • Click the Scan button to start scan.
    • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.



    Click the image to enlarge it


    Step 3 | Please download MBRCheck.exe to your desktop.
    • Be sure to disable your security programs
    • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
    • A window will open on your desktop
    • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
    • Please post the contents of that file.
    -- WTT Classroom Graduate --
    -- ASAP Member --
    -- UNITE Trained Eliminator --

  3. #3
    Junior Member
    Join Date
    Jun 2011
    Posts
    10

    Default

    hey ive done step one above, here is step 2 and 3 in a zip folder thx for you assistance.

  4. #4
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Hi there,


    Step 1 is GMER. I can't seem to find where you submitted the log?
    -- WTT Classroom Graduate --
    -- ASAP Member --
    -- UNITE Trained Eliminator --

  5. #5
    Junior Member
    Join Date
    Jun 2011
    Posts
    10

    Default

    sorry for that here is step one

  6. #6
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    No probs

    Please use the instructions on this page to change your DNS servers to use OpenDNS:

    OpenDNS Instructions for Win7

    After this, flush the DNS cache and web browser cache as recommended.


    When finished, please download Combofix from either of the links below and save it to your desktop.

    Link 1
    Link 2


    **Note: It is important that it is saved directly to your desktop**

    --------------------------------------------------------------------
    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    --------------------------------------------------------------------

    • Right-click and choose "Run as administrator" on Combofix.exe & follow the prompts. When finished, it will produce a report for you.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.


    If you need help, see this link:
    http://www.bleepingcomputer.com/comb...o-use-combofix
    -- WTT Classroom Graduate --
    -- ASAP Member --
    -- UNITE Trained Eliminator --

  7. #7
    Junior Member
    Join Date
    Jun 2011
    Posts
    10

    Default

    Here you are

  8. #8
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Please go to the following site to scan a file: Virus Total

    • Click on Browse, and upload the following file for analysis:

      • C:\Windows\SysWow64\msxml4G.dll

    • Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
    • If it says already scanned -- click "reanalyze now"
    • Please post the results in your next reply.
    -- WTT Classroom Graduate --
    -- ASAP Member --
    -- UNITE Trained Eliminator --

  9. #9
    Junior Member
    Join Date
    Jun 2011
    Posts
    10

    Default

    Hey in my windows folder i only have msxml4r.dll so thats what i scanned. Hope its ok?

    Antivirus Version Last Update Result
    AhnLab-V3 2011.07.02.00 2011.07.01 -
    AntiVir 7.11.10.197 2011.07.01 -
    Antiy-AVL 2.0.3.7 2011.07.02 -
    Avast 4.8.1351.0 2011.07.01 -
    Avast5 5.0.677.0 2011.07.01 -
    AVG 10.0.0.1190 2011.07.01 -
    BitDefender 7.2 2011.07.02 -
    CAT-QuickHeal 11.00 2011.07.02 -
    ClamAV 0.97.0.0 2011.07.02 -
    Commtouch 5.3.2.6 2011.07.02 -
    Comodo 9250 2011.07.02 -
    DrWeb 5.0.2.03300 2011.07.02 -
    eSafe 7.0.17.0 2011.06.29 -
    eTrust-Vet 36.1.8421 2011.07.01 -
    F-Prot 4.6.2.117 2011.07.01 -
    F-Secure 9.0.16440.0 2011.07.02 -
    Fortinet 4.2.257.0 2011.07.02 -
    GData 22 2011.07.02 -
    Ikarus T3.1.1.104.0 2011.07.02 -
    Jiangmin 13.0.900 2011.07.01 -
    K7AntiVirus 9.107.4863 2011.07.01 -
    Kaspersky 9.0.0.837 2011.07.02 -
    McAfee 5.400.0.1158 2011.07.02 -
    McAfee-GW-Edition 2010.1D 2011.07.02 -
    Microsoft 1.7000 2011.07.02 -
    NOD32 6258 2011.07.02 -
    Norman 6.07.10 2011.07.01 -
    nProtect 2011-07-01.01 2011.07.01 -
    Panda 10.0.3.5 2011.07.01 -
    PCTools 8.0.0.5 2011.07.01 -
    Prevx 3.0 2011.07.02 -
    Rising 23.64.04.03 2011.07.01 -
    Sophos 4.67.0 2011.07.02 -
    SUPERAntiSpyware 4.40.0.1006 2011.07.02 -
    Symantec 20111.1.0.186 2011.07.02 -
    TheHacker 6.7.0.1.246 2011.07.01 -
    TrendMicro 9.200.0.1012 2011.07.02 -
    TrendMicro-HouseCall 9.200.0.1012 2011.07.02 -
    VBA32 3.12.16.4 2011.07.01 -
    VIPRE 9746 2011.07.02 -
    ViRobot 2011.7.2.4545 2011.07.02 -
    VirusBuster 14.0.105.2 2011.07.01 -

  10. #10
    Emeritus- Malware Team
    Join Date
    May 2009
    Location
    Buenos Aires, Argentina
    Posts
    340

    Default

    Its ok.

    As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates
    • After the update have been completed, Select the Scanner tab.
    • Select Perform Quick scan, then click on Scan
    • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
    • Check all items then click on Remove Selected
    • After it has removed the items, Notepad will open. Please post this log in your next reply.


    The log can also be found here:

    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.


    Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
    Failure to reboot will prevent MBAM from removing all the malware.
    -- WTT Classroom Graduate --
    -- ASAP Member --
    -- UNITE Trained Eliminator --

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •