Page 1 of 4 1234 LastLast
Results 1 to 10 of 32

Thread: Google search result redirect

  1. #1
    Junior Member
    Join Date
    Nov 2010
    Posts
    28

    Default Google search result redirect

    When I google something it works just fine, when I got to open the link google provides it redirects me to various sites. If I stay on these sights for more than a second or two they download some BS Anti Virus program that disables all non essential services and processes and tells me it's being caused by generic virus X or some child porn in my recycling bin.

    The later has happened twice, both times it was resolved by booting into safe mode and deleting the .exe for the BS program.

    The redirect is still present. My AV program(s) did find anything, nor did Malware Bytes.

    I have yet to run ERUNT as this site states that it works up to Vista but does not mention Windows 7 which I run (64 bit by the way). Please advise me as to whether or not it works with 7.

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_27
    Run by James at 21:02:11 on 2012-03-04
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2012 [GMT -6:00]
    .
    AV: K7TotalSecurity *Enabled/Outdated* {BC469931-B9AF-35BD-843C-DBDA831AFD8D}
    AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
    SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: K7TotalSecurity *Enabled/Outdated* {072778D5-9F95-3A33-BE8C-E0A8F89DB730}
    FW: K7TotalSecurity *Enabled* {847D1814-F3C0-34E5-AF63-72EF7DC9BAF6}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\K7 Computing\K7TSecurity\K7TSMngr.exe
    C:\Windows\system32\spool\DRIVERS\x64\3\lxduserv.exe
    C:\Windows\system32\lxducoms.exe
    C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
    C:\Windows\SysWOW64\NLSSRV32.EXE
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
    C:\Windows\SysWOW64\vmnat.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
    C:\Windows\SysWOW64\vmnetdhcp.exe
    C:\Program Files (x86)\K7 Computing\K7TSecurity\K7EmlPxy.exe
    C:\Program Files (x86)\K7 Computing\K7TSecurity\K7FWSrvc.exe
    C:\Program Files (x86)\K7 Computing\K7TSecurity\K7PSSrvc.exe
    C:\Program Files (x86)\K7 Computing\K7TSecurity\K7RTScan.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    C:\Users\James\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\NETGEAR\WNDA3100\WNDA3100.exe
    C:\Users\James\AppData\Local\Akamai\netsession_win.exe
    C:\Users\James\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
    C:\Users\James\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler64.exe
    C:\Program Files (x86)\K7 Computing\K7TSecurity\K7TSecurity.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\K7 Computing\K7TSecurity\K7SysMon.Exe
    C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.youtube.com/
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
    BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: CutePDF Form Filler Helper: {d41289f2-69c6-417b-897e-c653d677cbaf} - C:\Program Files (x86)\Acro Software\CutePDF Filler Evaluation\CPFillerCoE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Yontoo Layers (Drop Down Deals): {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
    TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
    uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
    uRun: [Google Update] "C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Akamai NetSession Interface] "C:\Users\James\AppData\Local\Akamai\netsession_win.exe"
    uRun: [Internet Security] C:\ProgramData\isecurity.exe
    mRun: [K7TSStart] C:\Program Files (x86)\K7 Computing\K7TSecurity\K7TSecurity.exe
    mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
    mRun: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [<NO NAME>]
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    dRunOnce: [osk.exe] osk.exe
    dRunOnce: [Application Restart #0] C:\Windows\System32\osk.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100\WNDA3100.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    LSP: C:\Windows\system32\K7WSLsp.dll
    LSP: %SystemRoot%\system32\vsocklib.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    TCP: DhcpNameServer = 192.168.11.1
    TCP: Interfaces\{167F7E20-DF72-492A-8B7E-E3E827491A8A} : DhcpNameServer = 192.168.11.1
    TCP: Interfaces\{167F7E20-DF72-492A-8B7E-E3E827491A8A}\2455646414C4F4D2436453330303F574 : DhcpNameServer = 192.168.11.1
    TCP: Interfaces\{167F7E20-DF72-492A-8B7E-E3E827491A8A}\4416C6B616E6472756C6C6F51374 : DhcpNameServer = 192.168.11.1
    TCP: Interfaces\{167F7E20-DF72-492A-8B7E-E3E827491A8A}\4416C6B616E6472756C6C6F52374 : DhcpNameServer = 192.168.12.1
    mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe
    BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO-X64: IDM Helper - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Foxit Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: CutePDF Form Filler Helper: {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files (x86)\Acro Software\CutePDF Filler Evaluation\CPFillerCoE.dll
    BHO-X64: CutePDF Form Filler - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    BHO-X64: Yontoo Layers (Drop Down Deals): {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll
    BHO-X64: Yontoo Layer (Drop Down Deals)s - No File
    TB-X64: Foxit Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    mRun-x64: [K7TSStart] C:\Program Files (x86)\K7 Computing\K7TSecurity\K7TSecurity.exe
    mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
    mRun-x64: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [(Default)]
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    Hosts: 87.229.126.50 www.google.com
    Hosts: 87.229.126.51 www.bing.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\w7xt50qv.default\
    FF - component: C:\Users\James\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\nppl3260.dll
    FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\nprpjplug.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
    FF - plugin: C:\Users\James\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.y2layers.installId - 2176e3f9-28ae-4cca-b216-b56962e5f0a0
    FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,BuzzdockTease,DropDownDeals,
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 K7FWHlpr;K7FWHlpr;C:\Windows\system32\drivers\K7FWHlpr.sys --> C:\Windows\system32\drivers\K7FWHlpr.sys [?]
    R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?]
    R1 K7Sentry;K7AntiVirus MiniFilter Driver;\??\C:\Windows\system32\drivers\K7Sentry.sys --> C:\Windows\system32\drivers\K7Sentry.sys [?]
    R1 K7TdiHlp;K7TDI Helper Service;\??\C:\Windows\system32\drivers\K7TdiHlp.sys --> C:\Windows\system32\drivers\K7TdiHlp.sys [?]
    R1 PSINKNC;PSINKNC;C:\Windows\system32\DRIVERS\psinknc.sys --> C:\Windows\system32\DRIVERS\psinknc.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 IDMWFP;IDMWFP;C:\Windows\system32\DRIVERS\idmwfp.sys --> C:\Windows\system32\DRIVERS\idmwfp.sys [?]
    R2 PSINAflt;PSINAflt;C:\Windows\system32\DRIVERS\PSINAflt.sys --> C:\Windows\system32\DRIVERS\PSINAflt.sys [?]
    R2 PSINFile;PSINFile;C:\Windows\system32\DRIVERS\PSINFile.sys --> C:\Windows\system32\DRIVERS\PSINFile.sys [?]
    R2 PSINProc;PSINProc;C:\Windows\system32\DRIVERS\PSINProc.sys --> C:\Windows\system32\DRIVERS\PSINProc.sys [?]
    R2 PSINProt;PSINProt;C:\Windows\system32\DRIVERS\PSINProt.sys --> C:\Windows\system32\DRIVERS\PSINProt.sys [?]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\system32\drivers\anvsnddrv.sys --> C:\Windows\system32\drivers\anvsnddrv.sys [?]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50a64.sys --> C:\Windows\system32\Drivers\PCASp50a64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;C:\Windows\system32\DRIVERS\WNDA31w7x.sys --> C:\Windows\system32\DRIVERS\WNDA31w7x.sys [?]
    S2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
    S3 DbusAudio;DbusAudio;C:\Windows\system32\drivers\DbusAudio.sys --> C:\Windows\system32\drivers\DbusAudio.sys [?]
    S3 DrmRAudio;DrmRAudio;C:\Windows\system32\drivers\DrmRAudio.sys --> C:\Windows\system32\drivers\DrmRAudio.sys [?]
    S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-11-9 14216]
    S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-11-9 8456]
    S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50a64.sys --> C:\Windows\system32\Drivers\PCAMp50a64.sys [?]
    S3 SndTAudio;SndTAudio;C:\Windows\system32\drivers\SndTAudio.sys --> C:\Windows\system32\drivers\SndTAudio.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-03-05 02:47:45 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6654123A-C718-4F57-AADC-1943FEF2DFD1}\offreg.dll
    2012-03-02 05:52:48 -------- d-----w- C:\ProgramData\VirtualizedApplications
    2012-03-02 01:26:15 -------- d-----w- C:\f5c9eb4f3136b9103f59f33903c2
    2012-02-29 15:56:42 -------- d-----w- C:\Program Files\iPod
    2012-02-29 15:56:36 -------- d-----w- C:\Program Files\iTunes
    2012-02-25 23:00:01 127016 --sh--w- C:\Users\James\AppData\Local\dplayx.dll
    2012-02-23 01:20:49 33872 ----a-w- C:\Windows\System32\drivers\anvsnddrv.sys
    2012-02-23 01:20:49 235520 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
    2012-02-23 01:20:48 143872 ----a-w- C:\Windows\SysWow64\xvid.ax
    .
    ==================== Find3M ====================
    .
    2011-12-14 14:49:41 647360 ----a-w- C:\ProgramData\SPL8299.tmp
    2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    .
    ============= FINISH: 21:05:10.24 ===============

  2. #2
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi,

    There seems to be both K7TotalSecurity and Panda Cloud Antivirus installed there. It's recommended to have only one antivirus product installed and running. Decide which one to keep (make sure you have valid license for the one you're going to keep).



    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2018
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Nov 2010
    Posts
    28

    Default

    Thanks for taking the time to help me out here. It's much appreciated.

    I intend to remove both AV programs and replace them with one good (free) one once this issue is resolved. Once we do get this out of the way I'd really appreciate some suggestions towards that end.

    But for the moment I can't even do a Google search so finding and installing a new AV program will be a bit of a hassle. And I'm not too fond on the idea of removing my protection while malware is present and then installing a new AV program while it's still present.

    That aside I've followed your instructions. The logs are attached.

  4. #4
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi again,


    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    DDS::
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
    Then post the resultant log.



    Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

    Updating Java:
    • Download the latest version of Java Runtime Environment (JRE) 7 Update 3.
    • Click the
      Download
      button under JRE.
    • Check the box that says:
      Accept License Agreement.
    • Click on the jre-7u3-windows-i586.exe link to download Windows Offline Installation and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-7u3-windows-i586.exe to install the newest version.


    * Go here to run an online scanner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
    • Click Scan
    • Wait for the scan to finish.


    Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Is it still redirecting (with all installed browsers)?
    Microsoft Windows Insider MVP 2016-2018
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Junior Member
    Join Date
    Nov 2010
    Posts
    28

    Default

    Ugh!

    It seemed like the redirects had stopped. I was running ESET and it took 2 hours but got to %99 then spent another 2 hours there, not frozen but actually scanning. Then BLAM! Suddenly the redirects returned except it seems they not only redirect google results but any non cached websites. And it's back with a vengeance.

    It's downloaded the BS AV program several times since it started acting up again. And it seems to be downloading several other kinds of viruses as well. K7 caught several strange programs trying to connect to the internet. I had K7 remove them but I doubt it caught them all. And something keeps repeatedly trying to delete my Appdata/Local folder.

    I've ran ESET twice since my first attempt, both times the bogus AV program finds it's way back in and interrupts it. I'll try it one more time with my connection locked down. Or maybe just disabled.

    Does my computer need to be connected to the internet to run ESET?

    I'm not sure why it seemed to go away, maybe it really did. Or maybe I just haven't tried going to any non cached pages? I don't really go exploring on the internet often so that's possible.

  6. #6
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi,

    Does my computer need to be connected to the internet to run ESET?
    Yes. Please give it another go and post back the results + fresh DDS logs.
    Microsoft Windows Insider MVP 2016-2018
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #7
    Junior Member
    Join Date
    Nov 2010
    Posts
    28

    Default

    So after taking 11 hours ESET finally finished. Was it supposed to generate a log? Because that I'm aware of, it didn't.

    It said there were 15 infected items though.

    I Will run DDS and get that log, just wanted to check if there's an ESET log hiding somewhere?

  8. #8
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi,

    See if the report is in C:\Program Files (x86)\ESET folder.
    Microsoft Windows Insider MVP 2016-2018
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  9. #9
    Junior Member
    Join Date
    Nov 2010
    Posts
    28

    Default

    Okay, got everything ready here. The problem doesn't seem to be present at the moment, I'll cross my fingers and hope it doesn't resurface.

    However another problem has popped up in it's stead, malwarebytes detected it and claimed to remove it but it didn't. It's a fake svchost called winrscmde and I can't tell what it's doing but it will usually be taking up 1-2GB of ram.

    I've attached the logs, not sure what to do about the fake process?

    Not sure if it will show up in the logs as I don't know if I did it before the scans or after but I've installed Avira, hopefully and seemingly it's doing better than my last experience with it. I haven't got around to uninstalling Pandac loud or K7 but they're both disabled.

  10. #10
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi,

    Delete C:\Users\James\Desktop\Media\Docs\Docs\Stuff\Apps + Cracks folder. Also, it seems your Adobe Photoshop isn't legit version so you have to uninstall it. Uninstall also extra antivirus protection leaving just Avira installed.


    When all that done post fresh dds logs.
    Microsoft Windows Insider MVP 2016-2018
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •