keep getting redirected

Status
Not open for further replies.
ROOTREPEAL (c) AD, 2007-2010
==================================================
Report Save Time: 2010/06/09 19:30
Program Version: Version 2.0.0.0
Windows Version: Windows XP SP3
==================================================

DRIVERS
-------------------
File Invisible dump_atapi.sys 0xf6aa1000 C:\WINDOWS\System32\Drivers\dump_atapi.sys, 98304 bytes
File Invisible dump_WMILIB.SYS 0xf912a000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS, 8192 bytes
File Invisible rootrepeal.sys 0xf6a11000 C:\WINDOWS\system32\drivers\rootrepeal.sys, 49152 bytes

PROCESSES
-------------------
4 - System
160 - C:\Program Files\AVG\AVG9\avgemc.exe
252 - C:\Program Files\AVG\AVG9\avgnsx.exe
328 - C:\WINDOWS\system32\svchost.exe
372 - C:\WINDOWS\Nhksrv.exe
388 - C:\Program Files\AVG\AVG9\avgwdsvc.exe
404 - C:\WINDOWS\system32\CTsvcCDA.EXE
468 - C:\Program Files\AVG\AVG9\avgcsrvx.exe
556 - C:\WINDOWS\system32\smss.exe
620 - C:\WINDOWS\system32\csrss.exe
644 - C:\WINDOWS\system32\winlogon.exe
688 - C:\WINDOWS\system32\services.exe
700 - C:\WINDOWS\system32\lsass.exe
856 - C:\WINDOWS\system32\svchost.exe
936 - C:\WINDOWS\system32\svchost.exe
976 - C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
1032 - C:\WINDOWS\system32\svchost.exe
1064 - C:\WINDOWS\system32\svchost.exe
1112 - C:\Program Files\AVG\AVG9\avgchsvx.exe
1120 - C:\Program Files\AVG\AVG9\avgrsx.exe
1220 - C:\WINDOWS\system32\MsPMSPSv.exe
1232 - C:\WINDOWS\system32\svchost.exe
1256 - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
1272 - C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
1308 - C:\WINDOWS\system32\ZuneBusEnum.exe
1324 - C:\WINDOWS\system32\svchost.exe
1404 - C:\Program Files\AVG\AVG9\avgcsrvx.exe
1732 - C:\WINDOWS\system32\spoolsv.exe
1924 - C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
2008 - C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
2016 - C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
2024 - C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
2032 - C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
2132 - C:\WINDOWS\system32\alg.exe
2376 - C:\Program Files\Mozilla Firefox\firefox.exe
2428 - C:\Program Files\PokerShortcuts\PokerShortcuts.exe
2892 - C:\WINDOWS\explorer.exe
2996 - C:\WINDOWS\MMKeybd.exe
3012 - C:\PROGRA~1\AVG\AVG9\avgtray.exe
3028 - C:\WINDOWS\BCMSMMSG.exe
3068 - C:\Program Files\Microsoft IntelliType Pro\itype.exe
3076 - C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3168 - C:\WINDOWS\system32\ctfmon.exe
3312 - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
3404 - C:\WINDOWS\system32\WudfHost.exe
3708 - C:\PROGRA~1\Yahoo!\Messenger\Ymsgr_tray.exe
4016 - C:\Documents and Settings\Ravish Prajapati\Desktop\RootRepeal.exe

FILES
-------------------
Mismatch C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl, Allocation size mismatch (API: 99625786543304832, Raw: 8192)

HIDDEN SERVICES
-------------------

SSDT
-------------------
SYSCALL OK, INT 0x2E OK, ServiceTable OK, Driver IAT OK

SHADOW SSDT
-------------------

CALLBACKS
-------------------
 
The RootRepeal logs does not show anything malicious.


ERUNT registry backup

Please start ERUNT and perform a registry backup.


Registry fix.

  • Please copy the contents including any blank lines of the Code Box below to Notepad, Do not include the word CODE:

    Code: 
    Windows Registry Editor Version 5.00.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=-
  • Make sure there are NO blank lines before Windows Registry Editor Version 5.00..
  • Make sure there are 1 blank line at the end of the file.
  • Name the file fix.reg
  • Change the Save as Type to All Files
  • Save it to your desktop.
  • Double-click on the fix.reg file, and click Yes when prompted to merge.


Post back:
  • Did any problems occur while following the instructions?
  • An update to the performance of the computer.
 
Backup the Registry

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please navigate to Start >> All Programs >> ERUNT >> ERUNT.

  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
  • System registry
  • Current user registry
  • Next click on OK
  • When the Question pop-up appears click on Yes
  • After a short duration the Registry backup is complete! popup will appear
  • Now click on OK. A backup has been created.

Note: If you have uninstalled ERUNT, please post back before proceeding any further.


Registry fix.

  • Please copy the contents including any blank lines of the Code Box below to Notepad, Do not include the word CODE:

    Code: 
    Windows Registry Editor Version 5.00.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=-
  • Make sure there are NO blank lines before Windows Registry Editor Version 5.00..
  • Make sure there are 1 blank line at the end of the file.
  • Name the file fix.reg
  • Change the Save as Type to All Files
  • Save it to your desktop.
  • Double-click on the fix.reg file, and click Yes when prompted to merge.


Post back:
  • Did any problems occur while following the instructions?
  • An update to the performance of the computer.
 
1. The registry thing was successful.

2. The performance of the computer is pretty good.

Also, I can't play videos(youtube, etc.). I guess this is because i have don't have java yet. I'm not installing it, until you tell me to do so.

Anyways, thanks for everything so far:)
 
You're welcome. I'm glad I could help. :)


AVG

Make sure you have re-enabled AVG:

  • Open AVG User Interface.
  • Double-click on the Resident Shield.
  • Check the option Resident Shield active.
  • Save the changes and close AVG.


Update Windows and Internet Explorer

Update Windows and Internet Explorer to protect your computer from malware. Please go to the windows update site to get the critical updates.


Reinstall Java

Download and install Java Runtime Environment (JRE) 6 Update 20


Delete the following tools

  • DDS
  • GMER
  • rkill
  • TDSSKiller
  • RootRepeal
    You can just delete the files.


Your computer now appears to be malware free. The logs are clean. Good job!

Please follow these simple steps in order to keep your computer clean and secure.


Create a new and delete old system restore points:

Now you should Set a New Restore Point to prevent possible reinfection from an old one . Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

  1. Go to Start > Programs > Accessories > System Tools and click System Restore.
  2. Choose the radio button marked "Create a Restore Point" on the first screen then click Next. Give the R.P. a name then click Create. The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  3. Then go to Start > Run and type:
    Code: 
    cleanmgr
  4. Click OK and new window will open.
  5. Choose drive C and click ok.
  6. Click the More Options Tab.
  7. Click Clean Up in the System Restore section to remove all previous restore points except the newly created one. New window will open and click OK to remove all previous restore points except the recent one.

Note: Do this only ONCE, do not reset regularly.


Keep your system updated:

Enable automatic updates for Windows XP to get the latest patches from Microsoft to fix bugs and security holes.

  • Go to Start > Control Panel > Automatic Updates
    1. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
    2. Select Download updates for me, but let me choose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
    3. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.


Keep your non-Microsoft applications updated as well:

Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it and install the suggested updates at least once a week.


Secure your computer further:

I recommend you to download and install the following programs (if not already present), and updating of them on a regular basis.

  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX programs to run on your computer. It does this by disabling known offending ActiveX programs from running at all.

    You can download SpywareBlaster from Javacool and learn how to use it in the tutorial at Bleeping Computer..

  • Install and use Spybot Search & Destroy
    Instructions are located here. Make sure you update, reimmunize & scan regularly.

  • Enable Teatimer option in Spybot Search & Destroy
    • Open Spybot S&D.
    • Click Mode, choose Advanced Mode.
    • Go To the bottom of the Vertical Panel on the Left, Click Tools.
    • then, also in left panel, click Resident (shows a red/white shield).
    • If your firewall raises a question, say OK.
    • In the Resident protection status frame, check the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active.
    • OK any prompts.
    • Click Mode, choose Default Mode.
    • Use File, Exit to terminate Spybot.
    • Reboot your machine for the changes to take effect.

  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy.
    • Run Spybot Search & Destroy.
    • Click on Mode, and then place a tick next to Advanced mode.
    • Click Yes.
    • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File.
    • Click on Add Spybot-S&D hosts list.

    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue:
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window.

  • Hosts File
    If you don't use Spybot S&D's hosts file, then install the following for the added protection: MVPS Hosts, you will find more information regarding hosts files there. A simple explanation of what a Hosts file does is here.

  • Malwarebytes Anti-Malware
    Update Malwarebytes Anti-Malware and perform a quick scan 1-2 times a week.

  • NoScript
    Use the NoScript addon for Firefox to avoid malicious scripting attacks.

  • Install and use a firewall with outbound protection.

    Looking over your log it seems you don't use any third party FIREWALL. As the term conveys a firewall is an extra layer of security installed onto computers which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders.

    If you are using the built-in Windows XP firewall it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to phone home for more instructions. Simply put Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

    I would recommend to install install a free firewall for personal use from one of these excellent vendors. Choice is yours:

    See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here

    Note: You should only have one firewall installed at a time. Having more than one firewall program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.


    It is absolutely essential that you keep Java, Adobe and all of your security programs up to date


    Read these articles to learn more about how to protect yourself while on the internet:


Stay away from P2P like the plague. The computer will get re-infected!


Please post back one more time to confirm that you have read this post or if you have got any questions.


Safe surfing! :)
 
Last edited:
I've done everything you told me to do. Everything seems to be fine now. I really appreciate the help.

Thank you very much.

If i do get redirecting problems again, say within the next month or so, do i reply to this post?

Once again,
Thanks
 
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

Note: If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
 
Status
Not open for further replies.
Back
Top