Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirect please HElp~!


  • Please log in to reply
7 replies to this topic

#1 YazooX

YazooX

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 24 December 2009 - 01:49 AM

Hi, I have basicly tried scanning my computer with spybot, malwarebytes, AVG, Panda Scan Internet protection 2010, Ad Aware.
i've also tried using gooredfix.exe it doesnt really let me select the option 1 or 2... like people have said. Please help~!!
and occasionaly the search i do on google and click on the first few links always brings me to this false website (http://www.newserversearch.com)which doesnt really load it just says problem loading.
Im using a Vista laptop and Mozilla Firefox as a browser and DDS.txt is provided below.

Please Help

DDS (Ver_09-12-01.01) - NTFSx86
Run by Toshiba User at 14:17:36.34 on Thu 24/12/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.2045.930 [GMT 8:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Panda Security\Panda Internet Security 2010\PskSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2010\WebProxy.exe
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost -k Panda
C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrls.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2010\pavsrvx86.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\program files\panda security\panda internet security 2010\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Panda Security\Panda Internet Security 2010\AVENGINE.EXE
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Panda Security\Panda Internet Security 2010\ApVxdWin.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Panda Security\Panda Internet Security 2010\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2010\PavBckPT.exe
C:\Users\Toshiba User\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/webhp?rls=ig
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = localhost
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ZagrebLand] c:\users\toshib~1\appdata\local\temp\a.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NWEReboot]
mRun: [APVXDWIN] "c:\program files\panda security\panda internet security 2010\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda internet security 2010\Inicio.exe"
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\PCProxy.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avldr - avldr.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
AppInit_DLLs: avgrsstx.dll
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\users\toshib~1\appdata\roaming\mozilla\firefox\profiles\l5tvbnps.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\users\toshiba user\appdata\roaming\mozilla\firefox\profiles\l5tvbnps.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-23 64288]
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2009-12-24 28552]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-23 207792]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2009-12-24 75016]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-14 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-11-14 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-14 360584]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2009-12-24 53128]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2009-12-24 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2009-12-24 193800]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2009-12-24 159112]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2009-12-24 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2009-12-24 46728]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8660.sys [2009-12-24 49160]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-14 285392]
R2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2009-12-24 13880]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda internet security 2010\PsCtrlS.exe [2009-12-24 173312]
R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda internet security 2010\PavFnSvr.exe [2009-12-24 169216]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2009-12-24 163336]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2009-12-24 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda internet security 2010\pavsrvx86.exe [2009-12-24 293120]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda internet security 2010\psksvc.exe [2009-12-24 28928]
R3 NETIMFLT01060039;PANDA NDIS IM Filter Miniport v1.6.0.39;c:\windows\system32\drivers\neti1639.sys [2009-12-24 199432]
S3 IO_Memory;Access Io_Memory Driver;c:\windows\system32\drivers\IO_Memory.sys [2006-12-12 5888]
S3 MODRC;VideoMate U500 Family IR;c:\windows\system32\drivers\modrc.sys [2009-5-4 13056]
S4 AmplusnetPrivacyTools;AmplusnetPrivacyTools;c:\windows\system32\AmplusnetPrivacyTools.exe [2009-9-27 1044480]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-16 133104]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

============== File Associations ===============

JSEFile=c:\progra~1\pandas~1\pandai~1\PavScrip.exe "%1" %*
VBEFile=c:\progra~1\pandas~1\pandai~1\PavScrip.exe "%1" %*
VBSFile=c:\progra~1\pandas~1\pandai~1\PavScrip.exe "%1" %*

=============== Created Last 30 ================

2009-12-24 02:43:14 8627 ----a-w- c:\windows\system32\PAV_FOG.OPC
2009-12-24 02:16:33 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2009-12-24 02:16:15 262 ----a-w- c:\windows\system32\PavCPL.dat
2009-12-24 02:16:05 168580 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-12-24 02:16:05 168580 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2009-12-24 02:16:05 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-12-24 02:16:05 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2009-12-24 02:15:54 53128 ----a-w- c:\windows\system32\drivers\dsaflt.sys
2009-12-24 02:15:54 46728 ----a-w- c:\windows\system32\drivers\wnmflt.sys
2009-12-24 02:15:52 193800 ----a-w- c:\windows\system32\drivers\idsflt.sys
2009-12-24 02:15:29 22072 ----a-w- c:\windows\system32\drivers\fnetmon.sys
2009-12-24 02:15:28 75016 ----a-w- c:\windows\system32\drivers\APPFLT.SYS
2009-12-24 02:15:28 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS
2009-12-24 02:15:26 0 d-----w- c:\programdata\Backup
2009-12-24 02:15:08 54832 ----a-w- c:\windows\system32\pavcpl.cpl
2009-12-24 02:15:00 446464 ----a-w- c:\windows\system32\HHActiveX.dll
2009-12-24 02:14:52 193792 ----a-w- c:\windows\system32\TpUtil.dll
2009-12-24 02:14:51 87296 ----a-w- c:\windows\system32\PavLspHook.dll
2009-12-24 02:14:51 55552 ----a-w- c:\windows\system32\pavipc.dll
2009-12-24 02:14:51 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL
2009-12-24 02:14:50 518400 ----a-w- c:\windows\system32\PavSHook.dll
2009-12-24 02:14:48 199432 ----a-w- c:\windows\system32\drivers\neti1639.sys
2009-12-24 02:14:44 58672 ----a-w- c:\windows\system32\avldr.dll
2009-12-24 02:14:44 49160 ----a-w- c:\windows\system32\drivers\amm8660.sys
2009-12-24 02:14:44 0 d-----w- c:\windows\system32\PAV
2009-12-24 02:14:43 0 d-----w- c:\users\toshib~1\appdata\roaming\Panda Security
2009-12-24 02:14:43 0 d-----w- c:\programdata\Panda Security
2009-12-24 02:14:43 0 d-----w- c:\program files\Panda Security
2009-12-24 02:12:30 41144 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
2009-12-24 02:12:30 163336 ----a-w- c:\windows\system32\drivers\PavProc.sys
2009-12-24 02:10:42 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-12-24 02:10:02 0 d-----w- c:\program files\common files\Panda Security
2009-12-23 13:27:14 874528 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-23 13:27:14 11000 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-23 13:27:05 2032 ----a-w- C:\rollback.ini
2009-12-23 13:07:41 0 d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
2009-12-23 13:07:41 0 d-----w- c:\programdata\ParetoLogic
2009-12-23 13:07:41 0 d-----w- c:\program files\common files\ParetoLogic
2009-12-23 12:12:00 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-23 12:12:00 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-23 10:58:44 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-12-23 10:58:44 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-12-23 10:58:44 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-12-23 10:58:21 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-12-23 10:58:21 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-12-23 10:58:21 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-12-23 10:58:21 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-12-23 10:58:09 0 d-----w- c:\program files\common files\PC Tools
2009-12-23 09:37:25 0 d-----w- c:\program files\CCleaner
2009-12-23 04:24:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-23 03:06:08 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-23 03:03:54 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-12 08:16:21 132096 --sha-r- c:\windows\system32\tquerya.dll
2009-12-11 18:41:40 0 d-----w- c:\programdata\Nero
2009-12-07 14:05:46 0 d-----w- c:\users\toshib~1\appdata\roaming\GrabPro
2009-12-07 14:05:46 0 d-----w- C:\downloads
2009-12-07 14:05:28 0 d-----w- c:\users\toshib~1\appdata\roaming\OpenCandy
2009-12-06 09:38:24 0 d-----w- c:\windows\system32\drivers\mycodec
2009-12-06 09:38:23 0 d-----w- c:\program files\MyVideoConverter
2009-11-30 14:15:53 0 d-----w- c:\program files\The KMPlayer

==================== Find3M ====================

2009-12-24 02:15:37 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-24 02:15:36 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-24 02:15:36 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-14 05:57:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-14 05:57:48 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-14 05:57:37 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-06 18:31:02 13354 ----a-w- c:\users\toshib~1\appdata\roaming\nvModes.dat
2009-11-02 12:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-09-26 17:12:36 8704 ----a-w- c:\windows\system32\SpOrder.dll
2009-09-26 17:12:34 73728 ----a-w- c:\windows\system32\VistaInfo32.dll
2008-11-25 01:44:38 174 --sha-w- c:\program files\desktop.ini
2008-11-25 01:35:16 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 14:19:33.24 ===============

BC AdBot (Login to Remove)

 


#2 YazooX

YazooX
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 27 December 2009 - 07:56 AM

Bump~

#3 YazooX

YazooX
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 28 December 2009 - 08:31 AM

anyone there??

#4 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:59 PM

Posted 29 December 2009 - 11:11 AM

Hi there,

Sorry about the delay. Before we begin cleaning, we need to know what we are up against. I have two scans for you, which should not take long.

First, please download this tool to your Desktop, then run it:
http://jpshortstuff.247fixes.com/Kenco.exe
It will only take a few moments, please post the log it produces.


Next, we need to check for Rootkits. We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from one of the following locations and save it to your desktop.
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • In the Select Scan dialog, check
    Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Please post this log in your next reply.
Thanks.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#5 YazooX

YazooX
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 07 January 2010 - 05:55 AM

Kenco by jpshortstuff (31.12.09.1)
Log created at 18:47 on 07/01/2010 (Toshiba User)

========== Task Unlocker ==========
C:\Windows\Tasks\Vwfdguju.job -> Unlocked!

========== KencoScan ==========
C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll -> Error retrieving security information [3]!
C:\Program Files\Common Files\ParetoLogic\UUS2\UUS.dll -> Unable to open file [3]!
C:\Windows\system32\tquerya.dll -> Unlocked!
C:\Windows\system32\tquerya.dll -> Infected -> Deleted successfully!
C:\Windows\Tasks\Vwfdguju.job -> Deleted successfully!
C:\Windows\system32\userenv.dll -> Error setting security information [5]!

========== C:\Windows\Tasks ==========
GoogleUpdateTaskMachineCore.job -> [08:16 16/10/2009] 894 bytes
GoogleUpdateTaskMachineUA.job -> [08:17 16/10/2009] 898 bytes
ParetoLogic Registration.job -> [13:28 23/12/2009] 456 bytes
{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job -> [08:16 12/12/2009] 254 bytes
{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job -> [08:16 12/12/2009] 302 bytes

-=E.O.F=-

Thanks for ur helP~~ =]

#6 YazooX

YazooX
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 07 January 2010 - 05:57 AM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/07 18:56
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8D954000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8D949000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9B5D5000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1328 Status: Locked to the Windows API!

==EOF==

#7 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:59 PM

Posted 07 January 2010 - 08:30 AM

Looks like Kenco got it, have the redirects stopped now?
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#8 YazooX

YazooX
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:59 PM

Posted 09 January 2010 - 09:16 AM

YEah it seem the redirecting has stop already THanks alot ! ^^ yeh Kenco did remove it for me ^^




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users