Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Results Redirected


  • Please log in to reply
12 replies to this topic

#1 excalibur83

excalibur83

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 17 January 2010 - 03:22 PM

Operating System: Windows XP, SP3
Internet Explorer Ver. 8.0
AVG Ver. 8.5.432

Google results are redirected to various sites. This doesn't happen in every case, most noticable the first search after opening IE. I have run scans and cleanups with various tools, and while it may seem clean for a short period the problem comes back. Any help would be most appreciated. Thanks.

BC AdBot (Login to Remove)

 


#2 trev47

trev47

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 17 January 2010 - 09:38 PM

Hi,
Download Malwarebytes from http://malwarebytes.org/ update it and run a full scan. Remove any infections found and post the results in your next reply.

#3 excalibur83

excalibur83
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 17 January 2010 - 11:04 PM

No infections were found.

Here is the log:

Malwarebytes' Anti-Malware 1.44
Database version: 3586
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/17/2010 11:02:23 PM
mbam-log-2010-01-17 (23-02-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 232626
Time elapsed: 41 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 trev47

trev47

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 17 January 2010 - 11:20 PM

Download Rootrepeal from http://download.bleepingcomputer.com/rootr.../RootRepeal.exe and save it to your desktop.
Open it and select the "report" tab and select all of the items on the page
You will be asked which drives to scan select your system drive usually C:
Save the log and post it in your next reply

#5 excalibur83

excalibur83
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 17 January 2010 - 11:39 PM

Here are results from RootRepeal:


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/17 23:36
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0x00000000 Size: -2141828160 File Visible: - Signed: -
Status: -

Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xBA128000 Size: 57344 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xB9F79000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB4E2A000 Size: 138496 File Visible: - Signed: -
Status: -

Name: arp1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xBA1C8000 Size: 60800 File Visible: - Signed: -
Status: -

Name: asyncmac.sys
Image Path: C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Address: 0xB3FC3000 Size: 14336 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xB9F31000 Size: 96512 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBA6F4000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xB4D3E000 Size: 328576 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xBA340000 Size: 21120 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBA5F6000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBA4B8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xBA218000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBA308000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA0E8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA0D8000 Size: 36352 File Visible: - Signed: -
Status: -

Name: DLABMFSM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLABMFSM.SYS
Address: 0xBA3B8000 Size: 28192 File Visible: - Signed: -
Status: -

Name: DLABOIOM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLABOIOM.SYS
Address: 0xBA3C0000 Size: 25568 File Visible: - Signed: -
Status: -

Name: DLACDBHM.SYS
Image Path: C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
Address: 0xBA5D6000 Size: 6016 File Visible: - Signed: -
Status: -

Name: DLADResM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLADResM.SYS
Address: 0xBA691000 Size: 2496 File Visible: - Signed: -
Status: -

Name: DLAIFS_M.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
Address: 0xB48DE000 Size: 97568 File Visible: - Signed: -
Status: -

Name: DLAOPIOM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
Address: 0xBA3B0000 Size: 19104 File Visible: - Signed: -
Status: -

Name: DLAPoolM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAPoolM.SYS
Address: 0xBA632000 Size: 7616 File Visible: - Signed: -
Status: -

Name: DLARTL_M.SYS
Image Path: C:\WINDOWS\System32\Drivers\DLARTL_M.SYS
Address: 0xBA490000 Size: 21280 File Visible: - Signed: -
Status: -

Name: DLAUDF_M.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
Address: 0xB48B1000 Size: 90944 File Visible: - Signed: -
Status: -

Name: DLAUDFAM.SYS
Image Path: C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
Address: 0xB48C8000 Size: 87744 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBA178000 Size: 61440 File Visible: - Signed: -
Status: -

Name: DRVMCDB.SYS
Image Path: DRVMCDB.SYS
Address: 0xB9E22000 Size: 90080 File Visible: - Signed: -
Status: -

Name: DRVNDDM.SYS
Image Path: C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
Address: 0xB4CCE000 Size: 42496 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB4C5E000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA60A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB4F4E000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBA72C000 Size: 4096 File Visible: - Signed: -
Status: -

Name: e1e5132.sys
Image Path: C:\WINDOWS\system32\DRIVERS\e1e5132.sys
Address: 0xB8E6F000 Size: 266240 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xBA448000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBA1D8000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xB9E4A000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBA5F4000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xB9F49000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xBA450000 Size: 21120 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB8E23000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xBA1E8000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xBA498000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xB9D0F000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HSF_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Address: 0xB8C26000 Size: 680704 File Visible: - Signed: -
Status: -

Name: HSF_DP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
Address: 0xB8CCD000 Size: 1042432 File Visible: - Signed: -
Status: -

Name: HSFHWBS2.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
Address: 0xB8DEF000 Size: 212224 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB2B26000 Size: 265728 File Visible: - Signed: -
Status: -

Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xBA56C000 Size: 8576 File Visible: - Signed: -
Status: -

Name: iaStor.sys
Image Path: iaStor.sys
Address: 0xB9E6A000 Size: 815104 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBA2F8000 Size: 42112 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xBA2E8000 Size: 36352 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xB4E4C000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xB4F1B000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA0A8000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBA478000 Size: 24576 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xB5457000 Size: 14592 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBA5A8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: klif.sys
Image Path: C:\WINDOWS\System32\DRIVERS\klif.sys
Address: 0xB266A000 Size: 253952 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xA998A000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB8DCC000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xB9E0B000 Size: 92928 File Visible: - Signed: -
Status: -

Name: Lbd.sys
Image Path: Lbd.sys
Address: 0xBA0F8000 Size: 57600 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xB3E4B000 Size: 9920 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBA5F8000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xBA440000 Size: 30080 File Visible: - Signed: -
Status: -

Name: MODEMCSA.sys
Image Path: C:\WINDOWS\system32\drivers\MODEMCSA.sys
Address: 0xBA544000 Size: 16128 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBA480000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xB5453000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA0B8000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xB422F000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xB4D8F000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBA4A8000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xB9604000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBA5A0000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xB9D37000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xB9D51000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBA594000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB4922000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB8C0F000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xB95C4000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xBA1A8000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xB4E72000 Size: 162816 File Visible: - Signed: -
Status: -

Name: nic1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xBA158000 Size: 61824 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBA4B0000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB9D7E000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBA74E000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF012000 Size: 5783552 File Visible: - Signed: -
Status: -

Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xB8EC4000 Size: 6853088 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xBA118000 Size: 61696 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBA330000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xB9F68000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xBA670000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBA328000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB4F76000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB8BFE000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBA460000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xBA108000 Size: 35712 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xBA578000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xB9634000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xB9624000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xB9614000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBA468000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xB4DFF000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBA5FA000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBA318000 Size: 57600 File Visible: - Signed: -
Status: -

Name: RimSerial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\RimSerial.sys
Address: 0xBA470000 Size: 26496 File Visible: - Signed: -
Status: -

Name: RimUsb.sys
Image Path: C:\WINDOWS\System32\Drivers\RimUsb.sys
Address: 0xBA3A8000 Size: 22656 File Visible: - Signed: -
Status: -

Name: RootMdm.sys
Image Path: C:\WINDOWS\System32\Drivers\RootMdm.sys
Address: 0xBA5D8000 Size: 5888 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAC7F7000 Size: 49152 File Visible: No Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xB4F9A000 Size: 4820992 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xB9E38000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB3CE9000 Size: 333952 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBA5DA000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB4D2E000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xB4EC2000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBA458000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xB95F4000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB8BA0000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xB4881000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBA5DE000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBA438000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xB95B4000 Size: 59520 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB8E4B000 Size: 147456 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xBA378000 Size: 26368 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xBA430000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xBA4A0000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB8EB0000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA0C8000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xBA198000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xBA3A0000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB45F4000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xBA5AA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

#6 trev47

trev47

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 18 January 2010 - 09:43 PM

Excaliber,
Next run a scan at http://www.eset.com/onlinescan/ and post the results.

#7 excalibur83

excalibur83
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 18 January 2010 - 11:21 PM

Results from scan:

C:\WINDOWS\ejuhipenoxok.dll a variant of Win32/Cimag.BN trojan cleaned by deleting (after the next restart) - quarantined

#8 trev47

trev47

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 19 January 2010 - 09:46 PM

Download Dr Web CureIt from http://www.freedrweb.com/cureit/?lng=en and run it and safe mode. Post the results.
How is the PC running?

#9 excalibur83

excalibur83
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 19 January 2010 - 10:50 PM

Haven't noticed any redirects since last reboot. Please explain what you mean by "... run it and safe mode."

By the way, I really do appreciate the help.

Just tried to download from the drweb link and it won't download.

Edited by excalibur83, 19 January 2010 - 11:02 PM.


#10 trev47

trev47

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 19 January 2010 - 11:32 PM

It looks like Dr Web is offline at the moment. We can try something else. This next section will also explain "safe mode".

Great directions from boopme for SAS and ATF cleaner
Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner from http://www.atribune.org/index.php?option=c...5&Itemid=25
and then SUPERAntiSpyware, Free Home Version from http://www.superantispyware.com/?rid=3324 Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

#11 excalibur83

excalibur83
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 20 January 2010 - 04:51 AM

Below is the Super Scan log. Also, ever since I did the www.eset.com scan which deleted the ejuhipenoxok.dll file, I get a RUNDLL error message when rebooting that says:
Error Loading C:\WINDOWS\ejuhipenoxok.dll
The specified module could not be found


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/20/2010 at 02:55 AM

Application Version : 4.33.1000

Core Rules Database Version : 4495
Trace Rules Database Version: 2310

Scan type : Complete Scan
Total Scan Time : 02:56:44

Memory items scanned : 229
Memory threats detected : 0
Registry items scanned : 7101
Registry threats detected : 0
File items scanned : 91021
File threats detected : 7

Adware.Tracking Cookie
C:\Documents and Settings\aa\Cookies\aa@advertising[3].txt
C:\Documents and Settings\aa\Cookies\aa@atdmt[2].txt
C:\Documents and Settings\aa\Cookies\aa@casalemedia[2].txt
C:\Documents and Settings\aa\Cookies\aa@advertising[1].txt
C:\Documents and Settings\aa\Cookies\aa@apmebf[1].txt
C:\Documents and Settings\aa\Cookies\aa@mediaplex[1].txt
C:\Documents and Settings\aa\Cookies\aa@statse.webtrendslive[1].txt

Edited by excalibur83, 20 January 2010 - 05:13 AM.


#12 excalibur83

excalibur83
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 30 January 2010 - 06:43 AM

I am still gitting the following message during reboot:

Error Loading C:\WINDOWS\ejuhipenoxok.dll
The specified module could not be found


#13 excalibur83

excalibur83
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 01 March 2010 - 07:27 PM

Is there anything else I need to do? Still getting the error message.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users