Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects me to random sites when I click on the result


  • Please log in to reply
21 replies to this topic

#1 darkknite

darkknite

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 02 February 2010 - 11:05 PM

Hi BleepingComputer! As you can see, I have a problem with my computer that doesn't seem much of a problem but it is annoying and maybe there is more damage done to my system than what appears. So basically the problem is that whenever I search something up on google.ca I will get the page with the results and stuff. But when I click on one of the results, I will get redirected to a random site. This random site may or may not have any relevance to what I actually searched up.

For example, I searched up the term "bleeping computer". The result page shows up. I click on the Wikipedia entry of "bleeping computer". I can see already that I am going to get redirected because I can see at the bottom of my browser (a random IP address shows up or yourmagicserach.com or something shows up then a different website loads). If I were to right click on the "Back" button of my browser, I can "Wait a few second" page appear twice then the google results page.

This is troublesome and annoying since I can't even search up something on google without going back click again and maybe going back again to click. The only temporary solution that I have found or maybe lower the chances of being redirected is if I clean out the cookies, cache and internet history. This would last about 3 searches before it starts appearing again. Also, the more I search, the worst it gets or so it seems. I ahve also tried a full scan with Malwarebytes but nothing happens. I also searched my whole computer with my anti virus (Avira) but still it did nothing to fix the problem.

The computer that has the problem is using Windows XP with Service Pack 3 and it seems to affect both Internet Explorer and Firefox but I use Firefox more if that matters. I'm not sure what kind of logs or anything that I should post so I didn't post any. Just say the word and I can post those logs ASAP.

Please help me fix this annoying problem!


{Moved to more appropriate forum ~~boopme}

Edited by boopme, 02 February 2010 - 11:51 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:38 AM

Posted 02 February 2010 - 11:56 PM

Hello and welcome.. We'll do these and see what we get.

Please read and follow all these instructions very carefully.
  • Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe to run it.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 darkknite

darkknite
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 03 February 2010 - 07:26 PM

Ok, I did the scans and here are the reports from the two scans:

GooredFix.txt

GooredFix by jpshortstuff (08.01.10.1)
Log created at 19:14 on 03/02/2010 (ThE CoMpUtEr)
Firefox version 3.5.7 (en-US)

========== GooredScan ==========

Removing Orphan:
"avg@igeared"="C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [17:44 22/03/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [00:56 28/03/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [00:51 07/07/2009]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [01:08 09/10/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [00:55 13/11/2009]
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [04:01 27/01/2010]

C:\Documents and Settings\ThE CoMpUtEr\Application Data\Mozilla\Firefox\Profiles\ns0vkil1.default\extensions\
amin.eft_PhProxy@gmail.com [20:51 26/01/2010]
personas@christopher.beard [03:58 28/01/2010]
{1280606b-2510-4fe0-97ef-9b5a22eafe30} [22:08 12/12/2009]
{20a82645-c095-46ed-80e3-08825760534b} [23:12 25/06/2009]
{2fbc1200-ad13-11db-abbd-0800200c9a66} [19:12 22/03/2009]
{3112ca9c-de6d-4884-a869-9855de68056c} [20:46 05/12/2009]
{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} [01:13 27/01/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [21:31 11/01/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [01:55 31/03/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [00:55 28/03/2009]

-=E.O.F=-

==================================================================================================================


Here is the RootRepeal report:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/02/03 19:19
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF2A73000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A29000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP0770
Image Path: \Driver\PCI_PNP0770
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB8CA7000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spjt.sys
Image Path: spjt.sys
Address: 0xF7293000 Size: 995328 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf7b59376

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf7b5936c

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf7b5937b

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf7b59385

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spjt.sys" at address 0xf72acda4

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spjt.sys" at address 0xf72ad132

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf7b5938a

#: 119 Function Name: NtOpenKey
Status: Hooked by "spjt.sys" at address 0xf72940c0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf7b59358

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf7b5935d

#: 160 Function Name: NtQueryKey
Status: Hooked by "spjt.sys" at address 0xf72ad20a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spjt.sys" at address 0xf72ad08a

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf7b59394

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf7b5938f

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf7b59380

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf7b59367

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x862101f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x862101f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x862101f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x862101f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x862101f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x862101f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x862101f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x862101f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x862101f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x862101f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x862101f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x862101f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x862101f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x862101f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x862101f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x862101f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x862101f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x862101f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x862101f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x862101f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x862101f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x862101f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x85ea4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x85ea4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x85ea4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x85ea4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85ea4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85ea4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x85ea4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x85ea4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x85ea4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85ea4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x85ea4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85ea4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85ea4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85ea4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85ea4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85ea4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x85ea4500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x85ea4500 Size: 121

Object: Hidden Code [Driver: a2za4grdȅ䵃ȁఇ䵃⯍傥, IRP_MJ_CREATE]
Process: System Address: 0x860461f8 Size: 121

Object: Hidden Code [Driver: a2za4grdȅ䵃ȁఇ䵃⯍傥, IRP_MJ_CLOSE]
Process: System Address: 0x860461f8 Size: 121

Object: Hidden Code [Driver: a2za4grdȅ䵃ȁఇ䵃⯍傥, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x860461f8 Size: 121

Object: Hidden Code [Driver: a2za4grdȅ䵃ȁఇ䵃⯍傥, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x860461f8 Size: 121

Object: Hidden Code [Driver: a2za4grdȅ䵃ȁఇ䵃⯍傥, IRP_MJ_POWER]
Process: System Address: 0x860461f8 Size: 121

Object: Hidden Code [Driver: a2za4grdȅ䵃ȁఇ䵃⯍傥, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x860461f8 Size: 121

Object: Hidden Code [Driver: a2za4grdȅ䵃ȁఇ䵃⯍傥, IRP_MJ_PNP]
Process: System Address: 0x860461f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x85f5d1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x85f5d1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x85f5d1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x85f5d1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x85f5d1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85f5d1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85f5d1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85f5d1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x85f5d1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85f5d1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x85f5d1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x85f6a1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x85f6a1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85f6a1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85f6a1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x85f6a1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85f6a1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x85f6a1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8627e1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8627e1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8627e1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8627e1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8627e1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8627e1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8627e1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8627e1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8627e1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8627e1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8627e1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x85f18500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x85f18500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85f18500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85f18500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x85f18500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x85f18500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x85f661f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x85f661f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85f661f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85f661f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x85f661f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85f661f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x85f661f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x85f20500 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_CREATE]
Process: System Address: 0x85d88500 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_CLOSE]
Process: System Address: 0x85d88500 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_READ]
Process: System Address: 0x85d88500 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85d88500 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85d88500 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85d88500 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85d88500 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85d88500 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d88500 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85d88500 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85d88500 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_CLEANUP]
Process: System Address: 0x85d88500 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_PNP]
Process: System Address: 0x85d88500 Size: 121

==EOF==

==================================================================================================================


I hope I did everything right (namely copying and pasting; not sure if I should have put them in a spoiler box or something...)

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:38 AM

Posted 03 February 2010 - 10:22 PM

OK , still have the redirect I suppose. You pot properly thank you.

tried a full scan with Malwarebytes but nothing happens.

Does this mean it would not run? If not..
Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 darkknite

darkknite
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 03 February 2010 - 10:46 PM

Oh sorry, I meant to say that nothing happens to the problem. Malwarebytes can still scan and what not; it's just that it did nothing to help solve the problem. So do I still have to post up a Malwarebytes log?

#6 dezhumz

dezhumz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 04 February 2010 - 08:23 PM

Does this redirect happen with Firefox? If not, try resetting the browser.
I would also check the proxy setting and host file to see if that has been modified.

#7 darkknite

darkknite
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 04 February 2010 - 10:22 PM

Um..no this happens to both Firefox and Internet Explorer. Also I don't know how to check if my host file has been modified or not. Also, it can't be the proxy because I don't use one and my browsers have them both at "no proxy"

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:38 AM

Posted 06 February 2010 - 04:14 PM

Let's see if S!Ri's SmitfraudFix shows somethong there.
Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 darkknite

darkknite
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 06 February 2010 - 06:46 PM

Here are the contents of the log that the scan gave me:

SmitFraudFix v2.424

Scan done at 18:39:32.42, 06/02/2010
Run from C:\Documents and Settings\ThE CoMpUtEr\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\ThE CoMpUtEr\Desktop\SmitfraudFix\Policies.exe
C:\Documents and Settings\ThE CoMpUtEr\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 ads.bleepingcomputer.com
127.0.0.1 nsm.dell.com
127.0.0.1 alexarydell.com
127.0.0.1 allenpodell.com
127.0.0.1 johnrydell.com
127.0.0.1 www.alexarydell.com
127.0.0.1 www.allenpodell.com
127.0.0.1 www.johnrydell.com
127.0.0.1 assets.lockergnome.com
127.0.0.1 www.www.microsoft.com.org
127.0.0.1 microsoft.com.org
127.0.0.1 rad.microsoft.com
127.0.0.1 twmicrosoft.com
127.0.0.1 update.microsoft.com.mu.aspx-win.v6.juha8uta.cn
127.0.0.1 updated-microsoft.com
127.0.0.1 windowsupdate.microsoft.com.ssl3.pop3.ru
127.0.0.1 www.microsoft.com.org
127.0.0.1 www.twmicrosoft.com
127.0.0.1 www.updated-microsoft.com
127.0.0.1 ads.techguy.org

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ThE CoMpUtEr


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\THECOM~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ThE CoMpUtEr\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\THECOM~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!




»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Scientific-Atlanta WebSTAR 2000 series Cable Modem - Packet Scheduler Miniport
DNS Server Search Order: 64.71.255.198

HKLM\SYSTEM\CCS\Services\Tcpip\..\{414D3C88-4A88-4755-A7A0-3FB7E9304830}: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS1\Services\Tcpip\..\{414D3C88-4A88-4755-A7A0-3FB7E9304830}: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS2\Services\Tcpip\..\{414D3C88-4A88-4755-A7A0-3FB7E9304830}: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS3\Services\Tcpip\..\{414D3C88-4A88-4755-A7A0-3FB7E9304830}: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=64.71.255.198


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:38 AM

Posted 06 February 2010 - 10:57 PM

Hello

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Posted Image and then on "Advanced Mode"
    Posted Image
  • You may be presented with a warning dialog. If so, press Posted Image
  • Click on Posted Image
  • Click on Posted Image
  • Uncheck this checkbox:
    Posted Image
  • Close/Exit Spybot Search and Destroy

We are going to swap your hosts file..

Download hosts.zip and extract (unzip) to its own folder C:\hosts
(Click here for information on how to do this if not sure.)
You can read more about what we are doing here.

Open up the hosts folder and double-click on the mvps.bat file.
The script will rename your present HOSTS file to HOSTS.MVP and copy the new HOSTS file to the correct location on your system. Here are the MVPS HOSTS File Install Instructions with graphics if you need them..



Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 darkknite

darkknite
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 07 February 2010 - 06:07 PM

Hi, I did the scans but I think I did something wrong because Malwarebytes picked up nothing. Well here is the scan result:

=================================

Malwarebytes' Anti-Malware 1.44
Database version: 3703
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/02/2010 5:55:54 PM
mbam-log-2010-02-07 (17-55-54).txt

Scan type: Quick Scan
Objects scanned: 137327
Time elapsed: 9 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 whiteac2k4

whiteac2k4

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:38 AM

Posted 07 February 2010 - 06:57 PM

Hello, this should work for you.

Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
Then search for “TDSSserv.sys”
Right click on it, and select “Disable”
Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.
Restart your pc.
You can now update your Antirus/Malware/Rootkit softwares and the go.google rubbish will stop.
Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this, and not rely on simple basic home PC user’s like myself to save the world
In simple terms, TDSSserv.sys is a service/server redirecting all software updates to 127.0.0.1 (your own computer) so they won’t update

Update you Malwarebytes and run full scan. ComboFix is another great utility that will remove it. I would instruct you on how to use it but I am not allowed to. Hopefully a Moderator will chime in and do the instructing on Combofix. Though I wish the moderators would let me do so. Since I am only here to help however everyone must respect the moderators.

#13 whiteac2k4

whiteac2k4

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:38 AM

Posted 07 February 2010 - 07:05 PM

Btw for my 2 cents worth disable teatimer completey and forget it. I have been working in IT for 15 yrs just about and never seen a protective program(autoprotect like) cause so many issues as Spybots teatimer.exe. Well other then Norton which is junk though my company sells mainly Symantec End Point a parent company religiously. However it works but hogs resources cause false positives etc. Why should you have to disable a safe guard to safely remove trouble that you downloaded and installed the software to pervent in the first place. That being said, I love Spybot, funny to contradict, but I only use it to immunize the system, thats it. I would suggest NOD32 from ESET as IMO its up there with kaspersky, but cheaper the online scanner is fantastic. Just had to chime in. Hope my above posting helps. Btw your in great hands so forth I havent seen anyone bring up gooredfix before until now and I am very impressed. Not many folks know about it. CHip CHip

#14 darkknite

darkknite
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 10 February 2010 - 08:47 PM

Hello, this should work for you.

Go to Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
Scroll down to “Non-plug and Play Drivers” and click the plus icon to open those drivers.
Then search for “TDSSserv.sys”
Right click on it, and select “Disable”
Note: If you select Uninstall, it will install itself again when you reboot the system, so DON’T select Uninstall.
Restart your pc.
You can now update your Antirus/Malware/Rootkit softwares and the go.google rubbish will stop.
Its now up to the Anti-Virus/Malware/Spyware companies to make an effort to stop this, and not rely on simple basic home PC user’s like myself to save the world
In simple terms, TDSSserv.sys is a service/server redirecting all software updates to 127.0.0.1 (your own computer) so they won’t update

Update you Malwarebytes and run full scan. ComboFix is another great utility that will remove it. I would instruct you on how to use it but I am not allowed to. Hopefully a Moderator will chime in and do the instructing on Combofix. Though I wish the moderators would let me do so. Since I am only here to help however everyone must respect the moderators.


I can't find a driver name TDSServ.sys in the "Non-plug in and play drivers" menu so I can't follow this resolution exactly...

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:38 AM

Posted 10 February 2010 - 11:54 PM

Hello, how is this PC running now? You cannot delete/disable what isn't there.


About ComboFix.
Please note the message text in blue at the top of this forum.

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for general public or personal use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users