Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engines redirecting me wrong


  • This topic is locked This topic is locked
17 replies to this topic

#1 Big Chumpy

Big Chumpy

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 24 March 2010 - 03:13 AM

Hi.

When I use Google or Yahoo the results of my search come up right but when I click any of the links it takes me to hxxp://www.youfindmore.com.

I am running XP SP3 and have tried using IE, Firefox, Chrome and Opera all with the same results.
Also running AVG free and superantispyware.

The prob came up in the middle of searching for a new video driver.

The only way to get to any other web site is to type it in to the address bar directly.

Edited by elise025, 24 March 2010 - 06:01 AM.
Deactivated link and moved topic to Am I Infected forum ~ Elise


BC AdBot (Login to Remove)

 


#2 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:12:20 PM

Posted 24 March 2010 - 07:45 AM

If you have a recent log from SuperAntispyware, please post it here. I would also like you to run Malwarebytes and post a log from it.

Scan for Spyware/Adware

The process of cleaning your computer may require you to temporarily disable some security programs. If you are using SpyBot Search and Destroy, please refer to Note 2 at the bottom of this page.

Please download Malwarebytes Anti-Malware Free version and save it to your desktop.

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.


alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note:
-- If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Note 2:
-- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes. To disable these programs, please view this topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
---------------------------
Be sure to re-enable your AV and malware scan tools if they were disabled
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#3 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 27 March 2010 - 05:04 AM

G'day techextreme,
Thanks for the help.
Have added logs below.

----------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/27/2010 at 07:27 PM

Application Version : 4.34.1000

Core Rules Database Version : 4723
Trace Rules Database Version: 2535

Scan type : Complete Scan
Total Scan Time : 00:22:54

Memory items scanned : 572
Memory threats detected : 0
Registry items scanned : 6096
Registry threats detected : 0
File items scanned : 20597
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\Big Chumpy\Cookies\big_chumpy@atdmt[2].txt


---------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.44
Database version: 3920
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27/03/2010 6:57:14 PM
mbam-log-2010-03-27 (18-57-14).txt

Scan type: Quick Scan
Objects scanned: 146800
Time elapsed: 7 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Tasks\Acrobat Update.job (Malware.Trace) -> Quarantined and deleted successfully.

#4 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:12:20 PM

Posted 29 March 2010 - 07:23 AM

SAS, may take a long time to scan
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
  • First
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Note.. SAS doesn't open the registry hives for other user accounts on the system, so scans should be done from each user account.

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link

* Save any unsaved work. TFC will close ALL open programs including your browser!
* Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
* Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
* TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
* Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#5 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 31 March 2010 - 04:12 AM

The new SAS log is attached below.

TFC scan also done.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/31/2010 at 07:08 PM

Application Version : 4.34.1000

Core Rules Database Version : 4747
Trace Rules Database Version: 2559

Scan type : Complete Scan
Total Scan Time : 00:53:00

Memory items scanned : 230
Memory threats detected : 0
Registry items scanned : 6029
Registry threats detected : 0
File items scanned : 87286
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\Big Chumpy\Cookies\big_chumpy@atdmt[2].txt

#6 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:12:20 PM

Posted 31 March 2010 - 07:15 AM

Let's run an online virus scan then let me know how your computer is running.

Please perform a scan with Eset Onlinescan (NOD32).
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista Users be sure to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  • You will see the Terms of Use. Tick the check-box in front of YES, I accept the Terms of Use
  • Now click Start.
  • You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.
  • A new window will appear asking "Do you want to install this software?" (OnlineScanner.cab)".
  • Answer Yes to install and download the ActiveX controls that allows the scan to run.
  • Click Start.(the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, check: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan to start the online scan. (this could take some time to complete)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software. Just close the window.
  • Now click Start > Run... > type: C:\Program Files\EsetOnlineScanner\log.txt
  • The scan results will open in Notepad.
  • Copy and paste the log results in your next reply.
Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn\ them back on after you are finished
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#7 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 01 April 2010 - 03:25 AM

ESET log below
Still not taking me to the right places.
Has started taking me to random websites now.
Is it getting worse?




ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c21edd1a663adf49a768c7ea6d729a89
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-01 06:35:16
# local_time=2010-04-01 05:35:16 (+1000, AUS Eastern Daylight Time)
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 35964169 35964169 0 0
# compatibility_mode=1024 16777175 100 0 4968301 4968301 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=7943
# found=0
# cleaned=0
# scan_time=1508
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c21edd1a663adf49a768c7ea6d729a89
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-04-01 06:39:02
# local_time=2010-04-01 05:39:02 (+1000, AUS Eastern Daylight Time)
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 35965835 35965835 0 0
# compatibility_mode=1024 16777175 100 0 4969967 4969967 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=435
# found=0
# cleaned=0
# scan_time=67
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c21edd1a663adf49a768c7ea6d729a89
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-04-01 08:18:39
# local_time=2010-04-01 07:18:39 (+1000, AUS Eastern Daylight Time)
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 35965927 35965927 0 0
# compatibility_mode=1024 16777175 100 0 4970059 4970059 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=77420
# found=0
# cleaned=0
# scan_time=5952

#8 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:12:20 PM

Posted 01 April 2010 - 07:16 AM

We need to run a GMER scan
  • Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Make sure all options are checked except:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)

    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.

  • When the scan is complete, click Save and save the log onto your desktop.
Post the results of the GMER scan here please.
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#9 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 02 April 2010 - 05:19 AM

Can't do GMER scan.
Computer continually crashes to blue screen or resets even without 'devices' checked.

#10 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:12:20 PM

Posted 02 April 2010 - 08:02 AM

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

The please run the GMER scan as below.

We need to run a GMER scan
  • Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click the GMER program. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Make sure all options are checked except:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)

    Note: If GMER crashes or hangs, please retry running a scan. Only this time, in addition to the options mentioned above, uncheck Devices as well.

  • When the scan is complete, click Save and save the log onto your desktop.
Please post the log when complete.
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#11 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 04 April 2010 - 08:47 AM

Ok done.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-04 22:41:01
Windows 5.1.2600 Service Pack 3
Running: 5l6ezmc7.exe; Driver: C:\DOCUME~1\BIGCHU~1\LOCALS~1\Temp\kxrorpow.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000250
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000250@9c1874fa6b78 0x88 0xC8 0x77 0x14 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f81000250@9c1874fa7078 0x4A 0x05 0x3F 0x17 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001f81000250 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001f81000250@9c1874fa6b78 0x88 0xC8 0x77 0x14 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001f81000250@9c1874fa7078 0x4A 0x05 0x3F 0x17 ...

---- EOF - GMER 1.0.15 ----

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:20 PM

Posted 04 April 2010 - 09:41 PM

Hello, please run these now.

Please read and follow all these instructions very carefully.
  • Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe to run it.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

Vundo is stubborn and you need to update MBAM.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Edited by boopme, 04 April 2010 - 09:42 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 05 April 2010 - 10:02 PM

Hi boopme
I have posted both logs below.


GooredFix by jpshortstuff (08.01.10.1)
Log created at 11:54 on 06/04/2010 (Big Chumpy)
Firefox version 3.6.2pre (en-GB)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [00:52 16/01/2010]
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [05:19 05/04/2010]

C:\Documents and Settings\Big Chumpy\Application Data\Mozilla\Firefox\Profiles\91h7an71.default\extensions\
Foxdie@tanjihay.com [05:10 24/03/2010]
personas@christopher.beard [08:11 18/03/2010]
{20a82645-c095-46ed-80e3-08825760534b} [01:33 16/01/2010]
{d122ad80-ff45-11dd-87af-0800200c9a66} [04:42 02/02/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [08:30 19/08/2009]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG9\Firefox" [02:06 24/01/2010]
"bkmrksync@nokia.com"="C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\" [08:23 02/03/2010]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [05:18 05/04/2010]

---------- Old Logs ----------
GooredFix[01.53.38_06-04-2010].txt

-=E.O.F=-


_______________________________________________________________________________________________________


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3958

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/04/2010 1:01:20 PM
mbam-log-2010-04-06 (13-01-20).txt

Scan type: Full scan (C:\|)
Objects scanned: 190294
Time elapsed: 1 hour(s), 0 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{F8A25594-123C-479C-867D-3695DE12E0EB}\RP277\A0036865.exe (Rogue.Installer) -> Quarantined and deleted successfully.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:20 PM

Posted 05 April 2010 - 10:16 PM

That was real good.


Lets' upload this file for a second opinion on what it actually is..

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.
C:\DOCUME~1\BIGCHU~1\LOCALS~1\Temp\ kxrorpow.sys <<--This file

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Edited by boopme, 05 April 2010 - 10:16 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 Big Chumpy

Big Chumpy
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 06 April 2010 - 07:37 PM

That file does not exist anywhere on my system.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users