Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need serious help with a redirect virus, anyone please!?


  • This topic is locked This topic is locked
6 replies to this topic

#1 melanielt

melanielt

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 11 July 2010 - 09:28 AM

Hello- I am giving this a try as my last ditch effort attempt to fix 2 of my laptops that are both infected with the same virus. I have already spent countless hours trying to fix them myself and even paid someone lots of money (which they are not returning my calls after I paid them now) and the problem still exists!
Every time I use a search engine I am redirected to some site I didn't ask to be at when I click on the link. This happens in google, yahoo, and so on. It usually says something about antics and redirect while the computer is loading the page. Also I have noticed recently that I am getting pop=ups in new windows as well. I don't know how it happened but it is in both of my laptops I have. It is driving me nuts as I am taking an online college course and it's very annoying trying to do research. Please someone help me out. I cant afford to spend that kind of money again and not have the problems fixed.

Thanks for your time, as I know you are very busy. ( I didnt run any of the scans as some of the forums said not to until asked)

DDS files:

DDS (Ver_10-03-17.01) - NTFSX64
Run by Andrew at 14:58:52.93 on Sun 07/11/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4086.2692 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Program Files (x86)\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Andrew\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-6836
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-6836
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-6836
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-6836
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=T-6836
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [SUPERAntiSpyware] c:\program files (x86)\superantispyware\SUPERAntiSpyware.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for gateway\traybar.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
uPolicies-explorer: RestrictRun = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: RestrictRun = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Notify: !SASWinLogon - c:\program files (x86)\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files (x86)\superantispyware\SASSEH.DLL
TB-X64: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix storage manager\Iaanotif.exe"
mRun-x64: [SigmatelSysTrayApp] sttray64.exe
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\b4xenet7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-6-27 53488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-30 121936]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-30 20048]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-30 61008]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-30 40384]
R2 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2010-7-9 93184]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-30 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-30 40384]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2008-6-14 300032]
R3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw4v64.sys [2008-6-14 3197440]
S1 SASDIFSV;SASDIFSV;c:\program files (x86)\superantispyware\SASDIFSV.SYS [2006-10-10 12872]
S1 SASKUTIL;SASKUTIL;c:\program files (x86)\superantispyware\SASKUTIL.SYS [2007-2-27 67656]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60a.sys [2008-1-20 214016]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 SASENUM;SASENUM;c:\program files (x86)\superantispyware\SASENUM.SYS [2006-2-16 12872]

=============== Created Last 30 ================

2010-07-11 18:57:11 0 ----a-w- c:\users\andrew\defogger_reenable
2010-07-10 01:50:11 49160 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-07-10 01:50:11 37384 ----a-w- c:\windows\syswow64\infocardcpl.cpl
2010-07-10 01:50:08 52760 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-10 01:50:08 11264 ----a-w- c:\windows\syswow64\icardres.dll
2010-07-10 01:50:08 11264 ----a-w- c:\windows\system32\icardres.dll
2010-07-10 01:50:07 43544 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-07-10 01:50:06 781344 ----a-w- c:\windows\syswow64\PresentationNative_v0300.dll
2010-07-10 01:50:06 167432 ----a-w- c:\windows\system32\infocardapi.dll
2010-07-10 01:50:06 1168928 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-07-10 01:50:05 97800 ----a-w- c:\windows\syswow64\infocardapi.dll
2010-07-10 01:50:05 622080 ----a-w- c:\windows\syswow64\icardagt.exe
2010-07-10 01:50:05 1383936 ----a-w- c:\windows\system32\icardagt.exe
2010-07-10 01:49:56 126520 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-07-10 01:49:56 105016 ----a-w- c:\windows\syswow64\PresentationCFFRasterizerNative_v0300.dll
2010-07-10 01:49:53 357904 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-10 01:49:53 326160 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-07-10 01:44:12 41984 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-07-10 01:44:12 13824 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-10 01:44:00 96760 ----a-w- c:\windows\syswow64\dfshim.dll
2010-07-10 01:44:00 112120 ----a-w- c:\windows\system32\dfshim.dll
2010-07-10 01:43:51 406528 ----a-w- c:\windows\system32\mscoree.dll
2010-07-10 01:43:51 282112 ----a-w- c:\windows\syswow64\mscoree.dll
2010-07-10 01:43:45 158720 ----a-w- c:\windows\syswow64\mscorier.dll
2010-07-10 01:43:45 158208 ----a-w- c:\windows\system32\mscorier.dll
2010-07-10 01:43:41 76288 ----a-w- c:\windows\system32\mscories.dll
2010-07-10 01:43:40 83968 ----a-w- c:\windows\syswow64\mscories.dll
2010-07-10 01:40:01 32768 ----a-w- c:\windows\system32\nshhttp.dll
2010-07-10 01:40:01 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2010-07-10 01:39:57 610304 ----a-w- c:\windows\system32\drivers\http.sys
2010-07-10 01:39:57 33792 ----a-w- c:\windows\system32\httpapi.dll
2010-07-10 01:39:56 31232 ----a-w- c:\windows\syswow64\httpapi.dll
2010-07-10 01:38:02 80896 ----a-w- c:\windows\syswow64\MSNP.ax
2010-07-10 01:38:02 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2010-07-10 01:38:02 57856 ----a-w- c:\windows\syswow64\MSDvbNP.ax
2010-07-10 01:38:02 227328 ----a-w- c:\windows\system32\mpg2splt.ax
2010-07-10 01:38:02 177664 ----a-w- c:\windows\syswow64\mpg2splt.ax
2010-07-10 01:38:02 101376 ----a-w- c:\windows\system32\MSNP.ax
2010-07-10 01:37:57 375808 ----a-w- c:\windows\system32\psisdecd.dll
2010-07-10 01:37:57 293376 ----a-w- c:\windows\syswow64\psisdecd.dll
2010-07-10 01:37:56 558592 ----a-w- c:\windows\system32\EncDec.dll
2010-07-10 01:37:56 428544 ----a-w- c:\windows\syswow64\EncDec.dll
2010-07-10 01:37:56 289792 ----a-w- c:\windows\system32\psisrndr.ax
2010-07-10 01:37:56 217088 ----a-w- c:\windows\syswow64\psisrndr.ax
2010-07-07 01:39:12 12240896 ----a-w- c:\windows\syswow64\NlsLexicons0007.dll
2010-07-07 01:39:12 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-07-07 01:39:09 2644480 ----a-w- c:\windows\syswow64\NlsLexicons0009.dll
2010-07-07 01:39:09 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-07-07 01:38:52 801280 ----a-w- c:\windows\syswow64\NaturalLanguage6.dll
2010-07-07 01:38:52 1361920 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2010-07-06 15:19:21 310784 ----a-w- c:\windows\syswow64\unregmp2.exe
2010-07-06 15:19:14 8147456 ----a-w- c:\windows\syswow64\wmploc.DLL
2010-07-06 15:19:13 10624000 ----a-w- c:\windows\syswow64\wmp.dll
2010-07-06 15:18:52 372736 ----a-w- c:\windows\system32\unregmp2.exe
2010-07-06 15:18:48 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2010-07-06 14:42:58 189440 ----a-w- c:\windows\system32\t2embed.dll
2010-07-06 14:41:59 464384 ----a-w- c:\windows\system32\drivers\srv.sys
2010-07-06 14:40:47 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-07-06 14:39:50 1245184 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-07-06 14:38:52 368128 ----a-w- c:\windows\system32\wmpdxm.dll
2010-07-02 16:58:40 0 d-----w- c:\users\andrew\appdata\roaming\SafeReturner
2010-07-02 12:30:48 218112 ----a-w- c:\windows\system32\wintrust.dll
2010-07-02 12:30:48 171520 ----a-w- c:\windows\syswow64\wintrust.dll
2010-07-02 12:30:47 98304 ----a-w- c:\windows\syswow64\cabview.dll
2010-07-02 12:30:47 104960 ----a-w- c:\windows\system32\cabview.dll
2010-06-30 10:09:33 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-30 10:09:33 0 ----a-w- c:\windows\syswow64\config.nt
2010-06-30 10:09:11 38848 ----a-w- c:\windows\avastSS.scr
2010-06-30 10:09:11 165032 ----a-w- c:\windows\syswow64\aswBoot.exe
2010-06-30 10:09:05 0 d-----w- c:\programdata\Alwil Software
2010-06-30 10:09:05 0 d-----w- c:\program files\Alwil Software
2010-06-30 00:25:54 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-30 00:23:45 0 d-----w- c:\users\andrew\appdata\roaming\Malwarebytes
2010-06-30 00:23:39 0 d-----w- c:\programdata\Malwarebytes
2010-06-30 00:23:39 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-06-30 00:18:44 66652 ----a-w- c:\windows\system32\drivers\KmxAgent.asc
2010-06-29 22:35:10 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-06-29 22:34:45 0 d-----w- c:\users\andrew\appdata\roaming\SUPERAntiSpyware.com
2010-06-29 22:34:45 0 d-----w- c:\program files (x86)\SUPERAntiSpyware
2010-06-29 22:29:56 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard
2010-06-28 03:47:47 0 d-----w- c:\users\andrew\appdata\roaming\Symantec
2010-06-28 03:43:53 0 d-sh--we c:\programdata\Documents
2010-06-28 03:43:53 0 d-sh--we C:\Documents and Settings
2010-06-28 03:38:28 0 d-----w- c:\windows\i386
2010-06-28 03:37:30 135680 ----a-w- c:\windows\system32\igfxres.dll
2010-06-28 03:37:04 0 d-sh--w- C:\$RECYCLE.BIN
2010-06-28 03:31:46 3432 ----a-w- c:\windows\system32\USBMediaReaderPatch.vbs
2010-06-28 03:31:35 24536 ----a-w- c:\windows\system32\gateway.bmp
2010-06-28 03:31:02 0 d-----w- c:\windows\SMINST
2010-06-28 03:24:00 53488 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2010-06-28 03:24:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-28 03:24:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-28 03:24:00 0 d-----w- c:\program files (x86)\common files\PX Storage Engine
2010-06-28 03:23:59 0 d-----w- c:\program files (x86)\common files\Sonic Shared
2010-06-28 03:23:59 0 d-----w- c:\program files (x86)\common files\Napster Shared
2010-06-28 03:23:32 0 d-----w- c:\programdata\Napster
2010-06-28 03:23:17 0 d-----w- c:\program files (x86)\Napster
2010-06-28 03:20:30 267272 ----a-w- c:\windows\syswow64\xactengine2_10.dll
2010-06-28 03:20:29 266088 ----a-w- c:\windows\syswow64\xactengine2_8.dll
2010-06-28 03:20:29 17928 ----a-w- c:\windows\syswow64\X3DAudio1_2.dll
2010-06-28 03:20:28 81768 ----a-w- c:\windows\syswow64\xinput1_3.dll
2010-06-28 03:20:28 3497832 ----a-w- c:\windows\syswow64\d3dx9_34.dll
2010-06-28 03:19:31 0 d-----w- c:\program files (x86)\Gateway Games
2010-06-28 03:19:28 0 d-----w- c:\programdata\WildTangent
2010-06-28 03:19:06 0 d-----w- C:\Documents
2010-06-28 03:17:26 0 d-----w- c:\program files (x86)\Microsoft Money 2007
2010-06-28 03:17:23 0 d-----w- C:\google
2010-06-28 03:17:21 94208 ----a-w- c:\windows\system32\BAE.dll
2010-06-28 03:16:55 0 d-----w- c:\program files (x86)\MSN Messenger
2010-06-28 03:16:42 0 d-----w- c:\program files (x86)\Microsoft Office Suite Activation Assistant
2010-06-28 03:16:26 0 d-----w- c:\program files (x86)\NetZero
2010-06-28 03:13:47 0 d-----w- c:\windows\syswow64\Macromed
2010-06-28 03:13:43 0 ----a-w- c:\windows\system32\drivers\Gateway_T-6836_N-A_N1B87T1019996.MRK
2010-06-28 03:13:43 0 ----a-w- c:\windows\system32\drivers\Gateway_T-6836_N-A_N1B86T1028222.MRK
2010-06-28 03:12:06 7168 ----a-w- c:\windows\BigFixClientOverride.dll
2010-06-28 03:12:06 0 d-----w- c:\program files\BigFix
2010-06-28 03:10:48 0 d-----w- c:\windows\PCHEALTH
2010-06-28 03:09:28 0 d-----w- c:\program files\Microsoft Office
2010-06-28 03:08:55 0 d-----w- c:\programdata\Microsoft Help
2010-06-28 03:07:17 0 d-----w- c:\programdata\Adobe
2010-06-28 03:06:56 505392 ------w- c:\windows\syswow64\msvcp71.dll
2010-06-28 03:06:56 353840 ------w- c:\windows\syswow64\msvcr71.dll
2010-06-28 03:06:56 1066544 ------w- c:\windows\syswow64\MFC71.dll
2010-06-28 03:06:56 1053232 ------w- c:\windows\syswow64\MFC71u.dll
2010-06-28 03:04:04 0 d-----w- c:\program files (x86)\Symantec
2010-06-28 03:03:49 0 d-----w- c:\programdata\Symantec
2010-06-28 03:03:48 0 d-----w- c:\program files (x86)\common files\Symantec Shared
2010-06-28 02:59:12 0 d-sh--w- c:\windows\Installer
2010-06-28 02:59:03 0 d-----w- c:\program files\eBay
2010-06-28 02:57:52 62464 ----a-w- c:\windows\system32\drivers\RTSTOR64.sys
2010-06-28 02:57:52 5631520 ----a-w- c:\windows\system\DriveIcon.dll
2010-06-28 02:57:52 5430 ----a-w- c:\windows\system\MyMulti.ico
2010-06-28 02:57:52 38660 ----a-w- c:\windows\system\sd.ico
2010-06-28 02:57:52 37300 ----a-w- c:\windows\system\cf.ico
2010-06-28 02:57:52 37041 ----a-w- c:\windows\system\sm.ico
2010-06-28 02:57:52 34530 ----a-w- c:\windows\system\ms.ico
2010-06-28 02:56:58 20784 ----a-w- c:\windows\system32\drivers\UVCFTR_S.SYS
2010-06-28 02:56:58 0 d-----w- c:\program files\Camera Assistant Software for Gateway
2010-06-28 02:56:33 0 d-----w- c:\program files\CONEXANT
2010-06-28 02:56:19 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-06-28 02:56:10 0 d-----w- c:\program files\Synaptics
2010-06-28 02:55:00 150016 ----a-w- c:\windows\system32\drivers\Rtlh64.sys
2010-06-28 02:55:00 0 d-----w- c:\program files (x86)\Realtek
2010-06-28 02:54:22 5593088 ----a-w- c:\windows\system32\IDTSG64.cpl
2010-06-28 02:54:22 425984 ----a-w- c:\windows\sttray64.exe
2010-06-28 02:54:22 1603584 ----a-w- c:\windows\system32\stlang64.dll
2010-06-28 02:54:22 119296 ----a-w- c:\windows\system32\stacsv64.exe
2010-06-28 02:53:56 177664 ----a-w- c:\windows\system32\staco64.dll
2010-06-28 02:53:55 0 d-----w- c:\program files\IDT
2010-06-28 02:53:54 620544 ----a-w- c:\windows\system32\stapo64.dll
2010-06-28 02:53:54 391680 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2010-06-28 02:53:54 364544 ----a-w- c:\windows\system32\stapi64.dll
2010-06-28 02:53:54 347648 ----a-w- c:\windows\system32\stcplx64.dll
2010-06-28 02:53:53 0 d-----w- c:\program files (x86)\IDT
2010-06-28 02:53:41 126976 ----a-w- c:\windows\system32\Imsmudlg.exe
2010-06-28 02:53:41 0 d-----w- c:\windows\system32\ENU
2010-06-28 02:50:47 384024 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-06-28 02:50:43 16040 ----a-w- c:\windows\system32\results.xml
2010-06-28 02:48:09 920088 ----a-w- c:\windows\syswow64\igxpun.exe
2010-06-28 02:48:09 319456 ----a-w- c:\windows\syswow64\difxapi.dll
2010-06-28 02:48:09 0 d-----w- c:\windows\syswow64\x64
2010-06-28 02:48:09 0 d-----w- c:\windows\syswow64\Lang
2010-06-28 02:46:02 0 d-----w- C:\Intel
2010-06-28 02:46:00 2 --sh--r- C:\USER
2010-06-28 01:08:23 0 d-----w- c:\programdata\Logs
2010-06-28 01:07:34 7 ----a-w- c:\windows\syswow64\mkghj.dll
2010-06-28 01:06:49 95472 ----a-w- c:\windows\syswow64\Vetredir.dll
2010-06-28 01:06:49 252144 ----a-w- c:\windows\system32\isafprod64.dll
2010-06-28 01:06:49 201968 ----a-w- c:\windows\syswow64\Isafprod.dll
2010-06-28 01:06:49 140016 ----a-w- c:\windows\system32\isafeif64.dll
2010-06-28 01:06:49 128240 ----a-w- c:\windows\syswow64\Isafeif.dll
2010-06-28 01:06:49 103152 ----a-w- c:\windows\system32\vetredir64.dll
2010-06-28 01:06:31 0 d-----w- c:\windows\rnapxs
2010-06-28 01:04:56 0 d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2010-06-28 00:59:49 0 d-----w- c:\programdata\CA-SupportBridge
2010-06-28 00:55:06 0 d-----w- c:\programdata\Sun
2010-06-28 00:54:50 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-06-28 00:54:50 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-06-28 00:54:50 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-06-28 00:54:50 145184 ----a-w- c:\windows\syswow64\java.exe

==================== Find3M ====================

2010-07-10 02:36:51 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-07-10 02:36:51 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-10 02:36:51 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-07-10 02:36:51 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-26 16:53:52 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 16:16:50 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-26 14:56:53 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 14:25:15 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 18:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 19:18:31 1032704 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 19:12:17 86528 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 18:42:57 833024 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-04 18:42:38 1174528 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-04 18:41:08 146432 ----a-w- c:\windows\syswow64\occache.dll
2010-05-04 18:39:56 671232 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-04 18:39:32 476672 ----a-w- c:\windows\syswow64\mshtmled.dll
2010-05-04 18:39:32 3586048 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-04 18:39:31 458240 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-05-04 18:38:18 28160 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-04 18:37:46 6069248 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-04 18:37:46 270848 ----a-w- c:\windows\syswow64\iertutil.dll
2010-05-04 18:37:46 193024 ----a-w- c:\windows\syswow64\iepeers.dll
2010-05-04 18:37:45 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2010-05-04 18:37:45 389120 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-04 18:37:45 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2010-05-04 18:37:44 230400 ----a-w- c:\windows\syswow64\ieaksie.dll
2010-05-04 17:27:37 32768 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-04 16:53:56 26624 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-05-01 14:26:09 2749952 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:24:29 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-23 13:55:52 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-04-16 16:40:20 1570816 ----a-w- c:\windows\system32\quartz.dll
2010-04-16 16:35:56 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-04-16 16:10:05 1314816 ----a-w- c:\windows\syswow64\quartz.dll
2010-04-16 16:05:50 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2010-04-16 14:50:22 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-04-16 14:17:56 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:00:00.54 ===============


ATTACH DDS File

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/27/2010 10:44:09 PM
System Uptime: 7/11/2010 2:43:06 PM (1 hours ago)

Motherboard: Gateway | |
Processor: Intel® Core™2 Duo CPU T5750 @ 2.00GHz | U2E1 | 2000/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 217 GiB total, 177.426 GiB free.
D: is FIXED (NTFS) - 16 GiB total, 8.008 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.2
avast! Free Antivirus
Camera Assistant Software for Gateway
Compatibility Pack for the 2007 Office system
CyberLink Power2Go
Gateway Games
Gateway Recovery Center Installer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IDT Audio
Java Auto Updater
Java™ 6 Update 20
Java™ 6 Update 5
LabelPrint
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.6)
Napster
Napster Burn Engine
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek USB 2.0 Card Reader
SUPERAntiSpyware Free Edition
Update for Office 2007 (KB946691)
Windows Live Messenger

==== End Of File ===========================

Edited by melanielt, 11 July 2010 - 02:01 PM.
Move to AII as no logs posted and prep. guide not followed. ~ OB


BC AdBot (Login to Remove)

 


#2 melanielt

melanielt
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 11 July 2010 - 02:24 PM

There was nothing on my GMER log. DId I do it wrong?

Edited by Budapest, 13 July 2010 - 08:41 PM.
Moved back to the Logs forum now that logs have been added. ~BP


#3 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:12:22 PM

Posted 14 July 2010 - 11:22 PM

Hi melanielt
Welcome to Bleeping Computer.
I'm maranatha and I will be handling your log to help you get cleaned up.

Please do not add are download any programs unless told to do so.

Please do the following.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.
  • Close all open programs and windows
  • Double click combofix.exe and follow the prompts.
  • Vista users right click Combofix.exe and select Run As Administrator.
  • When finished, it shall produce a log for you. Post the Combofix log
Note: Do not mouse click combofix's window while its running. That may cause it to stall

If you are prompted to install the Recovery Console, Please do so.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#4 melanielt

melanielt
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 15 July 2010 - 10:41 AM

Maranatha- I think my problem is solved. I returned and exchanged my wireless motum to my cable company and I havent had the redirect problem since. DO you think its still in my computer or do you think I'm cured?

#5 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:12:22 PM

Posted 15 July 2010 - 11:41 AM

Hi
Lets see an on line scan.

Please do this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
Recycle bin


The rest are optional - if you want it to remove everything check "Select All".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.
Close ATF Cleaner

Now the scan.

Please do an online scan with Kaspersky WebScanner Using Internet Explorer Browser.

It's best to disable real time protection applications as they sometimes interfere with the scan.
Check this link for any applicable programs you may have.

Click on Accept, If your pop up blocker blocks any windows from opening.

Read then Click Accept on the Information page.
Windows Vista users you must open the web browser using the Run as Administrator command.
  • The program will launch and then begin downloading the latest definition files:
  • Under Scan on the left side, Click on My Computer
  • This will start the program and scan your system.
  • Click the “Scan Report” On the left side.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
  • Save the text file to your desktop.
  • Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here


#6 melanielt

melanielt
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:22 PM

Posted 15 July 2010 - 04:13 PM

Hi- I scanned my computer with the Kaspersky scanner and the report came up empty. There was nothing on it, so I am assuming that there is nothing to post to you?

#7 maranatha

maranatha

    Whats That !


  • Malware Response Team
  • 1,229 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Seattle Washington
  • Local time:12:22 PM

Posted 15 July 2010 - 10:09 PM

Hi
OK Very good. smile.gif

I will close this topic.

Surf Safely
maranatha

Windows7 Professional 64 Bit

 

I'm going in the wrong direction to be in a hurry!


unite_mo.jpg


My help is always free, But I do accept donations.
Donate Here





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users