Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect problems


  • Please log in to reply
17 replies to this topic

#1 natwin

natwin

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 13 September 2010 - 12:16 PM

Hello -

I recently began experiencing redirect problems with searches I do in Google. It is not consistent, but every once in a few times, when I click on a search result, I will get redirected to another site.

I first began noticing these problems about the same time my Zone Alarm firewall was warning me of multiple programs attempting to access the Internet. At the time, I did two full Malwarebytes scan, which found a number of items. (I initially stopped the first scan a few minutes into the process after it had detected a few problems, and then immediately restarted and ran a full second scan.) The problems continued to persist, at which point I ran a Hitman Pro scan, which detected three more things.

However, this morning I have noticed that I am still experiencing redirect problems. I re-ran Malwarebytes and Hitman Pro and both came up clean.

In the below posts are my Malwarebytes and Hitman Pro scans.

Thank you in advance!

ETA:

My apologies - I cannot locate a log for Hitman Pro. These are the three items that were detected:

avogologiw.dll
load[1].exe
e.exe


I have also run a TDSS scan which came up clean. Thank you.

Edited by natwin, 13 September 2010 - 12:24 PM.


BC AdBot (Login to Remove)

 


#2 natwin

natwin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 13 September 2010 - 12:19 PM

First Malwarebytes scan (the one that was stopped prematurely)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4597

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

9/11/2010 11:40:47 PM
mbam-log-2010-09-11 (23-40-47).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 1332
Time elapsed: 1 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\kbtmcws.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\40046438 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rjovulige (Trojan.Hiloti) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\REMOVED\Local Settings\Application Data\40046438.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\kbtmcws.dll (Trojan.Hiloti) -> Delete on reboot.

Edited by boopme, 18 September 2010 - 08:46 AM.


#3 natwin

natwin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 13 September 2010 - 12:25 PM

Second Malwarebytes scan (ran to completion). I rebooted the system after completion of this scan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4597

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

9/12/2010 1:19:02 AM
mbam-log-2010-09-12 (01-19-02).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 230270
Time elapsed: 1 hour(s), 36 minute(s), 21 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
c:\program files\common files\microsoft shared\MSEnv\publicassemblies\visualvisual.exe (Trojan.Downloader) -> Unloaded process successfully.
c:\program files\ArcSoft\photostudio 5.5\Plug-ins\FILTERS\3d text factory\librarydynamic.exe (Trojan.Downloader) -> Unloaded process successfully.
c:\program files\surething\STCD\Backgrnd\classic\zips\metalaahmbl01zjeblue.exe (Trojan.Downloader) -> Unloaded process successfully.
c:\program files\common files\microsoft shared\works shared\1033\wkgl70wkapclng.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\kbtmcws.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rjovulige (Trojan.Hiloti) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\microsoftstudio7.00.9466 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\librarydynamic1.0.0.3 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metalheavy (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\installmanager (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\horizontalpspscrpresetcrop35 (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\kbtmcws.dll (Trojan.Hiloti) -> Delete on reboot.
c:\program files\common files\microsoft shared\MSEnv\publicassemblies\visualvisual.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\ArcSoft\photostudio 5.5\Plug-ins\FILTERS\3d text factory\librarydynamic.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\surething\STCD\Backgrnd\classic\zips\metalaahmbl01zjeblue.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\common files\microsoft shared\works shared\1033\wkgl70wkapclng.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\Dell\media experience\IAPCSDK\installinstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\Corel\corel paint shop pro x\Presets\Inches\presetcrop35horizontalpspscr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\REMOVED\Local Settings\Application Data\40046437.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

Edited by boopme, 18 September 2010 - 08:50 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:01 PM

Posted 13 September 2010 - 04:24 PM

Hello, let's do these next

Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 natwin

natwin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 14 September 2010 - 01:32 AM

Hello - thanks for your help!

I ran ATF and SAS both in safe mode, followed by Malwarebytes quick scan in normal mode. I have attached SAS and mbam logs below. The Malwarebytes scan came up clean, but SAS detected many things.

After running these and booting back up again in normal mode, I tried several Google searches, and unfortunately, clicking on the results for one of them once again redirected me to another site.

One question I have - when I boot into safe mode to run the scans, does it matter whether I log in as Administrator or as myself? (I am running Windows XP Home SP2.) I realized after booting up normally, that I could not locate the SAS log because the scan was done as Administrator. (I had to log back in as Administrator to access the log.) My guess is this should not affect what the scan detects, but wanted to check.

Also, one other question. While I am using an ethernet connection for this computer (my desktop), it does go through a router that provides wifi for my netbook. I'm not sure if this configuration would make any difference in the troubleshooting process, but wanted to let you know.

Thank you again for your help!
Natwin




SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/13/2010 at 11:44 PM

Application Version : 4.42.1000

Core Rules Database Version : 5410
Trace Rules Database Version: 3222

Scan type : Complete Scan
Total Scan Time : 01:27:58

Memory items scanned : 279
Memory threats detected : 0
Registry items scanned : 8823
Registry threats detected : 1
File items scanned : 25833
File threats detected : 480

Disabled.SecurityCenterOption
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY

Adware.Tracking Cookie (EDIT:REMOVED AT OP REQUEST

Trojan.Agent/Gen-Nullo[Short]
C:\PROGRAM FILES\INTEL\PROSETWIRED\NCS\PROSET\SERVICESPROCOMPGENERAL.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACRORD32READER.EXE
C:\PROGRAM FILES\ADOBE\READER 8.0\READER\PLUG_INS\ACROFORM\PMP\DATAMATRIXPMPPDF417PMP.EXE
C:\PROGRAM FILES\ADOBE\READER 8.0\READER\PLUG_INS\IMAGEVIEWER\SVGCORESVGCORE.EXE
C:\PROGRAM FILES\ADOBE\READER 8.0\READER\PLUG_INS\MULTIMEDIA\MPP\ADOBEFLASH.EXE
C:\PROGRAM FILES\CANON\CSCLIB\DIGITALLIBRARY1001.EXE
C:\PROGRAM FILES\CANON\PHOTORECORD\PROGRAM\PHOTORECORD7BJPRPZ.EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\DRIVER\11\INTEL 32\OBJECTPSINSTALLSHIELD11.00.28844.EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\ISCRIPT\ENGINEISCRIPT6311001190.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\CDO\MICROSOFTEXCHANGE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DASHBOARD COMPONENTS\10\MSDDSCSERVER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\1040\DWINTL20MICROSOFT.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DW\2052\REPORTINGDWINTL20.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\HELP\1040\HELPHXDSUI.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\HELP\1041\MICROSOFTRHELP2.05.50727.210.0507272100.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\HELP\2052\MICROSOFTHXDSUI.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\INK\WINDOWSINKDIV.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE11\1033\MICROSOFTRMSXML5R5.20.1072.0.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE12\1033\OFFICESYSTEM12.0.4518.1014.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\PROOF\MSLIDMSHY3ES.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\SMART TAG\1033\SYSTEMMICROSOFT.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\TRANSLAT\OFFICEMSB1CORE.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VBA\VBA6\1033\ENVIRONMENTBASIC.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WEB SERVER EXTENSIONS\40\BIN\MICROSOFTFP4AWEC.EXE
C:\PROGRAM FILES\COMMON FILES\MSSOAP\BINARIES\RESOURCES\1033\SOAPMSSOAPR.EXE
C:\PROGRAM FILES\COMMON FILES\SCANSOFT SHARED\SCNWRESSCANNERWIZARD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\COMPONENTSYMLCTNK.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\ADO\MSJRODATA.EXE
C:\PROGRAM FILES\COREL\COREL PAINT SHOP PRO X\MASKS\EDGES\EDGEBURSTPSPM.EXE
C:\PROGRAM FILES\COREL\COREL PAINT SHOP PRO X\STYLED LINES\DASHED LINES\DOTPSPSTYLEDLDASH.EXE
C:\PROGRAM FILES\COREL\COREL PAINT SHOP PRO X\SCRIPTS-TRUSTED\PHOTO\EDGESCOLORPSPSCR.EXE
C:\PROGRAM FILES\COREL\COREL PHOTO ALBUM 6\CAMERAS\CAMWIACAMWIA.EXE
C:\PROGRAM FILES\COREL\COREL PHOTO ALBUM 6\CONTENT\PROJECTS\TEMPLATES\COLLAGE\H01THUMBBASIC.EXE
C:\PROGRAM FILES\COREL\COREL PHOTO ALBUM 6\PHOTOSERVICES\ORCACM22LIBRARY.EXE
C:\PROGRAM FILES\DELL\MEDIA EXPERIENCE\FILTERS\MPGVOUTMAINCONCEPT.EXE
C:\PROGRAM FILES\DELL\MEDIA EXPERIENCE\IAPCSDK\WIN\SETUP\INUNINSTINUNINST2.06.09.1107.EXE
C:\PROGRAM FILES\DELL\MEDIA EXPERIENCE\PLUGINS\DVDPLAYBACK\DVDPLAYBACKDVDPLAYBACK.EXE
C:\PROGRAM FILES\DELL\MEDIA EXPERIENCE\PLUGINS\FILEIMPORT\FILEIMPORTFILEIMPORT.EXE
C:\PROGRAM FILES\DELL\MEDIA EXPERIENCE\PLUGINS\PHOTO CLICK\FLASH\MICROSOFTOPERATING.EXE
C:\PROGRAM FILES\DELL\MEDIA EXPERIENCE\SONICMAINCONCEPT.EXE
C:\PROGRAM FILES\DELLSUPPORT\GTACTION\HANDLERS\TRIGGERHANDLERPNPH.EXE
C:\PROGRAM FILES\ENCARTA\ENCARTA ENCYCLOPEDIA STANDARD EDITION 2006\1033\REPORTINGMICROSOFT.EXE
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.EXE
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIERGOOGLETOOLBARNOTIFIER.EXE
C:\PROGRAM FILES\HRBLOCK2009\PDF995\THINSETUPSOFTWARE995.EXE
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{85D3CC30-8859-481A-9654-FD9B74310BEF}\SETUP2KSETUP.EXE
C:\PROGRAM FILES\INSTALLSHIELD INSTALLATION INFORMATION\{B9C54C44-BB5A-4B03-8907-C01A9790195A}\ISPNICKELSETUP2K.EXE
C:\PROGRAM FILES\MICROSOFT LOCATION FINDER\WIFIAUTOMAPPOINT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\WINDOWSCUSTSAT7.00.5730.13.EXE
C:\PROGRAM FILES\JAVA\JRE6\BIN\NEW_PLUGIN\JAVAVISUAL.EXE
C:\PROGRAM FILES\MICROSOFT MONEY 2006\MNYCOREFILES\1033\REPORTINGMICROSOFT.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\NLSDATA000AOART.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ONENOTE\ONENOTEOFFICE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\QUERIES\INVESTORMONEYCENTRAL15923.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\RICHINKRICHINK3.1.1038.EXE
C:\PROGRAM FILES\MSN\MSNCOREFILES\OOBE\COMMUNICATIONSSYSTEM.EXE
C:\PROGRAM FILES\MICROSOFT.NET\PRIMARY INTEROP ASSEMBLIES\VISUALMSHTML.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\COMPONENTS\JUKEBOXMMPRINTER.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\PLUGINS\PORTABLE2004\WMDM\MUSICMATCHWMDM1.01.0041.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH MUSIC SERVICES\MUSICMATCH UPDATE\WMP\MMC70UVISUAL.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH UPDATE\MMJB\SONIC\MASTERINGPXMAS.EXE
C:\PROGRAM FILES\OXYGEN XML EDITOR 11\JRE\BIN\LIBRARYW2KLSAAUTH.EXE
C:\PROGRAM FILES\PALM\HELPNOTE\TROUBLESHOOTING\SAFEHOTSYNC24099.EXE
C:\PROGRAM FILES\PALM\HELPNOTE\Z22GETTINGSTARTED.EXE
C:\PROGRAM FILES\QUICKTIME\PLUGINS\PLUGINQUICKTIME.EXE
C:\PROGRAM FILES\SURETHING\STCD\BACKGRND\CLASSIC\ZIPS\HEAVYMETAL.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\S32LUIS1SYMANTECROOTINSTALLER.EXE
C:\PROGRAM FILES\WEBCYBERCOACH\B_DELL\DLLS\MAIN\SVERSIONSVERSION.EXE
C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YMEREMOTEMESSENGER.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1435\A0255231.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1435\A0255233.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255868.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255857.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255858.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255859.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255860.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255861.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255862.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255863.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255864.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255865.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255866.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255867.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255886.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255869.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255870.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255871.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255872.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255873.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255874.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255875.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255876.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255877.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255878.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255879.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255880.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255881.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255882.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255883.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255884.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255885.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255904.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255887.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255888.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255889.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255890.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255891.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255892.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255893.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255894.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255895.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255896.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255897.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255898.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255899.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255900.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255901.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255902.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255903.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255922.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255905.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255906.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255907.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255908.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255909.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255910.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255911.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255912.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255913.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255914.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255915.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255916.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255917.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255918.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255919.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255920.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255921.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255923.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255924.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255925.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255938.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441\A0255939.EXE

Malware.Installer-Pkg/Gen
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE






Malwarebytes quick scan:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4611

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

9/14/2010 12:34:52 AM
mbam-log-2010-09-14 (00-34-52).txt

Scan type: Quick scan
Objects scanned: 150581
Time elapsed: 13 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by boopme, 18 September 2010 - 08:49 AM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:01 PM

Posted 14 September 2010 - 10:40 AM

Hello, I would like to do one more scan to be sure then we'll mop up.


ESET
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Export to text file... to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Eset Smart Installer icon on your desktop.
  • Check the "YES, I accept the Terms of Use"
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push "List of found threats"
  • Push "Export to text file", and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the "<<Back" button.
  • Push Finish
In your next reply, please include the following:
  • Eset Scan Log


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 natwin

natwin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 14 September 2010 - 11:44 AM

Thank you - I will do the ESET scan.

One question - should I uncheck the "Remove threats" box when I start the scan?

Thanks you,
Natwin

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:01 PM

Posted 14 September 2010 - 12:30 PM

No, let it remove them.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 natwin

natwin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 14 September 2010 - 06:00 PM

I ran the ESET scan, which detected and removed one item. The log is below.

I tried some more Google searches, and got redirected again on the fourth or fifth one I tried. :thumbsup:

Here is the log.

C:\Documents and Settings\Bert\Application Data\Sun\Java\Deployment\cache\6.0\39\184dc127-31bcfe79 Java/TrojanDownloader.Agent.NBJ trojan deleted - quarantined

Edited by boopme, 18 September 2010 - 08:50 AM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:01 PM

Posted 14 September 2010 - 07:21 PM

We look cleasr here ... If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 natwin

natwin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 14 September 2010 - 08:10 PM

Since I am still experiencing redirects, would this mean there is still something that hasn't been detected and deleted yet? As far as I can tell, the frequency is still similar to before (e.g., once every 4-5 times).

Thanks,
Natwin

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:01 PM

Posted 16 September 2010 - 08:22 PM

Hello, sorry a family emergency had me away a few days. If you still neeed help.
please run DrWeb.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the anti-virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 natwin

natwin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 16 September 2010 - 08:37 PM

Thanks boopme. I hope everything is ok with your family.

Before I start on DrWeb, I wanted to update you. I hadn't taken any further scans since last time, other than another Malwarebytes scan that came up clean. I've been going online intermittently (although not logging into e-mail, etc). Today, the computer started acting funny - it wouldn't open a pdf file of a paper for a class, and then wouldn't open Malwarebytes. I ran a McAfee scan (which previously had not caught anything) , and it detected 40 processes, only one of which it could remove. The others were all SUSP_IRP_MJ_CREATE, and seemed to be TDSS. Several days ago, I had run the program that scans for TDSS and it had come up empty. Should I try that again first?


Thanks,
Natwin

ETA: Just now I was able to open Malwarebytes open. Not sure if the one file that McAfee was able to delete made the difference. However, I cannot update.

Edited by natwin, 16 September 2010 - 08:41 PM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:01 PM

Posted 16 September 2010 - 09:37 PM

Thanks alls good now,just a lot of catching up to do here.

It appears there are still infections unless McAfee is blocking updates...
Please ensure these items are excluded from your Antivirus AND your Firewall.

Exclude Malwarebytes' Anti-Malware's Files and Folders From Other Active Security Programs:

For Windows XP:

•C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
•C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
•C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
•C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll
•C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
•C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
•C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
•C:\Windows\System32\drivers\mbam.sys
•C:\Windows\System32\drivers\mbamswissarmy.sys


DrWeb will look for TDDS as well as others.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 natwin

natwin
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 17 September 2010 - 10:49 AM

Hi Boopme,

I completed the DrWeb scans. Initially, I downloaded from the CNET site, but it wasn't until it was partway through the first (shorter) scan, that I realized the virus definitions were out of date. I let that scan run to completion - one item picked up in pciide.sys, but unfortunately, I did not properly save the log for that. I then tried to do the update, which sent me to the original DrWeb site, and re-downloaded the program (not saved as a random filename). I ran this, both the short and complete scans. 13 items were found. The log is below.

Unfortunately, the redirects are still happening. :thumbsup:

My desktop is hooked up to a wireless router, and I've seen it mentioned that the router could be harboring a virus also? I am planning to disconnect the router, and wire the computer directly to my cable modem.

Should I re-run the scans I've done so far with the router disconnected?

Thanks,
Natwin



DrWeb log:


7da2181320101670.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da2181320101670.bup;Trojan.DownLoader.59802;;
7da2181320101670.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Container contains infected objects;Moved.;
7da21a15112930d0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da21a15112930d0.bup;Trojan.Siggen1.58689;;
7da21a15112930d0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Container contains infected objects;Moved.;
7da21a4c2b2710.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da21a4c2b2710.bup;Trojan.DownLoad1.42313;;
7da21a4c2b2710.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Container contains infected objects;Moved.;
7da81017103d80.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81017103d80.bup;Trojan.MulDrop1.40879;;
7da81017103d80.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Container contains infected objects;Moved.;
7da810241733c0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da810241733c0.bup;Trojan.Click.1487;;
7da810241733c0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Container contains infected objects;Moved.;
7da891431101860.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da891431101860.bup;Trojan.MulDrop1.40879;;
7da891431101860.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Container contains infected objects;Moved.;
3 Months Free NetZero.exe;C:\Documents and Settings\All Users\Start Menu;Trojan.Click.1487;Deleted.;
6973d79a-12e3f847\dev/s/AdgredY.class;C:\Documents and Settings\\Application Data\Sun\Java\Deployment\cache\6.0\26\6973d79a-12e3f847;Java.Downloader.49;;
6973d79a-12e3f847;C:\Documents and Settings\\Application Data\Sun\Java\Deployment\cache\6.0\26;Archive contains infected objects;Moved.;
update[1].exe;C:\Documents and Settings\\Local Settings\Temporary Internet Files\Content.IE5\IHC98ZFZ;Trojan.Inject.9856;Deleted.;
A0257512.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1444;Trojan.Inject.9856;Deleted.;
A0257513.dll;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1444;BackDoor.Tdss.4246;Deleted.;
A0257574.sys;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1444;BackDoor.Tdss.2459;Cured.;
A0257641.exe;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1444;Trojan.Click.1487;Deleted.;

Edited by boopme, 18 September 2010 - 08:52 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users