Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect on google/dns change


  • Please log in to reply
1 reply to this topic

#1 fryrice

fryrice

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 01 October 2010 - 10:13 AM

When ever u use google search i get redirected. I already try malwarebyte. Still there... Also scan my computer using avg and generic2_c.BXGR / Exploit_c.KNA pop up. HELP!

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-23 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-23 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-21 24652]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-11-13 30560]
R3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\NtApm.sys [2008-7-19 9344]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.SYS [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\ct20xut.sys --> c:\windows\system32\drivers\CT20XUT.SYS [?]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\ct20xut.sys --> c:\windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\ctexfifx.sys --> c:\windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\ctexfifx.sys --> c:\windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\cthwiut.sys --> c:\windows\system32\drivers\CTHWIUT.SYS [?]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\cthwiut.sys --> c:\windows\system32\drivers\CTHWIUT.SYS [?]

=============== Created Last 30 ================

2010-10-01 07:13:57 0 d-----w- c:\program files\iPod
2010-10-01 07:13:55 0 d-----w- c:\program files\iTunes
2010-10-01 07:09:42 0 d-----w- c:\program files\Bonjour
2010-10-01 04:51:20 0 d-----w- c:\docume~1\macro\applic~1\SUPERAntiSpyware.com
2010-10-01 04:51:20 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-10-01 04:13:55 0 d-----w- c:\docume~1\macro\applic~1\Malwarebytes
2010-10-01 04:12:19 0 d-----w- c:\program files\SUPERAntiSpyware
2010-10-01 04:12:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-01 04:12:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 04:12:02 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-01 04:12:02 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2010-10-01 06:51:46 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-10-01 06:05:38 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-28 01:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 01:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-15 15:17:49 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 05:11:29 218808 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-09 23:24:26 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 23:24:18 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 23:24:18 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 23:24:16 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 23:24:16 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 23:24:16 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 22:38:00 6343040 ----a-w- c:\windows\system32\nv4_disp.dll
2010-07-09 22:38:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-09 22:38:00 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-09 22:38:00 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2010-07-09 22:38:00 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-09 22:38:00 236136 ----a-w- c:\windows\system32\nvcodins.dll
2010-07-09 22:38:00 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-07-09 22:38:00 2195030 ----a-w- c:\windows\system32\nvdata.bin
2010-07-09 22:38:00 1388544 ----a-w- c:\windows\system32\nvapi.dll
2010-07-09 22:38:00 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
2010-07-09 22:38:00 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-07 20:46:46 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2008-07-20 15:03:38 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2008-07-20 15:03:38 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2008-07-20 15:03:31 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008072020080721\index.dat
2008-07-20 15:03:38 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 2:10:14.41 ===============

Attached Files


Edited by fryrice, 01 October 2010 - 10:16 AM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:31 AM

Posted 05 October 2010 - 07:15 AM

Hello fryrice

Welcome to BleepingComputer smile.gif
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Please download Rootkit Unhooker and save it to your desktop.
  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.
Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users