Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect and Pop-ups


  • This topic is locked This topic is locked
27 replies to this topic

#1 browntown44

browntown44

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 25 November 2010 - 07:39 PM

I occasionally get a google redirecting bug in firefox(but only after I visit google images, type something there and when i click search, it takes me to google web results. If I go back to images, it does images fine and then when i modify that image search, it takes me back to the google web search, and this time, links always point to r3.google.com/.... the page never actually finishes loading and usually Norton gives me a green check mark next to results, but no signs of norton pop up next to the link) If i go to google.com straight and search, everything is fine. This happened before when i was on a public network one time, but when i connected back to my secured network at my apt near school, everything was fine again. I'm home for break and its happening again on my parents secured network while other computers connected to the same network are fine.

I just got this new hp laptop (Windows 7, 64-bit) a month and a half ago and I thought norton and avira were enough but I'm kinda upset a common virus/bug has already infected it and that norton/avira couldn't find anything (norton got rid of tracking cookies but no fix and manually removing the Local App firefox folder doesn't cut it either; I've obv tried tools-clear recent history, selected everything but active logins and site preferences - delete all and no success there either). The problem doesn't seem to exist in internet explorer (and one time i went to a site that required java and ie said you need to have java installed and i did...) but I hardly use that so I don't know how long i can use that worry free. I tried uninstalling firefox completely and java as well(the update 6tm 22 or something) but no dice upon reinstallation :(

I read the preparation guide and here is my DDS.txt log. Thank you so much in advance, I really do appreciate any help!

**EDIT: I found that ads continue to appear on other comps on my home network but no r3.google links nor the google image problem appears on other comps. Don't know if this makes a difference...

DDS (Ver_10-11-26.01) - NTFS_AMD64
Run by Gautam at 19:26:23.17 on Thu 11/25/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5942.3201 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Gautam\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\coIEPlg.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
LSA: Notification Packages = DPPassFilter scecli
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun-x64: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
mRun-x64: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
mRun-x64: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Gautam\AppData\Roaming\Mozilla\Firefox\Profiles\hg8kulxh.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\components\dpffcli.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1201000.025\symds64.sys [2010-10-26 450096]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1201000.025\symefa64.sys [2010-10-26 821808]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20101104.001\BHDrvx64.sys [2010-11-3 953904]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20101124.002\IDSviA64.sys [2010-10-19 476720]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1201000.025\ironx64.sys [2010-10-26 168496]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1201000.025\symnets.sys [2010-10-26 381488]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-11-17 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-11-17 203264]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-10-26 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-10-26 267944]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-10-26 83120]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-8-4 92216]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.1.0.37\ccsvchst.exe [2010-10-26 126904]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-16 2533400]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-2-23 2192176]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-11-17 7767552]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-11-17 279040]
R3 clwvd;HP Webcam Splitter;C:\Windows\System32\drivers\clwvd.sys [2010-6-25 32880]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-26 132656]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-30 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-26 151936]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-11-17 10610400]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2010-11-17 7821312]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-9-16 346144]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-4-16 39832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-3-18 7680512]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-9-16 232992]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-27 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

=============== Created Last 30 ================

2010-11-25 01:24:00 -------- d-----w- C:\Users\Gautam\AppData\Roaming\Malwarebytes
2010-11-25 01:23:50 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-25 01:23:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-25 01:23:50 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-25 01:21:02 -------- d-----w- C:\Users\Gautam\AppData\Local\Mozilla
2010-11-24 10:59:34 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-24 10:59:34 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-17 18:30:13 799232 ----a-w- C:\Windows\System32\NETwNc64.dll
2010-11-17 18:30:13 7821312 ----a-w- C:\Windows\System32\drivers\NETwNs64.sys
2010-11-17 18:30:13 2750464 ----a-w- C:\Windows\System32\NETwNr64.dll
2010-11-17 18:29:18 515584 ----a-w- C:\Windows\System32\drivers\stwrt64.sys
2010-11-17 18:29:17 646656 ------w- C:\Windows\System32\stapi64.dll
2010-11-17 18:29:17 431616 ----a-w- C:\Windows\System32\stcplx64.dll
2010-11-17 18:29:17 1466880 ----a-w- C:\Windows\System32\stapo64.dll
2010-11-17 18:29:12 -------- d-----w- C:\Program Files\IDT
2010-11-17 03:20:50 -------- d-----w- C:\Users\Gautam\AppData\Local\Sonic_Solutions
2010-11-16 14:55:24 -------- d-----w- C:\Windows\SysWow64\xlive
2010-11-16 14:55:24 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2010-11-16 14:54:39 -------- d-----w- C:\Windows\SysWow64\AGEIA
2010-11-16 14:53:43 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-11-16 14:37:34 -------- d-----w- C:\Program Files (x86)\Eidos
2010-11-16 14:35:52 -------- d-----w- C:\Users\Gautam\AppData\Local\Downloaded Installations
2010-11-14 06:50:56 -------- d-----w- C:\Users\Gautam\AppData\Local\Activision
2010-11-14 06:15:32 -------- d-----w- C:\Program Files (x86)\Activision
2010-11-14 02:19:17 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-14 01:46:30 -------- d-----w- C:\Users\Gautam\AppData\Local\NPE
2010-11-12 21:23:59 238088 ----a-w- C:\Windows\SysWow64\xactengine3_1.dll
2010-11-11 06:09:51 -------- d-----w- C:\Users\Gautam\AppData\Local\Diagnostics
2010-11-10 02:57:51 -------- d-----w- C:\PROGRA~3\ChessBase
2010-11-10 02:53:26 -------- d-----w- C:\Users\Gautam\AppData\Roaming\ChessBase
2010-11-10 02:39:09 520544 ----a-w- C:\Windows\System32\d3dx10_41.dll
2010-11-10 02:39:09 2430312 ----a-w- C:\Windows\System32\D3DCompiler_41.dll
2010-11-10 02:39:08 5425496 ----a-w- C:\Windows\System32\D3DX9_41.dll
2010-11-10 02:39:08 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
2010-11-10 02:39:06 521560 ----a-w- C:\Windows\System32\XAudio2_4.dll
2010-11-10 02:39:06 517448 ----a-w- C:\Windows\SysWow64\XAudio2_4.dll
2010-11-10 02:39:04 235352 ----a-w- C:\Windows\SysWow64\xactengine3_4.dll
2010-11-10 02:39:04 174936 ----a-w- C:\Windows\System32\xactengine3_4.dll
2010-11-10 02:39:03 24920 ----a-w- C:\Windows\System32\X3DAudio1_6.dll
2010-11-10 02:39:03 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_6.dll
2010-11-10 02:38:28 -------- d-----w- C:\Users\Gautam\AppData\Local\ChessBase
2010-11-10 02:36:36 -------- d-----w- C:\Program Files (x86)\Common Files\ChessBase
2010-11-10 02:33:10 -------- d-----w- C:\Program Files (x86)\ChessBase
2010-11-10 02:32:50 -------- d-----w- C:\Users\Gautam\AppData\Local\CrashDumps
2010-11-09 05:39:10 -------- d-----w- C:\PROGRA~3\Recovery
2010-11-08 02:42:39 -------- d-----w- C:\Program Files\Core Temp
2010-11-07 21:02:56 -------- d-----w- C:\Program Files\iTunes
2010-11-07 21:02:56 -------- d-----w- C:\Program Files\iPod
2010-11-07 21:02:56 -------- d-----w- C:\Program Files (x86)\iTunes
2010-11-07 21:02:56 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-11-07 21:00:04 -------- d-----w- C:\Program Files\Bonjour
2010-11-07 21:00:04 -------- d-----w- C:\Program Files (x86)\Bonjour
2010-11-06 18:25:01 -------- d-----w- C:\Users\Gautam\AppData\Roaming\Foxit Software
2010-11-06 18:24:47 75208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
2010-11-06 18:24:40 -------- d-----w- C:\Program Files (x86)\Foxit Software
2010-11-06 16:37:34 103864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 16:37:34 103864 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2010-11-03 00:46:03 -------- d-----w- C:\Users\Gautam\AppData\Roaming\Avira
2010-11-02 22:00:48 -------- d-----w- C:\Users\Gautam\AppData\Roaming\Macrovision
2010-11-02 03:03:58 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2010-11-02 03:03:37 -------- d-----w- C:\Windows\PCHEALTH
2010-11-02 03:03:37 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2010-11-02 03:02:32 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2010-11-02 03:01:39 -------- d-----w- C:\Program Files\Microsoft Analysis Services
2010-11-02 03:01:39 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2010-11-02 03:01:25 -------- d-----w- C:\Windows\SHELLNEW
2010-11-02 03:00:53 -------- d-----w- C:\Users\Gautam\AppData\Local\Microsoft Help
2010-11-02 02:37:46 -------- d-----w- C:\Program Files (x86)\UltraISO
2010-11-02 02:37:46 -------- d-----w- C:\Program Files (x86)\Common Files\EZB Systems
2010-11-01 02:23:48 -------- d-----w- C:\Users\Gautam\AppData\Local\Apple Computer
2010-11-01 02:23:27 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2010-11-01 02:23:27 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2010-11-01 02:23:27 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2010-11-01 02:23:14 -------- d-----w- C:\PROGRA~3\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
2010-11-01 02:20:58 -------- d-----w- C:\Users\Gautam\AppData\Local\Apple
2010-10-28 16:49:26 -------- d-----w- C:\Windows\en
2010-10-28 16:46:49 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b6698dc01cb76bf2d\InstallManager_WLE_WLE.exe
2010-10-28 16:46:34 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ae0f85c11cb76bf21\MeshBetaRemover.exe
2010-10-28 16:46:21 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a55c87061cb76bf1a\DXSETUP.exe
2010-10-28 16:46:20 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a55c87061cb76bf1a\DSETUP.dll
2010-10-28 16:46:20 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a55c87061cb76bf1a\dsetup32.dll
2010-10-28 16:46:19 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a4f3b18d1cb76bf19\DSETUP.dll
2010-10-28 16:46:19 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a4f3b18d1cb76bf19\DXSETUP.exe
2010-10-28 16:46:19 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a4f3b18d1cb76bf19\dsetup32.dll
2010-10-28 16:45:44 -------- d-----w- C:\Users\Gautam\AppData\Local\Windows Live
2010-10-28 16:45:20 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-10-28 16:45:20 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-10-28 16:45:20 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-10-28 16:45:20 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-10-28 16:45:20 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-10-28 16:45:19 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-10-28 16:45:19 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-10-28 16:14:59 -------- d-----w- C:\Users\Gautam\WareZ
2010-10-28 02:18:17 -------- d--h--w- C:\Users\Gautam\Manga
2010-10-27 23:59:40 -------- d-----w- C:\PROGRA~3\VirtualizedApplications
2010-10-27 21:49:17 -------- d-----w- C:\Users\Gautam\AppData\Roaming\SoftGrid Client
2010-10-27 21:49:17 -------- d-----w- C:\Users\Gautam\AppData\Local\SoftGrid Client
2010-10-27 21:48:27 -------- d-----w- C:\Users\Gautam\AppData\Roaming\TP
2010-10-27 16:29:44 -------- d-----r- C:\Program Files (x86)\Skype
2010-10-27 16:29:21 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2010-10-27 15:51:14 -------- d-----w- C:\Windows\SysWow64\Wat
2010-10-27 15:51:14 -------- d-----w- C:\Windows\System32\Wat
2010-10-27 15:16:58 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2010-10-27 15:16:58 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2010-10-27 15:16:58 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2010-10-27 15:16:58 444752 ----a-w- C:\Windows\System32\mscoree.dll
2010-10-27 15:16:58 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2010-10-27 15:16:58 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2010-10-27 15:16:58 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2010-10-27 15:16:58 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2010-10-27 15:16:58 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2010-10-27 15:16:58 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2010-10-27 15:12:31 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2010-10-27 15:12:31 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2010-10-27 15:06:53 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2010-10-27 15:05:52 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-10-27 15:05:49 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2010-10-27 15:05:46 223448 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2010-10-27 15:05:43 144384 ----a-w- C:\Windows\System32\cdd.dll
2010-10-27 15:05:31 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-10-27 15:05:31 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-10-27 15:05:02 1877504 ----a-w- C:\Windows\System32\msxml3.dll
2010-10-27 15:05:02 1233920 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-10-27 02:09:14 821808 ----a-w- C:\Windows\System32\drivers\NISx64\1201000.025\symefa64.sys
2010-10-27 02:09:14 715824 ----a-w- C:\Windows\System32\drivers\NISx64\1201000.025\srtsp64.sys
2010-10-27 02:09:14 450096 ----a-r- C:\Windows\System32\drivers\NISx64\1201000.025\symds64.sys
2010-10-27 02:09:14 40496 ----a-w- C:\Windows\System32\drivers\NISx64\1201000.025\srtspx64.sys
2010-10-27 02:09:14 381488 ----a-w- C:\Windows\System32\drivers\NISx64\1201000.025\symnets.sys
2010-10-27 02:09:14 168496 ----a-w- C:\Windows\System32\drivers\NISx64\1201000.025\ironx64.sys
2010-10-27 02:09:04 -------- d-----w- C:\Windows\System32\drivers\NISx64\1201000.025

==================== Find3M ====================

2010-11-25 21:09:05 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2010-11-25 04:10:44 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-17 18:28:54 487424 ----a-w- C:\Windows\sttray64.exe
2010-11-17 18:28:54 209920 ----a-w- C:\Windows\System32\staco64.dll
2010-11-17 18:28:54 1952256 ----a-w- C:\Windows\System32\stlang64.dll
2010-11-17 18:28:54 12829184 ----a-w- C:\Windows\System32\idtcpl64.cpl
2010-11-17 18:28:53 90624 ----a-w- C:\Windows\System32\AESTCo64.dll
2010-11-17 18:28:53 68608 ----a-w- C:\Windows\System32\AESTAR64.dll
2010-11-17 18:28:53 564224 ----a-w- C:\Windows\System32\idt64mp1.exe
2010-11-17 18:28:53 442368 ----a-w- C:\Windows\System32\AESTEC64.dll
2010-11-17 18:28:53 162304 ----a-w- C:\Windows\System32\AESTAC64.dll
2010-10-27 17:28:46 11320 ----a-w- C:\Windows\help\OEM\Scripts\HPSARedirectorLauncher.exe
2010-10-27 02:09:18 174640 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2010-10-14 06:36:52 15451288 ----a-w- C:\Windows\SysWow64\xlive.dll
2010-10-14 06:36:50 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
2010-09-23 04:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-23 04:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-21 18:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 18:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2010-09-16 09:38:29 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2010-09-16 09:38:29 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2010-09-16 08:54:35 0 ----a-w- C:\Windows\ativpsrm.bin
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 16:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

============= FINISH: 19:27:08.60 ===============

Attached Files


Edited by browntown44, 26 November 2010 - 11:17 AM.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:10:44 AM

Posted 03 December 2010 - 03:15 AM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



Regards,
Georgi :hello:

cXfZ4wS.png


#3 browntown44

browntown44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 04 December 2010 - 12:25 AM

It seems to be fine now, when I'm on my college network or a private one I have in my apt, none of those problems exist. I really do think its the network and I was wondering if you could give me a general description of how to reset it (when I go back home in a week). I know it involves some ipconfig /flushdns then /renew and /release or something right?

And no worries about the delay, I really do appreciate the response!

I didn't run the GMER because I had a 64-bit pc and the tutorial said to only run it on 32-bit windows...

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 04 December 2010 - 11:47 AM

Hi...it all depends. the flushing only works if we solve the root cause, which may be your router. What network were you on when you had the issue?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 browntown44

browntown44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 04 December 2010 - 02:01 PM

My network back home, where I will be back to in about a week... could this topic be on hold till then? I'll be happy to run the dds and all if its needed then too.

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 05 December 2010 - 11:22 AM

Sure, please ping me when you are back there. If you are redirected there, but not on other networks, it's likely your router is infected. I can walk you through resetting it and changing the relevant security settings to prevent it from being hijacked again.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 browntown44

browntown44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 12 December 2010 - 12:27 PM

Thank you for waiting etavares, I appreciate it! I'm all cozy and back home now, ready for your help! Anything you first need me to do?

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 13 December 2010 - 06:13 PM

Are you still getting redirected now that you're home? If not, I can help take a look to make sure there's no remaining malware. If yes, I can help diagnose what's going on.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 browntown44

browntown44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 13 December 2010 - 06:33 PM

Yup unfortunately so, but only during the times I mentioned in the first post. Nothing too serious, but some amount of pop-ups do filter through firefox also.

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 13 December 2010 - 06:45 PM

Could be a router infection. Let's look at that first since it only happens when you are on your home network.

Do you have a router AND a modem? (E.g. two boxes between the wall and your computer?) If yes...try using a network cable to connect your computer directly to the modem (box closest to the wall). Do you still have redirects and popups?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 browntown44

browntown44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 14 December 2010 - 03:11 PM

Yes we have a modem that has a coax like input from the wall, which feeds into a wireless router through an ethernet. Regardless of whether I use the wireless or a direct ethernet from the router, the redirect exists yet now (in either case) its not just r3.google but other prefixes as well (like 5c3f.r.google...) The internet doesn't function when I directly connect the comp to the modem...

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 14 December 2010 - 05:30 PM

OK, since your computer ONLY redirects on this one particular network (please STOP and correct me if I misunderstood that point), let's reset the router.


Router Reset
  • Please read this: Malware Silently Alters Wireless Router Settings

  • Consult this link to find out what is the default username and password of your router and note down them: Route Passwords

  • Then rest your router to it's factory default settings:

    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"


  • This is the difficult part.
    First get to the routers server. To do that type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.

  • Please make sure of the following settings:
    • Go to start => Control panel => Double-click Network and Sharing Center.
    • In the left window select Manage network Connection.
    • In the right window right-click Local Area connection and select Properties .
    • Internet Protocol Version 6 (IP6v) should be checked. Double-click on it: Make sure of the following settings:
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
    • Click OK.
    • Internet Protocol Version 4 (IP4v) should be checked. Double-click on it.[list]
    • The option Obtain an IP address automatically should be checked.
    • The option Obtain DNS server address automatically should be checked.
  • Click OK twice.
  • If you should change any setting reboot the computer.

==========

Please run the following command on your computer and post the logs.

Go to start > Run copy/paste the following line in the run box and click OK.

cmd /c (ipconfig /all&nslookup mbam-cdn.malwarebytes.org&ping -n 2 mbam-cdn.malwarebytes.org&route print) >log.txt&start log.txt

A command window opens. Wait until a log.txt file opens. Please post the content to your reply.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 browntown44

browntown44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 14 December 2010 - 09:05 PM

The netgear router we have doesn't have a rest button, yet it receives the data from a cisco modem, which does have a reset button. Would it be ok to reset that or is there some way to perhaps reset the router online?

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:44 AM

Posted 15 December 2010 - 06:22 PM

What is the model number of the netgear router? It should say it somewhere on it.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 browntown44

browntown44
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:44 AM

Posted 16 December 2010 - 10:58 PM

That seemed to have done the trick! (The router did have a button that was hidden amongst fan hole like stuff)

But the notepad text (I just edited the host name, for a little privacy thats all hope thats ok):

Windows IP Configuration

Host Name . . . . . . . . . . . . : ******-HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 00-26-C7-AA-43-D5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-26-C7-AA-43-D5
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® WiFi Link 1000 BGN
Physical Address. . . . . . . . . : 00-26-C7-AA-43-D4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::90f:6acb:97e2:b17e%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, December 16, 2010 9:05:37 PM
Lease Expires . . . . . . . . . . : Friday, December 17, 2010 9:05:37 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234890951
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-23-90-5B-64-31-50-5A-DF-EF
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{286A503B-237C-4FD8-9ABB-8EE4AE7FC5C1}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2083:261c:ba7a:d8ec(Preferred)
Link-local IPv6 Address . . . . . : fe80::2083:261c:ba7a:d8ec%16(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: mwbyte.vo.llnwd.net
Addresses: 208.111.168.7
208.111.168.6
Aliases: mbam-cdn.malwarebytes.org


Pinging mwbyte.vo.llnwd.net [208.111.168.6] with 32 bytes of data:
Reply from 208.111.168.6: bytes=32 time=53ms TTL=56
Reply from 208.111.168.6: bytes=32 time=51ms TTL=56

Ping statistics for 208.111.168.6:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 51ms, Maximum = 53ms, Average = 52ms
===========================================================================
Interface List
15...00 26 c7 aa 43 d5 ......Microsoft Virtual WiFi Miniport Adapter #2
14...00 26 c7 aa 43 d5 ......Microsoft Virtual WiFi Miniport Adapter
13...00 26 c7 aa 43 d4 ......Intel® WiFi Link 1000 BGN
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 281
192.168.1.4 255.255.255.255 On-link 192.168.1.4 281
192.168.1.255 255.255.255.255 On-link 192.168.1.4 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 58 ::/0 On-link
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:4137:9e76:2083:261c:ba7a:d8ec/128
On-link
13 281 fe80::/64 On-link
16 306 fe80::/64 On-link
13 281 fe80::90f:6acb:97e2:b17e/128
On-link
16 306 fe80::2083:261c:ba7a:d8ec/128
On-link
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users