Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

occasional redirect


  • Please log in to reply
12 replies to this topic

#1 wolowitz

wolowitz

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 27 May 2011 - 03:33 PM

Hi,

I'm not completely sure if i've been infected with a google redirect virus, but occasionally I will be redirected from a google search somewhere else. This happens once every few days or so, so I'm assuming that I am infected.

I did a google search on "google redirect" and got to the following page, which had a recommended fix:

http://www.personalcomputerfixes.com/spyware/how-to-remove-the-google-redirect-virus/

it suggested running combofix, which I did, but it never got past the message "scanning, can take up to 10 minutes, or easily double that if heavily infected". No stage numbers appeared. I let it go for well past 20 minutes.

After a while, i just rebooted the computer. Then I started seeing advice online about not trying to use combofix as a new user. oops.

Question: is there a possibility i screwed up something by interrupting combofix, which seemed to have stalled out?

Next question: am I possibly infected, and can you help?

Thanks.

Edited by wolowitz, 27 May 2011 - 03:40 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:01 AM

Posted 27 May 2011 - 03:53 PM

Hello, wolowitz,, We may be OK. What we can do now is run two scans and see what they return,

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the compute



Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
[color=green]Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 wolowitz

wolowitz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 28 May 2011 - 12:10 AM

Boopme,

Thanks for your help. TDSSKiller.exe did not detect any malicious objects. There is the log file:

2011/05/27 14:59:46.0093 4868 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/27 14:59:48.0093 4868 ================================================================================
2011/05/27 14:59:48.0093 4868 SystemInfo:
2011/05/27 14:59:48.0093 4868
2011/05/27 14:59:48.0093 4868 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/27 14:59:48.0093 4868 Product type: Workstation
2011/05/27 14:59:48.0093 4868 ComputerName:
2011/05/27 14:59:48.0093 4868 UserName:
2011/05/27 14:59:48.0093 4868 Windows directory: C:\WINDOWS
2011/05/27 14:59:48.0093 4868 System windows directory: C:\WINDOWS
2011/05/27 14:59:48.0093 4868 Processor architecture: Intel x86
2011/05/27 14:59:48.0093 4868 Number of processors: 1
2011/05/27 14:59:48.0093 4868 Page size: 0x1000
2011/05/27 14:59:48.0093 4868 Boot type: Normal boot
2011/05/27 14:59:48.0093 4868 ================================================================================
2011/05/27 14:59:48.0750 4868 Initialize success
2011/05/27 15:00:49.0531 5464 ================================================================================
2011/05/27 15:00:49.0531 5464 Scan started
2011/05/27 15:00:49.0531 5464 Mode: Manual;
2011/05/27 15:00:49.0531 5464 ================================================================================
2011/05/27 15:00:51.0218 5464 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/27 15:00:51.0390 5464 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/27 15:00:51.0687 5464 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/05/27 15:00:51.0859 5464 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/05/27 15:00:52.0343 5464 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/05/27 15:00:52.0546 5464 ALCXWDM (a886a879d2d05d942c3565c4d451ec23) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/05/27 15:00:53.0171 5464 ASPI32 (5b01af89d16d562825c4db4530f20cbb) C:\WINDOWS\system32\drivers\ASPI32.sys
2011/05/27 15:00:53.0328 5464 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/27 15:00:53.0437 5464 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/27 15:00:53.0609 5464 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/27 15:00:53.0796 5464 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/27 15:00:53.0953 5464 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/27 15:00:54.0078 5464 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/27 15:00:54.0296 5464 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/27 15:00:54.0437 5464 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/27 15:00:54.0578 5464 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2011/05/27 15:00:54.0703 5464 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2011/05/27 15:00:54.0875 5464 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/27 15:00:54.0984 5464 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
2011/05/27 15:00:55.0453 5464 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/27 15:00:55.0640 5464 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/27 15:00:55.0906 5464 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/27 15:00:56.0062 5464 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/27 15:00:56.0187 5464 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/27 15:00:56.0375 5464 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/27 15:00:56.0609 5464 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/27 15:00:56.0796 5464 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/27 15:00:56.0968 5464 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/27 15:00:57.0156 5464 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/27 15:00:57.0328 5464 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/27 15:00:57.0468 5464 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/27 15:00:57.0609 5464 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/27 15:00:57.0796 5464 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/05/27 15:00:57.0921 5464 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/27 15:00:58.0046 5464 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/27 15:00:58.0343 5464 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/27 15:00:58.0640 5464 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/27 15:00:58.0812 5464 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/27 15:00:58.0937 5464 InCDfs (ae40e010d145aa371fe3a551c44f74f4) C:\WINDOWS\system32\drivers\InCDfs.sys
2011/05/27 15:00:59.0078 5464 InCDPass (efc1883a3cfcdd72222c428ef0a38695) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
2011/05/27 15:00:59.0218 5464 InCDrec (8413063a0e2b4da05d5d87075021fb75) C:\WINDOWS\system32\drivers\InCDrec.sys
2011/05/27 15:00:59.0625 5464 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/27 15:00:59.0812 5464 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/27 15:00:59.0953 5464 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/27 15:01:00.0109 5464 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/27 15:01:00.0281 5464 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/27 15:01:00.0437 5464 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/27 15:01:00.0609 5464 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/27 15:01:00.0781 5464 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/27 15:01:00.0953 5464 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/27 15:01:01.0125 5464 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/27 15:01:01.0437 5464 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/05/27 15:01:01.0593 5464 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/05/27 15:01:01.0875 5464 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/05/27 15:01:02.0046 5464 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/05/27 15:01:02.0250 5464 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/05/27 15:01:02.0406 5464 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/05/27 15:01:02.0437 5464 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/05/27 15:01:02.0578 5464 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/05/27 15:01:02.0734 5464 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2011/05/27 15:01:02.0875 5464 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2011/05/27 15:01:03.0000 5464 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/05/27 15:01:03.0140 5464 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/27 15:01:03.0265 5464 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/27 15:01:03.0406 5464 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/27 15:01:03.0531 5464 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/27 15:01:03.0687 5464 MPFP (136157e79849b9e5316ba4008d6075a8) C:\WINDOWS\system32\Drivers\Mpfp.sys
2011/05/27 15:01:03.0890 5464 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/27 15:01:04.0078 5464 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/27 15:01:04.0281 5464 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/27 15:01:04.0421 5464 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/27 15:01:04.0562 5464 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/27 15:01:04.0734 5464 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/27 15:01:04.0875 5464 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/27 15:01:05.0015 5464 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/27 15:01:05.0171 5464 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/27 15:01:05.0343 5464 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/27 15:01:05.0437 5464 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/27 15:01:05.0562 5464 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/27 15:01:05.0703 5464 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/27 15:01:05.0859 5464 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/27 15:01:05.0984 5464 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/27 15:01:06.0171 5464 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/27 15:01:06.0328 5464 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/27 15:01:06.0515 5464 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/27 15:01:06.0750 5464 nv (aa1dd84821732d77102ddac6d773941c) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/27 15:01:07.0046 5464 nvatabus (06f86506555644cba020cd2cffe28668) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
2011/05/27 15:01:07.0187 5464 nvax (c940418d48b98359e9ccbad695e5f530) C:\WINDOWS\system32\drivers\nvax.sys
2011/05/27 15:01:07.0312 5464 NVENETFD (78f052b466ff12fca013fe5a6466b03e) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/05/27 15:01:07.0437 5464 nvnetbus (f361d10293bd8b90504e8394975d66b5) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/05/27 15:01:07.0593 5464 nvnforce (b000a8b4946f786a56c7b020620b3a46) C:\WINDOWS\system32\drivers\nvapu.sys
2011/05/27 15:01:07.0765 5464 nvraid (e182f94d65deda3668c23ee5bc8e980f) C:\WINDOWS\system32\DRIVERS\nvraid.sys
2011/05/27 15:01:07.0953 5464 nv_agp (c0fcd544a1c4eea6d11a0ae6a07dac9d) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
2011/05/27 15:01:08.0078 5464 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/27 15:01:08.0218 5464 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/27 15:01:08.0343 5464 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/27 15:01:08.0484 5464 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/27 15:01:08.0625 5464 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/27 15:01:08.0781 5464 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/27 15:01:08.0984 5464 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sy@
2011/05/27 15:01:09.0125 5464 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/27 15:01:09.0687 5464 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/05/27 15:01:09.0859 5464 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/27 15:01:10.0000 5464 PQNTDrv (04f3971b70a7855f04d351aa4bee7799) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2011/05/27 15:01:10.0140 5464 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/27 15:01:10.0296 5464 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/27 15:01:10.0437 5464 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/27 15:01:10.0562 5464 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/05/27 15:01:11.0000 5464 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/27 15:01:11.0171 5464 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/27 15:01:11.0312 5464 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/27 15:01:11.0453 5464 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/27 15:01:11.0593 5464 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/27 15:01:11.0781 5464 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/27 15:01:11.0984 5464 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/27 15:01:12.0187 5464 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/27 15:01:12.0343 5464 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/27 15:01:12.0515 5464 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/27 15:01:12.0640 5464 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/27 15:01:12.0812 5464 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/27 15:01:12.0968 5464 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/27 15:01:13.0250 5464 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/27 15:01:13.0406 5464 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/27 15:01:13.0562 5464 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/27 15:01:13.0750 5464 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/27 15:01:13.0890 5464 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/27 15:01:14.0343 5464 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/27 15:01:14.0515 5464 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/27 15:01:14.0687 5464 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/27 15:01:14.0843 5464 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/27 15:01:14.0968 5464 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/27 15:01:15.0187 5464 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/27 15:01:15.0390 5464 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/27 15:01:15.0578 5464 USB200M (f15fa1133b544b670132da0a0fbb7088) C:\WINDOWS\system32\DRIVERS\USB200M2.sys
2011/05/27 15:01:15.0750 5464 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/27 15:01:15.0906 5464 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/27 15:01:16.0000 5464 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/27 15:01:16.0109 5464 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/05/27 15:01:16.0250 5464 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/27 15:01:16.0390 5464 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/27 15:01:16.0531 5464 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/27 15:01:16.0812 5464 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/27 15:01:16.0984 5464 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/27 15:01:17.0265 5464 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/27 15:01:17.0406 5464 WINIO (363438fbfd6dbf489c2d65ab25c2c5b4) C:\WINDOWS\system32\winio.sys
2011/05/27 15:01:17.0687 5464 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/27 15:01:17.0875 5464 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/27 15:01:17.0968 5464 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/05/27 15:01:18.0109 5464 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk1\DR1
2011/05/27 15:01:18.0218 5464 ================================================================================
2011/05/27 15:01:18.0218 5464 Scan finished
2011/05/27 15:01:18.0218 5464 ================================================================================
2011/05/27 15:01:18.0250 0420 Detected object count: 0
2011/05/27 15:01:18.0250 0420 Actual detected object count: 0
2011/05/27 15:01:33.0546 5468 ================================================================================


Malwarebytes also did not turn up any issues. Here is the log file:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6697

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5/27/2011 10:36:16 PM
mbam-log-2011-05-27 (22-36-16).txt

Scan type: Full scan (C:\|D:\|F:\|H:\|)
Objects scanned: 309060
Time elapsed: 1 hour(s), 44 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 wolowitz

wolowitz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 28 May 2011 - 12:14 AM

Boopme,

So according to my log files, am I redirect virus free? Do redirects occasionally happen on their own?

Did killing combofix do anything bad to my computer?

There is a combofix-created (I assume) directory in my c: drive called "ComboFix." can I safely delete this?

Thanks again

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:01 AM

Posted 28 May 2011 - 06:46 PM

I think you are OK with ComboFix. You dodged a bullet. This is one of the reasons why you should not run it on your own.
:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

There are occaision where a site redirects itself,usually they have upgraded or moved their page and don't want you to get lost.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 wolowitz

wolowitz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 29 May 2011 - 03:24 AM

Thanks for the help, I will uninstall combofix and not run it again w/o guidance :)

still wondering a bit about my redirects....i did a google search on "disable mcafee" and open some new tabs for the results. One of the tabs went to

http://www.pcsecurityshield.com/lp/shield-deluxe-51.aspx?aid=wps766&subid=4mcafee+antivirus

which was not a returned search link. Is this one legitimate and not a redirect? I'm not sure which search result led to that link, but i'm pretty sure it wasn't one of the ones returned from the google search...

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:01 AM

Posted 29 May 2011 - 08:42 PM

Ok, yes there is something not quite right.

Since it's still redirecting>>>
Change your DNS Servers:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.
If the above commands did not resolve the problem, the next thing to try is to reset your network settings and Configure TCP/IP to use DNS.
  • Go to Posted Image > Control Panel, and choose Network Connections.
  • Right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and and choose Properties.
  • Double-click on Internet Protocol (TCP/IP) or highlight it and select Properties.
  • Under the General tab, write down any settings in case you should need to change them back.
  • Select the button that says "Obtain an IP address automatically" or make sure the DNS server IP address is the same as provided by your ISP.
  • Select the button that says "Obtain DNS servers automatically".
  • If unknown Preferred or Alternate DNS servers are listed, uncheck the box that says "Use the following DNS server address".
  • Click OK twice to get out of the properties screen and restart your computer. If not prompted to reboot go ahead and reboot manually.
-- Vista users can refer to How to Change TCP/IP settings

CAUTION: It's possible that your ISP (Internet Service Provider) requires specific DNS settings here. Make sure you know if you need these settings or not BEFORE you make any changes or you may lose your Internet connection. If you're sure you do not need a specific DNS address,
then you may proceed.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 wolowitz

wolowitz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 29 May 2011 - 09:45 PM

the dns flush failed.

I did the network settings reset, will see if that helped. thanks!

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:01 AM

Posted 29 May 2011 - 10:22 PM

Ok let me know.. we sy=till mat have to reset the HOSTS file and/or the router.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 wolowitz

wolowitz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 30 May 2011 - 02:37 PM

still getting occasional redirect, this time to easymanagedhost.com. thanks.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:01 AM

Posted 30 May 2011 - 09:25 PM

Reset the Hosts to default.

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.

Are you on a router,is it wireless and is there more than one machine on it?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 wolowitz

wolowitz
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 31 May 2011 - 09:48 PM

did the auto fixit thing to reset hosts file.

i am on a router, it is wireless, there are 2 computers hooked up via ethernet cable.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:01 AM

Posted 01 June 2011 - 09:19 AM

We have 2 options left ther than reinstall. One is the router is infected. two is the malware is protected and we'll need to move you.

1) Your router is hijacked by trojan DNS-hijacker.

First if there are other machines on this router they need to install and update MBAM,DO NOT run yet. You now need to disconnect from the internet. Then scan each PC then reset the router.

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don?t know the router's default password, you can look it up HERE.
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

As there are other infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site HERE for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router.


2) We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users