Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS & google keeps redirecting & extremly slow download speeds in browser


  • Please log in to reply
4 replies to this topic

#1 Volrath7

Volrath7

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 04 June 2011 - 12:02 AM

I think I have the Google redirect virus/TDSS. I currently have three browsers installed (Internet explorer, Mozilla Firefox, and Google Chrome). I get redirected anytime I click a link from search engines in Mozilla and Google chrome, it does not happen with internet explorer. I have downloaded TDSSkiller.exe and FixTDSS.exe and neither one of them detects anything or fixes it. I also am having extremely slow download speeds in all three browsers. I am unable to watch any type of streaming media i.e.(YouTube,netflix,etc.). Also any files that I try to download through the browsers is extremely slow, around 20 to 60 kbps. I have a 6MB DSL connection and I can download at full speed with any other non-browser related programs (NewsbinPro/ 700-800 kbps). I have Symantec Endpoint Protection and use Malwarebytes' anti-maleware frequently and neither of them seem to find or fix anything. So any help or advice will greatly be appreciated.

Thank you for your time

V/R

John


.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Run by Marley at 23:43:12 on 2011-06-03
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.6135.4653 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Marley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\Marley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Marley\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe"
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files (x86)\Rainmeter\Rainmeter.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2898504A-C622-47B5-ACB9-BC84FDB11BFC} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{2C2777C5-5D38-422B-B74F-75EBA25A6EE6} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8678FCA8-31DE-4896-B17E-A5280472F510} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe"
mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-5-15 90112]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe [2011-6-3 67584]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-2-18 294912]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-9-7 202048]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-4-3 240232]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-5-12 136824]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S3 HPKBx64;HP Keyboard Smart Card Driver;C:\Windows\system32\DRIVERS\HPKBx64.sys --> C:\Windows\system32\DRIVERS\HPKBx64.sys [?]
S3 netr7364;Netopia RT73 Wireless Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
S3 WatAdminSvc;WatAdminSvc;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2010-7-18 25832]
.
=============== Created Last 30 ================
.
2011-06-04 04:41:58 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-04 02:42:36 -------- d-----w- C:\Users\Marley\AppData\Local\Safe mirror
2011-06-04 02:42:02 -------- d-----w- C:\Program Files (x86)\Cobian Backup 10
2011-06-04 02:34:52 -------- d-----w- C:\Program Files (x86)\ESET
2011-06-04 02:11:10 98816 ----a-w- C:\Windows\sed.exe
2011-06-04 02:11:10 518144 ----a-w- C:\Windows\SWREG.exe
2011-06-04 02:11:10 256512 ----a-w- C:\Windows\PEV.exe
2011-06-04 02:11:10 208896 ----a-w- C:\Windows\MBR.exe
2011-05-31 19:51:33 -------- d-----w- C:\Users\Marley\AppData\Local\PunkBuster
2011-05-31 19:51:29 -------- d-----w- C:\Users\Marley\AppData\Local\Activision
2011-05-31 09:11:33 111928 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-05-31 09:11:32 682280 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2011-05-31 09:11:32 66872 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-05-31 09:01:52 -------- d-----w- C:\Program Files (x86)\Activision
2011-05-29 16:47:30 -------- d-----w- C:\Users\Marley\AppData\Local\The Witcher 2
2011-05-29 16:24:18 -------- d-----w- C:\Program Files (x86)\The Witcher 2
2011-05-29 15:59:16 -------- d-----w- C:\Program Files (x86)\LSoft Technologies
2011-05-29 02:43:56 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2011-05-29 02:40:53 513080 ----a-w- C:\Windows\System32\drivers\sptd.sys
2011-05-29 02:40:52 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2011-05-28 22:14:01 -------- d-----w- C:\Users\Marley\AppData\Roaming\Guitar Pro 6
2011-05-28 22:14:01 -------- d-----w- C:\ProgramData\Guitar Pro 6
2011-05-28 21:43:10 -------- d-----w- C:\Program Files (x86)\Guitar Pro 6
2011-05-18 22:25:15 -------- d-----w- C:\ProgramData\SpeedBit
2011-05-18 22:25:14 84480 ----a-w- C:\Windows\SysWow64\EasyHook32.dll
2011-05-18 22:25:14 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedBit
2011-05-18 22:25:12 172032 ----a-w- C:\Windows\SysWow64\AniGIF.ocx
2011-05-18 22:25:11 -------- d-----w- C:\Program Files (x86)\DAP
2011-05-15 22:30:03 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
2011-05-15 22:30:03 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2011-05-15 22:30:03 530776 ----a-w- C:\Windows\System32\XAudio2_6.dll
2011-05-15 22:30:03 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2011-05-15 22:30:03 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll
2011-05-15 22:30:03 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2011-05-15 18:59:03 -------- d-----w- C:\Program Files (x86)\CRS
.
==================== Find3M ====================
.
2011-06-01 00:07:20 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2011-04-01 01:39:22 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2011-04-01 01:37:22 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-03-29 22:47:15 108032 --sha-r- C:\Windows\SysWow64\icsxmlo.dll
.
============= FINISH: 23:43:44.09 ===============

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:45 AM

Posted 04 June 2011 - 02:19 AM

Hello Volrath7 ,

Posted Image

Can I ask what you saw that made you think you have TDSS? The DDS log shows no rootkit activity, and you said TDSSKiller didn't see or fix anything.

I'd like to see if you have another infection targeting Windows7 64 bit systems :

Please download this by noahdfear to your desktop. In normal mode, click to run and follow any prompts. It will pop up a log in notepad when finished, and it will be a short one. Please post those results back here in your reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Volrath7

Volrath7
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 04 June 2011 - 03:40 PM

Hello tea,
Thanks for taking the time to help me out. Well the reason that I thought that I the TDSS is because back when I first noticed problems I started searching the internet for help. While doing so I ran across a few posts of people that had similar issues. They were able to resolve there problems by using the TDSSkiller. This led me to believe that I had the same thing, but i guess not. lol

Well I downloaded the program and ran it like you wanted me to. It did not generate a log file for me but it said "Nothing found!!" in the blue program window.

Also you should know that after I posted this post last night a good friend of mine called me and told me to try ESET Online Scanner, because it had helped him in the past with some issues that he had. So I ran ESET and it found six infections. And I think the redirect problem is gone. But I am still having the really slow download speed problem.

Here is the log from ESET

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=605323a161ccba4b9b8fcc1124c3afd4
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-04 03:31:58
# local_time=2011-06-03 10:31:58 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776638 66 94 32252835 58699369 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=179583
# found=6
# cleaned=6
# scan_time=2420
C:\Program Files (x86)\The Witcher 2\bin\paul.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Marley\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4d5f6200-50a8945e probably a variant of Win32/Agent.CDGQEWH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Marley\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\76b61fd6-4331ba59 probably a variant of Win32/Agent.ZVRMM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Marley\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\774dcea0-3dc9ce3d Java/Exploit.CVE-2009-2843.B trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Marley\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1b3c1126-6da37918 Java/Exploit.CVE-2010-3562.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Marley\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:45 AM

Posted 04 June 2011 - 04:09 PM

Hi there,

You're welcome. :) I don't mind the scan at all, thanks for telling me. :thumbup2: It's a good scanner, and whatever works, right? :wink:

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Those old versions also take up a ton of space! Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 24 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Let me know how it's running now. :)

Thank,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Volrath7

Volrath7
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:45 AM

Posted 04 June 2011 - 06:34 PM

Hello again,

Well I updated my Java to JDK 6 Update 25, I did not see the 24 version. And I also updated my MBAM.exe and ran that scan and it did not find anything. But the redirect seems to be gone :) and I guess since I updated my Java, my download speeds are alot better now. I can actually watch a youtube video without having to pause it and come back 5 mins later.
So what exactly were those virus's that the ESET removed, just for my information. whatever they were my Symantec Endpoint and my Malwarebytes Anti-Maleware would not detect them.

Well I seem to be good to go now. Thanks so much for your help. I had no idea that Java could cause such a problem in performance like that. I will make sure I keep it updated in the future.

Thanks Tea ;)




Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6773

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/4/2011 6:10:16 PM
mbam-log-2011-06-04 (18-10-16).txt

Scan type: Quick scan
Objects scanned: 166153
Time elapsed: 2 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users