Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirected Always


  • Please log in to reply
21 replies to this topic

#1 cakegirl

cakegirl

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 18 June 2011 - 09:30 PM

Hi,

I've tried running Rkill SUPERAntispyware, Malwarebyes, TdssKiller,and ESET scan. Most of these have found things and I've "cured and rebooted" everytime.
I went thtough and updated Java and uninstalled all of my Adobe and reinsalled it. I also uninstalled and reinstalled me AVG. I'm still being re-directed everytime I use any search engine. Please help! Have been working for days to get the "XP Home Security 2012" off my computer and now this. Here are my latest logs from all that I have done:

ESET
C:\Documents and Settings\Windows\Application Data\Sun\Java\Deployment\cache\6.0\27\174fdc1b-1c12d5c9 Java/TrojanDownloader.OpenStream.NBZ trojan deleted - quarantined
C:\Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application cleaned by deleting (after the next restart) - quarantined

Malware
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6876

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

6/17/2011 9:48:22 AM
mbam-log-2011-06-17 (09-48-22).txt

Scan type: Full scan (C:\|)
Objects scanned: 249627
Time elapsed: 1 hour(s), 26 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3688953428 (Trojan.ExeShell.Gen) -> Value: 3688953428 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cleanddm (Trojan.Qhost.CD) -> Value: cleanddm -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Windows\local settings\application data\jum.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Windows\application data\Adobe\plugs\mmc4419718.txt (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\Windows\application data\Sun\Java\deployment\cache\6.0\2\1cf99542-6b9f62e3 (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Windows\local settings\Temp\0.866153430782901.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Windows\local settings\Temp\9b88.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Windows\local settings\temporary internet files\Content.IE5\8C5KYCLO\windows-update-sp4-kb64228-setup[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\Windows\local settings\temporary internet files\Content.IE5\FYIQY82F\setup[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Windows\local settings\temporary internet files\Content.IE5\FYIQY82F\windows-update-sp4-kb99812-setup[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Windows\local settings\temporary internet files\Content.IE5\PJMWCYFX\setup[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{99405003-f8db-4ba4-8748-d38cb8549ff1}\RP1\A0001012.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{99405003-f8db-4ba4-8748-d38cb8549ff1}\RP1\A0001013.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Windows\application data\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Windows\application data\Adobe\plugs\mmc73.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.


SUPERAnTIspyware
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/17/2011 at 11:19 PM

Application Version : 4.54.1000

Core Rules Database Version : 7285
Trace Rules Database Version: 5097

Scan type : Custom Scan
Total Scan Time : 00:51:40

Memory items scanned : 499
Memory threats detected : 0
Registry items scanned : 3018
Registry threats detected : 0
File items scanned : 0
File threats detected : 0

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,337 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:34 PM

Posted 18 June 2011 - 10:04 PM

OK you still have a TDSS infection. I closed the other topics to avoid confusion.
http://www.bleepingcomputer.com/forums/topic403964.html/page__p__2293502#entry2293502
http://www.bleepingcomputer.com/forums/topic404399.html/page__p__2296238#entry2296238
Let s stay here.

Go into the Controml Panel and see if there are any Toolbars left to uninstall.



Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.4.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


Do you use a router and is this the only machine on it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 cakegirl

cakegirl
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 19 June 2011 - 08:25 AM

Hi, Thank you for the reply and closing the other threads! I looked for other toolbars and deleated a Skpe toolbar. I am on a secured router and my husband uses a work computer on the same router. Here is the TDDS log which found only 1 suspicious item.

2011/06/19 09:17:12.0453 3552 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/19 09:17:14.0453 3552 ================================================================================
2011/06/19 09:17:14.0453 3552 SystemInfo:
2011/06/19 09:17:14.0453 3552
2011/06/19 09:17:14.0453 3552 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/19 09:17:14.0453 3552 Product type: Workstation
2011/06/19 09:17:14.0453 3552 ComputerName: WINDOWS-2BBBB8C
2011/06/19 09:17:14.0453 3552 UserName: Windows
2011/06/19 09:17:14.0453 3552 Windows directory: C:\WINDOWS
2011/06/19 09:17:14.0453 3552 System windows directory: C:\WINDOWS
2011/06/19 09:17:14.0453 3552 Processor architecture: Intel x86
2011/06/19 09:17:14.0453 3552 Number of processors: 2
2011/06/19 09:17:14.0453 3552 Page size: 0x1000
2011/06/19 09:17:14.0453 3552 Boot type: Normal boot
2011/06/19 09:17:14.0453 3552 ================================================================================
2011/06/19 09:17:16.0328 3552 Initialize success
2011/06/19 09:17:48.0750 3316 ================================================================================
2011/06/19 09:17:48.0750 3316 Scan started
2011/06/19 09:17:48.0750 3316 Mode: Manual;
2011/06/19 09:17:48.0750 3316 ================================================================================
2011/06/19 09:17:50.0078 3316 2WIREPCP (6551c1cf190df3e12c435a085987fba0) C:\WINDOWS\system32\DRIVERS\2WirePCP.sys
2011/06/19 09:17:50.0265 3316 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/19 09:17:50.0312 3316 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/19 09:17:50.0406 3316 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/19 09:17:50.0531 3316 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/19 09:17:50.0812 3316 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/19 09:17:51.0031 3316 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/19 09:17:51.0125 3316 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/19 09:17:51.0218 3316 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/19 09:17:51.0296 3316 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/19 09:17:51.0453 3316 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/06/19 09:17:51.0484 3316 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/06/19 09:17:51.0593 3316 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/06/19 09:17:51.0656 3316 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/06/19 09:17:51.0765 3316 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/06/19 09:17:51.0875 3316 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/06/19 09:17:51.0968 3316 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/06/19 09:17:52.0093 3316 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/06/19 09:17:52.0171 3316 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/06/19 09:17:52.0265 3316 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/06/19 09:17:52.0484 3316 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/06/19 09:17:52.0578 3316 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/06/19 09:17:52.0640 3316 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/19 09:17:52.0765 3316 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/19 09:17:57.0203 3316 CCDECODE (49522f73eb275598e50eebe071881964) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/19 09:18:10.0734 3316 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\CCDECODE.sys. md5: 49522f73eb275598e50eebe071881964
2011/06/19 09:18:10.0750 3316 CCDECODE - detected LockedFile.Multi.Generic (1)
2011/06/19 09:18:11.0546 3316 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/19 09:18:11.0718 3316 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/19 09:18:12.0031 3316 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/19 09:18:12.0187 3316 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/06/19 09:18:12.0718 3316 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/19 09:18:13.0203 3316 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/19 09:18:13.0656 3316 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/19 09:18:13.0718 3316 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/19 09:18:13.0968 3316 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/19 09:18:14.0000 3316 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/19 09:18:14.0046 3316 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/19 09:18:14.0078 3316 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/19 09:18:14.0125 3316 eppvad_simple (802f427a85feb7cc5f63587f82e4479e) C:\WINDOWS\system32\drivers\EMP_UDAU.sys
2011/06/19 09:18:14.0281 3316 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/19 09:18:14.0375 3316 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/19 09:18:14.0421 3316 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/19 09:18:14.0531 3316 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/19 09:18:14.0578 3316 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/19 09:18:14.0671 3316 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/19 09:18:14.0718 3316 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/19 09:18:14.0781 3316 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/19 09:18:14.0828 3316 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/19 09:18:14.0937 3316 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/19 09:18:15.0015 3316 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/19 09:18:15.0125 3316 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/06/19 09:18:15.0203 3316 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/06/19 09:18:15.0546 3316 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/19 09:18:15.0640 3316 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/19 09:18:15.0875 3316 ialm (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/06/19 09:18:16.0453 3316 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/19 09:18:16.0578 3316 IntcHdmiAddService (99d47d1cf700982b37cce16b068449f0) C:\WINDOWS\system32\drivers\IntcHdmi.sys
2011/06/19 09:18:16.0656 3316 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/19 09:18:16.0687 3316 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/19 09:18:16.0781 3316 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/19 09:18:16.0859 3316 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/19 09:18:16.0953 3316 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/19 09:18:17.0031 3316 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/19 09:18:17.0093 3316 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/19 09:18:17.0234 3316 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/19 09:18:17.0328 3316 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/19 09:18:17.0421 3316 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/19 09:18:17.0500 3316 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/19 09:18:17.0562 3316 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/19 09:18:17.0703 3316 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/19 09:18:17.0781 3316 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/19 09:18:17.0859 3316 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/19 09:18:17.0890 3316 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/19 09:18:17.0937 3316 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/19 09:18:18.0015 3316 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/19 09:18:18.0125 3316 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/19 09:18:18.0250 3316 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/19 09:18:18.0390 3316 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/19 09:18:18.0484 3316 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/19 09:18:18.0531 3316 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/19 09:18:18.0609 3316 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/19 09:18:18.0687 3316 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/19 09:18:18.0718 3316 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/19 09:18:18.0796 3316 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/19 09:18:18.0875 3316 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/19 09:18:18.0953 3316 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/19 09:18:19.0000 3316 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/19 09:18:19.0062 3316 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/19 09:18:19.0109 3316 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/19 09:18:19.0156 3316 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/19 09:18:19.0203 3316 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/19 09:18:19.0281 3316 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/19 09:18:19.0328 3316 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/19 09:18:19.0421 3316 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/19 09:18:19.0453 3316 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/19 09:18:19.0515 3316 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/19 09:18:19.0578 3316 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/19 09:18:19.0625 3316 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/19 09:18:19.0671 3316 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/19 09:18:19.0750 3316 OEM02Afx (58f478fd0115012ceec75fb73628901c) C:\WINDOWS\system32\Drivers\OEM02Afx.sys
2011/06/19 09:18:19.0968 3316 OEM02Dev (19cac780b858822055f46c58a111723c) C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys
2011/06/19 09:18:20.0046 3316 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys
2011/06/19 09:18:20.0171 3316 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/19 09:18:20.0250 3316 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/19 09:18:20.0312 3316 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/19 09:18:20.0375 3316 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/19 09:18:20.0406 3316 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/19 09:18:20.0515 3316 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/19 09:18:20.0578 3316 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/19 09:18:20.0875 3316 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/19 09:18:20.0921 3316 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/19 09:18:20.0953 3316 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/19 09:18:21.0062 3316 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/19 09:18:21.0109 3316 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/19 09:18:21.0156 3316 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/19 09:18:21.0187 3316 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/19 09:18:21.0218 3316 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/19 09:18:21.0281 3316 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/19 09:18:21.0343 3316 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/19 09:18:21.0406 3316 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/19 09:18:21.0468 3316 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/19 09:18:21.0546 3316 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/06/19 09:18:21.0578 3316 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/06/19 09:18:21.0625 3316 rismxdp (d231b577024aa324af13a42f3a807d10) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/06/19 09:18:21.0781 3316 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/19 09:18:21.0796 3316 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/06/19 09:18:21.0859 3316 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/06/19 09:18:21.0906 3316 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/19 09:18:21.0968 3316 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/19 09:18:22.0015 3316 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/06/19 09:18:22.0078 3316 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/06/19 09:18:22.0125 3316 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/19 09:18:22.0187 3316 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/19 09:18:22.0250 3316 snapman (e78c98378a071ce4d48a7c514fa98fa1) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/06/19 09:18:22.0359 3316 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/19 09:18:22.0406 3316 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/19 09:18:22.0515 3316 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/19 09:18:22.0640 3316 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/06/19 09:18:22.0796 3316 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/19 09:18:22.0859 3316 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/19 09:18:22.0921 3316 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/19 09:18:23.0156 3316 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/19 09:18:23.0234 3316 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/19 09:18:23.0312 3316 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/19 09:18:23.0390 3316 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/19 09:18:23.0484 3316 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/19 09:18:23.0593 3316 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/06/19 09:18:23.0640 3316 timounter (74711884439bdf9ccf446c79cb05fac0) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/06/19 09:18:23.0781 3316 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/19 09:18:23.0843 3316 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/19 09:18:24.0015 3316 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/19 09:18:24.0156 3316 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/19 09:18:24.0234 3316 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/19 09:18:24.0281 3316 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/19 09:18:24.0375 3316 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/19 09:18:24.0484 3316 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/19 09:18:24.0593 3316 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/19 09:18:24.0671 3316 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/19 09:18:24.0734 3316 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/19 09:18:24.0796 3316 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/19 09:18:24.0890 3316 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/19 09:18:24.0953 3316 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/19 09:18:25.0031 3316 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/19 09:18:25.0125 3316 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/06/19 09:18:25.0343 3316 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/06/19 09:18:25.0421 3316 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/06/19 09:18:25.0468 3316 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/19 09:18:25.0578 3316 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/19 09:18:25.0671 3316 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/19 09:18:25.0796 3316 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/06/19 09:18:26.0062 3316 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/19 09:18:26.0281 3316 ================================================================================
2011/06/19 09:18:26.0281 3316 Scan finished
2011/06/19 09:18:26.0281 3316 ================================================================================
2011/06/19 09:18:26.0312 3460 Detected object count: 1
2011/06/19 09:18:26.0312 3460 Actual detected object count: 1
2011/06/19 09:19:55.0812 3460 LockedFile.Multi.Generic(CCDECODE) - User select action: Skip
2011/06/19 09:20:05.0468 3264 Deinitialize success

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,337 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:34 PM

Posted 20 June 2011 - 10:55 AM

Are you still having the redirects?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 cakegirl

cakegirl
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 20 June 2011 - 01:31 PM

Oops! I spoke too soon. Yes, I am still being redirected on the links that will come up.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,337 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:34 PM

Posted 20 June 2011 - 02:33 PM

Ok firrst we'll update and run a Full scan.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.


If still redirecting....

Are you using a router and if so are there other machines on it and are they also redirecting.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 cakegirl

cakegirl
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 20 June 2011 - 07:12 PM

Ok, I just got done with another Malwarebytes scan. Log is below. It showed 0 infections, however, while it was running AVG Resident Shield brought up 2 things which it quarentined.
C:\windows\TEMP\muam\setup.exe Trojan horse SHeur3.CETU
C:\windows\Temp\scvy\setup.exe Trojan horse SHeur3.CEYZ

Yes, I am on a router which is shared by my husbands laptop as well. He said he isn't being re-directed however his laptop has been running very slow and acting weird.

All your help is GREATLY appreciated!

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6904

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/20/2011 6:52:13 PM
mbam-log-2011-06-20 (18-52-11).txt

Scan type: Full scan (C:\|)
Objects scanned: 264036
Time elapsed: 2 hour(s), 46 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,337 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:34 PM

Posted 20 June 2011 - 07:41 PM

Ok here's what I believe we should do. We sgould also scan the other PC.

I believe your router is hijacked by trojan DNS-hijacker.

First if there are other machines on this router they need to install and update MBAM,DO NOT run yet. You now need to disconnect from the internet. Then scan each PC then reset the router.

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don?t know the router's default password, you can look it up HERE.
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

As there are other infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site HERE for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 cakegirl

cakegirl
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 21 June 2011 - 05:58 PM

Thank you! We cannot download anything onto the work laptop so they IT dept. did my husband's Malwarebytes and found something. I am in process of doing a MBAM scan again on my laptop this time disconnected from the internet.

I have a question: Can I log onto my laptop (through the router) in order to change the password to a personal one?(After I have reset it) Or do I need to stay off my router until I reset the password?

Thank you again for all your time, you're a God send!

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,337 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:34 PM

Posted 21 June 2011 - 08:30 PM

Yes After resetting your router, it is important to set a non-default password, and if possible, username, on the router
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,337 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:34 PM

Posted 21 June 2011 - 08:30 PM

Yes After resetting your router, it is important to set a non-default password, and if possible, username, on the router
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 cakegirl

cakegirl
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 23 June 2011 - 03:25 PM

Ok, I did the steps as ordered, changed my password from the default one to a personal one, but am still being re-directed on searches. Help!

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,337 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:34 PM

Posted 23 June 2011 - 03:37 PM

Please rerun TDSS in post 2.

Then Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.

Edited by boopme, 23 June 2011 - 03:39 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 cakegirl

cakegirl
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 23 June 2011 - 11:21 PM

Thank you! I did run TDSS which showed nothing. I followed the instructions for manually fixing the host and just tried a search- no more redirects! Seriously, thank you so very much for all your help! I'm extremely thankful to once again be able to use this computer- and hopefully by following your directions, I made it safer as well.

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,337 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:34 PM

Posted 24 June 2011 - 11:09 AM

Great news!! Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users