Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect in Firefox


  • Please log in to reply
7 replies to this topic

#1 Shandley

Shandley

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 11 July 2011 - 11:44 AM

Greetings,

I have had this issue for a while now and I have posted in the past about it; however, the system has changed around so I thought it might be best to start a new thread.

I am running Windows XP Pro SP3 on and Intel desktop.
I run AntiVir and Mcafee (Mcafee for firewall and Antivir for virus protection)

In Firefox, in Google, when some search results are clicked, I get a redirect. It can go to many places. I have changed my host file to redirect to nothing as to protect myself; however, some still get through to random websites. ALSO, some keywords will direct the page to a legit "MSDN Troubleshooting and Support." The funny thing about all of this is that if I click on the same link over and over again, within 5 seconds, it will let me go to the page I want.

Please let me know if I have left anything out.

Thanks,
Shandley

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:03 AM

Posted 11 July 2011 - 04:02 PM

hi Shandley... Let's try this.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


I may also be an issue with FireFox add ons. You nay need to go thru the list and disable them one at a time and see if they stop.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Shandley

Shandley
  • Topic Starter

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 11 July 2011 - 05:45 PM

GooredFix by jpshortstuff (03.07.10.1)
Log created at 15:37 on 11/07/2011 (Shawn)
Firefox version 5.0 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [14:03 25/03/2011]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [18:31 17/09/2010]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [18:55 17/09/2010]
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [19:46 02/11/2010]
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [15:32 24/01/2011]
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [16:51 09/03/2011]
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [17:06 15/06/2011]

C:\Documents and Settings\Shawn\Application Data\Mozilla\Firefox\Profiles\02g819mw.default\extensions\
engine@conduit.com [15:08 31/03/2011]
{20a82645-c095-46ed-80e3-08825760534b} [19:02 22/10/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [18:34 17/09/2010]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [18:31 17/09/2010]

-=E.O.F=-

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:03 AM

Posted 11 July 2011 - 06:55 PM

Are you on a router,if so are other machines also and do they redirect?
Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal Instructions

If it finds something make sure Cure is selected
Next click Continue then Reboot now
A log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Shandley

Shandley
  • Topic Starter

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 12 July 2011 - 09:24 AM

I am behind a router. No other computers get the redirect. I have reset the router and re-entered the configuration by hand but still redirects.

I ran the software. Here is the result:

2011/07/12 07:19:43.0962 2744 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/12 07:19:45.0025 2744 ================================================================================
2011/07/12 07:19:45.0040 2744 SystemInfo:
2011/07/12 07:19:45.0040 2744
2011/07/12 07:19:45.0040 2744 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/12 07:19:45.0040 2744 Product type: Workstation
2011/07/12 07:19:45.0040 2744 ComputerName: C1 (changed for privacy)
2011/07/12 07:19:45.0040 2744 UserName: Shandley (changed for privacy)
2011/07/12 07:19:45.0040 2744 Windows directory: C:\WINDOWS
2011/07/12 07:19:45.0040 2744 System windows directory: C:\WINDOWS
2011/07/12 07:19:45.0040 2744 Processor architecture: Intel x86
2011/07/12 07:19:45.0040 2744 Number of processors: 2
2011/07/12 07:19:45.0040 2744 Page size: 0x1000
2011/07/12 07:19:45.0040 2744 Boot type: Normal boot
2011/07/12 07:19:45.0040 2744 ================================================================================
2011/07/12 07:19:46.0696 2744 Initialize success
2011/07/12 07:19:49.0353 0384 ================================================================================
2011/07/12 07:19:49.0353 0384 Scan started
2011/07/12 07:19:49.0353 0384 Mode: Manual;
2011/07/12 07:19:49.0353 0384 ================================================================================
2011/07/12 07:19:50.0806 0384 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/12 07:19:50.0837 0384 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/12 07:19:50.0884 0384 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/12 07:19:50.0931 0384 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/12 07:19:51.0103 0384 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/12 07:19:51.0134 0384 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/12 07:19:51.0196 0384 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/12 07:19:51.0243 0384 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/12 07:19:51.0290 0384 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/12 07:19:51.0353 0384 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/12 07:19:51.0400 0384 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/12 07:19:51.0493 0384 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/12 07:19:51.0603 0384 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/12 07:19:51.0775 0384 cfwids (ecaf4a51580244fef1aa32cb984f13bf) C:\WINDOWS\system32\drivers\cfwids.sys
2011/07/12 07:19:52.0025 0384 cpuz135 (6bada94085b6709694f8327c211d12e1) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
2011/07/12 07:19:52.0228 0384 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/12 07:19:52.0259 0384 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/12 07:19:52.0290 0384 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/12 07:19:52.0321 0384 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/12 07:19:52.0368 0384 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/12 07:19:52.0431 0384 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/07/12 07:19:52.0446 0384 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/07/12 07:19:52.0540 0384 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/07/12 07:19:52.0681 0384 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/12 07:19:52.0743 0384 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/07/12 07:19:52.0806 0384 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/12 07:19:52.0837 0384 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/07/12 07:19:52.0868 0384 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/12 07:19:52.0900 0384 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/12 07:19:52.0931 0384 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/07/12 07:19:52.0993 0384 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/12 07:19:53.0025 0384 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/12 07:19:53.0056 0384 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/07/12 07:19:53.0181 0384 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/07/12 07:19:53.0290 0384 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/12 07:19:53.0321 0384 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/12 07:19:53.0353 0384 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/12 07:19:53.0431 0384 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/12 07:19:53.0509 0384 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/12 07:19:53.0665 0384 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/07/12 07:19:53.0884 0384 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/12 07:19:53.0946 0384 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/12 07:19:53.0978 0384 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/07/12 07:19:54.0025 0384 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/12 07:19:54.0040 0384 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/12 07:19:54.0071 0384 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/12 07:19:54.0103 0384 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/12 07:19:54.0165 0384 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/12 07:19:54.0196 0384 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/12 07:19:54.0243 0384 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/12 07:19:54.0290 0384 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/12 07:19:54.0321 0384 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/12 07:19:54.0415 0384 MCUSBICD2 (2fef6ae3573ca301a25e6f8a790bba12) C:\WINDOWS\system32\Drivers\icd2w2k.sys
2011/07/12 07:19:54.0525 0384 mfeapfk (688b626fca708ee9eb161cad1f7363a9) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/07/12 07:19:54.0696 0384 mfeavfk (693a8d924b640223974e0a88f2baf0f4) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/07/12 07:19:54.0821 0384 mfebopk (52c40d19873528bd15823c969d3ad227) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/07/12 07:19:54.0931 0384 mfefirek (e37b98d49df546f4059483d49e349a53) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/07/12 07:19:55.0087 0384 mfehidk (44184f32392fa2e94d08d056ce750d56) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/07/12 07:19:55.0478 0384 mfendisk (8c434d77c7a8cd97f8f4c2b0be19d541) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/07/12 07:19:55.0743 0384 mfendiskmp (8c434d77c7a8cd97f8f4c2b0be19d541) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/07/12 07:19:55.0868 0384 mferkdet (5f5313bfd1e73233885a26ab77488f6f) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/07/12 07:19:56.0009 0384 mfetdi2k (8d1a44e1f46bcf4acfe9c701edd340e3) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/07/12 07:19:56.0134 0384 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/12 07:19:56.0212 0384 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/12 07:19:56.0290 0384 motusb (ab1aa58898baa29d7055b84376b0ca58) C:\WINDOWS\system32\Drivers\MOTUSB.sys
2011/07/12 07:19:56.0665 0384 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/12 07:19:56.0868 0384 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/12 07:19:57.0040 0384 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/12 07:19:57.0071 0384 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/12 07:19:57.0103 0384 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/12 07:19:57.0134 0384 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/12 07:19:57.0165 0384 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/12 07:19:57.0196 0384 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/12 07:19:57.0212 0384 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/12 07:19:57.0321 0384 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/12 07:19:57.0415 0384 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/12 07:19:57.0462 0384 mv2 (a0f0b16316276017e682410b5612a707) C:\WINDOWS\system32\DRIVERS\mv2.sys
2011/07/12 07:19:57.0743 0384 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/12 07:19:57.0806 0384 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/12 07:19:57.0853 0384 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/12 07:19:57.0900 0384 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/12 07:19:57.0993 0384 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/12 07:19:58.0025 0384 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/12 07:19:58.0118 0384 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/12 07:19:58.0228 0384 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys
2011/07/12 07:19:58.0571 0384 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/12 07:19:58.0618 0384 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/12 07:19:58.0759 0384 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/12 07:19:58.0806 0384 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/12 07:19:58.0821 0384 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/12 07:19:58.0853 0384 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/12 07:19:58.0884 0384 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/12 07:19:58.0931 0384 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/12 07:19:59.0103 0384 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/12 07:19:59.0196 0384 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/12 07:19:59.0275 0384 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/12 07:19:59.0728 0384 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/12 07:19:59.0759 0384 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/12 07:19:59.0790 0384 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/12 07:19:59.0837 0384 pwdrvio (297e2746df41528a0950f3af80cedb2d) C:\WINDOWS\system32\pwdrvio.sys
2011/07/12 07:20:00.0118 0384 pwdspio (bc7d54cdbe3bbfe52f09cb7b20c3d365) C:\WINDOWS\system32\pwdspio.sys
2011/07/12 07:20:00.0306 0384 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/12 07:20:00.0368 0384 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/12 07:20:00.0384 0384 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/12 07:20:00.0400 0384 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/12 07:20:00.0446 0384 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/12 07:20:00.0462 0384 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/12 07:20:00.0509 0384 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/12 07:20:00.0556 0384 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/12 07:20:00.0587 0384 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/12 07:20:00.0712 0384 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/12 07:20:00.0728 0384 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/07/12 07:20:00.0775 0384 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/12 07:20:00.0790 0384 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/07/12 07:20:00.0868 0384 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/12 07:20:00.0884 0384 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/12 07:20:00.0931 0384 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/12 07:20:00.0993 0384 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
2011/07/12 07:20:01.0150 0384 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/12 07:20:01.0196 0384 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/12 07:20:01.0478 0384 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/12 07:20:01.0618 0384 STHDA (228519217a88c2f6b0cf8c022e6d669c) C:\WINDOWS\system32\drivers\sthda.sys
2011/07/12 07:20:01.0665 0384 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/12 07:20:01.0681 0384 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/12 07:20:01.0884 0384 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/12 07:20:01.0946 0384 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/12 07:20:01.0978 0384 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/12 07:20:02.0025 0384 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/12 07:20:02.0165 0384 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/12 07:20:02.0259 0384 TPkd (5815ae5ef8519066f19e575d67f6f191) C:\WINDOWS\system32\drivers\TPkd.sys
2011/07/12 07:20:02.0821 0384 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/12 07:20:03.0025 0384 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/07/12 07:20:03.0321 0384 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/12 07:20:03.0400 0384 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/12 07:20:03.0696 0384 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/12 07:20:03.0743 0384 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/12 07:20:03.0806 0384 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/12 07:20:03.0868 0384 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/12 07:20:03.0962 0384 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/12 07:20:04.0040 0384 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/12 07:20:04.0275 0384 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/12 07:20:04.0368 0384 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/12 07:20:04.0509 0384 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/12 07:20:04.0571 0384 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/12 07:20:04.0681 0384 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/12 07:20:04.0712 0384 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/12 07:20:04.0743 0384 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/12 07:20:04.0790 0384 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
2011/07/12 07:20:04.0900 0384 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
2011/07/12 07:20:04.0931 0384 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk3\DR3
2011/07/12 07:20:05.0040 0384 Boot (0x1200) (2f6e84262f31f18cf1d2b343f144ffaf) \Device\Harddisk0\DR0\Partition0
2011/07/12 07:20:05.0056 0384 Boot (0x1200) (f6d92425cea95e2c5a591b95960ee18e) \Device\Harddisk1\DR1\Partition0
2011/07/12 07:20:05.0087 0384 Boot (0x1200) (6aaf09671839d2fb976f416d33ff868c) \Device\Harddisk1\DR1\Partition1
2011/07/12 07:20:05.0087 0384 Boot (0x1200) (c7579021ac52bd0dc922d789a13f79cf) \Device\Harddisk2\DR2\Partition0
2011/07/12 07:20:05.0103 0384 Boot (0x1200) (dcaa555630a864157ebd4bd373a31391) \Device\Harddisk3\DR3\Partition0
2011/07/12 07:20:05.0103 0384 ================================================================================
2011/07/12 07:20:05.0103 0384 Scan finished
2011/07/12 07:20:05.0103 0384 ================================================================================
2011/07/12 07:20:05.0118 4736 Detected object count: 0
2011/07/12 07:20:05.0118 4736 Actual detected object count: 0

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:03 AM

Posted 12 July 2011 - 10:11 AM

Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Shandley

Shandley
  • Topic Starter

  • Members
  • 166 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 19 July 2011 - 09:40 AM

Damn, I thought we had it. After fixing up the HOSTS file, I still get redirects but not as often.

Pardon the lateness to this reply. I have not been at the computer for a while.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:03 AM

Posted 19 July 2011 - 12:18 PM

Please download the Kaspersky Virus Removal Tool save to your Desktop.
Be sure to print out and read the instructions provided in How to use Kaspersky virus removal tool.
  • Double-click the setup file (i.e. setup_7.0.0.290_24.06.2009_12-58.exe) to install the utility.
  • If using Vista, right-click on it and Run As Administrator.
    If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
    .
  • Click Next to continue.
  • It will install by default to your desktop folder. Click Next.
  • Click Ok at the prompt for scanning in Safe Mode if you booted into safe mode.
  • A box will open with a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
  • System Memory
  • Startup Objects
  • Disk Boot Sectors
  • My Computer
  • Any other drives (except CD-ROM drives)
  • Click on the Scan button.
  • If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
  • In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
  • In the Scan window click the Reports button, name the report AVPT.txt and select Save to file.
  • This tool should uninstall when you close it so please save the report log before closing.
  • When done, close the Kaspersky Virus Removal Tool.
  • You will be prompted if you want to uninstall the program. Click Yes.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste only the first part of the report (Detected) in your next reply. Do not include the longer list marked Events.
-- If you cannot run the Kaspersky AVP Removal Tool in normal mode, then try using it in "safe mode".
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users