Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

More Google re-direct problems


  • This topic is locked This topic is locked
20 replies to this topic

#1 honjarte

honjarte

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 16 August 2011 - 10:21 PM

The search results from Google are hijacked, for me, just like the two other folks in this forum. Additionally, there are only error messages at google's help forums. I am running Win XP SP3, and I have run AVG anti-virus (the real free one), Malwarbytes Anti Malware, CC Cleaner and Spybot. I have run the antivirus and Malware Bytes in Safe mode. AVG and Malware Bytes both found and (allegedly) fixed several trojans and a spyware, today, after updates, both in normal mode and in safe mode. The re-direct is still there, however. Spybot found nothing after the antivirus and Malware scans and CC Cleaner just did its thing. I am out of ideas at this point and would love some help! Thanks!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:05 PM

Posted 16 August 2011 - 10:29 PM

Hello,please [ost the MBAM log/
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

If you run Spybot's Teatimer ,turn that off.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.9.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.

>>>>
Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?

>>>

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

I have to leave now but will look back as soon as I can.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 honjarte

honjarte
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 16 August 2011 - 10:40 PM

Here's the MBAM file from earlier today. The Spybot Teatimer is off. I will get to work on the other instructions. Thanks!

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7478

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/16/2011 1:26:32 PM
mbam-log-2011-08-16 (13-26-32).txt

Scan type: Full scan (C:\|)
Objects scanned: 397691
Time elapsed: 3 hour(s), 32 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Temp\13A.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\9B.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\systemsvc\2e4f34c50c2.exe (Trojan.SpyEyes.R) -> Quarantined and deleted successfully.

#4 honjarte

honjarte
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 16 August 2011 - 11:05 PM

Hey- Here's the TDSS log from a few minutes ago. This computer is hooked to a router, and two others use the same routers wifi. (So does the PS3.) None of the other devices are exhibiting the behavior relevant to our topic. I am running IE 8. (Yeah, I know...) I thought I had updated Adobe reader, but that log said I haven't, I guess I'm off to do that too. I don't know what disabling the UAC means! Oops. Thanks for the help!

TDSS Results:

2011/08/16 21:43:34.0921 1944 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/16 21:43:35.0296 1944 ================================================================================
2011/08/16 21:43:35.0296 1944 SystemInfo:
2011/08/16 21:43:35.0296 1944
2011/08/16 21:43:35.0296 1944 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/16 21:43:35.0296 1944 Product type: Workstation
2011/08/16 21:43:35.0296 1944 ComputerName: HOONSBADbleep
2011/08/16 21:43:35.0296 1944 UserName: Honjarte
2011/08/16 21:43:35.0296 1944 Windows directory: C:\WINDOWS
2011/08/16 21:43:35.0296 1944 System windows directory: C:\WINDOWS
2011/08/16 21:43:35.0296 1944 Processor architecture: Intel x86
2011/08/16 21:43:35.0296 1944 Number of processors: 2
2011/08/16 21:43:35.0296 1944 Page size: 0x1000
2011/08/16 21:43:35.0296 1944 Boot type: Normal boot
2011/08/16 21:43:35.0296 1944 ================================================================================
2011/08/16 21:43:35.0500 1944 Initialize success
2011/08/16 21:44:03.0765 2392 ================================================================================
2011/08/16 21:44:03.0765 2392 Scan started
2011/08/16 21:44:03.0765 2392 Mode: Manual;
2011/08/16 21:44:03.0765 2392 ================================================================================
2011/08/16 21:44:04.0140 2392 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/16 21:44:04.0187 2392 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/16 21:44:04.0234 2392 ADIHdAudAddService (54613c0cab4c452c852efafb97a8a0e9) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/08/16 21:44:04.0312 2392 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/16 21:44:04.0375 2392 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/16 21:44:04.0562 2392 Aspi32 (eb62fa6d7da4e774e47d376e4d19ca5f) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/08/16 21:44:04.0625 2392 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/16 21:44:04.0656 2392 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
2011/08/16 21:44:04.0718 2392 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/16 21:44:04.0734 2392 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/16 21:44:04.0812 2392 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/08/16 21:44:04.0875 2392 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/08/16 21:44:04.0937 2392 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/08/16 21:44:05.0000 2392 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/08/16 21:44:05.0062 2392 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/08/16 21:44:05.0078 2392 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/08/16 21:44:05.0109 2392 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/08/16 21:44:05.0140 2392 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/08/16 21:44:05.0203 2392 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/08/16 21:44:05.0218 2392 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/16 21:44:05.0265 2392 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/16 21:44:05.0296 2392 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/16 21:44:05.0312 2392 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/16 21:44:05.0328 2392 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/16 21:44:05.0343 2392 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/16 21:44:05.0359 2392 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/08/16 21:44:05.0453 2392 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/16 21:44:05.0500 2392 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/16 21:44:05.0531 2392 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/16 21:44:05.0531 2392 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/16 21:44:05.0562 2392 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/16 21:44:05.0578 2392 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2011/08/16 21:44:05.0640 2392 Dot4 HPH09 (1ede0bb35d251b09e2a390bad7e59bf7) C:\WINDOWS\system32\DRIVERS\hphid409.sys
2011/08/16 21:44:05.0687 2392 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2011/08/16 21:44:05.0718 2392 Dot4Print HPH09 (87b3599d0276e1716df978e2da910043) C:\WINDOWS\system32\DRIVERS\hphipr09.sys
2011/08/16 21:44:05.0734 2392 Dot4Storage HPH09 (7e1a9a3af48befc4e2d857245ef9d46b) C:\WINDOWS\system32\Drivers\hphs2k09.sys
2011/08/16 21:44:05.0765 2392 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2011/08/16 21:44:05.0796 2392 Dot4Usb HPH09 (2ab2c7ab0f4bb98e8d7f860d439bf25b) C:\WINDOWS\system32\drivers\hphius09.sys
2011/08/16 21:44:05.0812 2392 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/16 21:44:06.0000 2392 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/16 21:44:06.0015 2392 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/16 21:44:06.0062 2392 FilterService (a75ddc492d2d1d6558ad8003a4adb73a) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/08/16 21:44:06.0078 2392 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/16 21:44:06.0093 2392 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/16 21:44:06.0109 2392 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/16 21:44:06.0140 2392 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/16 21:44:06.0140 2392 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/16 21:44:06.0187 2392 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/16 21:44:06.0187 2392 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/16 21:44:06.0234 2392 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/16 21:44:06.0250 2392 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/16 21:44:06.0328 2392 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/16 21:44:06.0343 2392 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/16 21:44:06.0421 2392 iastor (cff414317768cc76187a13a36283afd1) C:\WINDOWS\system32\drivers\iaStor.sys
2011/08/16 21:44:06.0437 2392 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/16 21:44:06.0468 2392 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/16 21:44:06.0484 2392 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/16 21:44:06.0500 2392 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/16 21:44:06.0515 2392 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/16 21:44:06.0562 2392 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/16 21:44:06.0593 2392 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/16 21:44:06.0625 2392 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/16 21:44:06.0671 2392 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/16 21:44:06.0687 2392 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/16 21:44:06.0687 2392 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/16 21:44:06.0703 2392 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/16 21:44:06.0765 2392 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/16 21:44:06.0843 2392 lvpopflt (01f0e010acb61472163e9d02d3ff531a) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2011/08/16 21:44:06.0859 2392 LVRS (87ecce893d8aec5a9337b917742d339c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/08/16 21:44:07.0046 2392 LVUVC (291f69b3dda0f033d2490c5ba5179f7c) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/08/16 21:44:07.0125 2392 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/16 21:44:07.0171 2392 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/16 21:44:07.0218 2392 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/16 21:44:07.0250 2392 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/16 21:44:07.0265 2392 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/16 21:44:07.0296 2392 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/16 21:44:07.0359 2392 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/16 21:44:07.0390 2392 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/16 21:44:07.0406 2392 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/16 21:44:07.0421 2392 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/16 21:44:07.0437 2392 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/16 21:44:07.0500 2392 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/16 21:44:07.0578 2392 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/16 21:44:07.0609 2392 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/16 21:44:07.0671 2392 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/16 21:44:07.0734 2392 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/16 21:44:07.0765 2392 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/16 21:44:07.0781 2392 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/16 21:44:07.0812 2392 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/16 21:44:07.0828 2392 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/16 21:44:07.0890 2392 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/16 21:44:07.0906 2392 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/16 21:44:07.0921 2392 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/16 21:44:07.0953 2392 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/16 21:44:07.0968 2392 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/16 21:44:07.0984 2392 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/16 21:44:08.0281 2392 nv (6733e80a193fc36f41c24142b0c45c0e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/16 21:44:08.0562 2392 NVHDA (1fda0adfd0dd666ecb1cbf8436f81805) C:\WINDOWS\system32\drivers\nvhda32.sys
2011/08/16 21:44:08.0609 2392 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/16 21:44:08.0609 2392 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/16 21:44:08.0656 2392 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/16 21:44:08.0718 2392 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/16 21:44:08.0765 2392 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/16 21:44:08.0796 2392 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/16 21:44:08.0843 2392 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/16 21:44:08.0953 2392 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/16 21:44:08.0953 2392 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/16 21:44:09.0015 2392 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/16 21:44:09.0062 2392 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/16 21:44:09.0078 2392 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/16 21:44:09.0078 2392 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/16 21:44:09.0093 2392 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/16 21:44:09.0156 2392 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/16 21:44:09.0156 2392 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/16 21:44:09.0171 2392 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/16 21:44:09.0218 2392 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/16 21:44:09.0234 2392 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/16 21:44:09.0281 2392 SBRE (e121185abcc7f6f2875843ed3236d245) C:\WINDOWS\system32\drivers\SBREdrv.sys
2011/08/16 21:44:09.0328 2392 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/16 21:44:09.0359 2392 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/16 21:44:09.0359 2392 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/16 21:44:09.0453 2392 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/16 21:44:09.0515 2392 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/16 21:44:09.0578 2392 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/16 21:44:09.0609 2392 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/16 21:44:09.0687 2392 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/16 21:44:09.0750 2392 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/16 21:44:09.0765 2392 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/16 21:44:09.0796 2392 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/16 21:44:09.0875 2392 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/16 21:44:09.0921 2392 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/16 21:44:09.0968 2392 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/16 21:44:10.0000 2392 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/16 21:44:10.0015 2392 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/16 21:44:10.0078 2392 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/16 21:44:10.0156 2392 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/16 21:44:10.0218 2392 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/16 21:44:10.0281 2392 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/16 21:44:10.0328 2392 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/16 21:44:10.0343 2392 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/16 21:44:10.0390 2392 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/16 21:44:10.0453 2392 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/16 21:44:10.0484 2392 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/16 21:44:10.0515 2392 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/08/16 21:44:10.0531 2392 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/16 21:44:10.0609 2392 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/16 21:44:10.0703 2392 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/16 21:44:10.0750 2392 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/16 21:44:10.0828 2392 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/16 21:44:10.0843 2392 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/16 21:44:10.0859 2392 MBR (0x1B8) (cdac57608c39097805c8c958f1f73d97) \Device\Harddisk0\DR0
2011/08/16 21:44:10.0859 2392 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
2011/08/16 21:44:10.0875 2392 Boot (0x1200) (8ada861a0243678eb306ed69bda069e4) \Device\Harddisk0\DR0\Partition0
2011/08/16 21:44:10.0875 2392 ================================================================================
2011/08/16 21:44:10.0875 2392 Scan finished
2011/08/16 21:44:10.0875 2392 ================================================================================
2011/08/16 21:44:10.0875 3616 Detected object count: 1
2011/08/16 21:44:10.0875 3616 Actual detected object count: 1
2011/08/16 21:45:34.0921 3616 \Device\Harddisk0\DR0 (Rootkit.Boot.Pihar.a) - will be cured after reboot
2011/08/16 21:45:34.0921 3616 \Device\Harddisk0\DR0 - ok
2011/08/16 21:45:34.0921 3616 Rootkit.Boot.Pihar.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/16 21:45:40.0937 3804 Deinitialize success

Security Check results:


Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2011
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.4.5
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````

#5 honjarte

honjarte
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 17 August 2011 - 11:31 AM

Hey I'm back at it this morning. Search results are still a little funky, in that I cannot even surf to google, and bing or others just hang and do nothing. Seems like the virus is still around. Thanks for so much help! This problem seems to be popular this week...

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:05 PM

Posted 17 August 2011 - 01:16 PM

Ok you did the reboot?

You are one Java behind,its now at 7 and Adobe reader is at 10 or X.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 honjarte

honjarte
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 17 August 2011 - 01:37 PM

I'll get right on it.

#8 honjarte

honjarte
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 17 August 2011 - 02:31 PM

Eset it still running, and has found three things so far. I'm going to go get some lunch. I will post w/results when eset is done. Thanks soooo much for all the help. I'm starting to get a bit nervous. Scorched earth here we come? Oh, there is a new, strange process running called GoogleToolbarInstaller_updater_signed.exe. This seems odd; is it legit or related to my problems?

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:05 PM

Posted 17 August 2011 - 03:15 PM

Look in Control Panel,Add/remove Programs and Uninstall Google Toolbar.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 honjarte

honjarte
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 17 August 2011 - 03:55 PM

BoopMe- Here are the log files. I did do the one particular re-boot, and it seemed to work at the time. I updated Java and Adobe last nite, IIRC. I'll check again. I wanted to wait til the Eset scan was done to unistall the toolbar. I'll check back in a bit. As always, Thank You!

GooredFix:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 12:38 on 17/08/2011 (Honjarte)
Firefox version [Unable to determine]

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [04:03 01/02/2009]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files\AVG\AVG10\Firefox4\" [02:55 30/03/2011]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [04:31 20/11/2009]

-=E.O.F=-

Eset online scan:

C:\Documents and Settings\Honjarte\Application Data\Sun\Java\Deployment\cache\6.0\32\4e5c2020-78532bfe multiple threats deleted - quarantined
C:\Documents and Settings\Honjarte\Application Data\Sun\Java\Deployment\cache\6.0\45\1ed43e2d-60693121 multiple threats deleted - quarantined
C:\Documents and Settings\Honjarte\Application Data\Sun\Java\Deployment\cache\6.0\49\73190831-2f2ce218 a variant of Java/Exploit.CVE-2010-4452.A trojan cleaned by deleting - quarantined

#11 honjarte

honjarte
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 17 August 2011 - 04:03 PM

The google toolbar appears to be un-installed and Java and Adobe are updated.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:05 PM

Posted 17 August 2011 - 06:55 PM

The redirect was gone after the TDSS correct.

looks good here

About the Java\Deployment\cache in ESET.

When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder (C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache) for quick execution later and better performance. Malicious applets are also stored in the Java cache directory and your anti-virus may detect them and provide alerts. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.

Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I recommend clearing the entire cache to ensure everything is cleaned out: {thanks to quietman7}
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 honjarte

honjarte
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 17 August 2011 - 09:03 PM

BoopMe- I have completed all the steps you have set out for me. Thank you so much for the help! I think the redirect itself is gone but IE will not got to any search engine sites, only favorites or sites I can link to from other sites. I've tried to load google.com and bing.com in IE, both by trying the search bar at MSN and typing in the address in the bar. Neither of these work, IE just hangs and then says "cannot connect." Same with any other generic search. Java says that it is updated but that security check program I used yesterday said it was out of date still today. (I ran it again) You think this is related or a side effect? Thanks! So, just to be clear, I guess the redirect was gone after TDSS (I couldn't really tell you since I can't yield any results), but now I have the subsequent weirdness with IE. Nothing is coming up in any scans, really. This morning AVG just found all the cookies from the sites I have been reading from this thread.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:05 PM

Posted 17 August 2011 - 09:16 PM

Let's reset Internet Explorer settings
Scrool down and click the FIX-IT button. lets see afer that
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 honjarte

honjarte
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:05 PM

Posted 17 August 2011 - 09:31 PM

Hey- I deleted IE settings. I still cannot get to any search result. I could get to yahoo but it wouldn't search.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users