Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another victim of a redirect virus/trojan/ghost thing...


  • This topic is locked This topic is locked
22 replies to this topic

#1 BambiTLK

BambiTLK

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:DFW, Texas
  • Local time:08:16 PM

Posted 30 August 2011 - 07:46 PM

Hello. I really hope someone can help me with this. I have a desktop running Windows 7 Ultimate. I generally use FireFox as my default browser, and a few days ago it started redirecting me to ad sites whenever I click a legitimate link in a Google search. Chrome is not affected by this, but I am terrified to log into anything (save bleepingcomputer!) while I am having this issue. I have tried Malwarebytes, SuperAntiSpyware, HijackThis, UnHackMe, Avast!, and Symantec's tdss rootkit killer and backdoor.tidserv removal tools. I am at a complete loss right now. Avast is my default real-time protection.

Please help! I don't know what has been compromised or what to do to get this thing off.

I do know that I am switching to Linux once this is over...

Edit: I have also tried Hitman Pro 3 and Windows Defender. I have all current Windows/Firefox/Java/Adobe patches.

Edited by BambiTLK, 30 August 2011 - 07:50 PM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:16 AM

Posted 30 August 2011 - 07:47 PM

Can you post logs from Malwarebytes and Super Anti-Spyware.

Switching to another Operating wont solve issues, and it could potentially open you up for more frustrations.

Edited by cryptodan, 30 August 2011 - 07:48 PM.


#3 BambiTLK

BambiTLK
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:DFW, Texas
  • Local time:08:16 PM

Posted 30 August 2011 - 07:57 PM

Can you post logs from Malwarebytes and Super Anti-Spyware.


Thank you for the quick reply! I did not save the logs last time, so I am re-running them now. I will post as soon as it's complete.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:16 AM

Posted 30 August 2011 - 08:00 PM

The logs are automatically saved. Can you check the logs tab?

#5 BambiTLK

BambiTLK
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:DFW, Texas
  • Local time:08:16 PM

Posted 30 August 2011 - 08:04 PM

I was advised by someone to uninstall the programs after running them...so nope. I am running Malwarebytes now. I think it's about half done.

#6 BambiTLK

BambiTLK
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:DFW, Texas
  • Local time:08:16 PM

Posted 30 August 2011 - 08:22 PM

Malwarebytes


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7615

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/30/2011 8:21:10 PM
mbam-log-2011-08-30 (20-21-10).txt

Scan type: Full scan (C:\|)
Objects scanned: 336374
Time elapsed: 28 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:16 AM

Posted 30 August 2011 - 08:25 PM

Unfortunately without seeing the logs that showed the detections I will be unable to assist you better, and who ever told you to remove the applications gave you the wrong advice. The applications are safe and highly recommended to use.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

#8 BambiTLK

BambiTLK
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:DFW, Texas
  • Local time:08:16 PM

Posted 30 August 2011 - 08:28 PM

Neither program showed anything infected when originally ran.
Here is the ToolBox log:


MiniToolBox by Farbar
Ran by Shawna (administrator) on 30-08-2011 at 20:27:10
Windows 7 Ultimate (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 4

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : MahCompy
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-1F-BC-09-32-BA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3490:8ef8:68f7:b2a1%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.65(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, August 30, 2011 6:59:51 PM
Lease Expires . . . . . . . . . . : Wednesday, August 31, 2011 6:59:51 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 234889148
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-14-C5-CF-00-1F-BC-09-32-BA
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.gateway.2wire.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3041:1719:93a4:a1ee(Preferred)
Link-local IPv6 Address . . . . . : fe80::3041:1719:93a4:a1ee%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: homeportal
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.73.105
74.125.73.106
74.125.73.104
74.125.73.103
74.125.73.99
74.125.73.147


Pinging google.com [74.125.73.147] with 32 bytes of data:
Reply from 74.125.73.147: bytes=32 time=34ms TTL=50
Reply from 74.125.73.147: bytes=32 time=34ms TTL=50

Ping statistics for 74.125.73.147:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 34ms, Maximum = 34ms, Average = 34ms
Server: homeportal
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56


Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=74ms TTL=49
Reply from 67.195.160.76: bytes=32 time=62ms TTL=49

Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 62ms, Maximum = 74ms, Average = 68ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 1f bc 09 32 ba ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.65 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.65 276
192.168.1.65 255.255.255.255 On-link 192.168.1.65 276
192.168.1.255 255.255.255.255 On-link 192.168.1.65 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.65 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.65 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:3041:1719:93a4:a1ee/128
On-link
11 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::3041:1719:93a4:a1ee/128
On-link
11 276 fe80::3490:8ef8:68f7:b2a1/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/30/2011 07:35:29 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.
.

Error: (08/30/2011 06:56:02 PM) (Source: Microsoft-Windows-RestartManager) (User: Shawna)Shawna
Description: Application or service 'SupportSoft Repair Service (verizondm)' could not be restarted.

Error: (08/30/2011 06:56:02 PM) (Source: Microsoft-Windows-RestartManager) (User: Shawna)Shawna
Description: Application or service 'SupportSoft Sprocket Service (verizondm)' could not be restarted.

Error: (08/28/2011 06:00:45 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary 57181860.

System Error:
The system cannot find the file specified.
.

Error: (08/28/2011 06:00:45 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary 61839938.

System Error:
The system cannot find the file specified.
.

Error: (08/28/2011 06:00:45 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary 6910419drv.

System Error:
The system cannot find the file specified.
.

Error: (08/28/2011 11:18:47 AM) (Source: MsiInstaller) (User: Shawna)Shawna
Description: Product: Windows Defender -- You do not need to install this software because Windows Defender is included in Windows Vista. You can access Windows Defender from the Security section of the Windows Control Panel.

Error: (08/25/2011 09:21:58 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2011 08:35:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/25/2011 08:32:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/30/2011 06:59:59 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Partizan

Error: (08/30/2011 06:59:43 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: SYSTEM)
Description: Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (08/30/2011 06:59:43 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: SYSTEM)
Description: Performance power management features on processor 3 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (08/30/2011 06:59:43 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: SYSTEM)
Description: Performance power management features on processor 5 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (08/30/2011 06:59:43 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: SYSTEM)
Description: Performance power management features on processor 7 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (08/30/2011 06:59:43 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: SYSTEM)
Description: Performance power management features on processor 2 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (08/30/2011 06:59:43 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: SYSTEM)
Description: Performance power management features on processor 6 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (08/30/2011 06:59:43 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: SYSTEM)
Description: Performance power management features on processor 4 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (08/30/2011 06:59:43 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: SYSTEM)
Description: Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (08/30/2011 06:53:52 PM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 2.0.4)
7-Zip 9.15 (x64 edition) (Version: 9.15.00.0)
Adobe AIR (Version: 2.0.3.13070)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.26)
Adobe Flash Player 10 Plugin (Version: 10.1.85.3)
Adobe Reader 9.4.5 (Version: 9.4.5)
avast! Free Antivirus (Version: 6.0.1203.0)
AviSynth 2.5
Crystal Reports Basic for Visual Studio 2008 (Version: 10.5.0.0)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (Version: 10.5.0.0)
ffdshow [rev 2583] [2009-01-05] (Version: 1.0)
Google Talk Plugin (Version: 2.2.2.0)
Haali Media Splitter
Intel® Matrix Storage Manager
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 23 (Version: 6.0.230)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Microsoft .NET Compact Framework 2.0 SP2 (Version: 2.0.7045)
Microsoft .NET Compact Framework 3.5 (Version: 3.5.7283)
Microsoft Device Emulator (64 bit) version 3.0 - ENU (Version: 9.0.21022)
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008 (Version: 9.0.21022)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Ultimate 2007 (Version: 12.0.6425.1000)
Microsoft Office Visual Web Developer 2007 (Version: 12.0.4518.1066)
Microsoft Office Visual Web Developer MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Compact 3.5 Design Tools ENU (Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 ENU (Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 for Devices ENU (Version: 3.5.5386.0)
Microsoft SQL Server Database Publishing Wizard 1.2 (Version: 1.2.0.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 2008 Professional Edition - ENU (Version: 9.0.21022)
Microsoft Visual Studio 2008 Remote Debugger - ENU
Microsoft Visual Studio 2008 Remote Debugger - ENU (Version: 9.0.21022)
Microsoft Visual Studio Web Authoring Component (Version: 12.0.4518.1066)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (Version: 3.5.21022)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 Tools (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (Version: 6.1.5288.17011)
Mozilla Firefox 6.0 (x86 en-US) (Version: 6.0)
MSDN Library for Visual Studio 2008 - ENU (Version: 9.0)
MSDN Library for Visual Studio 2008 - ENU (Version: 9.0.21022)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA PhysX (Version: 9.10.0224)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.5896)
Skype Toolbars (Version: 5.0.4126)
Skype™ 5.0 (Version: 5.0.152)
SUPERAntiSpyware (Version: 5.0.1118)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221) (Version: 1)
Update for Outlook 2007 Junk Email Filter (KB2586924)
VC Runtimes MSI (Version: 9.0.21022)
Ventrilo Client for Windows x64 (Version: 3.0.5.0)
Videora Android Converter 6 (Version: 6)
Visual Studio .NET Prerequisites - English (Version: 9.0.21022)
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.21022)
Windows Mobile 5.0 SDK R2 for Pocket PC (Version: 5.00.1700.5.14343.06)
Windows Mobile 5.0 SDK R2 for Smartphone (Version: 5.00.1700.5.14343.06)
WinRAR archiver
World of Warcraft (Version: 4.2.0.14333)

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 6135.14 MB
Available physical RAM: 3456.89 MB
Total Pagefile: 12268.43 MB
Available Pagefile: 9692.96 MB
Total Virtual: 4095.88 MB
Available Virtual: 3977.02 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:1499.9 GB) (Free:1391.41 GB) NTFS

========================= Users: ========================================

User accounts for \\MAHCOMPY

Administrator Guest Shawna

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

Edited by BambiTLK, 30 August 2011 - 08:29 PM.


#9 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:16 AM

Posted 30 August 2011 - 09:28 PM

Still getting the redirects?

#10 BambiTLK

BambiTLK
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:DFW, Texas
  • Local time:08:16 PM

Posted 30 August 2011 - 09:31 PM

Yes. I was able to click about five links before it started redirecting again.

#11 BambiTLK

BambiTLK
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:DFW, Texas
  • Local time:08:16 PM

Posted 30 August 2011 - 09:32 PM

I also wanted to ask, is there any way to tell what's been compromised? Is it safe to log into banking websites and the like? Is changing my passwords enough?

#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:16 AM

Posted 30 August 2011 - 09:32 PM

Can you navigate to the following:

c:\windows\system32\drivers\etc

See if there is a hosts file?

#13 BambiTLK

BambiTLK
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:DFW, Texas
  • Local time:08:16 PM

Posted 30 August 2011 - 09:34 PM

There is a hosts file

#14 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:16 AM

Posted 30 August 2011 - 09:40 PM

Right click on it uncheck read only.

hit okay

then double click on it and open it with Notepad.

Paste the contents here.

#15 BambiTLK

BambiTLK
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:DFW, Texas
  • Local time:08:16 PM

Posted 30 August 2011 - 09:42 PM

# Copyright © 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users