Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google links Redirecting me


  • Please log in to reply
9 replies to this topic

#1 GKCzar

GKCzar

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 18 October 2011 - 07:42 PM

It seems to happen in spurts... like it will redirect me continually for a bit. Then Ill use my computer a couple hours later and It wont do it again. So far I have ran Spybot, MalwareBytes, AVG, SUPERanti, ccleaner as well as Microsoft security essentials.. To no avail. And now that I notice it it seems that everyday even though I have recently run a scan using Microsoft security essentials it still goes back to saying I haven't...
Thanks in advance!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:23 AM

Posted 18 October 2011 - 08:34 PM

Welocome to BC.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal Instructions

If it finds something make sure Cure is selected
Next click Continue then Reboot now
A log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:23 AM

Posted 19 October 2011 - 03:35 PM

You are running Spybots Teatimer,correct?
Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?


MiniToolBox by Farbar
Ran by Gleb Kalmykov (administrator) on 19-10-2011 at 15:02:31
Windows 7 Home Premium Service Pack 1 (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 15063 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : GlebKalmykov-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-30-67-C2-B8-A0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::e192:3aed:619c:b5e8%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, October 19, 2011 02:57:32
Lease Expires . . . . . . . . . . : Monday, January 18, 2038 11:14:07
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 234893415
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-DD-D7-05-00-30-67-C2-B8-A0
DNS Servers . . . . . . . . . . . : 68.87.64.150
68.87.75.198
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Belkin:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3013:3178:ba07:b812(Preferred)
Link-local IPv6 Address . . . . . : fe80::3013:3178:ba07:b812%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: cns.inflow.pa.bo.comcast.net
Address: 68.87.64.150

Name: google.com
Addresses: 72.14.204.104
72.14.204.147
72.14.204.103
72.14.204.105
72.14.204.99


Pinging google.com [72.14.204.103] with 32 bytes of data:
Reply from 72.14.204.103: bytes=32 time=18ms TTL=53
Reply from 72.14.204.103: bytes=32 time=17ms TTL=53

Ping statistics for 72.14.204.103:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 17ms, Maximum = 18ms, Average = 17ms
Server: cns.inflow.pa.bo.comcast.net
Address: 68.87.64.150

Name: yahoo.com
Addresses: 67.195.160.76
72.30.2.43
98.137.149.56
98.139.180.149
209.191.122.70


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=89ms TTL=48
Reply from 98.137.149.56: bytes=32 time=89ms TTL=48

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 89ms, Maximum = 89ms, Average = 89ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...00 30 67 c2 b8 a0 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.4 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.4 276
192.168.2.4 255.255.255.255 On-link 192.168.2.4 276
192.168.2.255 255.255.255.255 On-link 192.168.2.4 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.4 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.4 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:3013:3178:ba07:b812/128
On-link
11 276 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::3013:3178:ba07:b812/128
On-link
11 276 fe80::e192:3aed:619c:b5e8/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/19/2011 02:57:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2011 00:31:01 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (10/19/2011 00:30:31 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (10/18/2011 07:00:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2011 03:11:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2011 08:30:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: SUPERAntiSpyware.exe, version: 5.0.0.1134, time stamp: 0x4e9c6377
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000180073e4c
Faulting process id: 0xe64
Faulting application start time: 0xSUPERAntiSpyware.exe0
Faulting application path: SUPERAntiSpyware.exe1
Faulting module path: SUPERAntiSpyware.exe2
Report Id: SUPERAntiSpyware.exe3

Error: (10/17/2011 08:03:10 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-122441246-2124929187-3678946359-1000}/">.

Error: (10/17/2011 08:02:55 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-122441246-2124929187-3678946359-1000}/">.

Error: (10/17/2011 04:58:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2011 06:41:01 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.


System errors:
=============
Error: (10/18/2011 07:20:26 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/18/2011 03:44:44 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/18/2011 03:17:42 PM) (Source: Microsoft Antimalware) (User: )
Description: %Program:Win32/Pameseg.AR60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Program:Win32/Pameseg.AR603

Name: Program:Win32/Pameseg.AR

ID: 166627

Severity: %Program:Win32/Pameseg.AR600

Category: %Program:Win32/Pameseg.AR602

Path: 3.0.8402.02

Detection Origin: 3.0.8402.04

Detection Type: 3.0.8402.08

Detection Source: %Program:Win32/Pameseg.AR608

User: {D86C7FB2-6855-4A86-9C52-7529DC1D977B}9

Process Name: %Program:Win32/Pameseg.AR609

Action: {D86C7FB2-6855-4A86-9C52-7529DC1D977B}1

Action Status: {D86C7FB2-6855-4A86-9C52-7529DC1D977B}8

Error Code: {D86C7FB2-6855-4A86-9C52-7529DC1D977B}3

Error description: {D86C7FB2-6855-4A86-9C52-7529DC1D977B}4

Signature Version: 2011-10-18T19:16:58.630Z1

Engine Version: 2011-10-18T19:16:58.630Z2

Error: (10/18/2011 03:17:42 PM) (Source: Microsoft Antimalware) (User: )
Description: %Program:Win32/Pameseg.AR60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%Program:Win32/Pameseg.AR603

Name: Program:Win32/Pameseg.AR

ID: 166627

Severity: %Program:Win32/Pameseg.AR600

Category: %Program:Win32/Pameseg.AR602

Path: 3.0.8402.02

Detection Origin: 3.0.8402.04

Detection Type: 3.0.8402.08

Detection Source: %Program:Win32/Pameseg.AR608

User: {D86C7FB2-6855-4A86-9C52-7529DC1D977B}9

Process Name: %Program:Win32/Pameseg.AR609

Action: {D86C7FB2-6855-4A86-9C52-7529DC1D977B}1

Action Status: {D86C7FB2-6855-4A86-9C52-7529DC1D977B}8

Error Code: {D86C7FB2-6855-4A86-9C52-7529DC1D977B}3

Error description: {D86C7FB2-6855-4A86-9C52-7529DC1D977B}4

Signature Version: 2011-10-18T19:16:58.630Z1

Engine Version: 2011-10-18T19:16:58.630Z2

Error: (10/18/2011 03:11:32 PM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%835

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%842

Error: (10/17/2011 05:14:48 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR5.

Error: (10/17/2011 05:13:07 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (10/17/2011 05:13:08 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (10/17/2011 05:13:08 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (10/17/2011 05:13:07 PM) (Source: Virtual Disk Service) (User: )
Description: Unexpected provider failure. Restarting the service may fix the problem. Error code: 80004005@02000014


Microsoft Office Sessions:
=========================
Error: (10/19/2011 02:57:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/19/2011 00:31:01 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (10/19/2011 00:30:31 AM) (Source: SideBySide)(User: )
Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10

Error: (10/18/2011 07:00:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/18/2011 03:11:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2011 08:30:37 PM) (Source: Application Error)(User: )
Description: SUPERAntiSpyware.exe5.0.0.11344e9c6377unknown0.0.0.000000000c00000050000000180073e4ce6401cc8d262f629c00C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeunknown65ebffae-f920-11e0-a432-003067c2b8a0

Error: (10/17/2011 08:03:10 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-122441246-2124929187-3678946359-1000}/

Error: (10/17/2011 08:02:55 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-122441246-2124929187-3678946359-1000}/

Error: (10/17/2011 04:58:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/17/2011 06:41:01 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8


=========================== Installed Programs ============================

µTorrent (Version: 3.0.0)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 10 Plugin (Version: 10.3.183.10)
Adobe Reader X (10.1.1) (Version: 10.1.1)
Any Video Converter 3.2.7
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.4.5.0)
AVG 2012 (Version: 12.0.1831)
AVG 2012 (Version: 12.0.2092)
AVG 2012 (Version: 2012.0.1831)
Battlefield 3™ Open Beta (Version: 1.0.0.0)
Battlelog Web Plugins (Version: 0.80.0)
BIOScreen
BiosNotice
Bonjour (Version: 3.0.0.10)
CameraHelperMsi (Version: 13.30.1395.0)
CCleaner (Version: 3.11)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.41.3.0173)
eHOT Line
erLT (Version: 1.20.138.34)
EVE Online (remove only)
EVGA OC Scanner 1.7.2
EVGA Precision 2.0.3 (Version: 2.0.3)
HP Officejet 6500 E710n-z Basic Device Software (Version: 22.0.334.0)
HP Officejet 6500 E710n-z Help (Version: 140.0.2.2)
HP Update (Version: 5.002.005.003)
I.R.I.S. OCR (Version: 12.3.4)
InstallIQ Updater (Version: 1.4.2.0)
Intel® Management Engine Components (Version: 7.0.0.1144)
Itibiti RTC (Version: 0.0.1)
iTunes (Version: 10.5.0.142)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 27 (64-bit) (Version: 6.0.270)
Java™ 6 Update 27 (Version: 6.0.270)
Junk Mail filter update (Version: 15.4.3502.0922)
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.30.1346.0)
LWS Gallery (Version: 13.30.1379.0)
LWS Help_main (Version: 13.30.1396.0)
LWS Launcher (Version: 13.30.1379.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.30.1395.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.30.1379.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.30.1346.0)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Minecraft Beta Cracked
Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Multimedia Card Reader (Version: 3.0.7.0)
Netflix in Windows Media Center (Version: 3.3.101.0)
NVIDIA 3D Vision Controller Driver (Version: 280.19)
NVIDIA 3D Vision Controller Driver 280.19 (Version: 280.19)
NVIDIA 3D Vision Driver 280.26 (Version: 280.26)
NVIDIA Control Panel 280.26 (Version: 280.26)
NVIDIA Graphics Driver 280.26 (Version: 280.26)
NVIDIA HD Audio Driver 1.2.23.3 (Version: 1.2.23.3)
NVIDIA Install Application (Version: 2.1000.25.170)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.8026)
NVIDIA Update 1.4.28 (Version: 1.4.28)
NVIDIA Update Components (Version: 1.4.28)
Oblivion - Horse Armor Pack (Version: 1.00.0000)
Oblivion - Knights of the Nine (Version: 1.00.0000)
Oblivion - Mehrunes Razor (Version: 1.00.0000)
Oblivion - Orrery (Version: 1.00.0000)
Oblivion - Spell Tomes (Version: 1.00.0000)
Oblivion - Thieves Den (Version: 1.00.0000)
Oblivion - Vile Lair (Version: 1.00.0000)
Oblivion - Wizard's Tower (Version: 1.00.0000)
Oblivion (Version: 1.00.0000)
OpenOffice.org 3.3 (Version: 3.3.9567)
Origin (Version: 8.2.5.2532)
PerformanceTest v7.0 (64-bit) (Version: 7.0)
PunkBuster Services (Version: 0.991)
QuickTime (Version: 7.70.80.34)
Realtek Ethernet Controller Driver (Version: 7.40.126.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6215)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.32.0)
Skype™ 5.5 (Version: 5.5.117)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.0.1132)
T-Utility Green Power Utility II
The Sims™ 3 (Version: 1.0.632)
THX TruStudio Pro (Version: 1.0)
Tseries BIOS Update
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
VLC media player 1.1.11 (Version: 1.1.11)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
Yahoo! Detect
ZumoDrive

========================= Memory info: ===================================

Percentage of memory in use: 29%
Total physical RAM: 8173.17 MB
Available physical RAM: 5754.4 MB
Total Pagefile: 16344.54 MB
Available Pagefile: 13778.64 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.79 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:58.5 GB) (Free:8.61 GB) NTFS
2 Drive d: () (Fixed) (Total:537.58 GB) (Free:294.17 GB) NTFS
5 Drive z: (ZumoDrive) (Removable) (Total:2 GB) (Free:1.89 GB) FAT32

========================= Users: ========================================

User accounts for \\GLEBKALMYKOV-PC

Administrator Gleb Kalmykov Guest
Mama and Papa UpdatusUser

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

Mbam log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7983

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

10/19/2011 03:20:17 PM
mbam-log-2011-10-19 (15-20-17).txt

Scan type: Quick scan
Objects scanned: 204647
Time elapsed: 1 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Rootkiller found no threats
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 GKCzar

GKCzar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 19 October 2011 - 04:07 PM

No I am not running Teatimer. I don't see that option in Spybot. Maybe I have an old version? I am on a router. No other machines are on it. Except for my iPhone. And it does not get redirected. I use Google chrome.

This time... it lets me post without crashing hmmm

Edited by GKCzar, 19 October 2011 - 04:07 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:23 AM

Posted 19 October 2011 - 07:20 PM

OK,Your HOSTS file may be infected.
Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?

To reset the hosts file automatically,go HERE click the Posted Image button. Then just follow the prompts in the Fix it wizard.


OR
Click Run in the File Download dialog box or save MicrosoftFixit50267.msi to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 GKCzar

GKCzar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 19 October 2011 - 08:01 PM

Forgot to mention before the redirects would happen 3-4 times and on the 5 time it would always take me to the real site.
Ok I reset my hosts files. It did not help. When I click links in Google instead of taking me to a site, it seems like its about to and then it backs out by itself. Again it takes 3-5 clicks before it takes me to the actual site.
Do I need teatimer?

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:23 AM

Posted 19 October 2011 - 08:27 PM

TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

Let's check on itand turn it off if needed.

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Mode > Advanced Mode.
    Posted Image
  • You may be presented with a warning dialog. If so, click Yes
  • Click on Tools and then Resident
    Posted Image
  • Uncheck this checkbox: "Resident TeaTimer {protection of over-all system settings) active"
  • Close/Exit Spybot Search and Destroy


There was evidence of it in MINIToolbox.
Please rerun MiniToolBox,like this.

Checkmark the following checkboxes: [*]List content of Hosts
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 GKCzar

GKCzar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 19 October 2011 - 09:15 PM

Ok I checked. Tea Timer was already off.
Here is the log.
MiniToolBox by Farbar
Ran by Gleb Kalmykov (administrator) on 19-10-2011 at 22:14:48
Windows 7 Home Premium Service Pack 1 (X64)

***************************************************************************
Hosts file not detected in the default directory

**** End of log ****

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:23 AM

Posted 19 October 2011 - 09:45 PM

OK we now have 15000 less items in the hosts file,thats good.

If still redirecting>>>
Change your DNS Servers:
  • Go to Posted Image > Run... and in the open box, type: cmd
  • Press OK or Hit Enter.
  • At the command prompt, type or copy/paste: ipconfig /flushdns
  • Hit Enter.
  • You will get a confirmation that the flush was successful.
  • Close the command box.


If still redirecting>>>
Your router is hijacked by trojan DNS-hijacker.

  • Please read this: Malware Silently Alters Wireless Router Settings

  • Then reset your router to it's factory default settings:

    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"


  • This is the difficult part.
    First get to the routers server. To do that open Internet Explorer and type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 GKCzar

GKCzar
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 20 October 2011 - 06:39 PM

I have a dynamic Ip. Not a static. I am not sure what the third step is. But I did the other two steps and It is still redirecting me.
Also my router server was 192.168.2.1




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users