Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • Please log in to reply
15 replies to this topic

#1 digitalnima

digitalnima

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 03 November 2011 - 09:37 PM

I have a google redirect virus. I have tried all of the recommended programs but it keeps coming back....I need help!'

It redirects me to get answers fast.com

Edited by digitalnima, 04 November 2011 - 12:21 PM.
Moved to AII from Windows 7. ~ OB


BC AdBot (Login to Remove)

 


#2 digitalnima

digitalnima
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 05 November 2011 - 09:27 AM

Thank you for the help in advance

#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:18 PM

Posted 05 November 2011 - 08:42 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 digitalnima

digitalnima
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 06 November 2011 - 08:56 AM

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 22
Out of date Java installed!
Adobe Flash Player 11.0.1.152
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbam.exe
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
``````````End of Log````````````

#5 digitalnima

digitalnima
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 06 November 2011 - 09:00 AM

MiniToolBox by Farbar
Ran by Digital (administrator) on 06-11-2011 at 08:59:23
Windows 7 Home Premium Service Pack 1 (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
Hosts file not detected in the default directory
========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="Wireless Network Connection 3" address=192.168.16.2 mask=255.255.255.0


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Digital-VAIO
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.va.comcast.net.

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® WiMAX 6150
Physical Address. . . . . . . . . : 64-D4-DA-50-81-55
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 40-25-C2-1E-F4-CD
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 40-25-C2-1E-F4-CD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.va.comcast.net.
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 6150
Physical Address. . . . . . . . . : 40-25-C2-1E-F4-CC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4cef:7d76:71f3:a8cb%13(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, November 05, 2011 2:25:28 PM
Lease Expires . . . . . . . . . . : Sunday, November 13, 2011 8:26:12 AM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 322971074
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-6C-A7-22-78-84-3C-92-D9-9F
DNS Servers . . . . . . . . . . . : 68.87.73.246
68.87.71.230
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.va.comcast.net.
Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 78-84-3C-92-D9-9F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.hsd1.va.comcast.net.:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.va.comcast.net.
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{3E29AFD1-654C-4708-82F7-BBA56EB01342}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{043401C3-109A-4939-9EF8-113CA602EF9D}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{91404099-B3F1-43D0-9EA9-F1AC300E3614}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:4d6:3444:b8c1:21b0(Preferred)
Link-local IPv6 Address . . . . . : fe80::4d6:3444:b8c1:21b0%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: cns.manassaspr.va.dc02.comcast.net
Address: 68.87.73.246

Name: google.com
Addresses: 72.14.204.99
72.14.204.103
72.14.204.147
72.14.204.104
72.14.204.105


Pinging google.com [72.14.204.99] with 32 bytes of data:
Reply from 72.14.204.99: bytes=32 time=24ms TTL=53
Reply from 72.14.204.99: bytes=32 time=28ms TTL=53

Ping statistics for 72.14.204.99:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 28ms, Average = 26ms
Server: cns.manassaspr.va.dc02.comcast.net
Address: 68.87.73.246

Name: yahoo.com
Addresses: 209.191.122.70
67.195.160.76
72.30.2.43
98.137.149.56
98.139.180.149


Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=25ms TTL=50
Reply from 67.195.160.76: bytes=32 time=25ms TTL=50

Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 25ms, Average = 25ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 3ms, Average = 2ms
===========================================================================
Interface List
16...64 d4 da 50 81 55 ......Intel® Centrino® WiMAX 6150
15...40 25 c2 1e f4 cd ......Microsoft Virtual WiFi Miniport Adapter #2
14...40 25 c2 1e f4 cd ......Microsoft Virtual WiFi Miniport Adapter
13...40 25 c2 1e f4 cc ......Intel® Centrino® Wireless-N 6150
11...78 84 3c 92 d9 9f ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
1...........................Software Loopback Interface 1
36...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
37...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
38...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.2 25
10.0.0.0 255.255.255.0 On-link 10.0.0.2 281
10.0.0.2 255.255.255.255 On-link 10.0.0.2 281
10.0.0.255 255.255.255.255 On-link 10.0.0.2 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.2 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
17 58 ::/0 On-link
1 306 ::1/128 On-link
17 58 2001::/32 On-link
17 306 2001:0:4137:9e76:4d6:3444:b8c1:21b0/128
On-link
13 281 fe80::/64 On-link
17 306 fe80::/64 On-link
17 306 fe80::4d6:3444:b8c1:21b0/128
On-link
13 281 fe80::4cef:7d76:71f3:a8cb/128
On-link
1 306 ff00::/8 On-link
17 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/06/2011 08:36:14 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (11/06/2011 08:36:14 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (11/06/2011 06:55:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8970

Error: (11/06/2011 06:55:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8970

Error: (11/06/2011 06:55:53 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2011 06:55:48 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3962

Error: (11/06/2011 06:55:48 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3962

Error: (11/06/2011 06:55:48 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2011 06:55:47 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2870

Error: (11/06/2011 06:55:47 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2870


System errors:
=============
Error: (11/06/2011 08:26:18 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (11/06/2011 08:26:18 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (11/06/2011 08:26:16 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (11/06/2011 08:26:16 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (11/06/2011 08:26:16 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (11/06/2011 08:26:14 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (11/06/2011 08:26:13 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (11/06/2011 08:26:11 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (11/06/2011 06:56:06 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.

Error: (11/06/2011 06:55:44 AM) (Source: Microsoft-Windows-DNS-Client) (User: NETWORK SERVICE)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (11/06/2011 08:36:14 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (11/06/2011 08:36:14 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (11/06/2011 06:55:53 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8970

Error: (11/06/2011 06:55:53 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8970

Error: (11/06/2011 06:55:53 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2011 06:55:48 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3962

Error: (11/06/2011 06:55:48 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3962

Error: (11/06/2011 06:55:48 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2011 06:55:47 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2870

Error: (11/06/2011 06:55:47 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2870


=========================== Installed Programs ============================

(Version: 1.2.0.15100)
(Version: 3.2.0.02140)
(Version: 4.5.0.02140)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.26)
Adobe Flash Player 11 Plugin (Version: 11.0.1.152)
Adobe Reader X MUI (Version: 10.0.0)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Application Manager for VAIO
ArcSoft WebCam Companion 4 (Version: 4.0.21.392)
Best Buy pc app (Version: 3.2.0.0)
Bing Bar (Version: 7.0.610.0)
Bonjour (Version: 3.0.0.2)
CCleaner (Version: 3.12)
Comcast Desktop Software (v1.2.0.9) (Version: 23)
Conexant HD Audio (Version: 8.54.0.53)
Corel WinDVD (Version: 10.0.5.800)
D3DX10 (Version: 15.4.2368.0902)
Haali Media Splitter
Hitman Pro 3.5 (Version: 3.5.9.131)
Intel PROSet Wireless
Intel WiMAX Tutorial (Version: 1.5.3.1)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Management Engine Components (Version: 7.0.0.1144)
Intel® Processor Graphics (Version: 8.15.10.2291)
Intel® PROSet/Wireless WiFi Software (Version: 14.00.1000)
Intel® Rapid Storage Technology (Version: 10.1.0.1008)
Intel® Wireless Display
Intel® Wireless Display (Version: 2.0.27.0)
Intel® PROSet/Wireless WiMAX Software (Version: 6.02.1000)
iPodCopy (Version: 8.07)
iTunes (Version: 10.4.0.80)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 22 (64-bit) (Version: 6.0.220)
Java™ 6 Update 22 (Version: 6.0.220)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Media Gallery (Version: 1.5.0.16020)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Oasis2Service 1.0 (Version: 1.0.0)
OOBE (Version: 11.2.1.10)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PMB (Version: 5.5.02.12220)
PMB VAIO Edition Plug-in (Version: 1.5.00.02250)
PMB VAIO Edition Plug-in (Version: 1.5.01.04010)
QuickTime (Version: 7.69.80.9)
Realtek PCIE Card Reader (Version: 6.1.7600.74)
Remote Keyboard (Version: 1.1.1.03020)
Remote Play with PlayStation 3 (Version: 1.1.0.15070)
Sony Corporation (Version: 1.0.0)
SSLx64 (Version: 1.0.0)
SSLx86 (Version: 1.0.0)
Synaptics Pointing Device Driver (Version: 15.1.9.0)
Trend Micro Titanium (Version: 3.1.1109)
Trend Micro™ Titanium™ (Version: 3.00)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
VAIO - Media Gallery (Version: 1.5.0.16020)
VAIO - PMB VAIO Edition Guide (Version: 1.5.00.02250)
VAIO - PMB VAIO Edition Plug-in (Version: 1.5.01.04060)
VAIO - Remote Keyboard (Version: 1.0.1.03020)
VAIO - Remote Play with PlayStation®3 (Version: 1.1.0.15070)
VAIO Care (Version: 6.4.0.15030)
VAIO Control Center (Version: 4.5.0.03040)
VAIO Data Restore Tool (Version: 1.6.0.13140)
VAIO Easy Connect (Version: 1.0.0.03050)
VAIO Event Service (Version: 5.5.0.03040)
VAIO Gate (Version: 2.3.0.11090)
VAIO Gate Default (Version: 2.4.0.03240)
VAIO Hardware Diagnostics (Version: 4.2.0.14280)
VAIO Help and Support (Version: 14.00.0125)
VAIO Improvement (Version: 1.0.0.14150)
VAIO Manual (Version: 2.0.0.02250)
VAIO Messenger (Version: 2.0.287.0)
VAIO Quick Web Access (Version: 1.4.5.5)
VAIO Sample Contents (Version: 1.4.0.09010)
VAIO Satisfaction Survey. (Version: 3.0)
VAIO Smart Network (Version: 3.5.0.02280)
VAIO Transfer Support (Version: 1.4.0.14230)
VAIO Update (Version: 5.4.0.15300)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VCCx86 (Version: 1.0.0)
VESx64 (Version: 1.0.0)
VESx86 (Version: 1.0.0)
VIx64 (Version: 1.0.0)
VIx86 (Version: 1.0.0)
VSNx64 (Version: 1.0.0)
VWSTx86 (Version: 1.0.0)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.01 (64-bit) (Version: 4.01.0)
Xilisoft Audio Converter Pro (Version: 6.1.2.0827)
Xilisoft iPod Rip (Version: 2.1.32.0417)

========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 4043.86 MB
Available physical RAM: 2135.05 MB
Total Pagefile: 8085.91 MB
Available Pagefile: 5239.17 MB
Total Virtual: 4095.88 MB
Available Virtual: 3988.54 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:585.4 GB) (Free:454.51 GB) NTFS
2 Drive e: (TrendMicro) (CDROM) (Total:0.25 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\DIGITAL-VAIO

Administrator Digital Guest


**** End of log ****

#6 digitalnima

digitalnima
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 06 November 2011 - 09:04 AM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8081

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11/6/2011 9:04:14 AM
mbam-log-2011-11-06 (09-04-14).txt

Scan type: Quick scan
Objects scanned: 171394
Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 digitalnima

digitalnima
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 06 November 2011 - 09:22 AM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-06 09:21:50
Windows 6.1.7601 Service Pack 1
Running: 8kumztwt.exe


---- Files - GMER 1.0.15 ----

File C:\Users\Digital\AppData\Local\Temp\plugtmp 0 bytes

---- EOF - GMER 1.0.15 ----


Here is the last one. Thank you

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:18 PM

Posted 06 November 2011 - 11:03 AM

You seem to have "hosts" file missing.

Open Notepad.
Paste the following text into it:

# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

Go File>Save As and...

1. Name the file hosts. (no extension; make sure there is just a "dot" at the end <--- VERY IMPORTANT!)
2. Make sure, "Save as type:" is set to "All Files (*.*)
3. File is saved to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder

Posted Image


=================================================================

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :dir
    C:\WINDOWS\SYSTEM32\DRIVERS\ETC
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 digitalnima

digitalnima
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 06 November 2011 - 11:25 AM

I fixed the hosts file...I had deleted by accident when I was trying to get rid of the virus



SystemLook 30.07.11 by jpshortstuff
Log created at 11:24 on 06/11/2011 by Digital
Administrator - Elevation successful

========== dir ==========

C:\WINDOWS\SYSTEM32\DRIVERS\ETC - Parameters: "(none)"

---Files---
hosts --a---- 760 bytes [16:22 06/11/2011] [16:22 06/11/2011]
lmhosts.sam --a---- 3683 bytes [02:35 14/07/2009] [21:00 10/06/2009]
networks --a---- 407 bytes [02:34 14/07/2009] [21:00 10/06/2009]
protocol --a---- 1358 bytes [02:34 14/07/2009] [21:00 10/06/2009]
services --a---- 17463 bytes [02:34 14/07/2009] [21:00 10/06/2009]

---Folders---
None found.

-= EOF =-

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:18 PM

Posted 06 November 2011 - 11:35 AM

How is redirection now?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 digitalnima

digitalnima
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 06 November 2011 - 02:34 PM

It is still here.....it takes me to get answers fast.com

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:18 PM

Posted 06 November 2011 - 04:28 PM

Which browser is getting redirected?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 digitalnima

digitalnima
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 06 November 2011 - 05:26 PM

I am using firefox

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:18 PM

Posted 06 November 2011 - 05:35 PM

Can you check if you have same issue in IE?

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 digitalnima

digitalnima
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 06 November 2011 - 06:48 PM

It is only happening in Firefox....I have not experience it in IE yet


GooredFix by jpshortstuff (03.07.10.1)
Log created at 18:46 on 06/11/2011 (Digital)
Firefox version 7.0.1 (en-US)

========== GooredScan ==========

Deleting "C:\Users\Digital\Application Data\Mozilla\Firefox\Profiles\h02chfhb.default\extensions\{d7ad7e32-4d21-4191-87dd-fc8c125e41ae}" -> Success!
Deleting "C:\Users\Digital\Application Data\Mozilla\Firefox\Profiles\h02chfhb.default\extensions\{ddad0eac-c166-46f5-80da-0ea2defaad99}" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:29 19/08/2011]

C:\Users\Digital\Application Data\Mozilla\Firefox\Profiles\h02chfhb.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{22C7F6C6-8D67-4534-92B5-529A0EC09405}"="C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\" [18:47 25/10/2011]

-=E.O.F=-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users