Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects me to wrong page.


  • This topic is locked This topic is locked
7 replies to this topic

#1 Roshchha

Roshchha

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 27 December 2011 - 12:47 PM

Hi,
I am totally messed up with this.
Whenever i try to open any page from google. I have been always redirected to some wrong page like mediashifting or 95p.com or pioskweb or some stupid search engines. This kind of problem I am facing from 2 weeks and I am unable to solve this problem.

my dds log is listed below as suggested in some old forum.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by Roshu at 22:45:06 on 2011-12-27
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2012.1252 [GMT 5.5:30]
.
AV: Quick Heal Total Security 12.00 *Enabled/Outdated* {05C1329D-F0E0-4B19-9D15-54F9BC3ADE87}
FW: Quick Heal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE
C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Roshu\Application Data\Microsoft\Office\rundll32.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\onlinent.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\SCANMSG.EXE
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Idea Net Setter\Idea Net Setter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\WINDOWS\system32\cidaemon.exe
"C:\WINDOWS\system32\svchost.exe"
C:\WINDOWS\system32\cidaemon.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = hxxp://www.ideacellular.com/
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
mWinlogon: Taskman=c:\recycler\s-1-5-21-0243556031-888888379-781863308-9364\fdwde92.exe
uWinlogon: Shell=c:\documents and settings\roshu\local settings\application data\c042da9c\X
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Kbgwgg] c:\documents and settings\roshu\application data\Kbgwgg.exe
uRun: [zaber0] c:\recycler\s-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
uRun: [dw92] c:\recycler\s-1-5-21-0243556031-888888379-781863308-9364\fdwde92.exe
uRun: [Tnaww] c:\recycler\s-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
uRun: [Microsoft Windows] c:\documents and settings\roshu\application data\microsoft\office\rundll32.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Quick Heal Core UI] "c:\program files\quick heal\quick heal total security\strtupap.exe"
mExplorerRun: [Microsoft Driver Setup] c:\windows\aadrive32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download web site with Free Download Manager - file://c:\program files\free download manager\dlpage.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: Interfaces\{8401F144-AD2F-4EC7-B134-8529A1AA8C5E} : NameServer = 121.242.190.181 121.242.190.210
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: DfLogon - LogonDll.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\roshu\application data\mozilla\firefox\profiles\2viw1siu.default\
FF - prefs.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [2010-5-20 153240]
R1 ggc;ggc;c:\windows\system32\drivers\ggc.sys [2011-12-18 46664]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2011-12-2 8576]
R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [2011-3-28 110024]
R2 Core Mail Protection;Core Mail Protection;c:\program files\quick heal\quick heal total security\EMLPROXY.EXE [2011-3-28 28104]
R2 Core Scanning Server;Core Scanning Server;c:\program files\quick heal\quick heal total security\SAPISSVC.EXE [2011-3-28 205768]
R2 DFServ;DFServ;c:\program files\faronics\deep freeze\install c-0\DFServ.exe [2010-5-20 1079808]
R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [2011-12-19 29384]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2005-10-14 199384]
R2 MSOLAP$SQLEXPRESS;SQL Server Analysis Services (SQLEXPRESS);c:\program files\microsoft sql server\mssql.2\olap\bin\msmdsrv.exe [2005-10-14 14557912]
R2 Online Protection System;Online Protection System;c:\program files\quick heal\quick heal total security\OPSSVC.EXE [2011-3-28 22472]
R2 Quick Update Service;Quick Update Service;c:\program files\quick heal\quick heal total security\QUHLPSVC.EXE [2011-3-28 90568]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2011-11-15 45056]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2011-11-15 48640]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-11-21 113280]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-11-21 100736]
R3 wsnfmp;Network Filter Miniport;c:\windows\system32\drivers\wsnf.sys [2011-3-28 27464]
S0 mscank;mscank;c:\windows\system32\drivers\mscank.sys [2011-12-19 30912]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 Core Scanning ServerEx;Core Scanning ServerEx;c:\program files\quick heal\quick heal total security\SAPISSVC.EXE [2011-3-28 205768]
S2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);c:\program files\microsoft sql server\mssql.3\reporting services\reportserver\bin\ReportingServicesService.exe [2005-10-14 14552]
S3 wsnf;Network Filter Service;c:\windows\system32\drivers\wsnf.sys [2011-3-28 27464]
.
=============== Created Last 30 ================
.
2011-12-24 14:00:06 680393 --sha-w- c:\documents and settings\roshu\application data\microsoft\office\rundll32.exe
2011-12-22 12:48:28 -------- d-----w- c:\program files\VideoLAN
2011-12-19 11:59:15 -------- d-----w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-12-19 11:30:22 -------- d-----w- c:\program files\Uniblue
2011-12-19 11:30:11 -------- d-----w- c:\documents and settings\roshu\local settings\application data\PackageAware
2011-12-19 05:23:15 -------- d-----w- c:\documents and settings\roshu\application data\Free Download Manager
2011-12-19 05:23:11 -------- d-----w- c:\program files\Free Download Manager
2011-12-18 18:45:54 -------- d-----w- c:\program files\DAP
2011-12-18 18:33:53 30912 ----a-w- c:\windows\system32\drivers\mscank.sys
2011-12-18 18:33:45 29384 ----a-w- c:\windows\system32\drivers\EMLTDI.SYS
2011-12-18 18:28:51 21504 ----a-w- c:\documents and settings\roshu\application data\1F.tmp
2011-12-18 18:28:47 48640 ----a-w- c:\documents and settings\roshu\application data\1E.tmp
2011-12-18 18:28:38 138328 ----a-w- c:\documents and settings\roshu\application data\1D.tmp
2011-12-18 18:25:29 -------- d-----w- c:\windows\system32\gprodat
2011-12-18 18:25:17 46664 ----a-w- c:\windows\system32\drivers\ggc.sys
2011-12-18 17:43:53 -------- d-----w- c:\documents and settings\roshu\local settings\application data\AskToolbar
2011-12-18 17:29:09 48640 ----a-w- c:\documents and settings\roshu\application data\1C.tmp
2011-12-18 17:28:02 21504 ----a-w- c:\documents and settings\roshu\application data\15.tmp
2011-12-18 17:27:53 138328 ----a-w- c:\documents and settings\roshu\application data\14.tmp
2011-12-18 16:02:38 92160 ----a-w- c:\documents and settings\roshu\application data\1B.tmp
2011-12-18 16:02:30 138328 ----a-w- c:\documents and settings\roshu\application data\1A.tmp
2011-12-18 16:02:18 21504 ----a-w- c:\documents and settings\roshu\application data\19.tmp
2011-12-18 15:38:09 21504 ----a-w- c:\documents and settings\roshu\application data\13.tmp
2011-12-18 15:37:49 92160 ----a-w- c:\documents and settings\roshu\application data\12.tmp
2011-12-18 15:37:07 138328 ----a-w- c:\documents and settings\roshu\application data\11.tmp
2011-12-18 13:03:48 92160 ----a-w- c:\documents and settings\roshu\application data\47.tmp
2011-12-18 13:03:34 21504 ----a-w- c:\documents and settings\roshu\application data\46.tmp
2011-12-18 13:03:30 138328 ----a-w- c:\documents and settings\roshu\application data\45.tmp
2011-12-18 12:04:50 21504 ----a-w- c:\documents and settings\roshu\application data\2F.tmp
2011-12-18 12:04:47 92160 ----a-w- c:\documents and settings\roshu\application data\2E.tmp
2011-12-18 12:04:39 138328 ----a-w- c:\documents and settings\roshu\application data\2D.tmp
2011-12-18 11:43:22 21504 ----a-w- c:\documents and settings\roshu\application data\10.tmp
2011-12-18 11:43:16 92160 ----a-w- c:\documents and settings\roshu\application data\F.tmp
2011-12-18 11:42:58 138328 ----a-w- c:\documents and settings\roshu\application data\E.tmp
2011-12-18 11:31:37 92160 ----a-w- c:\documents and settings\roshu\application data\D.tmp
2011-12-18 11:31:29 21504 ----a-w- c:\documents and settings\roshu\application data\C.tmp
2011-12-18 11:31:25 138328 ----a-w- c:\documents and settings\roshu\application data\B.tmp
2011-12-17 10:07:41 92160 ----a-w- c:\documents and settings\roshu\application data\A.tmp
2011-12-17 10:07:05 49152 ----a-w- c:\documents and settings\roshu\application data\9.tmp
2011-12-17 10:07:01 138328 ----a-w- c:\documents and settings\roshu\application data\8.tmp
2011-12-17 09:08:32 92160 ----a-w- c:\documents and settings\roshu\application data\18.tmp
2011-12-17 09:08:24 49152 ----a-w- c:\documents and settings\roshu\application data\17.tmp
2011-12-17 09:08:19 138328 ----a-w- c:\documents and settings\roshu\application data\16.tmp
2011-12-17 06:49:52 92160 ----a-w- c:\documents and settings\roshu\application data\7.tmp
2011-12-17 06:47:37 49152 ----a-w- c:\documents and settings\roshu\application data\6.tmp
2011-12-17 06:47:31 138328 ----a-w- c:\documents and settings\roshu\application data\5.tmp
2011-12-17 06:15:53 138328 ----a-w- c:\documents and settings\roshu\application data\2C.tmp
2011-12-16 15:53:34 -------- d-sh--w- c:\documents and settings\roshu\local settings\application data\c042da9c
2011-12-07 06:08:58 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2011-12-07 06:08:58 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-12-07 06:08:55 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2011-12-07 06:08:55 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-12-07 06:08:47 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2011-12-07 06:08:47 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-12-06 11:55:34 -------- d-----w- c:\windows\system32\appmgmt
2011-12-06 06:21:26 -------- d-----w- c:\program files\Conduit
2011-12-06 06:21:26 -------- d-----w- c:\documents and settings\roshu\local settings\application data\Conduit
2011-12-06 06:21:25 -------- d-----w- c:\program files\DVDVideoSoftTB
2011-12-06 06:21:25 -------- d-----w- c:\documents and settings\roshu\local settings\application data\DVDVideoSoftTB
2011-12-06 06:21:06 -------- d-----w- c:\program files\DVDVideoSoft
2011-12-06 06:21:06 -------- d-----w- c:\program files\common files\DVDVideoSoft
2011-12-05 18:12:34 -------- d-----w- c:\program files\SQLXML 4.0
2011-12-05 17:59:07 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-12-05 13:40:50 5632 ----a-w- c:\windows\system32\ptpusb.dll
2011-12-05 13:40:49 159232 ----a-w- c:\windows\system32\ptpusd.dll
2011-12-05 13:40:48 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2011-12-05 13:40:48 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-12-04 09:17:35 -------- d-----w- c:\documents and settings\roshu\local settings\application data\GlobalSCAPE
2011-12-04 09:17:35 -------- d-----w- c:\documents and settings\all users\application data\GlobalSCAPE
2011-12-04 09:05:57 -------- d-----w- c:\program files\Ask.com
2011-12-04 09:05:57 -------- d-----w- C:\FIND_MOZ_EXT
2011-12-04 09:05:36 -------- d-----w- c:\program files\GlobalSCAPE
2011-12-04 09:04:13 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2011-12-04 09:04:12 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-12-04 09:04:11 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-12-04 09:04:11 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-12-04 09:04:07 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2011-12-03 17:57:24 -------- d-----w- c:\documents and settings\roshu\local settings\application data\Microsoft_Corporation
2011-12-03 17:39:42 0 ----a-w- c:\windows\system32\asr_28738.exe
2011-12-02 15:13:58 -------- d-----w- C:\03e2e1eae1396f7659707cdb
2011-12-02 15:01:50 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-12-02 14:39:21 -------- d-----w- C:\43979ba7193b99728a15fa20
2011-12-02 14:32:43 8576 ----a-w- c:\windows\system32\drivers\VCdRom.sys
.
==================== Find3M ====================
.
2011-11-26 17:00:26 126976 ----a-w- c:\documents and settings\roshu\ndghd.exe
2011-11-26 15:56:39 126976 ----a-w- c:\documents and settings\roshu\application data\Kbgwgg.exe.QuickHeal_Renamed01
2011-11-26 15:56:09 45568 ----a-w- c:\windows\system32\72.exe
2011-11-23 15:47:43 16336546 ------w- C:\Persi0.sys
2011-11-15 17:53:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 22:45:55.90 ===============

Edit: Moved topic from Web Browsing/Email and Other Internet Applications to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:05 PM

Posted 27 December 2011 - 03:58 PM

Hi,

Please do the following:


Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Roshchha

Roshchha
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 02 January 2012 - 12:43 PM

HI,
I have attached the MBR.zip
tks
Attached File  MBR.zip   524bytes   0 downloads

#4 Roshchha

Roshchha
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 02 January 2012 - 12:45 PM

Hi,
this is the log file.

Attached File  aswMBR.txt   2.05KB   1 downloads

tks

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:05 PM

Posted 02 January 2012 - 02:48 PM

Hi

Please run the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.



NEXT


Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 Roshchha

Roshchha
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 03 January 2012 - 01:24 PM

Hi,
I attached b0th 0f the files.
And now I am able to click links from google. i think My problem is solved

thanks
Attached File  ComboFix.txt   21.08KB   2 downloads
Attached File  FSS.txt   3.7KB   1 downloads

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:05 PM

Posted 03 January 2012 - 05:41 PM

Hi

We still have a little work to do, so stick with me till I give the all clear,

one of your files is infected, we need to find a replacement for it,

please re-run farbar Service Scanner

type the following into the search window:

netbt.sys

now click on the "search files" button, please post the resulting log.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:05 PM

Posted 09 January 2012 - 06:04 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users