Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser redirect [Solved]

Started by cbiloski , Feb 10 2009 11:53 AM

  • This topic is locked This topic is locked

#16
handhfan
Posted 10 February 2009 - 11:56 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Files
C:\Documents and Settings\tyler\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-36c7ab50
C:\Documents and Settings\tyler\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-7f1d2215

:Commands
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post, along with a new HijackThis log.

Is your computer running better now?
  • 0

Advertisements

#17
cbiloski
Posted 11 February 2009 - 08:02 AM

cbiloski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Documents and Settings\tyler\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-36c7ab50 moved successfully.
C:\Documents and Settings\tyler\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-7f1d2215 moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\tyler\LOCALS~1\Temp\etilqs_emZQ5lWNR0c6B67hZEIG scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\LVCOMSX.LOG scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_c8c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\zxugrfgf.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\zxugrfgf.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\zxugrfgf.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\zxugrfgf.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\zxugrfgf.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\zxugrfgf.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02112009_074501

Files moved on Reboot...
File C:\DOCUME~1\tyler\LOCALS~1\Temp\etilqs_emZQ5lWNR0c6B67hZEIG not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
C:\WINDOWS\temp\LVCOMSX.LOG moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_c8c.dat moved successfully.
C:\Documents and Settings\tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\zxugrfgf.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\zxugrfgf.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\zxugrfgf.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\zxugrfgf.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\zxugrfgf.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\tyler\Local Settings\Application Data\Mozilla\Firefox\Profiles\zxugrfgf.default\XUL.mfl moved successfully.




It took much longer for a link to go awry, but it still seems to be bugged. I am finding that it isn't bringing me to advertisement sites any longer, but instead with either come back with /google.com/undefined in a google search, or it will just bring me back to my original google search. I noticed in the little status bar (bottom left of firefox) where is was sending and receiving it's info. I took some stills of it for you.

Attached Thumbnails

  • clickfraudmanager.JPG
  • adaware.JPG

  • 0

#18
handhfan
Posted 11 February 2009 - 11:15 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
You have the new variant of the XUL Cache infection.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click GooredFix.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run Option #2 yet.
  • 0

#19
cbiloski
Posted 11 February 2009 - 11:21 AM

cbiloski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
GooredFix v1.9 by jpshortstuff
Log created at 11:21 on 11/02/2009 running Option #1 (tyler)
Firefox version 3.0.6 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"
  • 0

#20
handhfan
Posted 11 February 2009 - 11:48 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
It looks to be an even newer infection. So, we'll have to dig deep to find it.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :dir
C:\Program Files\Mozilla Firefox\extensions
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt
  • 0

#21
cbiloski
Posted 11 February 2009 - 11:50 AM

cbiloski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I'm game to find this bugger! Lets do this partner. :) thank you. *blush*

SystemLook v1.0 by jpshortstuff (11.02.09)
Log created at 11:50 on 11/02/2009 by tyler (Administrator - Elevation successful)

========== dir ==========

C:\Program Files\Mozilla Firefox\extensions - Parameters: "(none)"

---Files---
None found.

---Folders---
{722EF6CB-78F3-4421-97E0-31EA7ADC69F1} d----- <18:57 09/02/2009>
{972ce4c6-7e08-4474-a285-3208198ce6fd} d----- <07:56 23/04/2008>
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} d----- <19:21 28/11/2008>
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} d----- <20:32 10/02/2009>

-=End Of File=-
  • 0

#22
handhfan
Posted 11 February 2009 - 12:01 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
CLICK THIS TO LINK TO BE SURE YOU CAN VIEW HIDDEN FILES

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "Files for jpshortstuff"
  • Put a link to this Geeks to Go topic in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this folder and add in all files contained in that folder:


    • C:\Program Files\Mozilla Firefox\extensions\{722EF6CB-78F3-4421-97E0-31EA7ADC69F1}

  • Click Open.
  • Click Post.
Thank you!
  • 0

#23
cbiloski
Posted 11 February 2009 - 12:13 PM

cbiloski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Done and Done. I'm not sure if you are passing me off, so I'd like to thank you so much for helping me out. Shoudl I just delete all these programs after the problem is fixed? Also I see it says on the Removal procedures that you should only have one antivirus software.. . . which freeware would you suggest? Thank you again! :)
  • 0

#24
handhfan
Posted 11 February 2009 - 12:18 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
No, I'm not passing you off. Our Firefox Redirection Expert just wanted a sample of the new variant to the tool can be updated. :)

Now, navigate to the folder C:\Program Files\Mozilla Firefox\extensions\{722EF6CB-78F3-4421-97E0-31EA7ADC69F1}, and delete it (and empty Recycle Bin).

Then check to see if you are still being redirected. I'm not sure how easily it will go, so if it's stubborn, we'll bring in the big guns. :)
  • 0

#25
cbiloski
Posted 11 February 2009 - 12:25 PM

cbiloski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
it seems that it is no longer redirecting me to ad sites. But it still will navigate back to the same google page i started on. AKA: it looks like the page just reloads, and goes nowhere.
  • 0

Advertisements

#26
handhfan
Posted 11 February 2009 - 12:32 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Download GMER from here:

  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

  • 0

#27
cbiloski
Posted 11 February 2009 - 12:46 PM

cbiloski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-11 12:46:13
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xF73E60D0]
SSDT sptd.sys ZwEnumerateKey [0xF73EBFB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF73EC340]
SSDT sptd.sys ZwOpenKey [0xF73E60B0]
SSDT sptd.sys ZwQueryKey [0xF73EC418]
SSDT sptd.sys ZwQueryValueKey [0xF73EC298]
SSDT sptd.sys ZwSetValueKey [0xF73EC4AA]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F682F62C 5 Bytes JMP 86CAD770

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\WgaTray.exe[364] WININET.dll!InternetErrorDlg 7722C34D 5 Bytes JMP 0101211B C:\WINDOWS\system32\WgaTray.exe (Windows Genuine Advantage Notification/Microsoft Corporation)
.text C:\Program Files\MSN Messenger\msnmsgr.exe[3508] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73E6AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73E6C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73E6B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73E7748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73E761E] sptd.sys

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\Explorer.EXE[420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B52F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B52CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B52D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B52CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01262F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01262CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01262D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[2752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01262CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MSN Messenger\msnmsgr.exe[3508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01302F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MSN Messenger\msnmsgr.exe[3508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01302CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MSN Messenger\msnmsgr.exe[3508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01302D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\MSN Messenger\msnmsgr.exe[3508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01302CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\tyler\Desktop\gmer.exe[3756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\tyler\Desktop\gmer.exe[3756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\tyler\Desktop\gmer.exe[3756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\tyler\Desktop\gmer.exe[3756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Gmail Notifier\gnotify.exe[4048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AF2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Gmail Notifier\gnotify.exe[4048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AF2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Gmail Notifier\gnotify.exe[4048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AF2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Gmail Notifier\gnotify.exe[4048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AF2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 86F5F1E8
Device \Driver\usbohci \Device\USBPDO-0 86CAC790
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86FD21E8
Device \Driver\dmio \Device\DmControl\DmConfig 86FD21E8
Device \Driver\dmio \Device\DmControl\DmPnP 86FD21E8
Device \Driver\dmio \Device\DmControl\DmInfo 86FD21E8
Device \Driver\usbohci \Device\USBPDO-1 86CAC790
Device \Driver\Ftdisk \Device\HarddiskVolume1 86F611E8
Device \Driver\Cdrom \Device\CdRom0 86CAE1E8
Device \Driver\atapi \Device\Ide\IdePort0 86F601E8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 86F601E8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 86F601E8
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 86F601E8
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort4 86F601E8
Device \Driver\atapi \Device\Ide\IdePort4 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort5 86F601E8
Device \Driver\atapi \Device\Ide\IdePort5 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-16 86F601E8
Device \Driver\atapi \Device\Ide\IdeDeviceP4T0L0-16 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-b 86F601E8
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-b sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBt_Wins_Export 86712518
Device \Driver\NetBT \Device\NetbiosSmb 86712518
Device \Driver\usbohci \Device\USBFDO-0 86CAC790
Device \Driver\usbohci \Device\USBFDO-1 86CAC790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86700790
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86700790
Device \Driver\Ftdisk \Device\FtControl 86F611E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1006E427-5B22-43BA-9D29-7760CD02AB7E} 86712518
Device \FileSystem\Cdfs \Cdfs 86D2E768

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1368135926
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 514013281
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x78 0xD7 0x94 0xD5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x61 0x42 0xBC 0x42 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x78 0xD7 0x94 0xD5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x61 0x42 0xBC 0x42 ...

---- EOF - GMER 1.0.14 ----
  • 0

#28
handhfan
Posted 11 February 2009 - 11:17 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Is this problem only happening in Firefox? Does it happen in Internet Explorer as well?
  • 0

#29
cbiloski
Posted 11 February 2009 - 11:55 PM

cbiloski

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
IE seems to be fine.
  • 0

#30
handhfan
Posted 12 February 2009 - 11:11 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Download FoxScan to your desktop.
  • Run the FoxScan file.
  • A window will open up and give you an option for what language to use. Press 2 and then Enter, let the program run unhindered.
  • The message "Press any key to continue..." will appear, do what it says and press any key you want.
  • The program will then open its report in a Notepad file, it will also be saved to your C:\ drive.
  • Post this log on the forum.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP