Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google and bing redirects

Started by quasarn01 , Jul 07 2011 10:35 PM

This topic is locked

#16
quasarn01

Posted 10 July 2011 - 01:48 PM

Member

Topic Starter
Member
56 posts

Tried TDSSKiller in normal and safe mode, as administrator and not admin, and will not run either way...

#17
ali.B

Posted 10 July 2011 - 02:32 PM

Trusted Helper

Malware Removal
3,086 posts

hi

Download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

#18
quasarn01

Posted 10 July 2011 - 02:54 PM

Member

Topic Starter
Member
56 posts

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Intel Corp.
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite L305
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 180):
0x82C12000 \SystemRoot\system32\ntkrnlpa.exe
0x83024000 \SystemRoot\system32\halmacpi.dll
0x80BC2000 \SystemRoot\system32\kdcom.dll
0x8320E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x83293000 \SystemRoot\system32\PSHED.dll
0x832A4000 \SystemRoot\system32\BOOTVID.dll
0x832AC000 \SystemRoot\system32\CLFS.SYS
0x832EE000 \SystemRoot\system32\CI.dll
0x83399000 \SystemRoot\system32\DRIVERS\szkg.sys
0x833A7000 \SystemRoot\system32\drivers\szkgfs.sys
0x8342A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8349B000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x834A9000 \SystemRoot\system32\drivers\ACPI.sys
0x834F1000 \SystemRoot\system32\drivers\WMILIB.SYS
0x834FA000 \SystemRoot\system32\drivers\msisadrv.sys
0x83502000 \SystemRoot\system32\drivers\pci.sys
0x8352C000 \SystemRoot\system32\drivers\vdrvroot.sys
0x83537000 \SystemRoot\System32\drivers\partmgr.sys
0x83548000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x83550000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8355B000 \SystemRoot\system32\drivers\volmgr.sys
0x8356B000 \SystemRoot\System32\drivers\volmgrx.sys
0x835B6000 \SystemRoot\system32\drivers\intelide.sys
0x835BD000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x835CB000 \SystemRoot\System32\drivers\mountmgr.sys
0x83400000 \SystemRoot\system32\drivers\vmbus.sys
0x835E1000 \SystemRoot\system32\drivers\winhv.sys
0x835F3000 \SystemRoot\system32\drivers\atapi.sys
0x833C2000 \SystemRoot\system32\drivers\ataport.SYS
0x833E5000 \SystemRoot\system32\drivers\msahci.sys
0x833EF000 \SystemRoot\system32\drivers\amdxata.sys
0x8362D000 \SystemRoot\system32\drivers\fltmgr.sys
0x83661000 \SystemRoot\system32\drivers\fileinfo.sys
0x83672000 \SystemRoot\System32\Drivers\Ntfs.sys
0x837A1000 \SystemRoot\System32\Drivers\msrpc.sys
0x837CC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B21C000 \SystemRoot\System32\Drivers\cng.sys
0x8B279000 \SystemRoot\System32\drivers\pcw.sys
0x8B287000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B290000 \SystemRoot\system32\drivers\ndis.sys
0x8B347000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B385000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B41F000 \SystemRoot\System32\drivers\tcpip.sys
0x8B569000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B59A000 \SystemRoot\system32\drivers\vmstorfl.sys
0x8B5A3000 \SystemRoot\system32\drivers\volsnap.sys
0x8B5E2000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x8B5E7000 \SystemRoot\System32\Drivers\spldr.sys
0x8B3AA000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B5EF000 \SystemRoot\System32\Drivers\mup.sys
0x8B400000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B62A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B65C000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B66D000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B6C5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B6E4000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8B70B000 \??\C:\Windows\system32\SAVRKBootTasks.sys
0x8B710000 \SystemRoot\System32\Drivers\Null.SYS
0x8B717000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B71E000 \SystemRoot\System32\drivers\vga.sys
0x8B72A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B74B000 \SystemRoot\System32\drivers\watchdog.sys
0x8B758000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B760000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B768000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8B770000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B77B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B789000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B7A0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90A0B000 \SystemRoot\system32\drivers\afd.sys
0x90A65000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90A97000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x90A9E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90ABD000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90ACB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90ADE000 \SystemRoot\system32\drivers\termdd.sys
0x90AEF000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x90AFD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90B3E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90B48000 \SystemRoot\system32\drivers\mssmbios.sys
0x90B52000 \SystemRoot\System32\drivers\discache.sys
0x90B5E000 \SystemRoot\system32\drivers\csc.sys
0x90BC2000 \SystemRoot\System32\Drivers\dfsc.sys
0x90BDA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8B7AC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x90BE8000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0x8B7CD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90BF0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x91621000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x91B2A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9123E000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91277000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x91282000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x912CD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x912DC000 \SystemRoot\system32\drivers\HDAudBus.sys
0x9241B000 \SystemRoot\system32\DRIVERS\NETwLv32.sys
0x92A7A000 \SystemRoot\system32\drivers\i8042prt.sys
0x92A92000 \SystemRoot\system32\drivers\kbdclass.sys
0x92A9F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x92ACF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x92AD1000 \SystemRoot\system32\drivers\mouclass.sys
0x92ADE000 \SystemRoot\system32\drivers\CompositeBus.sys
0x92AEB000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0x92AEC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x92AFE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92B16000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x92B21000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x92B43000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x92B5B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x92B72000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x92B89000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x92B93000 \SystemRoot\system32\drivers\swenum.sys
0x92B95000 \SystemRoot\system32\drivers\ks.sys
0x912FB000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0x92BC9000 \SystemRoot\system32\drivers\umbus.sys
0x91338000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x92BD7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x97A25000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x97CC1000 \SystemRoot\system32\drivers\portcls.sys
0x97CF0000 \SystemRoot\system32\drivers\drmk.sys
0x97E35000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x97F3B000 \SystemRoot\system32\drivers\modem.sys
0x97F48000 \SystemRoot\System32\Drivers\crashdmp.sys
0x97F55000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x97F60000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x97F6A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x98100000 \SystemRoot\System32\win32k.sys
0x97F7B000 \SystemRoot\System32\drivers\Dxapi.sys
0x97F85000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x97F9C000 \SystemRoot\System32\Drivers\usbvideo.sys
0x97FC0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98360000 \SystemRoot\System32\TSDDD.dll
0x97FCB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x98390000 \SystemRoot\System32\cdd.dll
0x97FE2000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x97FEC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x97FF3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x97E00000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x97E13000 \SystemRoot\system32\drivers\kbdhid.sys
0x97E1F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x97E2A000 \SystemRoot\system32\DRIVERS\point32.sys
0x983B0000 \SystemRoot\System32\ATMFD.DLL
0x97D14000 \SystemRoot\system32\drivers\luafv.sys
0x97D2F000 \SystemRoot\system32\drivers\WudfPf.sys
0x97D49000 \SystemRoot\system32\DRIVERS\nwusbmdm_000.sys
0x97D75000 \SystemRoot\system32\DRIVERS\nwusbser_000.sys
0x97DA1000 \SystemRoot\system32\DRIVERS\nwusbser2_000.sys
0x97DCD000 \SystemRoot\system32\DRIVERS\RMCAST.sys
0x97A00000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9137C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x97A10000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x92BE8000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A62C000 \SystemRoot\system32\drivers\HTTP.sys
0x9A6B1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A6CA000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A6DC000 \SystemRoot\system32\drivers\mrxdav.sys
0x9A6FD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9A720000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9A75B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9A78E000 \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys
0x9A791000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
0x9AA1F000 \SystemRoot\system32\drivers\peauth.sys
0x9AAB6000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9AAC0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9AAE1000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9AAEE000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9AB04000 \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
0x9AB30000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9AB80000 \SystemRoot\System32\DRIVERS\srv.sys
0x9ABD2000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4CDAE87-2C28-4EE6-8034-B4B93682DE0F}\MpKsl56d149f1.sys
0x9ABD8000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9AA00000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x9AA0C000 \SystemRoot\system32\DRIVERS\umpass.sys
0x77660000 \Windows\System32\ntdll.dll
0x48400000 \Windows\System32\smss.exe
0x778A0000 \Windows\System32\apisetschema.dll
0x00480000 \Windows\System32\autochk.exe
0x777E0000 \Windows\System32\rpcrt4.dll
0x777D0000 \Windows\System32\nsi.dll
0x775D0000 \Windows\System32\oleaut32.dll

Processes (total 63):
0 System Idle Process
4 System
380 C:\Windows\System32\smss.exe
512 csrss.exe
568 csrss.exe
576 C:\Windows\System32\wininit.exe
628 C:\Windows\System32\services.exe
636 C:\Windows\System32\lsass.exe
644 C:\Windows\System32\lsm.exe
700 C:\Windows\System32\winlogon.exe
780 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\svchost.exe
904 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1000 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1060 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\svchost.exe
1440 C:\Windows\System32\svchost.exe
1756 C:\Windows\System32\wlanext.exe
1764 C:\Windows\System32\conhost.exe
1820 C:\Windows\System32\spoolsv.exe
1860 C:\Windows\System32\svchost.exe
2024 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
396 C:\Windows\System32\svchost.exe
508 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
1096 C:\Program Files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
1380 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
1544 C:\Windows\System32\svchost.exe
2000 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
1524 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
572 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2524 unsecapp.exe
2612 WmiPrvSE.exe
3032 WUDFHost.exe
3132 C:\Windows\System32\taskhost.exe
3224 C:\Windows\System32\dwm.exe
3276 C:\Windows\explorer.exe
3344 C:\Windows\System32\svchost.exe
3616 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
3784 C:\Windows\System32\hkcmd.exe
3796 C:\Windows\System32\igfxpers.exe
3836 C:\Windows\System32\igfxsrvc.exe
3896 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3972 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4032 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
2724 C:\Program Files\AWS\WeatherBug\Weather.exe
3496 C:\Windows\System32\SearchIndexer.exe
3748 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3928 C:\Program Files\Windows Media Player\wmpnetwk.exe
3732 C:\Windows\System32\taskeng.exe
3424 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
3564 C:\Program Files\Mozilla Firefox\firefox.exe
2120 C:\Windows\System32\svchost.exe
4496 C:\Program Files\Mozilla Firefox\plugin-container.exe
4596 dllhost.exe
4972 C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
6108 C:\Windows\System32\svchost.exe
4540 C:\Windows\System32\SearchProtocolHost.exe
3560 C:\Windows\System32\SearchFilterHost.exe
5376 C:\Windows\explorer.exe
3016 C:\Users\Michael\Desktop\MBRCheck.exe
4820 C:\Windows\System32\conhost.exe
3716 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS542520K9SA00, Rev: BBDOC33P

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 38BE7869FCCF026F920DA4A541B12E68993C36ED

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

#19
ali.B

Posted 10 July 2011 - 03:30 PM

Trusted Helper

Malware Removal
3,086 posts

Download OTLPEStd.exe to your desktop
Ensure that you have a blank CD in the drive
Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
Reboot your system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
Your system should now display a Reatogo desktop.
Note : as you are running from CD it is not exactly speedy
Double-click on the MBRFix icon.
A command prompt will be presented. Type the following commands and press Enter after each line:

C:
cd C:\
MbrFix /drive 0 fixmbr
Exit
Reboot your system.

When you are back into normal mode do the following again:

Double click on MBRCheck.exe that you previously downloaded

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

#20
quasarn01

Posted 10 July 2011 - 07:12 PM

Member

Topic Starter
Member
56 posts

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Intel Corp.
BIOS Manufacturer: INSYDE
System Manufacturer: TOSHIBA
System Product Name: Satellite L305
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 211):
0x82C17000 \SystemRoot\system32\ntkrnlpa.exe
0x83029000 \SystemRoot\system32\halmacpi.dll
0x80BC3000 \SystemRoot\system32\kdcom.dll
0x8321F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x832A4000 \SystemRoot\system32\PSHED.dll
0x832B5000 \SystemRoot\system32\BOOTVID.dll
0x832BD000 \SystemRoot\system32\CLFS.SYS
0x832FF000 \SystemRoot\system32\CI.dll
0x833AA000 \SystemRoot\system32\DRIVERS\szkg.sys
0x833B8000 \SystemRoot\system32\drivers\szkgfs.sys
0x8AE0E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8AE7F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8AE8D000 \SystemRoot\system32\drivers\ACPI.sys
0x8AED5000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8AEDE000 \SystemRoot\system32\drivers\msisadrv.sys
0x8AEE6000 \SystemRoot\system32\drivers\pci.sys
0x8AF10000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8AF1B000 \SystemRoot\System32\drivers\partmgr.sys
0x8AF2C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8AF34000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8AF3F000 \SystemRoot\system32\drivers\volmgr.sys
0x8AF4F000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AF9A000 \SystemRoot\system32\drivers\intelide.sys
0x8AFA1000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8AFAF000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AFC5000 \SystemRoot\system32\drivers\vmbus.sys
0x833D3000 \SystemRoot\system32\drivers\winhv.sys
0x8AFEF000 \SystemRoot\system32\drivers\atapi.sys
0x8B036000 \SystemRoot\system32\drivers\ataport.SYS
0x8B059000 \SystemRoot\system32\drivers\msahci.sys
0x8B063000 \SystemRoot\system32\drivers\amdxata.sys
0x8B06C000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B0A0000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B0B1000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B000000 \SystemRoot\System32\Drivers\msrpc.sys
0x8B1E0000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B21E000 \SystemRoot\System32\Drivers\cng.sys
0x8B27B000 \SystemRoot\System32\drivers\pcw.sys
0x8B289000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B292000 \SystemRoot\system32\drivers\ndis.sys
0x8B349000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B387000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B41E000 \SystemRoot\System32\drivers\tcpip.sys
0x8B568000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B599000 \SystemRoot\system32\drivers\vmstorfl.sys
0x8B5A2000 \SystemRoot\system32\drivers\volsnap.sys
0x8B5E1000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x8B5E6000 \SystemRoot\System32\Drivers\spldr.sys
0x8B3AC000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B5EE000 \SystemRoot\System32\Drivers\mup.sys
0x8B400000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B620000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B652000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B663000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B6BB000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B6DA000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8B701000 \??\C:\Windows\system32\SAVRKBootTasks.sys
0x8B706000 \SystemRoot\System32\Drivers\Null.SYS
0x8B70D000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B714000 \SystemRoot\System32\drivers\vga.sys
0x8B720000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B741000 \SystemRoot\System32\drivers\watchdog.sys
0x8B74E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B756000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B75E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8B766000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B771000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B77F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8B796000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B7A2000 \SystemRoot\system32\drivers\afd.sys
0x90435000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90467000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x9046E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x9048D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9049B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x904AE000 \SystemRoot\system32\drivers\termdd.sys
0x904BF000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x904CD000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9050E000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90518000 \SystemRoot\system32\drivers\mssmbios.sys
0x90522000 \SystemRoot\System32\drivers\discache.sys
0x9052E000 \SystemRoot\system32\drivers\csc.sys
0x90592000 \SystemRoot\System32\Drivers\dfsc.sys
0x905AA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x905B8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x905D9000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0x905E1000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x905F3000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x91631000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x91B3A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91C32000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91C6B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x91C76000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91CC1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91CD0000 \SystemRoot\system32\drivers\HDAudBus.sys
0x9361B000 \SystemRoot\system32\DRIVERS\NETwLv32.sys
0x93C7A000 \SystemRoot\system32\drivers\i8042prt.sys
0x93C92000 \SystemRoot\system32\drivers\kbdclass.sys
0x93C9F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x93CCF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x93CD1000 \SystemRoot\system32\drivers\mouclass.sys
0x93CDE000 \SystemRoot\system32\drivers\CompositeBus.sys
0x93CEB000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0x93CEC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x93CFE000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x93D16000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x93D21000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x93D43000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x93D5B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x93D72000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x93D89000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x93D93000 \SystemRoot\system32\drivers\swenum.sys
0x93D95000 \SystemRoot\system32\drivers\ks.sys
0x91CEF000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0x93DC9000 \SystemRoot\system32\drivers\umbus.sys
0x91D2C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x93DD7000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x82239000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x824D5000 \SystemRoot\system32\drivers\portcls.sys
0x82504000 \SystemRoot\system32\drivers\drmk.sys
0x82601000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x82707000 \SystemRoot\system32\drivers\modem.sys
0x98840000 \SystemRoot\System32\win32k.sys
0x82714000 \SystemRoot\System32\drivers\Dxapi.sys
0x8271E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8272B000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x82736000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x82740000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x82751000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98AA0000 \SystemRoot\System32\TSDDD.dll
0x98AD0000 \SystemRoot\System32\cdd.dll
0x8275C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x98AF0000 \SystemRoot\System32\ATMFD.DLL
0x82773000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8278A000 \SystemRoot\System32\Drivers\usbvideo.sys
0x827AE000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x827B8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x827CA000 \SystemRoot\system32\drivers\luafv.sys
0x827E5000 \SystemRoot\system32\drivers\WudfPf.sys
0x8251D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x82528000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8253B000 \SystemRoot\system32\drivers\kbdhid.sys
0x82547000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x82552000 \SystemRoot\system32\DRIVERS\point32.sys
0x8255B000 \SystemRoot\system32\DRIVERS\RMCAST.sys
0x8258C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8259C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x825E2000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x82200000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x91D70000 \SystemRoot\system32\DRIVERS\nwusbmdm_000.sys
0x91D9C000 \SystemRoot\system32\DRIVERS\nwusbser_000.sys
0x91DC8000 \SystemRoot\system32\DRIVERS\nwusbser2_000.sys
0x9A82E000 \SystemRoot\system32\drivers\HTTP.sys
0x9A8B3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A8CC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A8DE000 \SystemRoot\system32\drivers\mrxdav.sys
0x9A8FF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9A922000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9A95D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9A990000 \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys
0x9A993000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
0xACE35000 \SystemRoot\system32\drivers\peauth.sys
0xACECC000 \SystemRoot\System32\Drivers\secdrv.SYS
0xACED6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xACEF7000 \SystemRoot\System32\drivers\tcpipreg.sys
0xACF04000 \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
0xACF30000 \SystemRoot\System32\DRIVERS\srv2.sys
0xACF80000 \SystemRoot\System32\DRIVERS\srv.sys
0xACFD2000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4CDAE87-2C28-4EE6-8034-B4B93682DE0F}\MpKslcd028ca4.sys
0xACFD8000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xACE00000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xACE21000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x770E0000 \Windows\System32\ntdll.dll
0x478C0000 \Windows\System32\smss.exe
0x77320000 \Windows\System32\apisetschema.dll
0x00250000 \Windows\System32\autochk.exe
0x77230000 \Windows\System32\kernel32.dll
0x770C0000 \Windows\System32\imm32.dll
0x77090000 \Windows\System32\imagehlp.dll
0x76FE0000 \Windows\System32\rpcrt4.dll
0x76F40000 \Windows\System32\usp10.dll
0x76EB0000 \Windows\System32\clbcatq.dll
0x76E50000 \Windows\System32\shlwapi.dll
0x76DD0000 \Windows\System32\comdlg32.dll
0x77220000 \Windows\System32\lpk.dll
0x76D30000 \Windows\System32\advapi32.dll
0x76CA0000 \Windows\System32\oleaut32.dll
0x76BD0000 \Windows\System32\user32.dll
0x76A10000 \Windows\System32\iertutil.dll
0x769C0000 \Windows\System32\gdi32.dll
0x769B0000 \Windows\System32\nsi.dll
0x768A0000 \Windows\System32\urlmon.dll
0x76780000 \Windows\System32\wininet.dll
0x765E0000 \Windows\System32\setupapi.dll
0x765C0000 \Windows\System32\sechost.dll
0x76580000 \Windows\System32\ws2_32.dll
0x75930000 \Windows\System32\shell32.dll
0x75920000 \Windows\System32\normaliz.dll
0x758D0000 \Windows\System32\Wldap32.dll
0x75870000 \Windows\System32\difxapi.dll
0x75710000 \Windows\System32\ole32.dll
0x75700000 \Windows\System32\psapi.dll
0x75630000 \Windows\System32\msctf.dll
0x75580000 \Windows\System32\msvcrt.dll
0x75530000 \Windows\System32\KernelBase.dll
0x75500000 \Windows\System32\cfgmgr32.dll
0x754E0000 \Windows\System32\devobj.dll
0x753C0000 \Windows\System32\crypt32.dll
0x75330000 \Windows\System32\comctl32.dll
0x75300000 \Windows\System32\wintrust.dll
0x752F0000 \Windows\System32\msasn1.dll

Processes (total 64):
0 System Idle Process
4 System
360 C:\Windows\System32\smss.exe
492 csrss.exe
544 C:\Windows\System32\wininit.exe
552 csrss.exe
600 C:\Windows\System32\services.exe
616 C:\Windows\System32\lsass.exe
624 C:\Windows\System32\lsm.exe
688 C:\Windows\System32\winlogon.exe
768 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\svchost.exe
896 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
996 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\audiodg.exe
1240 C:\Windows\System32\svchost.exe
1364 C:\Windows\System32\svchost.exe
1704 C:\Windows\System32\wlanext.exe
1712 C:\Windows\System32\conhost.exe
1784 C:\Windows\System32\spoolsv.exe
1820 C:\Windows\System32\svchost.exe
1992 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
2032 C:\Windows\System32\svchost.exe
384 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
732 C:\Program Files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
1120 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
1356 C:\Windows\System32\svchost.exe
1644 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
1564 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1536 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
2432 unsecapp.exe
2532 WmiPrvSE.exe
2780 WUDFHost.exe
2884 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
3140 C:\Windows\System32\svchost.exe
3440 C:\Windows\System32\taskhost.exe
3532 C:\Windows\System32\taskeng.exe
3576 C:\Windows\System32\dwm.exe
3624 C:\Windows\System32\taskeng.exe
3640 C:\Windows\explorer.exe
3960 C:\Windows\System32\hkcmd.exe
3968 C:\Windows\System32\igfxpers.exe
4004 C:\Windows\System32\igfxsrvc.exe
4028 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
4076 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2128 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
2120 C:\Program Files\AWS\WeatherBug\Weather.exe
2948 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1556 C:\Windows\System32\SearchIndexer.exe
1052 C:\Program Files\Windows Media Player\wmpnetwk.exe
3524 C:\Windows\System32\taskeng.exe
3776 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
804 C:\Users\Michael\Desktop\MBRCheck.exe
2188 C:\Windows\System32\conhost.exe
2728 C:\Windows\System32\dllhost.exe
3896 C:\Windows\System32\sppsvc.exe
3784 C:\Windows\System32\SearchProtocolHost.exe
3208 C:\Windows\System32\SearchFilterHost.exe
2844 C:\Windows\System32\svchost.exe
2468 dllhost.exe
3368 WmiPrvSE.exe
2624 C:\Windows\System32\SearchProtocolHost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS542520K9SA00, Rev: BBDOC33P

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

#21
ali.B

Posted 11 July 2011 - 05:26 AM

Trusted Helper

Malware Removal
3,086 posts

hi

are you still getting redirected ?

#22
quasarn01

Posted 11 July 2011 - 05:44 AM

Member

Topic Starter
Member
56 posts

Hi... Just checked and problem seems to be resolved...

Just want to inform you, however, when I had Reatogo up and running and typed in the following commands as per your last post, C: - cd C:\ - MbrFix /drive 0 fixmbr - Exit, hitting enter on each command, did not work as typed... MbrFix.exe was not on drive C: so I had to run it from drive X: (the drive that Reatogo resided on) and then I had to change the command /drive 0 to /drive /1 in order for it to work... Just thought I'd let you know...

#23
ali.B

Posted 11 July 2011 - 05:50 AM

Trusted Helper

Malware Removal
3,086 posts

hi

thanks for the info :unsure:

Congratulations your logs appear clean

Reset and Re-enable your System Restore

The following will implement some cleanup procedures as well as reset System Restore points:

Click START then RUN
Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

NEXT

Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
Click on the CleanUp button.
Click Yes to begin the cleanup process and remove tools, including this application
You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.

Keep Your windows up to date by regularly checking their website at:
http://windowsupdate.microsoft.com/
SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
- McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
Click Here to learn how to keep a backup of your important files
FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

Thank you

#24
ali.B

Posted 14 July 2011 - 02:25 PM

Trusted Helper

Malware Removal
3,086 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.