Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trying to get this google redirect virus gone...need help


  • Please log in to reply

#1
mewmix

mewmix

    New Member

  • Member
  • Pip
  • 1 posts
Hello, not sure if I was supposed to add to a current post on this or make my own. Ive tried Malwarebytes to get rid of this virus and my AVAST security but no workie!! ive got combofix now and here is a posting of the log. Any ideas?

ComboFix 11-07-15.03 - Blair 07/16/2011 20:44:18.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.751.416 [GMT -6:00]
Running from: c:\documents and settings\Blair\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-17 to 2011-07-17 )))))))))))))))))))))))))))))))
.
.
2011-07-16 15:32 . 2011-07-07 01:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-16 15:32 . 2011-07-07 01:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-16 15:32 . 2011-07-16 15:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-16 02:56 . 2011-07-16 02:56 -------- d-----w- c:\documents and settings\Blair\Application Data\Malwarebytes
2011-07-16 02:56 . 2011-07-16 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-02 18:50 . 2011-07-02 18:50 -------- d-----w- c:\program files\Common Files\Java
2011-06-26 14:28 . 2011-06-26 14:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-25 14:13 . 2011-06-25 14:13 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-25 14:13 . 2011-06-25 14:13 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-17 13:57 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-17 13:57 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:02 . 2006-02-28 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 10:52 . 2010-08-02 15:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 08:25 . 2010-03-06 06:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2010-03-06 05:34 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-02-28 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 14:47 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 14:47 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 14:47 . 2006-02-28 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-04-25 12:56 . 2006-02-28 12:00 369664 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2006-02-28 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-06-25 14:13 . 2011-03-25 14:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_13.57.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-16 23:43 . 2011-07-16 23:43 16384 c:\windows\Temp\Perflib_Perfdata_430.dat
+ 2011-07-16 23:40 . 2011-07-16 23:41 181292 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-03-09 10:11 136704 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"MyGarminAgent"="c:\program files\Garmin\MyGarminAgent\MyGarminAgent.exe" [2010-03-16 337256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-17 01:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [4/26/2010 8:08 PM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [4/26/2010 8:09 PM 194640]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [4/26/2010 8:09 PM 102352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/26/2010 8:09 PM 294480]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/26/2010 8:09 PM 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/26/2010 8:09 PM 19024]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [3/7/2010 11:24 AM 309008]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 1:41 PM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/16/2011 9:32 AM 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/16/2011 9:32 AM 22712]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [4/26/2010 8:08 PM 119200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 RapportMgmtService;Rapport Management Service;"c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe" --> c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2010-03-07 c:\windows\Tasks\IObit Security 360 Updater.job
- c:\program files\IObit\IObit Security 360\is360updater.exe [2010-03-07 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Blair\Application Data\Mozilla\Firefox\Profiles\nbsa0jmf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-16 21:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(996)
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-07-16 21:10:19
ComboFix-quarantined-files.txt 2011-07-17 03:10
ComboFix2.txt 2011-07-16 14:04
.
Pre-Run: 8,444,579,840 bytes free
Post-Run: 8,434,421,760 bytes free
.
- - End Of File - - 25BDAA76F08573B216FD560F521858B7
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,775 posts
  • MVP
Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) click save log, save it to your desktop and post in a reply.

If the Fix button was enabled after posting, go back into aswMBR and scan again and then hit the Fix button. Post this new log in a second reply.

Download TDSSKiller (regardless of the state of the Fix button):
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP