Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please Help With Redirect Virus


  • Please log in to reply

#16
ChristineBin

ChristineBin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Here is an example of what it is doing....if you type chase for example in the google search bar it shows the correct link for chase. When you click on chase it redirects you to http://63.209.69.107...55-4977_1233/v5
  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
1. Click "Start," (click "Settings,") click "Control Panel," click "Network and Sharing Center," and then click on where it says Connections: (then the name of the connection)
Click "Properties,"
2. Click on Internet Protocol Version 4 (TCP/IPv4) (On the text not the check box) then Click on Properties

3. Click "Use the following DNS server addresses," and then type 8.8.8.8 in the Preferred DNS server and 4.2.2.1 in the Alternate DNS server boxes.

4. Click "OK" and close all of the windows that have opened.

See if that makes any difference.

If not:

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it by right checking and Run As Admin. It will produce a log MBRCheck(date).txt on your desktop. (Close the program) Copy and paste it into a reply.
  • 0

#18
ChristineBin

ChristineBin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ60 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 188):
0x02A15000 \SystemRoot\system32\ntoskrnl.exe
0x02FF1000 \SystemRoot\system32\hal.dll
0x00B97000 \SystemRoot\system32\kdcom.dll
0x00C38000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C7C000 \SystemRoot\system32\PSHED.dll
0x00C90000 \SystemRoot\system32\CLFS.SYS
0x00CEE000 \SystemRoot\system32\CI.dll
0x00E32000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ED6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EE5000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F3C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F45000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F4F000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F82000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F8F000 \SystemRoot\System32\drivers\partmgr.sys
0x00FA4000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FAD000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FB9000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x0100D000 \SystemRoot\System32\drivers\volmgrx.sys
0x01069000 \SystemRoot\System32\drivers\mountmgr.sys
0x01083000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0108C000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x010B6000 \SystemRoot\system32\DRIVERS\msahci.sys
0x010C1000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x010D1000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010DC000 \SystemRoot\system32\drivers\fltmgr.sys
0x01128000 \SystemRoot\system32\drivers\fileinfo.sys
0x01253000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0113C000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014CA000 \SystemRoot\System32\Drivers\cng.sys
0x0153D000 \SystemRoot\System32\drivers\pcw.sys
0x0154E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0162E000 \SystemRoot\system32\drivers\ndis.sys
0x01720000 \SystemRoot\system32\drivers\NETIO.SYS
0x01780000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x017AB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01600000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01558000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01610000 \SystemRoot\System32\Drivers\spldr.sys
0x015A4000 \SystemRoot\System32\drivers\rdyboost.sys
0x01618000 \SystemRoot\System32\Drivers\mup.sys
0x017F5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01400000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0143A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01450000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0121A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x014B8000 \SystemRoot\System32\Drivers\Null.SYS
0x014C1000 \SystemRoot\System32\Drivers\Beep.SYS
0x015DE000 \SystemRoot\System32\drivers\vga.sys
0x0119A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x015EC000 \SystemRoot\System32\drivers\watchdog.sys
0x01244000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x013F6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x011BF000 \SystemRoot\system32\drivers\rdprefmp.sys
0x011C8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x011D3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x036F2000 \SystemRoot\system32\drivers\afd.sys
0x0377B000 \SystemRoot\system32\drivers\TDI.SYS
0x03788000 \SystemRoot\System32\DRIVERS\netbt.sys
0x037CD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x037EB000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x037F6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03600000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03626000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0363C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0364B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03666000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0367A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x036CB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x036D7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x036E2000 \SystemRoot\System32\drivers\discache.sys
0x03A50000 \SystemRoot\system32\drivers\csc.sys
0x03AD3000 \SystemRoot\System32\Drivers\dfsc.sys
0x03AF1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03B02000 \SystemRoot\system32\DRIVERS\tunnel.sys
  • 0

#19
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
I don't think you let it finish or you didn't copy all of it. Please try mbrcheck again.
  • 0

#20
ChristineBin

ChristineBin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ60 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 188):
0x02A15000 \SystemRoot\system32\ntoskrnl.exe
0x02FF1000 \SystemRoot\system32\hal.dll
0x00B97000 \SystemRoot\system32\kdcom.dll
0x00C38000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C7C000 \SystemRoot\system32\PSHED.dll
0x00C90000 \SystemRoot\system32\CLFS.SYS
0x00CEE000 \SystemRoot\system32\CI.dll
0x00E32000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ED6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EE5000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F3C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F45000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F4F000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F82000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F8F000 \SystemRoot\System32\drivers\partmgr.sys
0x00FA4000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FAD000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FB9000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x0100D000 \SystemRoot\System32\drivers\volmgrx.sys
0x01069000 \SystemRoot\System32\drivers\mountmgr.sys
0x01083000 \SystemRoot\system32\DRIVERS\atapi.sys
0x0108C000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x010B6000 \SystemRoot\system32\DRIVERS\msahci.sys
0x010C1000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x010D1000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010DC000 \SystemRoot\system32\drivers\fltmgr.sys
0x01128000 \SystemRoot\system32\drivers\fileinfo.sys
0x01253000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0113C000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x014CA000 \SystemRoot\System32\Drivers\cng.sys
0x0153D000 \SystemRoot\System32\drivers\pcw.sys
0x0154E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0162E000 \SystemRoot\system32\drivers\ndis.sys
0x01720000 \SystemRoot\system32\drivers\NETIO.SYS
0x01780000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x017AB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01600000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01558000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01610000 \SystemRoot\System32\Drivers\spldr.sys
0x015A4000 \SystemRoot\System32\drivers\rdyboost.sys
0x01618000 \SystemRoot\System32\Drivers\mup.sys
0x017F5000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01400000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0143A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01450000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x0121A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x014B8000 \SystemRoot\System32\Drivers\Null.SYS
0x014C1000 \SystemRoot\System32\Drivers\Beep.SYS
0x015DE000 \SystemRoot\System32\drivers\vga.sys
0x0119A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x015EC000 \SystemRoot\System32\drivers\watchdog.sys
0x01244000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x013F6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x011BF000 \SystemRoot\system32\drivers\rdprefmp.sys
0x011C8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x011D3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x036F2000 \SystemRoot\system32\drivers\afd.sys
0x0377B000 \SystemRoot\system32\drivers\TDI.SYS
0x03788000 \SystemRoot\System32\DRIVERS\netbt.sys
0x037CD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x037EB000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x037F6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03600000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03626000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x0363C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0364B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03666000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0367A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x036CB000 \SystemRoot\system32\drivers\nsiproxy.sys
0x036D7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x036E2000 \SystemRoot\System32\drivers\discache.sys
0x03A50000 \SystemRoot\system32\drivers\csc.sys
0x03AD3000 \SystemRoot\System32\Drivers\dfsc.sys
0x03AF1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03B02000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03B28000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03B3E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03C01000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x042E9000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04200000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04246000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04253000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x042A9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x042BA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03B47000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x02C05000 \SystemRoot\system32\DRIVERS\athrx.sys
0x02D74000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x02D81000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x02D9F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x02DAE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02DBD000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x02DC2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x02DCF000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x02DDF000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0x02DE6000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x041D5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x043DD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03B79000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03BA8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03BC3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03BE4000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x043E9000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x02DFC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03A00000 \SystemRoot\system32\DRIVERS\ks.sys
0x011E4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04896000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x048F0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04905000 \SystemRoot\system32\drivers\HdAudio.sys
0x04961000 \SystemRoot\system32\drivers\portcls.sys
0x0499E000 \SystemRoot\system32\drivers\drmk.sys
0x049C0000 \SystemRoot\system32\drivers\ksthunk.sys
0x04800000 \SystemRoot\system32\DRIVERS\VSTAZL6.SYS
0x04C57000 \SystemRoot\system32\DRIVERS\VSTDPV6.SYS
0x04EE7000 \SystemRoot\system32\DRIVERS\VSTCNXT6.SYS
0x04FB2000 \SystemRoot\system32\drivers\modem.sys
0x04FC1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04FCF000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x04FDB000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x04FE6000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x04E00000 \SystemRoot\System32\drivers\Dxapi.sys
0x04E0C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00520000 \SystemRoot\System32\TSDDD.dll
0x006F0000 \SystemRoot\System32\cdd.dll
0x00840000 \SystemRoot\System32\ATMFD.DLL
0x04E1A000 \SystemRoot\system32\drivers\luafv.sys
0x04E3D000 \SystemRoot\system32\drivers\WudfPf.sys
0x04E5E000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04E73000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x04EC6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04DCB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x0260D000 \SystemRoot\system32\drivers\HTTP.sys
0x026D5000 \SystemRoot\system32\DRIVERS\bowser.sys
0x026F3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x0270B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02738000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02786000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x027A9000 \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
0x027B0000 \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
0x032D4000 \SystemRoot\system32\drivers\peauth.sys
0x0337A000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03385000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x033B2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03200000 \SystemRoot\System32\DRIVERS\srv2.sys
0x04637000 \SystemRoot\System32\DRIVERS\srv.sys
0x046CC000 \??\C:\Windows\system32\drivers\mbam.sys
0x04747000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77CA0000 \Windows\System32\ntdll.dll
0x47C90000 \Windows\System32\smss.exe
0xFFFC0000 \Windows\System32\apisetschema.dll
0xFF5A0000 \Windows\System32\autochk.exe
0xFFDD0000 \Windows\System32\setupapi.dll
0x77A90000 \Windows\System32\iertutil.dll
0xFFD50000 \Windows\System32\shlwapi.dll
0x77990000 \Windows\System32\user32.dll
0xFFB40000 \Windows\System32\ole32.dll
0xFEDB0000 \Windows\System32\shell32.dll
0xFED60000 \Windows\System32\Wldap32.dll
0xFEC30000 \Windows\System32\rpcrt4.dll
0xFEC10000 \Windows\System32\sechost.dll
0xFEBC0000 \Windows\System32\ws2_32.dll
0xFEB20000 \Windows\System32\clbcatq.dll
0xFEB10000 \Windows\System32\lpk.dll
0x77870000 \Windows\System32\kernel32.dll
0xFEAF0000 \Windows\System32\imagehlp.dll
0xFEA10000 \Windows\System32\advapi32.dll
0xFE940000 \Windows\System32\usp10.dll
0xFE830000 \Windows\System32\msctf.dll
0xFE820000 \Windows\System32\nsi.dll
0xFE740000 \Windows\System32\oleaut32.dll
0xFE6C0000 \Windows\System32\difxapi.dll
0xFE620000 \Windows\System32\msvcrt.dll
0xFE580000 \Windows\System32\comdlg32.dll
0xFE510000 \Windows\System32\gdi32.dll
0x77E70000 \Windows\System32\normaliz.dll
0x77E60000 \Windows\System32\psapi.dll
0x77720000 \Windows\System32\urlmon.dll
0x775C0000 \Windows\System32\wininet.dll
0xFE4E0000 \Windows\System32\imm32.dll
0xFE370000 \Windows\System32\crypt32.dll
0xFE2D0000 \Windows\System32\comctl32.dll
0xFE2B0000 \Windows\System32\devobj.dll
0xFE270000 \Windows\System32\wintrust.dll
0xFE230000 \Windows\System32\cfgmgr32.dll
0xFE1C0000 \Windows\System32\KernelBase.dll
0xFE1B0000 \Windows\System32\msasn1.dll

Processes (total 53):
0 System Idle Process
4 System
256 C:\Windows\System32\smss.exe
344 csrss.exe
396 C:\Windows\System32\wininit.exe
408 csrss.exe
456 C:\Windows\System32\winlogon.exe
500 C:\Windows\System32\services.exe
516 C:\Windows\System32\lsass.exe
524 C:\Windows\System32\lsm.exe
636 C:\Windows\System32\svchost.exe
716 C:\Windows\System32\svchost.exe
804 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
732 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\spoolsv.exe
1208 C:\Windows\System32\svchost.exe
1296 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1324 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1364 C:\Program Files\Bonjour\mDNSResponder.exe
1412 C:\Windows\System32\svchost.exe
1464 C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
1548 C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
1572 C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
1712 C:\Windows\System32\svchost.exe
1808 C:\Windows\System32\svchost.exe
2688 C:\Windows\System32\taskhost.exe
2748 C:\Windows\System32\dwm.exe
2780 C:\Windows\explorer.exe
3068 C:\Users\Jerome\AppData\Roaming\Dropbox\bin\Dropbox.exe
1356 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2440 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
2644 C:\Windows\System32\SearchIndexer.exe
2864 C:\Program Files\Windows Media Player\wmpnetwk.exe
1304 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1660 C:\Windows\System32\svchost.exe
3772 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
3972 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
3904 C:\Windows\SysWOW64\notepad.exe
3652 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2312 C:\Windows\System32\cmd.exe
3864 C:\Windows\System32\conhost.exe
3968 C:\Windows\System32\notepad.exe
100 C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
3748 C:\Windows\System32\wuauclt.exe
1396 C:\Windows\System32\audiodg.exe
2464 C:\Windows\System32\SearchProtocolHost.exe
2892 C:\Windows\System32\SearchFilterHost.exe
2220 C:\Users\Jerome\Downloads\MBRCheck.exe
1892 C:\Windows\System32\conhost.exe
608 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`26000000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEKT-60V5T1, Rev: 12.01A12

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
  • 0

#21
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Were you able to change the DNS to use 8.8.8.8 and 4.2.2.1?

Did that make any difference in the redirect?

Do you have the password for your DSL modem?
  • 0

#22
ChristineBin

ChristineBin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I was able to change the setting, I still have a redirect virus. I have a wirless network key number to get onto the internet.
  • 0

#23
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
This is starting to look like an infected router

Open a browser. Type in 192.168.1.254

This should take you to your modem/router. Are you able to log on to it? Here is a list of default router passwords which may come in handy:
http://www.routerpasswords.com/

What we usually do is reset the router but you need to know how it is set up so you can restore the critical configs.

Ron
  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute for things to settle down.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
  • 0

#25
ChristineBin

ChristineBin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I did a system restore to an earlier time and it seems to be working ok now. Will this fix the issue? Also, A t&T supplied me this wireless router, if they sent me a new one would that fix the problem? Or would it be faster and better to just do the steps you would like to do with reconfiguring the router?
  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
If a System Restore fixed the reset then it wasn't in the router and our tools must be missing some new style infection which System Restore removed. I'd say it's done and we can clean up:


We need to cleanup System Restore:

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

(Following may not apply to you if AT&T controls your router.)
If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#27
ChristineBin

ChristineBin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I am still getting the redirect virus. It happened again this morning? What do you suggest? Do you think the virus is in the router? If so how can I get rid of that? The modem I have is a dsl wirless router through at&t
  • 0

#28
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute for things to settle down.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
  • 0

#29
ChristineBin

ChristineBin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Process	PID	CPU	Private Bytes	Working Set	Description	Company Name	Verified Signer

System Idle Process	0	40.76	0 K	24 K			

procexp64.exe	2796	20.41	25,212 K	43,432 K	Sysinternals Process Explorer	Sysinternals - www.sysinternals.com	(Verified) Sysinternals

firefox.exe	3308	15.79	131,692 K	154,252 K	Firefox	Mozilla Corporation	(Verified) Mozilla Corporation

Updater.exe	2996	12.02	4,144 K	8,020 K	Ask Updater	Ask	(Verified) Ask.com

plugin-container.exe	3648	5.06	29,588 K	34,792 K	Plugin Container for Firefox	Mozilla Corporation	(Verified) Mozilla Corporation

Interrupts	n/a	1.77	0 K	0 K	Hardware Interrupts and DPCs		

dwm.exe	2404	1.07	43,152 K	20,456 K	Desktop Window Manager	Microsoft Corporation	(Verified) Microsoft Windows

System	4	1.04	140 K	1,340 K			

csrss.exe	400	0.97	2,036 K	5,124 K	Client Server Runtime Process	Microsoft Corporation	(Verified) Microsoft Windows

explorer.exe	492	0.19	28,152 K	45,392 K	Windows Explorer	Microsoft Corporation	(Verified) Microsoft Windows

svchost.exe	604	0.16	3,696 K	7,356 K	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows

svchost.exe	1432	0.15	6,904 K	14,636 K	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows

lsass.exe	508	0.15	4,272 K	9,416 K	Local Security Authority Process	Microsoft Corporation	(Verified) Microsoft Windows

AppleMobileDeviceService.exe	1344	0.10	2,884 K	6,352 K	MobileDeviceService	Apple Inc.	(Verified) Apple Inc.

LogMeIn.exe	1588	0.09	18,424 K	13,744 K	LogMeIn	LogMeIn, Inc.	(Verified) LogMeIn, Inc.

svchost.exe	704	0.08	3,540 K	6,720 K	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows

svchost.exe	840	0.05	86,300 K	91,688 K	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows

svchost.exe	356	0.03	8,204 K	13,956 K	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows

SearchIndexer.exe	2148	0.03	40,108 K	29,248 K	Microsoft Windows Search Indexer	Microsoft Corporation	(Verified) Microsoft Windows

svchost.exe	332	0.01	14,024 K	13,908 K	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows

plugin-container.exe	384	0.01	21,064 K	30,860 K	Plugin Container for Firefox	Mozilla Corporation	(Verified) Mozilla Corporation

AAM Updates Notifier.exe	3340	0.01	4,224 K	6,436 K	AAM Updates Notifier Application	Adobe Systems Incorporated	(Verified) Adobe Systems Incorporated

svchost.exe	872	0.01	30,656 K	39,672 K	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows

IntuitUpdateService.exe	3856	0.01	27,788 K	2,280 K	Intuit Update Service	Intuit Inc.	(Verified) Intuit, Inc.

svchost.exe	2840	0.01	9,860 K	12,296 K	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows

taskhost.exe	2308	0.01	3,024 K	6,460 K	Host Process for Windows Tasks	Microsoft Corporation	(Verified) Microsoft Windows

LMIGuardianSvc.exe	1480	< 0.01	2,684 K	5,296 K	LMIGuardianSvc	LogMeIn, Inc.	(Verified) LogMeIn, Inc.

wmpnetwk.exe	2288		10,932 K	6,664 K	Windows Media Player Network Sharing Service	Microsoft Corporation	(Verified) Microsoft Windows

winlogon.exe	448		2,428 K	5,544 K	Windows Logon Application	Microsoft Corporation	(Verified) Microsoft Windows

wininit.exe	388		1,276 K	3,552 K	Windows Start-Up Application	Microsoft Corporation	(Verified) Microsoft Windows

UpdateChecker.exe	2716		34,392 K	25,564 K	FileHippo.com Update Checker	FileHippo.com	(Unable to verify) FileHippo.com

taskeng.exe	1932		1,624 K	5,372 K	Task Scheduler Engine	Microsoft Corporation	(Verified) Microsoft Windows

taskeng.exe	4012		1,628 K	5,396 K	Task Scheduler Engine	Microsoft Corporation	(Verified) Microsoft Windows

svchost.exe	752		19,280 K	17,876 K	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows

svchost.exe	1204		13,784 K	11,748 K	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows

svchost.exe	3172		36,756 K	16,200 K	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows

svchost.exe	1760		1,648 K	4,632 K	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows

spoolsv.exe	1168		7,708 K	9,584 K	Spooler SubSystem App	Microsoft Corporation	(Verified) Microsoft Windows

smss.exe	256		352 K	924 K	Windows Session Manager	Microsoft Corporation	(Verified) Microsoft Windows

services.exe	484		5,468 K	7,008 K	Services and Controller app	Microsoft Corporation	(Verified) Microsoft Windows

ramaint.exe	1524		3,340 K	3,828 K	LogMeIn Maintenance Service	LogMeIn, Inc.	(Verified) LogMeIn, Inc.

procexp.exe	2920		2,200 K	6,364 K	Sysinternals Process Explorer	Sysinternals - www.sysinternals.com	(Verified) Microsoft Corporation

mscorsvw.exe	3756		5,024 K	7,060 K	.NET Runtime Optimization Service	Microsoft Corporation	(Verified) Microsoft Corporation

mDNSResponder.exe	1380		1,708 K	4,276 K	Bonjour Service	Apple Inc.	(Verified) Apple Inc.

lsm.exe	516		2,148 K	3,528 K	Local Session Manager Service	Microsoft Corporation	(Verified) Microsoft Windows

jusched.exe	2988		1,020 K	3,820 K	Java(TM) Update Scheduler	Sun Microsystems, Inc.	(Verified) Sun Microsystems, Inc.

Dropbox.exe	2732		49,044 K	30,936 K	Dropbox	Dropbox, Inc.	(Verified) Dropbox

csrss.exe	348		1,868 K	3,632 K	Client Server Runtime Process	Microsoft Corporation	(Verified) Microsoft Windows

audiodg.exe	940		15,408 K	14,608 K	Windows Audio Device Graph Isolation 	Microsoft Corporation	(Verified) Microsoft Windows

armsvc.exe	1276		1,116 K	3,416 K	Adobe Acrobat Update Service	Adobe Systems Incorporated	(Verified) Adobe Systems, Incorporated

  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
I would uninstall the ask toolbar and its updater. You don't need it (it's foistware - you get it when you download other stuff) and it's using up a lot of CPU time. Then go into Firefox, Click on Firefox, then hover over Help until the new menu shows up then select Restart with Add-ons Disabled. Restart. When it starts up just hit Continue. See if you still have the redirect and also create a new Process Explorer log and post it.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP