Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hotlean.com redirect from google search page [Solved]


  • This topic is locked This topic is locked

#106
megadez

megadez

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
I created account with open DNS. Should I manage it somehow or it will do its job automatically?
I also enabled dynamic IP updates following the prompt on open DNS webpage, is it ok?

I will keep you posted regarding redirects. (I think I had one after DNS-work but I'm not completely sure).

at some point we disabled some NET framework windows stuff, now that NET 3.5 appears in the list
of express windows updates. Should I allow or avoid installing that?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/26/2009 at 01:03 AM

Application Version : 4.25.1014

Core Rules Database Version : 3776
Trace Rules Database Version: 1735

Scan type : Quick Scan
Total Scan Time : 03:40:14

Memory items scanned : 611
Memory threats detected : 0
Registry items scanned : 443
Registry threats detected : 0
File items scanned : 79068
File threats detected : 0
  • 0

Advertisements


#107
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

at some point we disabled some NET framework windows stuff, now that NET 3.5 appears in the list
of express windows updates. Should I allow or avoid installing that?


No, it's fine to install that.

I created account with open DNS. Should I manage it somehow or it will do its job automatically?


I don't know for sure but I think that's all you have to do.

I also enabled dynamic IP updates following the prompt on open DNS webpage, is it ok?


Yep.

I will keep you posted regarding redirects. (I think I had one after DNS-work but I'm not completely sure).


Oh dear that doesn't sound too promising. Oh well lets see how it goes...will look forward to hearing from you.

One plus was that SuperAntiSpyWare comes up clean as a whistle. That's quite an achievement, it usually finds something. :)
  • 0

#108
megadez

megadez

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
hotlean.com is uncatcheable

it's still there and now I know how to check whether it's present quickly - I do a random google search
and then hover my mouse over the links, one by one, in the lower left corner there appears a link
underlying a search result I'm hovering over. Now, search result which would lead to hotlean is
usually characterized by link like this: [url="http://www.googlesearchapi-25264.biz/?q="what"]http://www.googlesearchapi-25264.biz/?q="what[/url] I searched for".

did this topic break the record of being the longest on forum? if not it has all chances to do it.
  • 0

#109
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

did this topic break the record of being the longest on forum?


Nope I don't think so, but getting there. Interesting challenge though. :)

[url="http://www.googlesearchapi-25264.biz/?q="what"]http://www.googlesearchapi-25264.biz/?q="what[/url] I searched for".


My understanding is that google dropped that "googlesearchapi" and when I search that googlesearchapi-25264.biz/?q with my Firefox I get "did not match any documents".

Lets see what you home page urls say in your browers, please list them in your next reply. Go to tools > options > main to find the information in IE and Firefox...not sure about Opera.

Also lets run another check for rootkits but this time using a different tool.

Download RootRepeal.zip and unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post
So when you return please post
  • list of home page urls
  • RootRepeal.txt

  • 0

#110
megadez

megadez

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
IE http://go.microsoft....k/?LinkId=69157

Firefox http://en-US.start2....:en-US:official +
Show my windows and tabs from the last time

Opera http://portal.opera.com + continue from last time

Here is what I got for the first time with RootRepeal

ROOTREPEAL CRASH REPORT
-------------------------
Exception Code: 0xc0000005
Exception Address: 0x0040e77a
Attempt to read from address: 0x00c75004
  • 0

#111
megadez

megadez

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
RootRepeal scans ok until some point and then stops working properly, in windows task manager it's not responding then working then not responding again, and so on alternatively. However At this point I believe it's done with disks C and D and works on disk F (external hard); and this alternating regime doesn't seem to lead to progress with scanning F:

Right know in the windows of RootRepeal there is the following, in two columns filepath and status

1) C:hiberfil.sys locked to the windows API
2) C:programfiles\commonfiles\Symantec Shared\Virus Definitions\20090225.039\EraserUtilRebootDrv.sys locked to the windows API
  • 0

#112
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hmm...well lets try this then

Please download and unzip Icesword to its own folder on your desktop


If you get a lot of "red entries" in an IceSword log, don't panic.

Step 1 : Close all windows and run IceSword. Click the Processes tab and watch for processes displayed in red color. A red colored process in this list indicates that it's hidden. Write down the PathName of any processes in red color. Then click on LOG at the top left. It will prompt you to save the log, call this Processes and save it to your desktop.


Step 2 : Click the Win32 Services tab and look out for red colored entries in the services list. Write down the Module name of any services in red color, you will need to expand out the Module tab to see the full name. Then click on LOG. It will prompt you to save the log, call this Services and save it to your desktop.


Step 3 : Click the Startup tab and look out for red colored entries in the startup list. Write down the Path of any startup entries in red color. Then click on LOG. It will prompt you to save the log, call this Startup and save it to your desktop.


Step 4 : Click the SSDT tab and check for red colored entries. If there are any, write down the KModule name.


Step 5 : Click the Message Hooks tab and check for any entries that are underneath Type and labelled WH_KEYBOARD. Write down the Process Path of these entries if present.



Now post all of the data collected under the headings for :

Processes
Win32 Services
Startup
SSDT
Message Hooks

  • 0

#113
megadez

megadez

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
No red for first 3 groups:

Processes:
Process:

System Idle Process
System
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WLTRAY.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\ABBYY Lingvo x3\LvAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PoivY.com\PoivY\PoivY.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9AA.EXE
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Documents and Settings\Yuriy Horokhivskyy\Desktop\IceSword122en\IceSword.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\searchfilterhost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\searchprotocolhost.exe



Win32 Services

Started Service:

Service Name:ABBYY.Licensing.Lingvo.Desktop.14.0 Display Name:ABBYY Lingvo x3 Licensing Service
Service Name:ALG Display Name:Application Layer Gateway Service
Service Name:AudioSrv Display Name:Windows Audio
Service Name:Basics Service Display Name:Basics Service
Service Name:BITS Display Name:Background Intelligent Transfer Service
Service Name:Capture Device Service Display Name:Capture Device Service
Service Name:ccEvtMgr Display Name:Symantec Event Manager
Service Name:ccSetMgr Display Name:Symantec Settings Manager
Service Name:CryptSvc Display Name:Cryptographic Services
Service Name:CVPND Display Name:Cisco Systems, Inc. VPN Service
Service Name:DcomLaunch Display Name:DCOM Server Process Launcher
Service Name:Dhcp Display Name:DHCP Client
Service Name:Dnscache Display Name:DNS Client
Service Name:ERSvc Display Name:Error Reporting Service
Service Name:Eventlog Display Name:Event Log
Service Name:EventSystem Display Name:COM+ Event System
Service Name:EvtEng Display Name:Intel® PROSet/Wireless Event Log
Service Name:FastUserSwitchingCompatibility Display Name:Fast User Switching Compatibility
Service Name:helpsvc Display Name:Help and Support
Service Name:HidServ Display Name:HID Input Service
Service Name:JavaQuickStarterService Display Name:Java Quick Starter
Service Name:lanmanserver Display Name:Server
Service Name:lanmanworkstation Display Name:Workstation
Service Name:LmHosts Display Name:TCP/IP NetBIOS Helper
Service Name:LVPrcSrv Display Name:Process Monitor
Service Name:Netman Display Name:Network Connections
Service Name:NICCONFIGSVC Display Name:NICCONFIGSVC
Service Name:Nla Display Name:Network Location Awareness (NLA)
Service Name:NMSAccessU Display Name:NMSAccessU
Service Name:PD91Agent Display Name:PD91Agent
Service Name:PlugPlay Display Name:Plug and Play
Service Name:PolicyAgent Display Name:IPSEC Services
Service Name:ProtectedStorage Display Name:Protected Storage
Service Name:RasMan Display Name:Remote Access Connection Manager
Service Name:RegSrvc Display Name:Intel® PROSet/Wireless Registry Service
Service Name:RichVideo Display Name:Cyberlink RichVideo Service(CRVS)
Service Name:RpcSs Display Name:Remote Procedure Call (RPC)
Service Name:S24EventMonitor Display Name:Intel® PROSet/Wireless Service
Service Name:SamSs Display Name:Security Accounts Manager
Service Name:Schedule Display Name:Task Scheduler
Service Name:seclogon Display Name:Secondary Logon
Service Name:SENS Display Name:System Event Notification
Service Name:SharedAccess Display Name:Windows Firewall/Internet Connection Sharing (ICS)
Service Name:ShellHWDetection Display Name:Shell Hardware Detection
Service Name:SmcService Display Name:Symantec Management Client
Service Name:Spooler Display Name:Print Spooler
Service Name:srservice Display Name:System Restore Service
Service Name:SSDPSRV Display Name:SSDP Discovery Service
Service Name:stisvc Display Name:Windows Image Acquisition (WIA)
Service Name:Symantec AntiVirus Display Name:Symantec Endpoint Protection
Service Name:TapiSrv Display Name:Telephony
Service Name:TermService Display Name:Terminal Services
Service Name:Themes Display Name:Themes
Service Name:TrkWks Display Name:Distributed Link Tracking Client
Service Name:UleadBurningHelper Display Name:Ulead Burning Helper
Service Name:W32Time Display Name:Windows Time
Service Name:WebClient Display Name:WebClient
Service Name:winmgmt Display Name:Windows Management Instrumentation
Service Name:WLANKEEPER Display Name:Intel® PROSet/Wireless SSO Service
Service Name:wltrysvc Display Name:Dell Wireless WLAN Tray Service
Service Name:wscsvc Display Name:Security Center
Service Name:WSearch Display Name:Windows Search
Service Name:wuauserv Display Name:Automatic Updates
Service Name:WudfSvc Display Name:Windows Driver Foundation - User-mode Driver Framework
Service Name:WZCSVC Display Name:Wireless Zero Configuration



Startup:

Startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IntelZeroConfig
"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IntelWireless
"C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SigmatelSysTrayApp
%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Broadcom Wireless Manager UI
C:\WINDOWS\system32\WLTRAY.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus CX4600 Series
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
basicsmssmenu
"C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Lingvo Launcher
"C:\Program Files\ABBYY Lingvo x3\LvAgent.exe" /STARTUP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SynTPEnh
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
igfxtray
C:\WINDOWS\system32\igfxtray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
igfxhkcmd
C:\WINDOWS\system32\hkcmd.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
igfxpers
C:\WINDOWS\system32\igfxpers.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adobe Acrobat Speed Launcher
"C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
googletalk
C:\Program Files\Google\Google Talk\googletalk.exe /autostart

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateSched
"C:\Program Files\Java\jre6\bin\jusched.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
OpenDNS Update
"C:\Program Files\OpenDNS U

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE
C:\WINDOWS\system32\ctfmon.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Skype
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
PoivY
"C:\Program Files\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus CX4600 Series
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /M "Stylus CX4600" /EF "HKCU"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
SUPERAntiSpyware
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini


C:\Documents and Settings\Yuriy Horokhivskyy\Start Menu\Programs\Startup
desktop.ini




As for SSDT there were 20-25 entries with Kmodule name unknown and then the following:

3 instances of spps.sys
and

\??\C:\windows\system32\drivers\wpsdrvnt.sys
\??\C:\programfiles\superantispyware\saskutil.sys


In message hooks under the WH_KEYBOARD there were quite a bit, tool some time to write it down

3 instances of C:\windows\explorer.exe

5 instances of C:\program files\poivy.com\poivy\poivy.exe

3 instances of C:\program files\skype\phone\skype.exe

2 instances of \program files\lingvo x3\LvAgent.exe

\program files\intel\wireless\bin\ifrmewrk.exe
\program files\symantec\symantec endpoint protection\smcgui.exe
\program files\intel\wireless\bin\Dct1xcfg.exe
\program files\intel\wireless\bin\zcfgsvc.exe
\program files\common files\symantec shared\ccapp.exe
\program files\google\google talgoogletalk.exe
\program files\synaptics\syntp\syntpeng.exe
\windows\system32\ctfmon.exe
\windows\system32\igfxpers.exe

uf-f-f-f
  • 0

#114
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
couple there that don't look quite right. I wonder can you confirm these two as being exactly as you have posted them:

\program files\google\google talgoogletalk.exe
\program files\synaptics\syntp\syntpeng.exe


and I take it that the entries that you wrote down for SSDT and Message Hooks were in red?
  • 0

#115
megadez

megadez

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
from message hooks:

C:\program files\google\google talk\googletalk.exe
C:\Program files\synaptics\syntp\syntpenh.exe not syntpeng

yes, all in red

I also got Root Repeal report, having asked it to scan C and D discs (not my external F, can try to do it for F separately)



ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/02/27 01:33
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA889C000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADBC000 Size: 8192 File Visible: No
Status: -

Name: PCI_PNP2962
Image Path: \Driver\PCI_PNP2962
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7B1B000 Size: 45056 File Visible: No
Status: -

Name: spqo.sys
Image Path: spqo.sys
Address: 0xBA6A7000 Size: 1048576 File Visible: No
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Yuriy Horokhivskyy\Local Settings\temp\etilqs_yj0GD6dTgp2IdjadJwVo
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl
Status: Allocation size mismatch (API: 8192, Raw: 4096)

Path: C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090225.039\EraserUtilRebootDrv.sys
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Yuriy Horokhivskyy\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0005cb
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Yuriy Horokhivskyy\Local Settings\Application Data\Mozilla\Firefox\Profiles\sos6lio5.default\Cache\_CACHE_001_
Status: Size mismatch (API: 1937260, Raw: 1936829)

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x8a3e2330

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x8a3e8f68

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a478380

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x8a3ae750

#: 041 Function Name: NtCreateKey
Status: Hooked by "spqo.sys" at address 0xba6a80e0

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x8a3e0fc0

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8a38bab0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spqo.sys" at address 0xba6c6ca2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spqo.sys" at address 0xba6c7030

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a1d1f38

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x8a3d0800

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x8a3d5ca8

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x8a38b378

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8a3cc170

#: 119 Function Name: NtOpenKey
Status: Hooked by "spqo.sys" at address 0xba6a80c0

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x8a48c2a8

#: 129 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x8a277ec8

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\wpsdrvnt.sys" at address 0xba98d6a0

#: 160 Function Name: NtQueryKey
Status: Hooked by "spqo.sys" at address 0xba6c7108

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spqo.sys" at address 0xba6c6f88

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x8a427778

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8a3fa578

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8a3c9c48

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x8a081aa0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "spqo.sys" at address 0xba6c719a

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8a3ca590

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8a3f7ab8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8a469538

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8a3f65d0

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x8a3fb230

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a450d18

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8a6471f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8a6471f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8a6471f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8a6471f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a6471f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a6471f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a6471f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8a6471f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a6471f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a6471f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a6471f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a6471f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a6471f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a6471f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a6471f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a6471f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8a6471f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a6471f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a6471f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a6471f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a6471f8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8a6471f8 Size: -

Object: Hidden Code [Driver: Rasl, IRP_MJ_CREATE]
Process: System Address: 0x8a31a500 Size: -

Object: Hidden Code [Driver: Rasl, IRP_MJ_CLOSE]
Process: System Address: 0x8a31a500 Size: -

Object: Hidden Code [Driver: Rasl, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a31a500 Size: -

Object: Hidden Code [Driver: Rasl, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a31a500 Size: -

Object: Hidden Code [Driver: Rasl, IRP_MJ_POWER]
Process: System Address: 0x8a31a500 Size: -

Object: Hidden Code [Driver: Rasl, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a31a500 Size: -

Object: Hidden Code [Driver: Rasl, IRP_MJ_PNP]
Process: System Address: 0x8a31a500 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8a32e1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8a32e1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a32e1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a32e1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8a32e1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a32e1f8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8a32e1f8 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x8a35d500 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x8a35d500 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a35d500 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a35d500 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x8a35d500 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a35d500 Size: -

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x8a35d500 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8a31e1f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8a31e1f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8a31e1f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8a31e1f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a31e1f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a31e1f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a31e1f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a31e1f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8a31e1f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a31e1f8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8a31e1f8 Size: -

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x8905d1f8 Size: -

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x8905d1f8 Size: -

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x8905d1f8 Size: -

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x8905d1f8 Size: -

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8905d1f8 Size: -

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8905d1f8 Size: -

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x8905d1f8 Size: -

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8905d1f8 Size: -

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x8905d1f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8a6491f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8a6491f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8a6491f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a6491f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a6491f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a6491f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a6491f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8a6491f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8a6491f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a6491f8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8a6491f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8a46c1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8a46c1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a46c1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a46c1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8a46c1f8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8a46c1f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8a3831f8 Size: -

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎pર, IRP_MJ_CREATE]
Process: System Address: 0x88f46500 Size: -

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎pર, IRP_MJ_CLOSE]
Process: System Address: 0x88f46500 Size: -

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎pર, IRP_MJ_READ]
Process: System Address: 0x88f46500 Size: -

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎pર, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x88f46500 Size: -

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎pર, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x88f46500 Size: -

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎pર, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x88f46500 Size: -

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎pર, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x88f46500 Size: -

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎pર, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x88f46500 Size: -

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎pર, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88f46500 Size: -

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎pર, IRP_MJ_SHUTDOWN]
Process: System Address: 0x88f46500 Size: -

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎pર, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x88f46500 Size: -

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎pર, IRP_MJ_CLEANUP]
Process: System Address: 0x88f46500 Size: -

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎pર, IRP_MJ_PNP]
Process: System Address: 0x88f46500 Size: -
  • 0

Advertisements


#116
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hi megadez,

That the whole log you got from RootRepeal?
  • 0

#117
megadez

megadez

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
confirmative
  • 0

#118
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello megadez,
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

  • C:\program files\intel\wireless\bin\Dct1xcfg.exe

  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
Next

Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :processes
    explorer.exe
    
    :files
    C:\Documents and Settings\Yuriy Horokhivskyy\Local Settings\temp\etilqs_yj0GD6dTgp2IdjadJwVo
    C:\Documents and Settings\Yuriy Horokhivskyy\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0005cb
    C:\Documents and Settings\Yuriy Horokhivskyy\Local Settings\Application Data\Mozilla\Firefox\Profiles\sos6lio5.default\Cache\_CACHE_001_
    
    :commands
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

So when you come back please post
  • Virscan results
  • OTMoveIt3 log

  • 0

#119
megadez

megadez

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
there was a typo

instead C:\program files\intel\wireless\bin\Dct1xcfg.exe

C:\program files\intel\wireless\bin\Dot1xcfg.exe

scan came out clean

mozilla is crashing from time to time, the only browser I didn't have redirects with is chrome,

also, when certain search result in google is going to give redirect and then I just press search button in google again,
get the same results, but now that result will no longer give redirect, it always works

Scanner results : All Scanners reported not find malware!
Time : 2009/02/27 18:26:05 (EST)
Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.0.0.32 20090226160122 2009-02-26
-
2.526
AhnLab V3 ... .. --
-
0.759
AntiVir 7.9.0.98 7.1.2.95 2009-02-27
-
1.887
Antiy 2.0.18 20090227.2206184 2009-02-27
-
0.119
Authentium 5.1.1 200902271748 2009-02-27
-
1.162
AVAST! 3.0.1 090227-0 2009-02-27
-
0.871
AVG 7.5.52.442 270.11.4/1976 2009-02-27
-
1.927
BitDefender 7.81008.2684810 7.23892 2009-02-28
-
2.506
CA (VET) 9.0.0.143 31.6.6376 2009-02-26
-
5.199
ClamAV 0.94.2 9055 2009-02-28
-
0.104
Comodo 3.8 986 2009-02-27
-
0.460
CP Secure 1.1.0.715 2009.02.28 2009-02-28
-
7.175
Dr.Web 4.44.0.9170 2009.02.27 2009-02-27
-
4.190
F-Prot 4.4.4.56 20090226 2009-02-26
-
1.102
F-Secure 5.51.6100 2009.02.27.15 2009-02-27
-
4.747
Fortinet 2.81-3.117 10.91 2009-02-27
-
0.244
GData 19.3488/19.240 20090227 2009-02-27
-
3.252
Ikarus T3.1.01.45 2009.02.27.72361 2009-02-27
-
4.456
JiangMin 11.0.706 2009.02.27 2009-02-27
-
1.529
Kaspersky 5.5.10 2009.02.27 2009-02-27
-
0.069
KingSoft 2009.2.5.15 2009.2.27.20 2009-02-27
-
0.607
McAfee 5.3.00 5538 2009-02-27
-
2.979
Microsoft 1.4306 2009.02.27 2009-02-27
-
4.460
mks_vir 2.01 2009.02.27 2009-02-27
-
2.729
Norman 6.00.06 6.00.00 2009-02-27
-
8.009
nProtect 20090227.03 3187721 2009-02-27
-
3.837
Panda 9.05.01 2009.02.27 2009-02-27
-
1.676
Quick Heal 10.00 2009.02.27 2009-02-27
-
1.023
Rising 20.0 21.18.42.00 2009-02-27
-
0.824
Sophos 2.84.1 4.39 2009-02-28
-
1.942
Sunbelt 5013 5013 2009-02-27
-
0.511
Symantec 1.3.0.24 20090227.004 2009-02-27
-
0.055
The Hacker 6.3.2.4 v00267 2009-02-27
-
0.522
Trend Micro 8.700-1004 5.874.13 2009-02-27
-
0.040
VBA32 3.12.10.1 20090227.0921 2009-02-27
-
1.820
ViRobot 20090227 2009.02.27 2009-02-27
-
0.399
VirusBuster 4.5.11.10 10.101.28/962841 2009-02-27
-
1.348
  • 0

#120
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

mozilla is crashing from time to time, the only browser I didn't have redirects with is chrome,


So are we saying that those last deletions with OTMoveIt3 have caused a problem there?

Or have you carried those out because I see no log from OTMoveIt3?

but now that result will no longer give redirect, it always works


Is this saying you are no-longer having a problem. That is, have the redirects gone?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP