Solved google redirect virus - bug not quite gone

Hewlett-packard / Hp pavilion dv2000 (rz987...
May 25, 2011 at 17:20:53
Specs: Windows Vista, 2 GHz / 2045 MB
Hi,

I got the annoying google redirect virus that everyone seems to have been infected with, and after following several forums, and applying recommended anti-malware, it appears to have gone (in that google doesn't seem to be redirecting me anymore). However, I'm worried that the virus is still lurking in my computer, since programs such as MRT still won't run without being renamed.

Here is what I have done so far:
1. MRT wouldn't run, so I made a copy to my desktop, renamed it and ran it that way. It didn't pick anything up.
2. Downloaded Malwarebyte's Anti-Malware, ran a full scan. It picked up about 7 dodgey files, which I've removed.
3. Downloaded HiJack This and ran it. I didn't delete anything from the list it collected since I don't know what to look for.
4. Downloaded tdsskiller; renamed it and ran it. It didn't pick anything up.
5. Downloaded TFC, which cleared out my temp files. It rebooted the computer, which I then restarted in Safe Mode with Networking.
6. From there I downloaded and ran kaspersky from bleeping computer, rkill file named iExplore.exe. The scan was terminated shortly after launching, (perhaps by safemode?) and the log file doesn't contain much information.
7. After this, google seemed to work without redirecting me away from search results, however MRT still won't open without being renamed, so I'm worried the virus is not completely gone yet.

Sorry to be another technotard with the same annoying problem as everyone else, but don't know what to do from here!

Thanking you in advance,


See More: google redirect virus - bug not quite gone

Report •

✔ Best Answer
May 26, 2011 at 20:14:53
:-) Geeezz...MRT just did not register in my brain...kept thinking about something else.

One more step...

Please download the Kaspersky Virus Removal Tool:
http://support.kaspersky.com/viruse...

Save it to your Desktop
Right click the downloaded setup file, and select: Run as Administrator

At the main screen of the tool, in the AutoScan tab, make sure the first three options are checked
Next, scroll down to check the box next to the C:/ drive

Click on Start Scan

When the scan is finished, click on: Report (at the bottom)

In the Detailed Report screen, make sure the three buttons at the top are set to:
Autoscan, Do not group, and, Important events
Click on Save, and save to the Desktop

>>Please provide the Kaspersky Virus Removal Tool in your reply.<<


When done with the tool, uninstall it by doing the following:
In the bottom right corner of the main window, click the Exit button
Click the Yes button on the prompt to uninstall
Restart the computer to delete the Kaspersky Virus Removal Tool.

As far as the MRT goes, have you tried clicking on Start > R to open the Run command, and then type in: MRT?



#1
May 25, 2011 at 19:09:06
Actually, turns out the redirect virus is still in full force - even through smaller search engines :-(
any help would be much appreciated!

Report •

#2
May 25, 2011 at 19:16:54
chemisty,

Please download aswMBR:
http://public.avast.com/~gmerek/asw...
Save to the Desktop.

If the file does not download, copy the following to the address bar of your browser. Do not include the brackets!
[http://public.avast.com/~gmerek/aswMBR.exe]

Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the save log button
Save it to the Desktop.

>>Please post the aswMBR log in your reply.<<

Also download TDSSKiller
http://support.kaspersky.com/downlo...
Save it to the Desktop.

If already downloaded, double-click* on TDSSKiller.exe to run the tool.
(*Vista/Windows 7 users, right-click the file, and select: Run As Administrator)

Click the Start Scan button.

Do not use the computer during the scan

If the scan completes with nothing found, click Close to exit.

When the scan finishes it displays a Scan results screen stating whether or not an infection was found on your computer.

To remove the infection, click on the Continue button.
If it does not say Cure on the results screen, leave it at the default action of Skip, and press the Continue button.

Do not change to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly.

Reboot to finish the cleaning process.

If no reboot is requested, click on Report.
A log file should appear.

A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) is created and saved to the root directory (usually Local Disk C:).

>>Also provide the contents of TDSSKiller in your reply.<<



Report •

#3
May 25, 2011 at 19:35:10
thanks for taking time to help me solve this!

aswMBR log:

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-26 09:28:43
-----------------------------
09:28:43.708 OS Version: Windows 6.0.6001 Service Pack 1
09:28:43.708 Number of processors: 2 586 0xF06
09:28:43.710 ComputerName: HP UserName:
09:29:03.039 Initialize success
09:29:12.841 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
09:29:12.846 Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC7BP Size: 152627MB BusType: 3
09:29:14.898 Disk 0 MBR read successfully
09:29:14.904 Disk 0 MBR scan
09:29:14.910 Disk 0 unknown MBR code
09:29:16.919 Disk 0 scanning sectors +156295440
09:29:16.950 Disk 0 scanning C:\Windows\system32\drivers
09:29:22.070 Service scanning
09:29:24.170 Disk 0 trace - called modules:
09:29:24.197 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
09:29:24.207 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84f1d840]
09:29:24.216 3 CLASSPNP.SYS[87b9c745] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x84879ab0]
09:29:24.225 Scan finished successfully
09:29:44.353 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
09:29:44.366 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"


Report •

Related Solutions

#4
May 25, 2011 at 19:36:44
Nothing was found on TDSSKiller, log is as follows:

2011/05/26 09:31:11.0459 3156 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/26 09:31:13.0462 3156 ================================================================================
2011/05/26 09:31:13.0463 3156 SystemInfo:
2011/05/26 09:31:13.0463 3156
2011/05/26 09:31:13.0463 3156 OS Version: 6.0.6001 ServicePack: 1.0
2011/05/26 09:31:13.0463 3156 Product type: Workstation
2011/05/26 09:31:13.0463 3156 ComputerName: HP
2011/05/26 09:31:13.0463 3156 UserName: User
2011/05/26 09:31:13.0463 3156 Windows directory: C:\Windows
2011/05/26 09:31:13.0463 3156 System windows directory: C:\Windows
2011/05/26 09:31:13.0463 3156 Processor architecture: Intel x86
2011/05/26 09:31:13.0464 3156 Number of processors: 2
2011/05/26 09:31:13.0464 3156 Page size: 0x1000
2011/05/26 09:31:13.0464 3156 Boot type: Normal boot
2011/05/26 09:31:13.0464 3156 ================================================================================
2011/05/26 09:31:14.0636 3156 Initialize success
2011/05/26 09:31:16.0633 2816 ================================================================================
2011/05/26 09:31:16.0633 2816 Scan started
2011/05/26 09:31:16.0633 2816 Mode: Manual;
2011/05/26 09:31:16.0633 2816 ================================================================================
2011/05/26 09:31:17.0413 2816 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/05/26 09:31:17.0471 2816 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/26 09:31:17.0600 2816 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/26 09:31:17.0644 2816 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/26 09:31:17.0679 2816 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/26 09:31:17.0840 2816 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/05/26 09:31:17.0896 2816 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/26 09:31:17.0929 2816 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/26 09:31:18.0030 2816 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/26 09:31:18.0067 2816 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/26 09:31:18.0101 2816 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/26 09:31:18.0139 2816 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/26 09:31:18.0251 2816 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/26 09:31:18.0313 2816 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/26 09:31:18.0356 2816 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/26 09:31:18.0465 2816 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/26 09:31:18.0487 2816 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/05/26 09:31:18.0563 2816 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/26 09:31:18.0684 2816 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/26 09:31:18.0745 2816 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/26 09:31:18.0800 2816 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/26 09:31:18.0909 2816 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/26 09:31:18.0963 2816 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/26 09:31:18.0994 2816 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/26 09:31:19.0024 2816 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/26 09:31:19.0127 2816 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/26 09:31:19.0184 2816 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/05/26 09:31:19.0226 2816 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/26 09:31:19.0329 2816 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/05/26 09:31:19.0390 2816 BTHPORT (73d53f8e90550ba81e2cf44a0873b410) C:\Windows\system32\Drivers\BTHport.sys
2011/05/26 09:31:19.0435 2816 BTHUSB (32045a4bb143bbc5bab1298c4e9e309a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/05/26 09:31:19.0609 2816 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/26 09:31:19.0831 2816 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/26 09:31:19.0934 2816 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/26 09:31:19.0980 2816 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/05/26 09:31:20.0114 2816 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/26 09:31:20.0172 2816 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/26 09:31:20.0195 2816 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/26 09:31:20.0234 2816 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/26 09:31:20.0271 2816 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/26 09:31:20.0411 2816 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/05/26 09:31:20.0521 2816 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/05/26 09:31:20.0657 2816 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/26 09:31:20.0719 2816 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/26 09:31:20.0843 2816 E100B (d00eeae1cacd77a1a8396bbc19140bba) C:\Windows\system32\DRIVERS\e100b325.sys
2011/05/26 09:31:20.0916 2816 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/26 09:31:21.0062 2816 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/05/26 09:31:21.0216 2816 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/26 09:31:21.0277 2816 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/26 09:31:21.0345 2816 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/05/26 09:31:21.0460 2816 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/05/26 09:31:21.0534 2816 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/26 09:31:21.0606 2816 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/26 09:31:21.0635 2816 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/26 09:31:21.0744 2816 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/26 09:31:21.0779 2816 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/05/26 09:31:21.0818 2816 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/26 09:31:21.0861 2816 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/26 09:31:21.0930 2816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/26 09:31:22.0065 2816 HBtnKey (93aee3434935fc2f805fefd8dc5ed1b4) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/05/26 09:31:22.0131 2816 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/26 09:31:22.0178 2816 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/26 09:31:22.0268 2816 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/26 09:31:22.0303 2816 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/26 09:31:22.0358 2816 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2011/05/26 09:31:22.0422 2816 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/26 09:31:22.0561 2816 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/26 09:31:22.0632 2816 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/05/26 09:31:22.0785 2816 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/05/26 09:31:22.0872 2816 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/26 09:31:22.0968 2816 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/26 09:31:23.0037 2816 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/26 09:31:23.0094 2816 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/26 09:31:23.0216 2816 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/26 09:31:23.0270 2816 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/26 09:31:23.0342 2816 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/26 09:31:23.0419 2816 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/26 09:31:23.0505 2816 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/26 09:31:23.0564 2816 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/26 09:31:23.0605 2816 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/26 09:31:23.0644 2816 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/26 09:31:23.0687 2816 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/26 09:31:23.0774 2816 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/26 09:31:23.0836 2816 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/26 09:31:23.0874 2816 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/26 09:31:23.0974 2816 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/26 09:31:24.0111 2816 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/05/26 09:31:24.0212 2816 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
2011/05/26 09:31:24.0286 2816 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/26 09:31:24.0375 2816 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/26 09:31:24.0437 2816 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/26 09:31:24.0549 2816 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/26 09:31:24.0603 2816 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/26 09:31:24.0651 2816 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/26 09:31:24.0706 2816 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/26 09:31:24.0992 2816 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/26 09:31:25.0100 2816 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/26 09:31:25.0137 2816 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/26 09:31:25.0174 2816 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
2011/05/26 09:31:25.0216 2816 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/26 09:31:25.0347 2816 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/05/26 09:31:25.0411 2816 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/26 09:31:25.0453 2816 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/05/26 09:31:25.0561 2816 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/26 09:31:25.0614 2816 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/26 09:31:25.0652 2816 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/05/26 09:31:25.0705 2816 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/26 09:31:25.0822 2816 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/26 09:31:25.0853 2816 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/26 09:31:25.0910 2816 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/05/26 09:31:26.0007 2816 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/26 09:31:26.0058 2816 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/26 09:31:26.0100 2816 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/26 09:31:26.0157 2816 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/26 09:31:26.0250 2816 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/26 09:31:26.0286 2816 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/26 09:31:26.0333 2816 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/05/26 09:31:26.0370 2816 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/26 09:31:26.0410 2816 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/26 09:31:26.0467 2816 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/05/26 09:31:26.0603 2816 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/26 09:31:26.0673 2816 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/05/26 09:31:26.0789 2816 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/26 09:31:26.0822 2816 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/26 09:31:26.0894 2816 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/26 09:31:26.0930 2816 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/26 09:31:27.0028 2816 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/26 09:31:27.0067 2816 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/26 09:31:27.0217 2816 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
2011/05/26 09:31:27.0372 2816 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/26 09:31:27.0427 2816 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/05/26 09:31:27.0485 2816 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/05/26 09:31:27.0519 2816 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/26 09:31:27.0598 2816 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/05/26 09:31:27.0702 2816 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/26 09:31:27.0733 2816 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/26 09:31:27.0945 2816 nvlddmkm (446864078dbe3059587954cb2d858a9b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/26 09:31:28.0189 2816 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/26 09:31:28.0234 2816 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/26 09:31:28.0272 2816 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/26 09:31:28.0379 2816 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/26 09:31:28.0528 2816 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/26 09:31:28.0567 2816 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/05/26 09:31:28.0605 2816 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/26 09:31:28.0640 2816 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/05/26 09:31:28.0678 2816 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/26 09:31:28.0727 2816 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/26 09:31:28.0869 2816 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/26 09:31:29.0076 2816 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/26 09:31:29.0106 2816 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/26 09:31:29.0188 2816 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/26 09:31:29.0335 2816 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/26 09:31:29.0460 2816 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/26 09:31:29.0507 2816 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/26 09:31:29.0532 2816 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/26 09:31:29.0586 2816 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/26 09:31:29.0623 2816 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/26 09:31:29.0657 2816 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/26 09:31:29.0758 2816 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/26 09:31:29.0786 2816 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/26 09:31:29.0846 2816 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/26 09:31:29.0873 2816 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/26 09:31:29.0928 2816 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/05/26 09:31:30.0002 2816 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/05/26 09:31:30.0345 2816 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
2011/05/26 09:31:30.0461 2816 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/26 09:31:30.0509 2816 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/26 09:31:30.0594 2816 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/26 09:31:30.0711 2816 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/26 09:31:30.0761 2816 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/26 09:31:30.0797 2816 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/26 09:31:30.0836 2816 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/26 09:31:30.0906 2816 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/26 09:31:31.0012 2816 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/26 09:31:31.0045 2816 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/26 09:31:31.0077 2816 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/26 09:31:31.0124 2816 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/26 09:31:31.0161 2816 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/26 09:31:31.0268 2816 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/26 09:31:31.0323 2816 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/05/26 09:31:31.0384 2816 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/26 09:31:31.0457 2816 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/05/26 09:31:31.0584 2816 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/26 09:31:31.0624 2816 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/26 09:31:31.0695 2816 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/26 09:31:31.0751 2816 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/26 09:31:31.0847 2816 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/26 09:31:31.0886 2816 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/26 09:31:31.0998 2816 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
2011/05/26 09:31:32.0153 2816 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/26 09:31:32.0260 2816 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/26 09:31:32.0299 2816 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/26 09:31:32.0330 2816 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/26 09:31:32.0365 2816 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/26 09:31:32.0395 2816 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/26 09:31:32.0554 2816 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/26 09:31:32.0591 2816 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/26 09:31:32.0616 2816 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/26 09:31:32.0663 2816 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/26 09:31:32.0703 2816 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/26 09:31:32.0836 2816 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/26 09:31:32.0875 2816 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/26 09:31:32.0914 2816 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/26 09:31:32.0942 2816 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/26 09:31:32.0984 2816 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/26 09:31:33.0135 2816 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
2011/05/26 09:31:33.0177 2816 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/26 09:31:33.0221 2816 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/26 09:31:33.0331 2816 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/26 09:31:33.0372 2816 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/26 09:31:33.0409 2816 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/26 09:31:33.0449 2816 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/26 09:31:33.0490 2816 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/26 09:31:33.0584 2816 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/26 09:31:33.0651 2816 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/26 09:31:33.0707 2816 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/26 09:31:33.0806 2816 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/26 09:31:33.0838 2816 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/26 09:31:33.0869 2816 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/26 09:31:33.0908 2816 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/26 09:31:33.0944 2816 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/26 09:31:34.0054 2816 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/05/26 09:31:34.0097 2816 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/05/26 09:31:34.0144 2816 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/26 09:31:34.0210 2816 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/26 09:31:34.0317 2816 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/26 09:31:34.0342 2816 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/26 09:31:34.0401 2816 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/26 09:31:34.0478 2816 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/26 09:31:34.0649 2816 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/05/26 09:31:34.0812 2816 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/26 09:31:34.0912 2816 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/26 09:31:34.0997 2816 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/26 09:31:35.0080 2816 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/05/26 09:31:35.0091 2816 ================================================================================
2011/05/26 09:31:35.0091 2816 Scan finished
2011/05/26 09:31:35.0091 2816 ================================================================================
2011/05/26 09:31:35.0119 1540 Detected object count: 0
2011/05/26 09:31:35.0119 1540 Actual detected object count: 0
2011/05/26 09:31:58.0377 0280 Deinitialize success


Report •

#5
May 25, 2011 at 20:31:40
Let's try flushing the DNS cache....

This is how to clear the DNS cache in Vista:

Click the Start Orb
Click All Programs > Accessories > Command Prompt
For Vista, right-click on Command Prompt, and select: Run As Administrator

At the Command Prompt, type the following and hit Enter:

ipconfig /flushdns

After a few moments you should be able to see a confirmation window:
Windows IP Configuration. Successfully flushed the DNS Resolver Cache.

Restart the computer.

Any improvement?



Report •

#6
May 25, 2011 at 20:54:38
Ok, directions followed, but google is still redirecting, and programs such as MRT are still not running (without being renamed).

should i post the malwarebyte's log?


Report •

#7
May 26, 2011 at 04:55:26
BTW, what is MRT?

Do post the Malwarebytes' log.


Report •

#8
May 26, 2011 at 18:58:39
MRT = windows malicious software removal tool (inbuilt with windows)

Malwarebyte's log as follows:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6674

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

5/25/2011 9:24:52 PM
mbam-log-2011-05-25 (21-24-52).txt

Scan type: Quick scan
Objects scanned: 143415
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A1F447AA-68D3-AFD3-A7FC-3A8EB13EBB3C} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A1F447AA-68D3-AFD3-A7FC-3A8EB13EBB3C} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A1F447AA-68D3-AFD3-A7FC-3A8EB13EBB3C} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1F447AA-68D3-AFD3-A7FC-3A8EB13EBB3C} (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nqmswezoeisiem (Trojan.Agent) -> Value: nqmswezoeisiem -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\drivers_pack_v3.25.63.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\739e44b.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.


Report •

#9
May 26, 2011 at 20:14:53
✔ Best Answer
:-) Geeezz...MRT just did not register in my brain...kept thinking about something else.

One more step...

Please download the Kaspersky Virus Removal Tool:
http://support.kaspersky.com/viruse...

Save it to your Desktop
Right click the downloaded setup file, and select: Run as Administrator

At the main screen of the tool, in the AutoScan tab, make sure the first three options are checked
Next, scroll down to check the box next to the C:/ drive

Click on Start Scan

When the scan is finished, click on: Report (at the bottom)

In the Detailed Report screen, make sure the three buttons at the top are set to:
Autoscan, Do not group, and, Important events
Click on Save, and save to the Desktop

>>Please provide the Kaspersky Virus Removal Tool in your reply.<<


When done with the tool, uninstall it by doing the following:
In the bottom right corner of the main window, click the Exit button
Click the Yes button on the prompt to uninstall
Restart the computer to delete the Kaspersky Virus Removal Tool.

As far as the MRT goes, have you tried clicking on Start > R to open the Run command, and then type in: MRT?


Report •

#10
May 27, 2011 at 05:50:19
Sorry, had issues connecting to the net...

Yes, have tried run>MRT, but the program won't open unless i rename it, eg MRT1. then it works fine.

Good news! Kaspersky picked up some files!! Here is the report:

Autoscan: completed 2 hours ago (events: 2, objects: 8994, time: 00:08:53)
5/27/2011 5:33:45 PM Task completed
5/27/2011 5:24:50 PM Task started
Autoscan: completed 9 minutes ago (events: 10, objects: 223339, time: 01:29:50)
5/27/2011 6:02:08 PM Task started
5/27/2011 6:04:50 PM Detected: HEUR:Exploit.Script.Generic C:\Documents and Settings\User\AppData\Local\Mozilla\Firefox\Profiles\mmrj5qmp.default\Cache\5\18\E34C8d01/JIM
5/27/2011 6:11:09 PM Detected: HEUR:Exploit.Script.Generic C:\Documents and Settings\User\Local Settings\Mozilla\Firefox\Profiles\mmrj5qmp.default\Cache\5\18\E34C8d01/JIM
5/27/2011 6:21:47 PM Detected: HEUR:Exploit.Script.Generic C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\mmrj5qmp.default\Cache\5\18\E34C8d01/JIM
5/27/2011 7:09:38 PM Untreated: HEUR:Exploit.Script.Generic C:\Documents and Settings\User\AppData\Local\Mozilla\Firefox\Profiles\mmrj5qmp.default\Cache\5\18\E34C8d01/JIM Write not supported
5/27/2011 7:09:41 PM Untreated: HEUR:Exploit.Script.Generic C:\Documents and Settings\User\Local Settings\Mozilla\Firefox\Profiles\mmrj5qmp.default\Cache\5\18\E34C8d01/JIM Write not supported
5/27/2011 7:09:43 PM Untreated: HEUR:Exploit.Script.Generic C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\mmrj5qmp.default\Cache\5\18\E34C8d01/JIM Write not supported
5/27/2011 7:09:52 PM Detected: HEUR:Exploit.Script.Generic C:\Users\User\Local Settings\Mozilla\Firefox\Profiles\mmrj5qmp.default\Cache\5\18\E34C8d01/JIM
5/27/2011 7:10:01 PM Untreated: HEUR:Exploit.Script.Generic C:\Users\User\Local Settings\Mozilla\Firefox\Profiles\mmrj5qmp.default\Cache\5\18\E34C8d01/JIM Write not supported
5/27/2011 7:31:58 PM Task completed


Do I uninstall and delete the program now, or do I use the tool to get rid of the viruses first?


Since all the malicious files have been associated with Mozilla Firefox, is it worth uninstalling and using a different browser?

Thanks so much for your help, i could never have worked this out on my own...


Report •

#11
May 28, 2011 at 06:50:29
Hey,
Now that Kaspersky has detected the malicious files, If I click on 'disinfect', the only options I can choose from are 'delete archive' or 'skip'. Quarantine is not an option, it says 'write not supported'.

Since all the malicious files seem to be connected to Mozilla, is it safe to delete them through KVRT? Then should I uninstall Mozilla as well as KVRT, then reboot?


Report •

#12
May 29, 2011 at 08:19:31
Hi there,
I've now been able to Quarantine two threats, but the protection state lists three other files with the status 'absent'. What does this mean?

Protection Status (set to All Detected Malware):

5/29/2011 8:39:47 PM Quarantined virus HEUR:Exploit.Script.Generic C:\Documents and Settings\User\AppData\Local\Mozilla\Firefox\Profiles\mmrj5qmp.default\Cache\5\18\E34C8d01//JIM

5/29/2011 8:39:47 PM Quarantined virus HEUR:Exploit.Script.Generic C:\Documents and Settings\User\AppData\Local\Mozilla\Firefox\Profiles\mmrj5qmp.default\Cache\5\18\E34C8d01

5/29/2011 8:39:47 PM Not found virus HEUR:Exploit.Script.Generic C:\Documents and Settings\User\Local Settings\Mozilla\Firefox\Profiles\mmrj5qmp.default\Cache\5\18\E34C8d01//JIM

5/29/2011 8:39:47 PM Not found virus HEUR:Exploit.Script.Generic C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\mmrj5qmp.default\Cache\5\18\E34C8d01//JIM

5/29/2011 8:39:47 PM Not found virus HEUR:Exploit.Script.Generic C:\Users\User\Local Settings\Mozilla\Firefox\Profiles\mmrj5qmp.default\Cache\5\18\E34C8d01//JIM

In the initial scan (report listed at #10), there were 8 files detected, so does this mean 3 are still unaccounted for?

I also still don't know what to do next with KVRT, whether to reboot or not, etc.

I'm sure it's pretty simple, but i don't want to accidentally delete something important. HOpe you can help! :-)


Report •

#13
May 29, 2011 at 17:08:24
Sorry for the delay...

KVRT is picking up entries from the FireFox cache.

If you decide to uninstall FireFox, I would presume that would take care of its cache.

If you uninstall FireFor, run KVRT once again, and post its report to see if any entries are left.


Report •

Ask Question