redirecting google searches

July 4, 2009 at 18:11:33
Specs: Windows XP
Hi. I am having issues with my google
seaches. As soon as i click a link, the system
redirects me to other pages. I've been reading
previous advice you've given to others and
decided to run HiJackThis.exe. Now, this is
the resulting log. Please advice on how to
continue, thanks a lot

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:07 PM, on 7/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00
(7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program
Files\MIT\Kerberos\bin\krbcc32s.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft
Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common
files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile
Device
Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.
exe
C:\Program
Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN
Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton
AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog
Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program
Files\OpenAFS\Client\Program\afsd_service.e
xe
C:\Program Files\Windows Media
Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft
Shared\Ink\TCServer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft
Shared\Ink\TabTip.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program
Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HPQ\Quick Launch
Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec
Shared\ccApp.exe
C:\Program Files\Common
Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media
Player\WMPNSCFG.exe
C:\Program
Files\HPQ\SHARED\HPQWMI.exe
C:\Documents and
Settings\Administrator\Local
Settings\Application
Data\Google\Update\1.2.183.7\GoogleCrashHa
ndler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft
Office\OFFICE11\WINWORD.EXE
C:\Documents and
Settings\Administrator\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and
Settings\Administrator\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and
Settings\Administrator\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Spyware
Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware
Doctor\pctsTray.exe
C:\Documents and
Settings\Administrator\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\My
Documents\Downloads\HiJackThis.exe
C:\Documents and
Settings\Administrator\Local
Settings\Application
Data\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://webmail.mit.edu/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet
Connection Wizard,ShellNext =
http://www.hp.com/
R1 -
HKCU\Software\Microsoft\Windows\CurrentVer
sion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-
1895-11CF-8E15-001234567890} -
C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper -
{761497BB-D6F0-462C-B6EB-
D4DAF1D92D43} - C:\Program
Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-
48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6}
- C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO -
{AF69DE43-7D58-4638-B6FA-
CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\5.1.1309.3
572\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-
42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9}
- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Credential Manager for
ProtectTools - {DF21F1DB-80C6-11D3-9483-
B03D0EC10000} - C:\Program
Files\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: JQSIEStartDetectorImpl -
{E7E6F031-17CE-4C07-BC86-
EABFE594F69C} - C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-
3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton
AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TabletWizard]
C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program
Files\Common Files\microsoft
shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE"
/Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImSc
Inst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINT
SETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINT
SETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray]
C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence]
C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [UpdateManager]
"C:\Program Files\Common
Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla]
C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program
Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program
Files\HPQ\Quick Launch
Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [CognizanceTS]
rundll32.exe
C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,Re
gisterModule
O4 - HKLM\..\Run: [Symantec NetDriver
Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe
/Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program
Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program
Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray]
"C:\Program Files\Common Files\Roxio
Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed
Launcher] "C:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -
atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program
Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Tunebite] C:\Program
Files\RapidSolution\Tunebite\Tunebite.exe -
tray
O4 - HKCU\..\Run: [Google Update]
"C:\Documents and
Settings\Administrator\Local
Settings\Application
Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program
Files\Windows Media
Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard]
%windir%\help\wizard.hta (User 'LOCAL
SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard]
%windir%\help\wizard.hta (User 'NETWORK
SERVICE')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to
Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\OFFICE11\E
XCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-
8CB2-491a-A3C7-D9FCDDC9D600} -
C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in
Windows Live Writer - {219C3416-8CB2-491a-
A3C7-D9FCDDC9D600} - C:\Program
Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-
18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~3\OFFICE11\REFIE
BAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-
d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-
20001 - {e2e2dd38-d088-4134-82b7-
f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-
F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows
Messenger - {FB5F1910-F110-11d2-BB9E-
00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O14 - IERESET.INF:
START_PAGE_URL=http://www.hp.com
O16 - DPF: {17492023-C23A-453E-A040-
C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {238F6F83-B8B4-11CF-8771-
00A024541EE3} (Citrix ICA Client) -
https://aswww2.oasis.unc.edu/Citrix/ICAWEB/
en/ica32/wficac.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-
2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.mail.live.com/mail/w1/r...
NPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-
BE107C0EC166} (Windows Live Safety Center
Base Module) -
http://cdn.scan.onecare.live.com/re...
nload/scanner/wlscbase4009.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-
595F0A5519FF}
(MsnMessengerSetupDownloadControl Class)
-
http://messenger.msn.com/download/M...
sengerSetupDownloader.cab
O16 - DPF: {E008A543-CEFB-4559-912F-
C27C2B89F13B} (Domino Web Access 7
Control) -
https://webmail.worldbank.org/dwa7W.cab
O18 - Protocol: skype4com - {FFC8B962-
9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4
~1.DLL
O20 - Winlogon Notify: AfsLogon -
C:\WINDOWS\SYSTEM32\afslogon.dll
O20 - Winlogon Notify: KFWLogon -
C:\WINDOWS\SYSTEM32\afslogon.dll
O20 - Winlogon Notify: OneCard - C:\Program
Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Apple Mobile Device - Apple
Inc. - C:\Program Files\Common
Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate
Scheduler - Symantec Corporation -
C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.
exe
O23 - Service: Bonjour Service - Apple Inc. -
C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager
(ccEvtMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation
(ccPwdSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager
(ccSetMgr) - Symantec Corporation -
C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN
Service (CVPND) - Cisco Systems, Inc. -
C:\Program Files\Cisco Systems\VPN
Client\cvpnd.exe
O23 - Service: Google Software Updater
(gusvc) - Google - C:\Program
Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) -
Hewlett-Packard Development Company, L.P.
- C:\Program
Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation -
C:\Program Files\Common
Files\InstallShield\Driver\1050\Intel
32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter
(JavaQuickStarterService) - Sun
Microsystems, Inc. - C:\Program
Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec
Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOM
S~1.EXE
O23 - Service: Logitech Process Monitor
(LVPrcSrv) - Logitech Inc. - c:\program
files\common
files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. -
C:\Program Files\Common
Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Norton AntiVirus Auto-Protect
Service (navapsvc) - Symantec Corporation -
C:\Program Files\Norton
AntiVirus\navapsvc.exe
O23 - Service: OracleMTSRecoveryService -
Unknown owner -
G:\oracle\ora92\bin\omtsreco.exe (file missing)
O23 - Service: Oracleora9ClientCache -
Unknown owner - C:\Oracle\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92ClientCache
- Unknown owner -
G:\oracle\ora92\BIN\ONRSD.EXE (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic
Solutions - C:\Program Files\Roxio\Digital
Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic
Solutions - C:\Program Files\Roxio\Digital
Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9
(RoxLiveShare9) - Sonic Solutions -
C:\Program Files\Common Files\Roxio
Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic
Solutions - C:\Program Files\Common
Files\Roxio
Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9
(RoxWatch9) - Sonic Solutions - C:\Program
Files\Common Files\Roxio
Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVScan - Symantec
Corporation - C:\Program Files\Norton
AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service
(SBService) - Symantec Corporation -
C:\PROGRA~1\COMMON~1\SYMANT~1\SC
RIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service
(sdAuxService) - PC Tools - C:\Program
Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service
(sdCoreService) - PC Tools - C:\Program
Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers
Service (SNDSrvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service
(SoundMAX Agent Service (default)) - Analog
Devices, Inc. - C:\Program Files\Analog
Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc
(SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe
O23 - Service: OpenAFS Client Service
(TransarcAFSDaemon) - OpenAFS Project -
C:\Program
Files\OpenAFS\Client\Program\afsd_service.e
xe

--
End of file - 15024 bytes


See More: redirecting google searches

Report •


#1
July 5, 2009 at 07:44:16

Report •

#2
July 5, 2009 at 11:36:46
It only happens with Firefox. I tried Chrome and Safari and no
problems so far.
thanks,
cm

Report •

#3
July 5, 2009 at 11:45:07
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #1

1) Ensure all Firefox windows are closed.

2) To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).

3) When prompted to run the scan, click Yes.

4) GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

Related Solutions

#4
July 5, 2009 at 12:39:19
Ok, this is the results of the log.

GooredFix by jpshortstuff (03.07.09)
Log created at 15:37 on 05/07/2009 (Administrator)
Firefox version 3.5 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [08:05 28/06/2009]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [04:39
17/07/2007]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extension
s]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"
[14:58 24/09/2008]

-=E.O.F=-


Report •

#5
July 5, 2009 at 12:53:38
Note: I can help you remove malware manually. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. First Track this topic. Then follow:

1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again. Make sure you have your web browser open in background before following the steps below.

i) To create the log file, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteAVUpdateEx( 'http://avz.virusinfo.info/avz_up/', 1, '','','');
ExecuteStdScr(3);
RebootWindows(true);
end.


Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.

Image Tutorial

2) Download and Run DDS which will create a Pseudo HJT Report as part of its log: DDS Tool Download Link. When done, DDS will open two (2) logs

   1. DDS.txt
   2. Attach.txt

Upload the logs to rapidshare.com and paste download link in your next reply.
Note: Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#6
July 7, 2009 at 20:07:28
Here is the Rapidshare link from the AVZ.exe program.

http://rapidshare.com/files/2532561...

Should I also do now the "Image Tutorial" section?

Thanks,

C


Report •

#7
July 7, 2009 at 20:21:33
Follow these steps in order numbered:

1) Download GMER: http://gmer.net/download.php
[This version will download a randomly named file (Recommended).]

2) Disconnect from the Internet and close all running programs.

3) Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

4) Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.

5) GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)

6) If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.

7) Now click the Scan button. If you see a rootkit warning window, click OK.

8) When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log and upload it rapidshare.com. Post the download link to the uploaded file in your post.

9) Exit GMER and re-enable all active protection when done.

Note: Please give me the exact name of the file you downloaded in step 1 + post your log from step 8 in your next post.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •

#8
July 13, 2009 at 19:33:30
Thanks for your help.

- The name of the file i used in Step 1 is HiJackThis.exe

- Here is the link to the gmer.log file that resulted.
http://rapidshare.com/files/2555702...

Best,

C


Report •

#9
July 16, 2009 at 06:06:30
Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:

1) Attach a Combofix log, please review and follow these instructions carefully.

Download it here -> http://download.bleepingcomputer.co...

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please upload that file to rapidshare.com and paste the link here.

2) Please zip up C:\qoobox\quarantine and upload it, to a filehost such as http://rapidshare.com/ Then, Private Message me the Download links to the uploaded files.

If I'm helping you and I don't reply within 24 hours send me a PM.


Report •


Ask Question