Redirecting links-google

December 22, 2009 at 20:34:12
Specs: Windows XP
Everytime i click on link it redirects to another site searching the same thing. im doing the malwarbytes now and will be posting log and then doing hijackthis. thanks for help

See More: Redirecting links-google

Report •

#1
December 22, 2009 at 21:10:57
i just did the malwarebytes and restarted and links now work, should i just not do anything now since i fixed it?

Report •

#2
December 22, 2009 at 21:35:03
Not unless it comes back, and do not post any Hijack This logs until a helper ask you to do so as it is against forum rules

Report •

#3
December 23, 2009 at 20:36:22
on some links it redirects and others it doesnt.

Report •

Related Solutions

#4
December 23, 2009 at 22:32:45
Brain your pc has a browser hijacker/ browser hacker virus wich redirects your search links.see the manual fix instructions within the link below or run UNHACK ME tool
http://darfuns.com/remove-google-se...

Report •

#5
December 24, 2009 at 21:00:58
the link was no help as it hack me tool just showed me them and said i had to register and buy the product. I have used malwarebytes and it sort of worked and i will try it again tonight, please tell if i should give logs. thank you

Report •

#6
December 26, 2009 at 17:12:25
Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.

Download RootRepeal from one of the links on the rootrepeal download page. It can be downloaded as a .rar or .zip file which ever you like. If you get a bandwidth problem notice just try another link.


RootRepeal

Extract the RootRepeal.exe file from the RAR or ZIP and save the EXE file to your Desktop.
Disable your antivirus, antispyware, and firewalls before continuing or they may block RootRepeal from running properly.
Now run the RootRepeal.exe program by double clicking on it.
On the botton click the Files tab and then click the Scan button
A Select Drives form will open. Select all of your drives by checking the boxes and then click ok.
It will start scanning. It may take a while to finish depending on how many drives, files and folder you have so be patient and wait on it.
When it finishes click “save report” and save at a easy place to locate such as your desktop. Save it as Rrlog.txt.
Place post the log that was produced to the forum.


Report •

#7
December 27, 2009 at 23:39:49
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/12/28 01:43
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\1394BUS.SYS
Address: 0xF7630000 Size: 53248 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF74E1000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xAAF04000 Size: 138368 File Visible: - Signed: -
Status: -

Name: ALCXWDM.SYS
Image Path: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Address: 0xF5E15000 Size: 3644928 File Visible: - Signed: -
Status: -

Name: AmdK8.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AmdK8.sys
Address: 0xF77F0000 Size: 57344 File Visible: - Signed: -
Status: -

Name: aracpi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\aracpi.sys
Address: 0xF7A18000 Size: 22784 File Visible: - Signed: -
Status: -

Name: arhidfltr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
Address: 0xA7763000 Size: 19200 File Visible: - Signed: -
Status: -

Name: arkbcfltr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
Address: 0xF7B60000 Size: 5376 File Visible: - Signed: -
Status: -

Name: armoucfltr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
Address: 0xF7B5E000 Size: 4992 File Visible: - Signed: -
Status: -

Name: arp1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Address: 0xF2078000 Size: 60800 File Visible: - Signed: -
Status: -

Name: arpolicy.sys
Image Path: C:\WINDOWS\system32\DRIVERS\arpolicy.sys
Address: 0xF7B08000 Size: 10112 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF739E000 Size: 95360 File Visible: - Signed: -
Status: -

Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBFA0E000 Size: 233472 File Visible: - Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF9D6000 Size: 229376 File Visible: - Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xF66BD000 Size: 880640 File Visible: - Signed: -
Status: -

Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBFA47000 Size: 2179072 File Visible: - Signed: -
Status: -

Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBFC5B000 Size: 487424 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7D07000 Size: 3072 File Visible: - Signed: -
Status: -

Name: bb-run.sys
Image Path: bb-run.sys
Address: 0xF7680000 Size: 36864 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF7BCE000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7A20000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xA5284000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF7810000 Size: 49536 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7670000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7660000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF748B000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF7B18000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF6824000 Size: 61440 File Visible: - Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xA7A68000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C4000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xA6B20000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xA678F000 Size: 143360 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF31E8000 Size: 34944 File Visible: - Signed: -
Status: -

Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xF7323000 Size: 128896 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF7BCC000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF74B1000 Size: 125056 File Visible: - Signed: -
Status: -

Name: ftsata2.sys
Image Path: ftsata2.sys
Address: 0xF735B000 Size: 274432 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Address: 0xF7830000 Size: 40960 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E2000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xA761D000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xA776B000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xA9095000 Size: 9600 File Visible: - Signed: -
Status: -

Name: HSF_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Address: 0xF6470000 Size: 703232 File Visible: - Signed: -
Status: -

Name: HSF_DP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
Address: 0xF651C000 Size: 1038208 File Visible: - Signed: -
Status: -

Name: HSFHWBS2.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
Address: 0xF661A000 Size: 220928 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xA5646000 Size: 263552 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xF6814000 Size: 52736 File Visible: - Signed: -
Status: -

Name: iaStor.sys
Image Path: iaStor.sys
Address: 0xF73B6000 Size: 872064 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF7800000 Size: 41856 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xF7B16000 Size: 5504 File Visible: - Signed: -
Status: -

Name: ipfltdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Address: 0xF3218000 Size: 32896 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xAAE16000 Size: 134912 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xAAFCD000 Size: 74752 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF7610000 Size: 35840 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF7940000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7B10000 Size: 8192 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xF6663000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF72FA000 Size: 92544 File Visible: - Signed: -
Status: -

Name: mdc8021x.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
Address: 0xA90B1000 Size: 14176 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xA5602000 Size: 11840 File Visible: - Signed: -
Status: -

Name: mfeavfk.sys
Image Path: C:\WINDOWS\system32\drivers\mfeavfk.sys
Address: 0xA4DCE000 Size: 73088 File Visible: - Signed: -
Status: -

Name: mfebopk.sys
Image Path: C:\WINDOWS\system32\drivers\mfebopk.sys
Address: 0xF2E37000 Size: 28544 File Visible: - Signed: -
Status: -

Name: mfehidk.sys
Image Path: C:\WINDOWS\system32\drivers\mfehidk.sys
Address: 0xAAE37000 Size: 207936 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF7BD0000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF7928000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF7930000 Size: 23040 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7640000 Size: 42240 File Visible: - Signed: -
Status: -

Name: Mpfp.sys
Image Path: C:\WINDOWS\System32\Drivers\Mpfp.sys
Address: 0xAAF4E000 Size: 159744 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xA573A000 Size: 181248 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xAAE6A000 Size: 453632 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF57DA000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF67D4000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xF7AF4000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF7225000 Size: 107904 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF7240000 Size: 182912 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xF7B0C000 Size: 9600 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA90AD000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xF5DC8000 Size: 91776 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF3268000 Size: 38016 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xF3208000 Size: 34560 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xAAF26000 Size: 162816 File Visible: - Signed: -
Status: -

Name: nic1394.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Address: 0xF6AFD000 Size: 61824 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF57D2000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF726D000 Size: 574464 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF2512000 Size: 2944 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF7620000 Size: 61056 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xF5DDF000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF7898000 Size: 18688 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF74D0000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7BD8000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7890000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF5DF3000 Size: 139264 File Visible: - Signed: -
Status: -

Name: PS2.sys
Image Path: C:\WINDOWS\system32\DRIVERS\PS2.sys
Address: 0xF7938000 Size: 26624 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xF5DB7000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7A00000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF7690000 Size: 35712 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xF50AD000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF6804000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF67F4000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF67E4000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF7A08000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xAAED9000 Size: 174592 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF7BD2000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xF1B7B000 Size: 196864 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF7820000 Size: 57472 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA45CA000 Size: 49152 File Visible: No Signed: -
Status: -

Name: Rtlnicxp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
Address: 0xF6650000 Size: 74496 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Address: 0xF7343000 Size: 98304 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF7311000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xA55A4000 Size: 333184 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF7BC8000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xF76D0000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xAAF75000 Size: 360320 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xF7948000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF3C09000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xF1B47000 Size: 209408 File Visible: - Signed: -
Status: -

Name: usbaudio.sys
Image Path: C:\WINDOWS\system32\drivers\usbaudio.sys
Address: 0xA762D000 Size: 59264 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xA7DB6000 Size: 31616 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF7BCA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF78D0000 Size: 27008 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xF3238000 Size: 57600 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xF78A0000 Size: 17024 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xF6686000 Size: 143360 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xA7DAE000 Size: 26496 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF57E2000 Size: 20992 File Visible: - Signed: -
Status: -

Name: viaide.sys
Image Path: viaide.sys
Address: 0xF7B14000 Size: 5376 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF66A9000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7650000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xF31D8000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xA773B000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xA56FD000 Size: 82944 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7B12000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2142208 File Visible: - Signed: -
Status: -


Report •

#8
December 28, 2009 at 19:02:42

Remember..your Antivirus and any real time anti-spyware program on the computer must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.


Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#9
December 28, 2009 at 19:17:29
cannot download

File not found

Firefox can't find the file at http://download.bleepingcomputer.co...


* Check the file name for capitalization or other typing errors.

* Check to see if the file was moved, renamed or deleted


Report •

#10
December 28, 2009 at 19:53:16
Download it with internet explorer instead of Firefox.

Report •

#11
December 29, 2009 at 04:49:32
Try this link instead (the above supplied link had a dot at the end )
http://download.bleepingcomputer.co...

Report •

#12
December 30, 2009 at 00:18:46
yea i got it, i had to restart browser, so is this the final thing i have to do and it will be fixed if its what you think?

Report •

#13
December 30, 2009 at 04:09:49
Originally posted by jabuck
"Please post the "C:\Combo-Fix.txt""

Report •

#14
December 30, 2009 at 11:45:23
ComboFix 09-12-29.06 - HP_Administrator 12/30/2009 12:48:08.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.376 [GMT -6:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
C:\Documents and Settings\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk
C:\WINDOWS\kb913800.exe
C:\WINDOWS\system32\12497.exe
C:\WINDOWS\system32\15864.exe
C:\WINDOWS\system32\19295.exe
C:\WINDOWS\system32\21571.exe
C:\WINDOWS\system32\2186.exe
C:\WINDOWS\system32\23568.exe
C:\WINDOWS\system32\24263.exe
C:\WINDOWS\system32\2491.exe
C:\WINDOWS\system32\25227.exe
C:\WINDOWS\system32\27443.exe
C:\WINDOWS\system32\28739.exe
C:\WINDOWS\system32\2884.exe
C:\WINDOWS\system32\29735.exe
C:\WINDOWS\system32\5305.exe
C:\WINDOWS\system32\6810.exe
C:\WINDOWS\system32\7508.exe
C:\WINDOWS\system32\7802.exe
C:\WINDOWS\system32\ps2.bat
D:\Autorun.inf

Infected copy of C:\WINDOWS\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-30 )))))))))))))))))))))))))))))))
.

2009-12-30 01:05:16 . 2009-12-30 01:05:16 -------- d-----w- C:\spoolerlogs
2009-12-28 07:13:26 . 2009-12-28 07:13:41 -------- d-----w- C:\rsit
2009-12-26 20:09:58 . 2009-12-26 20:09:58 -------- d-s---w- C:\WINDOWS\system32\config\systemprofile\UserData
2009-12-24 09:53:52 . 2009-12-25 06:22:20 22304 --sha-w- C:\WINDOWS\system32\drivers\fidbox2.dat
2009-12-24 09:53:52 . 2009-12-25 06:19:28 700704 --sha-w- C:\WINDOWS\system32\drivers\fidbox.dat
2009-12-24 09:31:52 . 2009-12-25 01:26:37 -------- d-----w- C:\Program Files\Common Files\ParetoLogic
2009-12-24 09:31:52 . 2009-12-24 09:31:54 -------- d-----w- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS
2009-12-24 09:31:51 . 2009-12-25 01:26:38 -------- d-----w- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2009-12-24 09:31:00 . 2009-12-24 09:31:00 -------- d-----w- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Downloaded Installations
2009-12-24 09:24:53 . 2009-12-24 09:24:57 -------- d-----w- C:\RootkitNO
2009-12-24 09:22:53 . 2009-12-24 09:22:53 2 --shatr- C:\WINDOWS\winstart.bat
2009-12-24 09:22:17 . 2009-12-25 01:18:35 -------- d-----w- C:\Program Files\UnHackMe
2009-12-23 04:24:11 . 2009-12-23 04:24:11 -------- d-----w- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2009-12-23 04:23:58 . 2009-12-03 22:14:06 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-12-23 04:23:56 . 2009-12-23 04:23:56 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-23 04:23:55 . 2009-12-03 22:13:56 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2009-12-23 04:23:54 . 2009-12-23 04:24:06 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-30 19:06:43 . 2009-07-30 15:27:02 -------- d-----w- C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2009-12-30 19:06:16 . 2009-06-19 19:48:39 -------- d-----w- C:\Program Files\Steam
2009-12-30 08:24:03 . 2009-06-19 13:56:27 -------- d-----w- C:\Documents and Settings\HP_Administrator\Application Data\mIRC
2009-12-30 08:14:59 . 2009-06-19 13:56:27 -------- d-----w- C:\Program Files\mIRC
2009-12-29 04:40:35 . 2004-08-10 12:00:00 95360 ----a-w- C:\WINDOWS\system32\drivers\atapi.sys
2009-12-29 04:40:35 . 2004-08-10 12:00:00 95360 ----a-w- C:\WINDOWS\system32\drivers\atapi.svs
2009-12-25 04:20:32 . 2009-06-20 09:22:03 -------- d-----w- C:\Program Files\Warcraft III
2009-12-24 09:59:51 . 2009-12-24 09:59:47 125952 ----a-w- C:\Documents and Settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2009-12-24 09:53:54 . 2009-12-24 09:53:52 32 --sha-w- C:\WINDOWS\system32\drivers\fidbox2.idx
2009-12-24 09:53:54 . 2009-12-24 09:53:52 32 --sha-w- C:\WINDOWS\system32\drivers\fidbox.idx
2009-12-21 23:40:42 . 2009-07-09 16:37:49 -------- d-----w- C:\Program Files\Common Files\Motive
2009-12-02 14:35:31 . 2009-12-12 04:17:48 755200 ----a-w- C:\Documents and Settings\HP_Administrator\Application Data\Octoshape\Octoshape Streaming Services\pmv3052a-0912021-0-libOctoshapeClient.dll
2009-11-30 13:29:20 . 2005-11-11 00:59:40 -------- d-----w- C:\Program Files\Google
2009-11-25 19:56:31 . 2009-06-19 15:18:50 -------- d-----w- C:\Program Files\McAfee
2009-11-17 02:27:18 . 2009-11-17 02:27:18 -------- d-----w- C:\Program Files\ESEA
2009-11-15 22:32:56 . 2009-11-15 22:33:22 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll
2009-11-15 22:32:52 . 2005-11-11 00:05:36 -------- d-----w- C:\Program Files\Java
2009-11-15 22:31:56 . 2009-11-15 22:31:56 152576 ----a-w- C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-29 05:48:04 . 2004-08-10 12:00:00 662016 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-10-25 15:53:47 . 2009-10-24 06:42:29 359488 ----a-w- C:\Documents and Settings\HP_Administrator\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2009-10-25 15:53:46 . 2009-10-24 06:42:20 179264 ----a-w- C:\Documents and Settings\HP_Administrator\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2009-10-25 15:53:44 . 2009-10-24 06:54:06 138944 ----a-w- C:\WINDOWS\system32\drivers\PnkBstrK.sys
2009-10-25 15:53:06 . 2009-10-24 06:20:56 189784 ----a-w- C:\WINDOWS\system32\PnkBstrB.exe
2009-10-25 15:52:45 . 2009-10-24 06:42:13 57344 ----a-w- C:\Documents and Settings\HP_Administrator\Application Data\id Software\quakelive\home\pb\pbag.dll
2009-10-25 15:52:44 . 2009-10-24 06:42:13 874660 ----a-w- C:\Documents and Settings\HP_Administrator\Application Data\id Software\quakelive\home\pb\pbcl.dll
2009-10-25 15:52:42 . 2009-10-24 06:42:12 2628672 ----a-w- C:\Documents and Settings\HP_Administrator\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2009-10-24 06:46:39 . 2009-10-24 06:42:25 461888 ----a-w- C:\Documents and Settings\HP_Administrator\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2009-10-24 06:20:52 . 2009-10-24 06:20:52 75064 ----a-w- C:\WINDOWS\system32\PnkBstrA.exe
2009-10-24 06:20:52 . 2009-10-24 06:20:51 2373712 ----a-w- C:\WINDOWS\system32\pbsvc.exe
2009-10-21 06:00:55 . 2004-08-10 12:00:00 75776 ----a-w- C:\WINDOWS\system32\strmfilt.dll
2009-10-21 06:00:55 . 2004-08-10 12:00:00 25088 ----a-w- C:\WINDOWS\system32\httpapi.dll
2009-10-20 14:58:48 . 2004-08-10 12:00:00 263552 ----a-w- C:\WINDOWS\system32\drivers\http.sys
2009-10-20 03:14:28 . 2009-10-20 02:13:23 38208 ----a-w- C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-13 10:53:29 . 2004-08-10 12:00:00 266752 ----a-w- C:\WINDOWS\system32\oakley.dll
2009-10-12 13:54:17 . 2004-08-10 12:00:00 69632 ----a-w- C:\WINDOWS\system32\raschap.dll
2009-10-12 13:54:17 . 2004-08-10 12:00:00 112128 ----a-w- C:\WINDOWS\system32\rastls.dll
2009-05-13 21:55:22 . 2009-05-13 21:55:22 1044480 ----a-w- C:\Program Files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55:22 . 2009-05-13 21:55:22 200704 ----a-w- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 03:08:22 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 03:08:22 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-10-31 20:51:44 1217808]
"Octoshape Streaming Services"="C:\Documents and Settings\HP_Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 13:44:06 70936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 04:56:34 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 07:19:16 77312]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 06:35:56 49152]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 17:41:10 1605740]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 07:41:10 49152]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-18 02:10:00 339968]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2009-10-29 12:54:44 1218008]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2009-07-08 02:02:26 1176808]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2009-05-26 22:18:30 413696]
"MsgCenterExe"="C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" [2009-07-01 02:12:13 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2009-07-01 02:12:13 198160]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2009-7-28 139776]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2005-11-10 36903]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Steam\\steamapps\\chronic_gamer@hotmail.com\\day of defeat\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\chronic_gamer@hotmail.com\\counter-strike\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\chronic_gamer@hotmail.com\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\chronic_gamer@hotmail.com\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Documents and Settings\\HP_Administrator\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"C:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:wc3
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"8371:TCP"= 8371:TCP:League of Legends Launcher
"8371:UDP"= 8371:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [6/19/2009 9:21:12 AM 203280]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys --> C:\WINDOWS\system32\drivers\Partizan.sys [?]
S2 gupdate1ca0b4b62b330a6;Google Update Service (gupdate1ca0b4b62b330a6);C:\Program Files\Google\Update\GoogleUpdate.exe [7/22/2009 10:09:33 PM 133104]
S3 CM1083264;C-Media CM108 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\CM108.sys --> C:\WINDOWS\system32\drivers\CM108.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2004-08-10 12:00:00 99840 ----a-w- C:\WINDOWS\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2009-12-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34:12 . 2008-07-30 17:34:12]

2009-12-30 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-23 04:09:33 . 2009-07-23 04:09:22]

2009-12-30 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-23 04:09:33 . 2009-07-23 04:09:22]

2009-12-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2009-06-19 15:19:10 . 2009-09-25 17:22:14]

2009-11-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2009-06-19 15:19:10 . 2009-09-25 17:22:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.net/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://att.yahoo.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: 0.0.0.0
Trusted Zone: motive.com\pattta.att
Trusted Zone: motive.com\patttbc.att
FF - ProfilePath - C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\b3gumn4u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - component: C:\Program Files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)
HKLM-Run-PRISMSVR.EXE - C:\WINDOWS\system32\PRISMSVR.EXE
HKLM-Run-ATT-SST_McciTrayApp - C:\Program Files\ATT-SST\McciTrayApp.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 13:06:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...


Report •

#15
December 30, 2009 at 18:02:29
Are you still being redirected?

If you still have Ask Toolbar you should uninstall it as it is known to harbor spyware.

LimeWire is also an iffy program that you may want to consider uninstalling, it is p2p and has a shared file that bypasses your antivirus.

Your java is out of date and may have been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 17 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.

A little clean-up to do.

Delete RSIT and RootRepeal from your desktop

Go to start> run> type in ComboFix /Uninstall (note the space after ComboFix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Next create a new restore point. Go to start> run> type in msconfig> ok> click launch system restore> check the circle beside "create a restore point> next> name it today's date> create > click home > exit the system configuration utility> restart the computer.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.


Report •

#16
January 2, 2010 at 21:25:18
thanks, it works now perfectly

Report •

Ask Question