Search Engine Redirects

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

Re: Search Engine Redirects17th August 2010, 2:44 am

VirSCAN.org Scanned Report :
Scanned time : 2010/08/16 19:29:03 (PDT)
Scanner results: Scanners did not find malware!
File Name : explorer.exe
File Size : 2614272 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 2626fc9755be22f805d3cfa0ce3ee727
SHA1 : d76db4dcd710be9c3314cff94824933847565372
Online report : http://virscan.org/report/746da46a01adfeb09284d12eec4d9775.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.0.0.18 20100817050930 2010-08-17 40.09 -
AhnLab V3 2010.08.07.00 2010.08.07 2010-08-07 40.14 -
AntiVir 8.2.4.34 7.10.10.201 2010-08-16 0.27 -
Antiy 2.0.18 20100815.4936744 2010-08-15 0.02 -
Arcavir 2009 201006281601 2010-06-28 0.00 -
Authentium 5.1.1 201008162205 2010-08-16 2.84 -
AVAST! 4.7.4 100816-2 2010-08-16 0.12 -
AVG 8.5.793 271.1.1/3076 2010-08-17 0.26 -
BitDefender 7.90123.6151351 7.33396 2010-08-17 4.48 -
ClamAV 0.96.1 11567 2010-08-17 0.72 -
Comodo 4.0 5765 2010-08-16 40.09 -
CP Secure 1.3.0.5 2010.08.17 2010-08-17 0.51 -
Dr.Web 5.0.2.3300 2010.08.17 2010-08-17 9.32 -
F-Prot 4.4.4.56 20100816 2010-08-16 2.94 -
F-Secure 7.02.73807 2010.08.16.10 2010-08-16 15.72 -
Fortinet 4.1.143 12.254 2010-08-16 40.09 -
GData 21.682/21.263 20100816 2010-08-16 40.09 -
ViRobot 20100816 2010.08.16 2010-08-16 40.15 -
Ikarus T3. 2010.08.17.76524 2010-08-17 5.24 -
JiangMin 13.0.900 2010.08.16 2010-08-16 40.09 -
Kaspersky 5.5.10 2010.08.16 2010-08-16 0.09 -
KingSoft 2009.2.5.15 2010.8.17.9 2010-08-17 40.09 -
McAfee 5400.1158 6076 2010-08-16 18.48 -
Microsoft 1.6004 2010.08.17 2010-08-17 40.18 -
Norman 6.05.11 6.05.00 2010-08-16 6.02 -
Panda 9.05.01 2010.08.16 2010-08-16 40.09 -
Trend Micro 9.120-1004 7.388.18 2010-08-16 0.03 -
Quick Heal 11.00 2010.08.16 2010-08-16 40.09 -
Rising 20.0 22.61.00.04 2010-08-16 40.27 -
Sophos 3.10.0 4.56 2010-08-17 5.96 -
Sunbelt 3.9.2432.2 6743 2010-08-16 40.19 -
Symantec 1.3.0.24 20100816.016 2010-08-16 0.29 -
nProtect 20100816.02 8811137 2010-08-16 40.09 -
The Hacker 6.5.2.1 v00349 2010-08-16 40.09 -
VBA32 3.12.14.0 20100813.0808 2010-08-13 4.81 -
VirusBuster 4.5.11.10 10.127.58/2036425 2010-08-17 3.56 -

Re: Search Engine Redirects17th August 2010, 4:29 am

Please download ComboFix Search Engine Redirects - Page 1 Combofix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com (Click the green button on the page to download it).

Rename ComboFix.exe to combo-fix.exe before you save it to your Desktop

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
killall::

TDL::
c:\windows\system32\drivers\atapi.sys

Reboot::
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

NOTE: [list][*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It will probably not install on your machine.

Re: Search Engine Redirects17th August 2010, 8:46 am

ComboFix 10-08-16.03 - Chan 08/17/2010 1:05.3.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3326.2397 [GMT -7:00]
Running from: c:\users\Chan\Desktop\New folder\ComboFix.exe
Command switches used :: c:\users\Chan\Desktop\New folder\CFScript.txt.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-17 09:36 . 2009-07-14 01:26 21584 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-08-17 08:15 . 2010-08-17 08:39 -------- d-----w- c:\users\Chan\AppData\Local\temp
2010-08-17 08:15 . 2010-08-17 08:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-17 08:15 . 2010-08-17 08:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-17 08:03 . 2010-08-17 08:03 -------- d-----w- C:\Device
2010-08-16 10:15 . 2010-08-16 10:15 8432064 ----a-w- c:\users\Chan\AppData\Roaming\Azureus\tmp\AZU6186427272018498426.tmp\Vuze_4.5.0.2a_win32.exe
2010-08-11 22:43 . 2010-08-16 02:38 -------- d-----w- c:\users\Chan\AppData\Roaming\vlc
2010-08-11 07:21 . 2010-08-13 20:49 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-11 06:54 . 2010-08-11 06:54 -------- d-----w- c:\program files\Sun
2010-08-11 06:36 . 2010-08-11 06:36 -------- d-----w- c:\windows\system32\MustBeRandomlyNamed
2010-08-10 06:30 . 2010-08-10 06:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-09 02:33 . 2010-08-09 02:33 -------- d-----w- c:\users\Chan\AppData\Local\GamersFirst LIVE!
2010-08-09 02:33 . 2010-08-10 06:56 -------- d-----w- c:\users\Chan\AppData\Local\PMB Files
2010-08-09 02:33 . 2010-08-10 06:22 -------- d-----w- c:\programdata\PMB Files
2010-08-09 02:18 . 2010-08-09 02:33 -------- d-----w- c:\program files\GamersFirst
2010-08-04 22:24 . 2010-08-04 22:29 -------- d-----w- c:\program files\Disable Spyware
2010-08-04 20:29 . 2010-08-11 08:17 -------- d-----w- c:\program files\Warcraft III
2010-08-04 20:18 . 2010-08-04 20:18 -------- d-----w- c:\program files\Microsoft.NET
2010-08-04 18:57 . 2010-08-04 18:57 188152 ----a-w- c:\users\Chan\AppData\Roaming\Mozilla\Firefox\Profiles\s04jin69.default\FlashGot.exe
2010-08-04 18:54 . 2010-08-04 18:54 0 ----a-w- c:\windows\nsreg.dat
2010-08-04 18:53 . 2010-08-15 01:05 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 2
2010-08-01 03:06 . 2010-08-01 03:06 -------- d-----w- c:\program files\Paradox Interactive
2010-08-01 02:52 . 2010-08-10 07:51 -------- d-----w- c:\program files\StarCraft II
2010-07-29 22:39 . 2010-07-29 22:39 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-07-29 22:09 . 2009-11-24 22:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-07-29 22:09 . 2009-11-24 22:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-07-29 22:09 . 2009-11-24 22:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-07-29 22:09 . 2009-11-24 22:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-07-29 22:09 . 2009-11-24 22:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-07-29 22:08 . 2009-11-24 22:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-07-29 22:08 . 2009-11-24 22:49 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-07-29 22:08 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2010-07-29 22:08 . 2010-07-29 22:08 -------- d-----w- c:\program files\Alwil Software
2010-07-29 08:43 . 2010-07-29 08:43 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-07-29 07:36 . 2010-08-08 18:32 -------- d-----w- c:\users\Chan\AppData\Local\PokerStars
2010-07-29 07:36 . 2010-07-31 00:17 -------- d-----w- c:\program files\PokerStars
2010-07-29 05:55 . 2010-07-31 02:20 -------- d-----w- c:\users\Chan\AppData\Local\Adobe
2010-07-29 01:02 . 2010-07-29 22:40 -------- d-----w- c:\users\Chan\AppData\Local\AIM
2010-07-29 01:02 . 2010-07-29 01:02 -------- d-----w- c:\users\Chan\AppData\Local\AOL
2010-07-29 00:48 . 2010-07-29 00:48 47364 ----a-w- c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-07-29 00:04 . 2010-07-29 00:04 -------- d-----w- c:\program files\Common Files\Java
2010-07-29 00:04 . 2010-07-29 00:25 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-27 08:17 . 2010-01-11 02:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-07-27 08:11 . 2010-08-10 07:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-27 08:11 . 2010-07-27 08:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-22 22:56 . 2010-07-22 23:03 -------- d-----w- c:\program files\GameKiss
2010-07-21 22:06 . 2010-07-21 22:06 -------- d-----w- c:\program files\MegaDev
2010-07-21 10:10 . 2010-07-21 10:10 -------- d-----w- c:\programdata\Big Fish Games
2010-07-20 17:49 . 2010-07-20 17:49 -------- d-----w- c:\windows\Sun
2010-07-20 17:48 . 2010-08-02 04:06 -------- d-----w- c:\users\Chan\AppData\Roaming\Tropico 3
2010-07-20 17:35 . 2010-08-04 20:59 -------- d-----w- c:\program files\Kalypso
2010-07-19 17:25 . 2010-07-19 17:25 -------- d-----w- c:\users\Chan\AppData\Local\Ironclad Games
2010-07-19 17:25 . 2010-07-19 17:25 -------- d-----w- c:\programdata\Ironclad Games
2010-07-19 14:38 . 2010-07-19 15:16 -------- d-----w- c:\program files\Dragon Age
2010-07-19 07:24 . 2010-07-19 07:25 16820376 ----a-w- c:\programdata\Muzzy Lane\Client Installers\MakingHistoryIISetup-1.0.11.11972.exe
2010-07-19 07:09 . 2010-07-19 07:09 -------- d-----w- c:\users\Chan\AppData\Roaming\PE Explorer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 10:24 . 2010-01-10 13:35 -------- d-----w- c:\users\Chan\AppData\Roaming\Azureus
2010-08-14 16:18 . 2010-02-22 11:28 -------- d-----w- c:\program files\Heroes of Newerth
2010-08-13 23:19 . 2010-04-04 23:20 -------- d-----w- c:\program files\Steam
2010-08-11 22:47 . 2010-04-04 23:20 -------- d-----w- c:\program files\Common Files\Steam
2010-08-11 09:15 . 2010-07-07 08:47 -------- d-----w- c:\program files\StarCraft Brood War by Monikon
2010-08-11 06:52 . 2010-01-10 13:42 -------- d-----w- c:\program files\Java
2010-08-09 02:33 . 2010-05-28 03:25 -------- d-----w- c:\program files\Pando Networks
2010-08-08 18:31 . 2010-02-03 01:04 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-08-04 21:00 . 2010-05-30 03:05 -------- d-----w- c:\program files\Veetle
2010-08-04 19:15 . 2010-01-09 20:02 -------- d-----w- c:\program files\World of Warcraft
2010-08-01 03:02 . 2010-03-03 09:28 -------- d-----w- c:\programdata\Blizzard Entertainment
2010-07-31 07:06 . 2010-01-10 13:50 1 ----a-w- c:\users\Chan\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-31 01:38 . 2010-03-06 05:25 0 ----a-w- c:\users\Chan\AppData\Local\prvlcl.dat
2010-07-29 22:39 . 2010-01-10 12:20 -------- d-----w- c:\program files\AIM
2010-07-29 08:43 . 2010-03-10 01:51 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-07-29 08:41 . 2010-03-10 01:51 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-29 01:01 . 2010-03-03 09:28 -------- d-----w- c:\program files\StarCraft II Beta
2010-07-28 23:44 . 2010-03-03 02:00 -------- d-----w- c:\program files\Opera
2010-07-28 23:36 . 2010-07-09 11:27 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 1
2010-07-27 08:27 . 2010-07-12 06:03 -------- d-----w- c:\program files\CCleaner
2010-07-22 23:03 . 2010-01-10 11:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-20 15:01 . 2010-01-10 20:47 -------- d-----w- c:\programdata\avg9
2010-07-20 03:54 . 2010-01-10 11:10 -------- d-----w- c:\program files\AGEIA Technologies
2010-07-20 03:53 . 2010-01-10 11:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-20 03:44 . 2010-07-15 10:21 -------- d-----w- c:\program files\Activision
2010-07-19 15:24 . 2010-05-01 23:25 -------- d-----w- c:\programdata\BioWare
2010-07-19 14:55 . 2010-04-06 08:58 -------- d-----w- c:\programdata\Media Center Programs
2010-07-19 14:55 . 2010-05-01 22:55 -------- d-----w- c:\program files\Common Files\BioWare
2010-07-17 23:14 . 2010-07-08 20:27 -------- d-----w- c:\programdata\Muzzy Lane
2010-07-17 23:13 . 2010-07-17 23:12 16820360 ----a-w- c:\programdata\Muzzy Lane\Client Installers\MakingHistoryIISetup-1.0.10.11963.exe
2010-07-17 19:19 . 2010-07-17 18:30 -------- d-----w- c:\program files\Empire Total War
2010-07-17 13:41 . 2010-07-17 13:41 56440 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\74\1\.cp\lib\sef3x1Controller.dll
2010-07-17 13:34 . 2010-07-17 13:34 1772664 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\41\1\.cp\lib\BHQ.dll
2010-07-17 13:34 . 2010-07-17 13:34 105592 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\41\1\.cp\lib\BHQFlash.dll
2010-07-17 13:34 . 2010-07-17 13:34 81016 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\70\1\.cp\lib\S1SLEngineWrapper.dll
2010-07-17 13:34 . 2010-07-17 13:34 105592 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\60\1\.cp\lib\MemStickFlash.dll
2010-07-17 13:33 . 2010-07-17 13:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2010-07-17 13:33 . 2010-07-17 13:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggflt_01007.Wdf
2010-07-17 13:33 . 2010-07-17 13:33 101496 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\82\1\.cp\lib\USBFlash.dll
2010-07-17 13:30 . 2010-07-17 13:30 109752 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\66\1\.cp\lib\osds.dll
2010-07-17 13:30 . 2010-07-17 13:30 89208 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\80\1\.cp\lib\UAC.dll
2010-07-17 13:30 . 2010-07-17 13:30 57344 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\4\1\.cp\lib\serialio.dll
2010-07-17 13:30 . 2010-07-17 13:30 323648 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\10\1\.cp\lib\win32\DIFxAPI.dll
2010-07-17 13:30 . 2010-07-17 13:30 216184 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\68\1\.cp\lib\RegistryReader.dll
2010-07-17 13:30 . 2010-07-17 13:30 158840 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\10\1\.cp\lib\win32\DriverInstaller.exe
2010-07-17 13:30 . 2010-07-17 13:30 154744 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\8\1\.cp\lib\win32\DeviceRemover.exe
2010-07-17 13:30 . 2010-07-17 13:30 117880 ----a-w- c:\programdata\Sony Ericsson\SEMC OMSI Module\omsiconf\org.eclipse.osgi\bundles\6\1\.cp\lib\DeviceManager.dll
2010-07-17 13:28 . 2010-07-17 13:28 -------- d-----w- c:\program files\Common Files\Sony Ericsson
2010-07-17 13:28 . 2010-07-17 13:18 -------- d-----w- c:\program files\Sony Ericsson
2010-07-17 13:28 . 2010-07-17 13:18 -------- d-----w- c:\programdata\Sony Ericsson
2010-07-17 13:20 . 2010-07-17 13:20 -------- d-----w- c:\programdata\BVRP Software
2010-07-15 15:09 . 2010-01-10 20:48 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 15:09 . 2010-07-15 15:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 15:09 . 2010-01-10 20:48 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-15 02:11 . 2010-07-15 02:11 -------- d-----w- c:\program files\MSXML 4.0
2010-07-14 20:17 . 2010-04-23 07:47 -------- d-----w- c:\program files\Mount&Blade Warband
2010-07-13 12:37 . 2010-04-08 10:05 -------- d-----w- c:\program files\Electronic Arts
2010-07-13 12:34 . 2010-05-10 22:24 -------- d-----w- c:\program files\LucasArts
2010-07-13 12:26 . 2010-02-06 09:19 -------- d-----w- c:\program files\Free Window Registry Repair
2010-07-13 11:29 . 2010-01-10 11:11 -------- d-----w- c:\programdata\NVIDIA
2010-07-13 03:48 . 2010-01-10 11:40 72064 ----a-w- c:\users\Chan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-12 23:19 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
2010-07-12 23:18 . 2010-01-10 11:08 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-12 10:20 . 2010-07-12 10:20 65536 ----a-r- c:\users\Chan\AppData\Roaming\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\NewShortcut7_64893225ADBA469EB114F3B2C1FBBA77.exe
2010-07-12 10:20 . 2010-07-12 10:20 65536 ----a-r- c:\users\Chan\AppData\Roaming\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\NewShortcut4_64893225ADBA469EB114F3B2C1FBBA77.exe
2010-07-12 10:20 . 2010-07-12 10:20 65536 ----a-r- c:\users\Chan\AppData\Roaming\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\Manual_UK_64893225ADBA469EB114F3B2C1FBBA77.exe
2010-07-12 10:20 . 2010-07-12 10:20 65536 ----a-r- c:\users\Chan\AppData\Roaming\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\Manual_FR_64893225ADBA469EB114F3B2C1FBBA77.exe
2010-07-12 10:20 . 2010-07-12 10:20 65536 ----a-r- c:\users\Chan\AppData\Roaming\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\Manual_DE_64893225ADBA469EB114F3B2C1FBBA77.exe
2010-07-12 10:20 . 2010-07-12 10:20 45056 ----a-r- c:\users\Chan\AppData\Roaming\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\S11Launcher.exeE_64893225ADBA469EB114F3B2C1FBBA77.exe
2010-07-12 10:20 . 2010-07-12 10:20 45056 ----a-r- c:\users\Chan\AppData\Roaming\Microsoft\Installer\{64893225-ADBA-469E-B114-F3B2C1FBBA77}\S11Launcher.exe_64893225ADBA469EB114F3B2C1FBBA77.exe
2010-07-12 10:19 . 2010-07-12 10:19 -------- d-----w- c:\program files\Koei
2010-07-12 06:04 . 2010-01-10 20:28 -------- d-----w- c:\users\Chan\AppData\Roaming\Media Player Classic
2010-07-12 06:03 . 2010-07-12 06:03 -------- d-----w- c:\program files\Defraggler
2010-07-09 08:58 . 2010-01-22 10:37 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-08 20:36 . 2010-07-08 20:35 16695072 ----a-w- c:\programdata\Muzzy Lane\Client Installers\MakingHistoryIISetup-1.0.9.exe
2010-07-08 20:29 . 2010-03-10 06:34 -------- d-----w- c:\program files\Muzzy Lane Software
2010-06-25 10:12 . 2010-06-25 10:12 -------- d-----w- c:\users\Chan\AppData\Roaming\LolClient
2010-06-25 03:08 . 2010-06-25 03:05 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-22 05:16 . 2010-05-14 02:17 -------- d-----w- c:\programdata\Electronic Arts
2010-06-22 05:15 . 2010-05-17 12:38 -------- d-----w- c:\program files\Graboid
2010-06-22 04:51 . 2010-06-22 04:51 -------- d-----w- c:\programdata\ATI
2010-06-22 04:51 . 2010-04-29 01:04 -------- d-----w- c:\program files\ATI Technologies
2010-06-22 01:46 . 2010-06-22 01:46 -------- d-----w- c:\program files\MPC HomeCinema
2010-06-02 16:35 . 2010-01-10 20:48 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-28 04:04 . 2010-05-28 04:04 98304 ----a-w- c:\programdata\NexonUS\NGM\npNxGameUS.dll
2010-05-28 04:04 . 2010-05-28 04:04 765952 ----a-w- c:\programdata\NexonUS\NGM\NGMDll.dll
2010-05-28 04:04 . 2010-05-28 04:04 401408 ----a-w- c:\programdata\NexonUS\NGM\NGMResource.dll
2010-05-28 04:04 . 2010-05-28 04:04 258352 ----a-w- c:\programdata\NexonUS\NGM\unicows.dll
2010-05-28 04:04 . 2010-05-28 04:04 172032 ----a-w- c:\programdata\NexonUS\NGM\NGM.exe
2010-05-28 04:04 . 2010-05-28 04:04 126976 ----a-w- c:\programdata\NexonUS\NGM\nxgameus.dll
2010-05-27 17:38 . 2010-05-27 17:38 5586432 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-05-27 17:05 . 2010-05-27 17:05 15180800 ----a-w- c:\windows\system32\atioglxx.dll
2010-05-27 17:02 . 2010-05-27 17:02 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-05-27 17:02 . 2010-04-07 02:16 511488 ----a-w- c:\windows\system32\aticfx32.dll
2010-05-27 17:00 . 2010-05-27 17:00 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-05-27 16:59 . 2010-05-27 16:59 376832 ----a-w- c:\windows\system32\atieclxx.exe
2010-05-27 16:59 . 2010-05-27 16:59 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-05-27 16:58 . 2010-05-27 16:58 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-05-27 16:58 . 2010-05-27 16:58 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-05-27 16:58 . 2010-05-27 16:58 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 20:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Chan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Chan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-03-04 21:31 311296 ----a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F5D9050]
2006-02-14 22:19 1531904 ----a-w- c:\program files\Belkin\F5D9050\Belkinwcui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 22:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-08-09 02:33 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-05-27 19:34 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-08 11:08 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-12-21 05:45 39424 ----a-w- c:\program files\Winamp\winampa.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ALSysIO;ALSysIO;c:\users\Chan\AppData\Local\Temp\ALSysIO.sys [x]
R3 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952]
R3 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
R3 BKNDIS5;BKNDIS5 NDIS Protocol Driver;c:\progra~1\Belkin\F5D9050\BKNDIS5.SYS [2005-03-02 15872]
R3 EmmaDevMgmtSvc;Emma Device Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2010-07-02 306296]
R3 EmmaUpdMgmtSvc;Emma Update Management;c:\program files\Common Files\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2010-07-02 162936]
R3 GarenaPEngine;GarenaPEngine;c:\users\Chan\AppData\Local\Temp\FLX804C.tmp [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-04-06 13224]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
R3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-11-12 468480]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-29 1343400]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 176128]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R4 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-29 691696]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2010-08-13 41816]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776]
S1 aswSP;avast! Self Protection; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-15 243024]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2010-07-28 1935656]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-03-31 20968]
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2010-06-28 71008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-27 5586432]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-27 209920]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclock.sys [2009-09-15 38248]
S3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\DRIVERS\ss.sys [2005-06-18 19968]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.yahoo.com
FF - ProfilePath - c:\users\Chan\AppData\Roaming\Mozilla\Firefox\Profiles\s04jin69.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86C41B4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x859e47b8
QueryNameProcedure -> 0x85974810
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\Chan\AppData\Local\Temp\FLX804C.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Adobe\Reader 9.0\Reader\AcroRd32.exe
.
**************************************************************************
.
Completion time: 2010-08-17 01:44:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-17 08:44
ComboFix2.txt 2010-08-10 06:21
ComboFix3.txt 2010-07-29 00:21

Pre-Run: 96,067,010,560 bytes free
Post-Run: 95,560,896,512 bytes free

- - End Of File - - 6D6D51FFB41829DE261A62041E13EAB7

Still getting redirects. Thanks for the assistance so far tho, much appreciated.

Re: Search Engine Redirects18th August 2010, 5:49 am

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1

Link 2

Link 3

Double-click on MBRCheck.exe to run it.
It will open a black window...please do not fix anything (if it gives you an option).
When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
Please copy and paste the contents of that log in your next reply.

Re: Search Engine Redirects18th August 2010, 11:21 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: G31M-ES2L
Logical Drives Mask: 0x00000005

Kernel Drivers (total 179):
0x82E4A000 \SystemRoot\system32\ntkrnlpa.exe
0x82E13000 \SystemRoot\system32\halmacpi.dll
0x86D02000 \SystemRoot\system32\kdcom.dll
0x8343D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x834B5000 \SystemRoot\system32\PSHED.dll
0x834C6000 \SystemRoot\system32\BOOTVID.dll
0x834CE000 \SystemRoot\system32\CLFS.SYS
0x83510000 \SystemRoot\system32\CI.dll
0x83613000 \SystemRoot\system32\drivers\Wdf01000.sys
0x83684000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x83692000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x836DA000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x836E3000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x836EB000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x836F6000 \SystemRoot\system32\DRIVERS\pci.sys
0x83720000 \SystemRoot\System32\drivers\partmgr.sys
0x83731000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x83741000 \SystemRoot\System32\drivers\volmgrx.sys
0x8378C000 \SystemRoot\system32\DRIVERS\intelide.sys
0x83793000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x837A1000 \SystemRoot\System32\drivers\mountmgr.sys
0x837B7000 \SystemRoot\system32\DRIVERS\atapi.sys
0x837C0000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x837E3000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x835BB000 \SystemRoot\system32\drivers\fltmgr.sys
0x837EC000 \SystemRoot\system32\drivers\fileinfo.sys
0x8BC08000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BD37000 \SystemRoot\System32\Drivers\msrpc.sys
0x8BD62000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8BD75000 \SystemRoot\System32\Drivers\cng.sys
0x8BDD2000 \SystemRoot\System32\drivers\pcw.sys
0x8BDE0000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8BE31000 \SystemRoot\system32\drivers\ndis.sys
0x8BEE8000 \SystemRoot\system32\drivers\NETIO.SYS
0x8BF26000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8C02D000 \SystemRoot\System32\drivers\tcpip.sys
0x8C176000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8C1A7000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8C1B0000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8C1EF000 \SystemRoot\System32\Drivers\spldr.sys
0x8C000000 \SystemRoot\System32\drivers\rdyboost.sys
0x8BF4B000 \SystemRoot\System32\Drivers\mup.sys
0x8C1F7000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8BF5B000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8BF8D000 \SystemRoot\system32\DRIVERS\disk.sys
0x8BF9E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8BE1F000 \??\C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
0x8BE28000 \SystemRoot\System32\Drivers\Null.SYS
0x8BFF5000 \SystemRoot\System32\Drivers\Beep.SYS
0x8BE00000 \SystemRoot\System32\drivers\vga.sys
0x83400000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8BE0C000 \SystemRoot\System32\drivers\watchdog.sys
0x8BDE9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8BDF1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8BC00000 \SystemRoot\system32\drivers\rdprefmp.sys
0x83600000 \SystemRoot\System32\Drivers\Msfs.SYS
0x83421000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91438000 \SystemRoot\system32\DRIVERS\tdx.sys
0x9144F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9145A000 \SystemRoot\System32\Drivers\avgtdix.sys
0x91494000 \SystemRoot\System32\DRIVERS\netbt.sys
0x914C6000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x914D0000 \SystemRoot\system32\drivers\afd.sys
0x9152A000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x9152E000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x91535000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91554000 \SystemRoot\system32\DRIVERS\netbios.sys
0x91562000 \SystemRoot\system32\DRIVERS\serial.sys
0x9157C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9158F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x9159F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x915E0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x915EA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x915F4000 \SystemRoot\System32\drivers\discache.sys
0x91804000 \SystemRoot\system32\drivers\csc.sys
0x91868000 \SystemRoot\System32\Drivers\dfsc.sys
0x91880000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x9188E000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x91894000 \SystemRoot\System32\Drivers\avgldx86.sys
0x918C8000 \SystemRoot\System32\Drivers\aswSP.SYS
0x918E9000 \??\C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
0x918EB000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x9190C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x9191E000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x92018000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x92616000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x926CD000 \SystemRoot\System32\drivers\dxgmms1.sys
0x92706000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x92725000 \SystemRoot\system32\DRIVERS\L1C62x86.sys
0x92735000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x92740000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9278B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x9279A000 \SystemRoot\system32\DRIVERS\fdc.sys
0x927A5000 \SystemRoot\system32\DRIVERS\serenum.sys
0x927AF000 \SystemRoot\system32\DRIVERS\parport.sys
0x927C7000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x927D4000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x927E6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92600000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x925BB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x925DD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x92000000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x91956000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9260B000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x9196D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9197A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x927FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x91987000 \SystemRoot\system32\DRIVERS\ks.sys
0x925F5000 \SystemRoot\system32\DRIVERS\nvoclock.sys
0x919BB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x919C9000 \SystemRoot\system32\DRIVERS\ss.sys
0x9323E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x93282000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x9328C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x9329D000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x932BB000 \SystemRoot\system32\drivers\portcls.sys
0x932EA000 \SystemRoot\system32\drivers\drmk.sys
0x9583D000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x95B22000 \SystemRoot\System32\Drivers\crashdmp.sys
0x95B2F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x95B3A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x95B43000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x99160000 \SystemRoot\System32\win32k.sys
0x95B54000 \SystemRoot\System32\drivers\Dxapi.sys
0x95B5E000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0x95B64000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x95B6F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x95B82000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x95B89000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x95B8B000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x95B93000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x95B9E000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x95BA6000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x95BB1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x95BC8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x95BD4000 \SystemRoot\system32\drivers\usbaudio.sys
0x95BE8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x993C0000 \SystemRoot\System32\TSDDD.dll
0x99000000 \SystemRoot\System32\cdd.dll
0x95800000 \SystemRoot\system32\drivers\luafv.sys
0x9581B000 \SystemRoot\system32\DRIVERS\aswMonFlt.sys
0x95832000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
0x93303000 \SystemRoot\system32\drivers\WudfPf.sys
0x95BF3000 \SystemRoot\system32\DRIVERS\AegisP.sys
0x9331D000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9332D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x93373000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x93383000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9B60F000 \SystemRoot\system32\drivers\HTTP.sys
0x9B694000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9B6AD000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9B6BF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9B6E2000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9B71D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9B738000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9B73F000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x9B782000 \??\C:\Windows\system32\drivers\cpuz132_x32.sys
0x9B786000 \??\C:\Windows\system32\drivers\cpuz133_x32.sys
0x9B78F000 \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
0x9B79F000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x9C83C000 \SystemRoot\system32\drivers\peauth.sys
0x9C8D3000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9C8DD000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9C968000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9C975000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9B7A4000 \SystemRoot\System32\DRIVERS\srv.sys
0x77150000 \Windows\System32\ntdll.dll
0x480B0000 \Windows\System32\smss.exe
0x77390000 \Windows\System32\apisetschema.dll
0x00B30000 \Windows\System32\autochk.exe
0x77370000 \Windows\System32\nsi.dll
0x76500000 \Windows\System32\shell32.dll
0x77360000 \Windows\System32\psapi.dll
0x77300000 \Windows\System32\shlwapi.dll
0x772A0000 \Windows\System32\difxapi.dll
0x77290000 \Windows\System32\normaliz.dll
0x76300000 \Windows\System32\iertutil.dll
0x76270000 \Windows\System32\oleaut32.dll
0x76190000 \Windows\System32\kernel32.dll

Processes (total 43):
0 System Idle Process
4 System
296 C:\Windows\System32\smss.exe
420 csrss.exe
496 C:\Windows\System32\wininit.exe
508 csrss.exe
548 C:\Windows\System32\services.exe
564 C:\Windows\System32\lsass.exe
572 C:\Windows\System32\lsm.exe
692 C:\Windows\System32\svchost.exe
740 C:\Windows\System32\winlogon.exe
828 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\audiodg.exe
1192 C:\Windows\System32\svchost.exe
1332 C:\Windows\System32\svchost.exe
1432 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
1460 C:\Program Files\Alwil Software\Avast4\ashServ.exe
1684 C:\Windows\System32\spoolsv.exe
1716 C:\Windows\System32\svchost.exe
1800 C:\Program Files\Emsisoft Anti-Malware\a2service.exe
2016 C:\Windows\System32\svchost.exe
2272 C:\Windows\System32\svchost.exe
2520 C:\Windows\System32\dwm.exe
2544 C:\Windows\System32\taskhost.exe
2624 C:\Windows\explorer.exe
2828 C:\Program Files\Alwil Software\Avast4\ashDisp.exe
2836 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2952 C:\Windows\System32\SearchIndexer.exe
3064 C:\Program Files\Windows Media Player\wmpnetwk.exe
3228 C:\Windows\System32\svchost.exe
3516 C:\Windows\System32\svchost.exe
3544 WmiPrvSE.exe
3688 C:\Program Files\AIM\aim.exe
4036 C:\Program Files\Mozilla Firefox 4.0 Beta 2\firefox.exe
3088 taskhost.exe
3552 C:\Windows\System32\SearchProtocolHost.exe
3412 C:\Windows\System32\SearchFilterHost.exe
3784 C:\Windows\System32\dllhost.exe
3592 C:\Users\Chan\Downloads\MBRCheck.exe
3676 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: ST3500418AS, Rev: CC38

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Re: Search Engine Redirects19th August 2010, 7:14 pm

Fix using MBRCheck.exe

Run MBRCheck.exe again by double-clicking on it.

Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Enter 'Y' and then press Enter.
When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
Enter 0 and press the Enter key.
The program will show Available MBR codes followed by a list of operating systems as shown below:
Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Please select the MBR code to write to this drive:

Please select your version of Windows from the list and enter the corresponding number and then press Enter.
When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
Left-click on the title bar (where program name and path is written).
From the menu chose Edit -> Select All.
Press the Enter key to copy selected text.
Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
If your computer does not restart on its own, please restart it manually.

Important Note: The Master Boot Record contains the Partition Table for the hard disk and a a little executable code for the boot start. While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the MBR, which may cause the computer to not boot up or it may corrupt a partition.

The following are signs of a damaged MBR:

Invalid Partition Table
Missing Operating System
Error loading operating system

If it is the worst case scenario, and your computer cannot boot, please take note of the following:

Please have your Windows CD available, which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the XP Recovery Console before proceeding with the above fix. Then, if any problems occur, the links below explain how to use and repair the MBR:

If you do not have a Windows CD available, please let me know. You will need access to a computer that can burn CDs.

Re: Search Engine Redirects20th August 2010, 6:02 am

Re: Search Engine Redirects20th August 2010, 7:34 am

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
After extracing remover.exe to your Desktop, let it stay put, then do the following:

Please open Notepad and enter in the following:

@echo off
start remover.exe fix \.\PhysicalDrive0
exit

Then, click File > Save as...
Save as remove.bat to the same location as remover.exe.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on remove.bat.

It may ask to reboot the computer. Let it do so.

After that, do this:

Please double-click on remover.exe and post a new log in your next reply.

Important Note: The Master Boot Record contains the Partition Table for the hard disk and a a little executable code for the boot start. While fixing the Master Boot Record (MBR) is generally safe, there is a small risk of damaging the MBR, which may cause the computer to not boot up or it may corrupt a partition.

The following are signs of a damaged MBR:

Invalid Partition Table
Missing Operating System
Error loading operating system

If you do not have a Windows CD available, please let me know. You will need access to a computer that can burn CDs.

Re: Search Engine Redirects21st August 2010, 2:33 am

It said ERROR 2.. can't open physical drive

Re: Search Engine Redirects21st August 2010, 6:01 am

Do you have a Windows 7 DVD?

We need to get in to the Recovery options to fix the MBR.

It is a data-safe operation.

Re: Search Engine Redirects21st August 2010, 9:43 am

I don't have a dvd or cd-rom drive on my current set up but I can get try to get a hold of recovery options through a flash drive. This might take me some time as I will have to borrow a flash drive from a friend.

Re: Search Engine Redirects21st August 2010, 8:45 pm

Actually, see if you can get in to this: http://support.microsoft.com/kb/927392

(Bootrec from Startup Repair.)

Except, you won't need the DVD.

On Windows boot, type F8, then key down to the Startup Repair option.

Search Engine Redirects

descriptionRe: Search Engine Redirects17th August 2010, 2:44 am

descriptionRe: Search Engine Redirects17th August 2010, 4:29 am

descriptionRe: Search Engine Redirects17th August 2010, 8:46 am

descriptionRe: Search Engine Redirects18th August 2010, 5:49 am

descriptionRe: Search Engine Redirects18th August 2010, 11:21 pm

descriptionRe: Search Engine Redirects19th August 2010, 7:14 pm

descriptionRe: Search Engine Redirects20th August 2010, 6:02 am

descriptionRe: Search Engine Redirects20th August 2010, 7:34 am

descriptionRe: Search Engine Redirects21st August 2010, 2:33 am

descriptionRe: Search Engine Redirects21st August 2010, 6:01 am

descriptionRe: Search Engine Redirects21st August 2010, 9:43 am

descriptionRe: Search Engine Redirects21st August 2010, 8:45 pm

descriptionRe: Search Engine Redirects