WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Google redirect/MSE won't run

2 posters

descriptionGoogle redirect/MSE won't run EmptyGoogle redirect/MSE won't run16th October 2011, 9:04 pm

more_horiz
Running a DELL, using windows XP. Don't know how but I think I have Google redirect virus (and additionally Microsoft Security Essentials has stopped working). I have tried a number of anti malware/virus softwares but none find anything wrong (even when run in safe mode). I am stuck!!

descriptionGoogle redirect/MSE won't run EmptyRe: Google redirect/MSE won't run17th October 2011, 1:43 pm

more_horiz
Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

descriptionGoogle redirect/MSE won't run EmptyRe: Google redirect/MSE won't run17th October 2011, 7:24 pm

more_horiz
Thanks for the help, see log below. SB

ComboFix 11-10-17.02 - Administrator 17/10/2011 20:13:57.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.298 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-09-17 to 2011-10-17 )))))))))))))))))))))))))))))))
.
.
2011-10-15 10:52 . 2011-10-15 10:53 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-10 20:10 . 2011-10-10 20:10 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-09-26 10:41 . 2011-09-26 10:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-25 18:00 . 2011-09-25 18:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 20:14 . 2011-08-28 10:00 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-26 10:41 . 2004-08-04 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 16:00 . 2011-08-25 20:38 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-04 10:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-05-09 10:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2010-12-21 326048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\VTech\\DownloadManager\\System\\AgentMonitor.exe"=
.
R1 RapportCerberus_29574;RapportCerberus_29574;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [07/08/2011 22:11 216912]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [25/09/2011 19:00 70416]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [25/09/2011 19:00 161936]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [26/05/2010 14:35 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [26/05/2010 14:35 493032]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [25/09/2011 18:59 919352]
S1 MpKsl0871e4ca;MpKsl0871e4ca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{76657067-A633-4788-985C-2467EE9FA369}\MpKsl0871e4ca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{76657067-A633-4788-985C-2467EE9FA369}\MpKsl0871e4ca.sys [?]
S1 MpKsl1450fb23;MpKsl1450fb23;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B36CD8E1-9626-4D14-B296-04DEE834E2C3}\MpKsl1450fb23.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B36CD8E1-9626-4D14-B296-04DEE834E2C3}\MpKsl1450fb23.sys [?]
S1 MpKsl18e30bc4;MpKsl18e30bc4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3FD872FF-9EC5-4C6E-8D1E-23FA6AA029FA}\MpKsl18e30bc4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3FD872FF-9EC5-4C6E-8D1E-23FA6AA029FA}\MpKsl18e30bc4.sys [?]
S1 MpKsl19e20754;MpKsl19e20754;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{915C711D-D9F5-4556-BE2A-65262DF6433C}\MpKsl19e20754.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{915C711D-D9F5-4556-BE2A-65262DF6433C}\MpKsl19e20754.sys [?]
S1 MpKsl235c9358;MpKsl235c9358;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B0947F5E-CB90-4D50-8284-7388FB56A099}\MpKsl235c9358.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B0947F5E-CB90-4D50-8284-7388FB56A099}\MpKsl235c9358.sys [?]
S1 MpKsl27e1ce42;MpKsl27e1ce42;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2899A38-40B5-4750-AA2C-507733DD0A68}\MpKsl27e1ce42.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2899A38-40B5-4750-AA2C-507733DD0A68}\MpKsl27e1ce42.sys [?]
S1 MpKsl29486dda;MpKsl29486dda;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8546D855-5C73-42D1-980E-EEDD33010717}\MpKsl29486dda.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8546D855-5C73-42D1-980E-EEDD33010717}\MpKsl29486dda.sys [?]
S1 MpKsl3874e8af;MpKsl3874e8af;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C90B9746-9702-4475-8CFB-E6E20909E13A}\MpKsl3874e8af.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C90B9746-9702-4475-8CFB-E6E20909E13A}\MpKsl3874e8af.sys [?]
S1 MpKsl58cd5e24;MpKsl58cd5e24;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C9795493-3C00-4A19-9EC4-1E077400037B}\MpKsl58cd5e24.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C9795493-3C00-4A19-9EC4-1E077400037B}\MpKsl58cd5e24.sys [?]
S1 MpKsl5fb68660;MpKsl5fb68660;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2899A38-40B5-4750-AA2C-507733DD0A68}\MpKsl5fb68660.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2899A38-40B5-4750-AA2C-507733DD0A68}\MpKsl5fb68660.sys [?]
S1 MpKsl7d7ee054;MpKsl7d7ee054;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D625BC3-7B85-442A-8E7D-C8DB96E6B36C}\MpKsl7d7ee054.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D625BC3-7B85-442A-8E7D-C8DB96E6B36C}\MpKsl7d7ee054.sys [?]
S1 MpKsl842c6367;MpKsl842c6367;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DC75D86-D1B4-400B-9998-2EE97FD72EFE}\MpKsl842c6367.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DC75D86-D1B4-400B-9998-2EE97FD72EFE}\MpKsl842c6367.sys [?]
S1 MpKsl898473db;MpKsl898473db;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1D272E8-93C2-4178-98DC-27186B5B6F79}\MpKsl898473db.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1D272E8-93C2-4178-98DC-27186B5B6F79}\MpKsl898473db.sys [?]
S1 MpKsl98eb01db;MpKsl98eb01db;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{75C2BFB9-6D93-4E9C-A01E-80C2F505BE6B}\MpKsl98eb01db.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{75C2BFB9-6D93-4E9C-A01E-80C2F505BE6B}\MpKsl98eb01db.sys [?]
S1 MpKsla5822c06;MpKsla5822c06;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E9B42B1-6957-49F8-92C6-BEC8CC4C796D}\MpKsla5822c06.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E9B42B1-6957-49F8-92C6-BEC8CC4C796D}\MpKsla5822c06.sys [?]
S1 MpKsla616687b;MpKsla616687b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F2568BD-6076-4A67-BEA5-11FE8C01916D}\MpKsla616687b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F2568BD-6076-4A67-BEA5-11FE8C01916D}\MpKsla616687b.sys [?]
S1 MpKsla7e285a7;MpKsla7e285a7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B41BB3C9-7BAD-4503-934F-CA844A166C29}\MpKsla7e285a7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B41BB3C9-7BAD-4503-934F-CA844A166C29}\MpKsla7e285a7.sys [?]
S1 MpKsld65c34ef;MpKsld65c34ef;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C89DD6B1-7E01-42C4-BA06-C2A67EF12A5B}\MpKsld65c34ef.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C89DD6B1-7E01-42C4-BA06-C2A67EF12A5B}\MpKsld65c34ef.sys [?]
S1 MpKsldb57fa25;MpKsldb57fa25;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF39D7D5-707A-42EE-9B30-E8081099DFD0}\MpKsldb57fa25.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF39D7D5-707A-42EE-9B30-E8081099DFD0}\MpKsldb57fa25.sys [?]
S1 MpKslddc60935;MpKslddc60935;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AFD7013-2D0F-41D3-AE97-C9292DBDA6D8}\MpKslddc60935.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AFD7013-2D0F-41D3-AE97-C9292DBDA6D8}\MpKslddc60935.sys [?]
S1 MpKsle2f21222;MpKsle2f21222;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00F8FBC2-1624-40FE-B7CB-7DB57967693C}\MpKsle2f21222.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00F8FBC2-1624-40FE-B7CB-7DB57967693C}\MpKsle2f21222.sys [?]
S1 MpKsle8bb3f40;MpKsle8bb3f40;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5126965A-509A-4F07-AA0B-34FBABB56ABF}\MpKsle8bb3f40.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5126965A-509A-4F07-AA0B-34FBABB56ABF}\MpKsle8bb3f40.sys [?]
S1 MpKslf0b2f078;MpKslf0b2f078;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{471A18DA-16D9-4FE2-AE16-2B9E8C7077D4}\MpKslf0b2f078.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{471A18DA-16D9-4FE2-AE16-2B9E8C7077D4}\MpKslf0b2f078.sys [?]
S1 MpKslf1a17c07;MpKslf1a17c07;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14643E30-9571-4D6E-9187-2D3A96133586}\MpKslf1a17c07.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14643E30-9571-4D6E-9187-2D3A96133586}\MpKslf1a17c07.sys [?]
S1 MpKslfee65d40;MpKslfee65d40;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4BBB626-653D-4A0D-8187-53DFA93327C2}\MpKslfee65d40.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4BBB626-653D-4A0D-8187-53DFA93327C2}\MpKslfee65d40.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [16/08/2010 18:58 17149]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [04/08/2004 11:00 14336]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [08/04/2008 18:12 1112560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
.
2011-10-17 c:\windows\Tasks\User_Feed_Synchronization-{07D60944-FA4D-4BEC-88B9-E71EF042F640}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-TPSvc - TPSvc.dll
SafeBoot-BsScanner
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-17 20:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-1060284298-1343024091-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,ea,55,59,ed,6a,b4,4b,97,76,04,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,a6,1a,b9,86,65,bd,43,92,54,a3,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,ea,55,59,ed,6a,b4,4b,97,76,04,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,ea,55,59,ed,6a,b4,4b,97,76,04,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,ea,55,59,ed,6a,b4,4b,97,76,04,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(920)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(4024)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-10-17 20:21:18
ComboFix-quarantined-files.txt 2011-10-17 19:21
.
Pre-Run: 30,836,248,576 bytes free
Post-Run: 30,954,831,872 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DC24AB6A766EC2CFD458A19A27F73D71

descriptionGoogle redirect/MSE won't run EmptyRe: Google redirect/MSE won't run18th October 2011, 10:29 am

more_horiz
Please download aswMBR from here


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below


Google redirect/MSE won't run AswMBR_Scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives


  • Once the scan finishes click Save log to save the log to your Desktop
    Google redirect/MSE won't run AswMBR_SaveLog

  • Copy and paste the contents of aswMBR.txt back here for review

descriptionGoogle redirect/MSE won't run EmptyRe: Google redirect/MSE won't run18th October 2011, 7:13 pm

more_horiz
Thanks again for your help, post Combofix MSE is back up and running and I am no longer getting redirected.

I have run aswMBR and the log is below, thanks again, SB.


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-18 20:04:53
-----------------------------
20:04:53.733 OS Version: Windows 5.1.2600 Service Pack 3
20:04:53.743 Number of processors: 1 586 0xD06
20:04:53.743 ComputerName: HOME-069F5F2489 UserName: Administrator
20:04:57.378 Initialize success
20:05:12.099 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:05:12.109 Disk 0 Vendor: SAMSUNG_HM121HC LS100-10 Size: 114473MB BusType: 3
20:05:14.122 Disk 0 MBR read successfully
20:05:14.122 Disk 0 MBR scan
20:05:14.122 Disk 0 Windows XP default MBR code
20:05:14.122 Disk 0 scanning sectors +234436545
20:05:14.192 Disk 0 scanning C:\WINDOWS\system32\drivers
20:05:21.843 Service scanning
20:05:22.544 Service MpKslbac1bb64 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D4F7008D-7A8F-466B-8B6C-BFFED5ED88C8}\MpKslbac1bb64.sys **LOCKED** 32
20:05:23.045 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
20:05:23.586 Modules scanning
20:05:43.714 Disk 0 trace - called modules:
20:05:43.734 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
20:05:43.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f94ab8]
20:05:43.765 3 CLASSPNP.SYS[f86f6fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fd8230]
20:05:43.765 Scan finished successfully
20:06:05.285 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
20:06:05.305 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

descriptionGoogle redirect/MSE won't run EmptyRe: Google redirect/MSE won't run20th October 2011, 12:48 pm

more_horiz
Excellent.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

descriptionGoogle redirect/MSE won't run EmptyRe: Google redirect/MSE won't run21st October 2011, 1:48 pm

more_horiz
Have run ESET, find log file below. Many thanks, SB.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=30aa8fc779080646a9740ee24716ef26
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-21 01:46:23
# local_time=2011-10-21 02:46:23 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776533 42 87 2529 16072605 0 0
# compatibility_mode=8192 67108863 100 0 895 895 0 0
# compatibility_mode=9217 16777214 75 70 34192157 41905813 0 0
# scanned=82074
# found=0
# cleaned=0
# scan_time=3044

descriptionGoogle redirect/MSE won't run EmptyRe: Google redirect/MSE won't run21st October 2011, 3:29 pm

more_horiz
Hiya! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.

descriptionGoogle redirect/MSE won't run EmptyRe: Google redirect/MSE won't run21st October 2011, 8:09 pm

more_horiz
Once again I'm gonna say thank you for your help, all 4 tasks have been completed. Log below from Security Check (note, can I uninstall TFC & Security Check?).

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
ZoneAlarm
ZoneAlarm Toolbar
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Adobe Flash Player ( 10.2.153.1) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````

descriptionGoogle redirect/MSE won't run EmptyRe: Google redirect/MSE won't run21st October 2011, 8:13 pm

more_horiz
Sorry, additionally Computer is running fine. SB

descriptionGoogle redirect/MSE won't run EmptyRe: Google redirect/MSE won't run22nd October 2011, 2:15 pm

more_horiz
Great...it all looks good. Smile...

descriptionGoogle redirect/MSE won't run EmptyRe: Google redirect/MSE won't run22nd October 2011, 7:40 pm

more_horiz
Thanks a lot for all your help, it is very much appreciated!!

descriptionGoogle redirect/MSE won't run EmptyRe: Google redirect/MSE won't run23rd October 2011, 6:05 pm

more_horiz
You're welcome. Smile...

descriptionGoogle redirect/MSE won't run EmptyRe: Google redirect/MSE won't run

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum