Google redirect/MSE won't run

View previous topic View next topic Go down

Google redirect/MSE won't run

Post by sb7791 on Mon 17 Oct 2011, 8:04 am

Running a DELL, using windows XP. Don't know how but I think I have Google redirect virus (and additionally Microsoft Security Essentials has stopped working). I have tried a number of anti malware/virus softwares but none find anything wrong (even when run in safe mode). I am stuck!!

sb7791

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-10-17
Operating System : windows xp

View user profile

Back to top Go down

Re: Google redirect/MSE won't run

Post by DragonMaster Jay on Tue 18 Oct 2011, 12:43 am

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Google redirect/MSE won't run

Post by sb7791 on Tue 18 Oct 2011, 6:24 am

Thanks for the help, see log below. SB

ComboFix 11-10-17.02 - Administrator 17/10/2011 20:13:57.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.298 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-09-17 to 2011-10-17 )))))))))))))))))))))))))))))))
.
.
2011-10-15 10:52 . 2011-10-15 10:53 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-10 20:10 . 2011-10-10 20:10 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-09-26 10:41 . 2011-09-26 10:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-25 18:00 . 2011-09-25 18:00 56336 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 20:14 . 2011-08-28 10:00 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-09-26 10:41 . 2004-08-04 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 16:00 . 2011-08-25 20:38 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2004-08-04 10:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2010-05-09 10:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2010-12-21 326048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\VTech\\DownloadManager\\System\\AgentMonitor.exe"=
.
R1 RapportCerberus_29574;RapportCerberus_29574;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [07/08/2011 22:11 216912]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [25/09/2011 19:00 70416]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [25/09/2011 19:00 161936]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [26/05/2010 14:35 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [26/05/2010 14:35 493032]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [25/09/2011 18:59 919352]
S1 MpKsl0871e4ca;MpKsl0871e4ca;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{76657067-A633-4788-985C-2467EE9FA369}\MpKsl0871e4ca.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{76657067-A633-4788-985C-2467EE9FA369}\MpKsl0871e4ca.sys [?]
S1 MpKsl1450fb23;MpKsl1450fb23;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B36CD8E1-9626-4D14-B296-04DEE834E2C3}\MpKsl1450fb23.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B36CD8E1-9626-4D14-B296-04DEE834E2C3}\MpKsl1450fb23.sys [?]
S1 MpKsl18e30bc4;MpKsl18e30bc4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3FD872FF-9EC5-4C6E-8D1E-23FA6AA029FA}\MpKsl18e30bc4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3FD872FF-9EC5-4C6E-8D1E-23FA6AA029FA}\MpKsl18e30bc4.sys [?]
S1 MpKsl19e20754;MpKsl19e20754;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{915C711D-D9F5-4556-BE2A-65262DF6433C}\MpKsl19e20754.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{915C711D-D9F5-4556-BE2A-65262DF6433C}\MpKsl19e20754.sys [?]
S1 MpKsl235c9358;MpKsl235c9358;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B0947F5E-CB90-4D50-8284-7388FB56A099}\MpKsl235c9358.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B0947F5E-CB90-4D50-8284-7388FB56A099}\MpKsl235c9358.sys [?]
S1 MpKsl27e1ce42;MpKsl27e1ce42;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2899A38-40B5-4750-AA2C-507733DD0A68}\MpKsl27e1ce42.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2899A38-40B5-4750-AA2C-507733DD0A68}\MpKsl27e1ce42.sys [?]
S1 MpKsl29486dda;MpKsl29486dda;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8546D855-5C73-42D1-980E-EEDD33010717}\MpKsl29486dda.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8546D855-5C73-42D1-980E-EEDD33010717}\MpKsl29486dda.sys [?]
S1 MpKsl3874e8af;MpKsl3874e8af;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C90B9746-9702-4475-8CFB-E6E20909E13A}\MpKsl3874e8af.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C90B9746-9702-4475-8CFB-E6E20909E13A}\MpKsl3874e8af.sys [?]
S1 MpKsl58cd5e24;MpKsl58cd5e24;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C9795493-3C00-4A19-9EC4-1E077400037B}\MpKsl58cd5e24.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C9795493-3C00-4A19-9EC4-1E077400037B}\MpKsl58cd5e24.sys [?]
S1 MpKsl5fb68660;MpKsl5fb68660;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2899A38-40B5-4750-AA2C-507733DD0A68}\MpKsl5fb68660.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B2899A38-40B5-4750-AA2C-507733DD0A68}\MpKsl5fb68660.sys [?]
S1 MpKsl7d7ee054;MpKsl7d7ee054;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D625BC3-7B85-442A-8E7D-C8DB96E6B36C}\MpKsl7d7ee054.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3D625BC3-7B85-442A-8E7D-C8DB96E6B36C}\MpKsl7d7ee054.sys [?]
S1 MpKsl842c6367;MpKsl842c6367;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DC75D86-D1B4-400B-9998-2EE97FD72EFE}\MpKsl842c6367.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0DC75D86-D1B4-400B-9998-2EE97FD72EFE}\MpKsl842c6367.sys [?]
S1 MpKsl898473db;MpKsl898473db;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1D272E8-93C2-4178-98DC-27186B5B6F79}\MpKsl898473db.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D1D272E8-93C2-4178-98DC-27186B5B6F79}\MpKsl898473db.sys [?]
S1 MpKsl98eb01db;MpKsl98eb01db;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{75C2BFB9-6D93-4E9C-A01E-80C2F505BE6B}\MpKsl98eb01db.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{75C2BFB9-6D93-4E9C-A01E-80C2F505BE6B}\MpKsl98eb01db.sys [?]
S1 MpKsla5822c06;MpKsla5822c06;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E9B42B1-6957-49F8-92C6-BEC8CC4C796D}\MpKsla5822c06.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2E9B42B1-6957-49F8-92C6-BEC8CC4C796D}\MpKsla5822c06.sys [?]
S1 MpKsla616687b;MpKsla616687b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F2568BD-6076-4A67-BEA5-11FE8C01916D}\MpKsla616687b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3F2568BD-6076-4A67-BEA5-11FE8C01916D}\MpKsla616687b.sys [?]
S1 MpKsla7e285a7;MpKsla7e285a7;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B41BB3C9-7BAD-4503-934F-CA844A166C29}\MpKsla7e285a7.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B41BB3C9-7BAD-4503-934F-CA844A166C29}\MpKsla7e285a7.sys [?]
S1 MpKsld65c34ef;MpKsld65c34ef;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C89DD6B1-7E01-42C4-BA06-C2A67EF12A5B}\MpKsld65c34ef.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C89DD6B1-7E01-42C4-BA06-C2A67EF12A5B}\MpKsld65c34ef.sys [?]
S1 MpKsldb57fa25;MpKsldb57fa25;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF39D7D5-707A-42EE-9B30-E8081099DFD0}\MpKsldb57fa25.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF39D7D5-707A-42EE-9B30-E8081099DFD0}\MpKsldb57fa25.sys [?]
S1 MpKslddc60935;MpKslddc60935;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AFD7013-2D0F-41D3-AE97-C9292DBDA6D8}\MpKslddc60935.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AFD7013-2D0F-41D3-AE97-C9292DBDA6D8}\MpKslddc60935.sys [?]
S1 MpKsle2f21222;MpKsle2f21222;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00F8FBC2-1624-40FE-B7CB-7DB57967693C}\MpKsle2f21222.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00F8FBC2-1624-40FE-B7CB-7DB57967693C}\MpKsle2f21222.sys [?]
S1 MpKsle8bb3f40;MpKsle8bb3f40;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5126965A-509A-4F07-AA0B-34FBABB56ABF}\MpKsle8bb3f40.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5126965A-509A-4F07-AA0B-34FBABB56ABF}\MpKsle8bb3f40.sys [?]
S1 MpKslf0b2f078;MpKslf0b2f078;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{471A18DA-16D9-4FE2-AE16-2B9E8C7077D4}\MpKslf0b2f078.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{471A18DA-16D9-4FE2-AE16-2B9E8C7077D4}\MpKslf0b2f078.sys [?]
S1 MpKslf1a17c07;MpKslf1a17c07;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14643E30-9571-4D6E-9187-2D3A96133586}\MpKslf1a17c07.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{14643E30-9571-4D6E-9187-2D3A96133586}\MpKslf1a17c07.sys [?]
S1 MpKslfee65d40;MpKslfee65d40;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4BBB626-653D-4A0D-8187-53DFA93327C2}\MpKslfee65d40.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4BBB626-653D-4A0D-8187-53DFA93327C2}\MpKslfee65d40.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [16/08/2010 18:58 17149]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [04/08/2004 11:00 14336]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [08/04/2008 18:12 1112560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 11:50]
.
2011-10-17 c:\windows\Tasks\User_Feed_Synchronization-{07D60944-FA4D-4BEC-88B9-E71EF042F640}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-TPSvc - TPSvc.dll
SafeBoot-BsScanner
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-10-17 20:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1957994488-1060284298-1343024091-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,ea,55,59,ed,6a,b4,4b,97,76,04,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,a6,1a,b9,86,65,bd,43,92,54,a3,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,ea,55,59,ed,6a,b4,4b,97,76,04,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,ea,55,59,ed,6a,b4,4b,97,76,04,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5b,ea,55,59,ed,6a,b4,4b,97,76,04,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(920)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(4024)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-10-17 20:21:18
ComboFix-quarantined-files.txt 2011-10-17 19:21
.
Pre-Run: 30,836,248,576 bytes free
Post-Run: 30,954,831,872 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DC24AB6A766EC2CFD458A19A27F73D71

sb7791

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-10-17
Operating System : windows xp

View user profile

Back to top Go down

Re: Google redirect/MSE won't run

Post by DragonMaster Jay on Tue 18 Oct 2011, 9:29 pm

Please download aswMBR from here


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below




Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives


  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Google redirect/MSE won't run

Post by sb7791 on Wed 19 Oct 2011, 6:13 am

Thanks again for your help, post Combofix MSE is back up and running and I am no longer getting redirected.

I have run aswMBR and the log is below, thanks again, SB.


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-18 20:04:53
-----------------------------
20:04:53.733 OS Version: Windows 5.1.2600 Service Pack 3
20:04:53.743 Number of processors: 1 586 0xD06
20:04:53.743 ComputerName: HOME-069F5F2489 UserName: Administrator
20:04:57.378 Initialize success
20:05:12.099 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:05:12.109 Disk 0 Vendor: SAMSUNG_HM121HC LS100-10 Size: 114473MB BusType: 3
20:05:14.122 Disk 0 MBR read successfully
20:05:14.122 Disk 0 MBR scan
20:05:14.122 Disk 0 Windows XP default MBR code
20:05:14.122 Disk 0 scanning sectors +234436545
20:05:14.192 Disk 0 scanning C:\WINDOWS\system32\drivers
20:05:21.843 Service scanning
20:05:22.544 Service MpKslbac1bb64 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D4F7008D-7A8F-466B-8B6C-BFFED5ED88C8}\MpKslbac1bb64.sys **LOCKED** 32
20:05:23.045 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
20:05:23.586 Modules scanning
20:05:43.714 Disk 0 trace - called modules:
20:05:43.734 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
20:05:43.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f94ab8]
20:05:43.765 3 CLASSPNP.SYS[f86f6fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fd8230]
20:05:43.765 Scan finished successfully
20:06:05.285 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
20:06:05.305 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

sb7791

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-10-17
Operating System : windows xp

View user profile

Back to top Go down

Re: Google redirect/MSE won't run

Post by DragonMaster Jay on Thu 20 Oct 2011, 11:48 pm

Excellent.

ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Google redirect/MSE won't run

Post by sb7791 on Sat 22 Oct 2011, 12:48 am

Have run ESET, find log file below. Many thanks, SB.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=30aa8fc779080646a9740ee24716ef26
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-21 01:46:23
# local_time=2011-10-21 02:46:23 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776533 42 87 2529 16072605 0 0
# compatibility_mode=8192 67108863 100 0 895 895 0 0
# compatibility_mode=9217 16777214 75 70 34192157 41905813 0 0
# scanned=82074
# found=0
# cleaned=0
# scan_time=3044

sb7791

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-10-17
Operating System : windows xp

View user profile

Back to top Go down

Re: Google redirect/MSE won't run

Post by DragonMaster Jay on Sat 22 Oct 2011, 2:29 am

Hiya! Your logs appear to be clean. If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Tell me in your next reply, if you have completed these tasks:
  • Cleaned System Restore
  • Ran OTC
  • Ran TFC
  • Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Google redirect/MSE won't run

Post by sb7791 on Sat 22 Oct 2011, 7:09 am

Once again I'm gonna say thank you for your help, all 4 tasks have been completed. Log below from Security Check (note, can I uninstall TFC & Security Check?).

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
ZoneAlarm
ZoneAlarm Toolbar
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Adobe Flash Player ( 10.2.153.1) Flash Player Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````

sb7791

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-10-17
Operating System : windows xp

View user profile

Back to top Go down

Re: Google redirect/MSE won't run

Post by sb7791 on Sat 22 Oct 2011, 7:13 am

Sorry, additionally Computer is running fine. SB

sb7791

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-10-17
Operating System : windows xp

View user profile

Back to top Go down

Re: Google redirect/MSE won't run

Post by DragonMaster Jay on Sun 23 Oct 2011, 1:15 am

Great...it all looks good.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Google redirect/MSE won't run

Post by sb7791 on Sun 23 Oct 2011, 6:40 am

Thanks a lot for all your help, it is very much appreciated!!

sb7791

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2011-10-17
Operating System : windows xp

View user profile

Back to top Go down

Re: Google redirect/MSE won't run

Post by DragonMaster Jay on Mon 24 Oct 2011, 5:05 am

You're welcome.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Google redirect/MSE won't run

Post by Sponsored content Today at 5:52 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum