I need help im redirected by info-feed.com to random website

View previous topic View next topic Go down

I need help im redirected by info-feed.com to random website

Post by kenny0537 on Mon May 04, 2009 1:20 am

im redirected by info-feed.com to random website when i try to acess a site on google and Malwarebytes' Anti-Malware website is always down so is spybot and a number of other spyware programs dont work because the installer cant get online and download the programs,windows cant even update.i know u've help other people with similar problems,
here's my hijack this txt please help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:18 PM, on 5/3/2009
Platform: Windows Vista SP2, v.113 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.16497)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\IFXSPMGT.exe /NotifyLogon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Google Search - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Similar Pages - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - [You must be registered and logged in to see this link.] Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B2A610A-C8CD-4A1B-B0B7-7CE6BA1A6DD5}: NameServer = 85.255.112.168,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5639AA9-2BC6-4595-8811-F3D8C6C086C6}: NameServer = 85.255.112.168,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD5FFFD4-82F4-45FC-8EAC-873E80D37B2F}: NameServer = 85.255.112.168,85.255.112.146
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.168,85.255.112.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.168,85.255.112.146
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\IFXTCS.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: RosettaStoneLtdController - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10053 bytes

kenny0537
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-05-04
OS OS : vista_32bit
Points Points : 27742
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need help im redirected by info-feed.com to random website

Post by Belahzur on Mon May 04, 2009 1:29 am

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O17 - HKLM\System\CCS\Services\Tcpip\..\{4B2A610A-C8CD-4A1B-B0B7-7CE6BA1A6DD5}: NameServer = 85.255.112.168,85.255.112.146
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D5639AA9-2BC6-4595-8811-F3D8C6C086C6}: NameServer = 85.255.112.168,85.255.112.146
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FD5FFFD4-82F4-45FC-8EAC-873E80D37B2F}: NameServer = 85.255.112.168,85.255.112.146
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.168,85.255.112.146
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.168,85.255.112.146
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)


  • Press "Fix Checked"
  • Close Hijack This.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I need help im redirected by info-feed.com to random website

Post by kenny0537 on Mon May 04, 2009 2:15 am

ok here's the avenger txt

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "gaopdxserv.sys" found!
ImagePath: \systemroot\system32\drivers\gaopdxifounbiehoviibrwwqmvposnstgtamcv.sys
Driver disabled successfully.

Rootkit scan completed.


Completed script processing.

*******************

Finished! Terminate.

kenny0537
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-05-04
OS OS : vista_32bit
Points Points : 27742
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need help im redirected by info-feed.com to random website

Post by Belahzur on Mon May 04, 2009 2:09 pm

1. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+CCrying


Drivers to delete:
gaopdxserv.sys

Files to delete:
C:\WINDOWS\system32\drivers\gaopdxifounbiehoviibrwwqmvposnstgtamcv.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I need help im redirected by info-feed.com to random website

Post by kenny0537 on Mon May 04, 2009 4:42 pm

Hi i used mbam to scan my computer as it was working after the rootkit was disabled and now avenger says this

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "gaopdxserv.sys" deleted successfully.

Error: file "C:\WINDOWS\system32\drivers\gaopdxifounbiehoviibrwwqmvposnstgtamcv.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\gaopdxifounbiehoviibrwwqmvposnstgtamcv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

kenny0537
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-05-04
OS OS : vista_32bit
Points Points : 27742
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need help im redirected by info-feed.com to random website

Post by Belahzur on Mon May 04, 2009 4:49 pm

Hello.
Please post the MBAM log, I need to check you have the latest database.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I need help im redirected by info-feed.com to random website

Post by kenny0537 on Mon May 04, 2009 4:56 pm

here's the mbam log

Malwarebytes' Anti-Malware 1.36
Database version: 2072
Windows 6.0.6002 Service Pack 2, v.113

5/4/2009 12:24:48 PM
mbam-log-2009-05-04 (12-24-48).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 171704
Time elapsed: 33 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{b8202e88-1a5f-49e9-872f-d24762136f19} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2c1cccf7-2adf-4948-bc24-3386361861d9} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5e84a6ea-e1a5-4758-8aa5-4d1a8f3a8c1e} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8eb9ad8f-852a-403a-8967-187ab8b0ddf1} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b6ca4c4b-e9c8-4ef0-8c7b-c1ea9782ec2c} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f4b5971f-4b9e-4b5a-a6eb-7cbdc5efe406} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.toolbarctl.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar.htmlmenuui.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hostie.bho.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbr.hbmain.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbmain.commband.1 (Adware.Zango) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\QuickTime Alternative\QuickTimePlayer.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\RECYCLER\S-5-0-15-100016895-100024498-100011904-8581.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\yadi\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Windows\System32\gaopdxoxpsnvnxadykvxyfgxntercubgecircq.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\drivers\gaopdxifounbiehoviibrwwqmvposnstgtamcv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

kenny0537
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-05-04
OS OS : vista_32bit
Points Points : 27742
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need help im redirected by info-feed.com to random website

Post by Belahzur on Mon May 04, 2009 5:01 pm

Hello.
Two things I need to know now before we move on.

1) Do you use QucikTime Alternative? MBAM has found it, but it's a false positive, we can restore it, just need to know if you use it.

2) Do you have any USB flash drives you've used since you've been infected? because this infection is able to spread to removable drives.

Let me know.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I need help im redirected by info-feed.com to random website

Post by kenny0537 on Mon May 04, 2009 5:04 pm

yes i use quicktime alternative and yes i have one flash drive

kenny0537
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-05-04
OS OS : vista_32bit
Points Points : 27742
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need help im redirected by info-feed.com to random website

Post by Belahzur on Mon May 04, 2009 5:09 pm

Okay, we'll restore and I'll let the MBAM guys know about this.
Open MBAM again. Go into the "Quarantine" tab.

Find "QuickTimePlayer.exe", it will show as "Rogue.Installer". Highlight it by clicking on it once, and then press restore.

Next, get ready to plug in your USB drive. DO NOT plug it in until I say so.

Please download [You must be registered and logged in to see this link.] to your Desktop and run it by double clicking the program's icon.

  1. Wait a couple of seconds for initial scan to finish.
  2. Connect your USB drive into the machine now, and keep it connected for at least for 10 seconds.
  3. If there are more USB storage devices to scan, please take a note about the order in which these were connected.
  4. After all the devices are scanned, right click in the Monitor tab, and choose "Save log". That will open the log in Notepad. Please copy and paste the log into this thread.
Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I need help im redirected by info-feed.com to random website

Post by kenny0537 on Mon May 04, 2009 5:18 pm

ok i restored the quicktime alternative and here's the usbnorisk log

USBNoRisk 2.1 by bobby

Started at 5/4/2009 1:14:52 PM

Scanning for connected USB Mass storage...
----------------------------------------
========================================

Scanning for other storage...
----------------------------------------
C: {2547a010-1f46-11de-a820-806e6f6e6963}
D: {2547a017-1f46-11de-a820-806e6f6e6963}
========================================


Scanning fixed storage for autorun.inf files...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for 2547a010-1f46-11de-a820-806e6f6e6963
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 2547a017-1f46-11de-a820-806e6f6e6963
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 5/4/2009 1:14:56 PM

Scanning for connected USB mass storage...
----------------------------------------
F: {b04e2745-0422-11de-889c-001641de6222}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
Sanitized mountpoint for b04e2745-0422-11de-889c-001641de6222
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

kenny0537
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-05-04
OS OS : vista_32bit
Points Points : 27742
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need help im redirected by info-feed.com to random website

Post by Belahzur on Mon May 04, 2009 5:22 pm

Hello.
The good new is, there is no USB infection here.

I want to do one more general scan to make sure it's gone, then we'll need to do another MBAM scan, but using a special way of running it. Doing so allows the MBAM team to figure out why there is a false positive.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I need help im redirected by info-feed.com to random website

Post by kenny0537 on Mon May 04, 2009 5:28 pm

here's the first one


DDS (Ver_09-03-16.01) - NTFSx86
Run by yadi at 13:25:13.86 on Mon 05/04/2009
Internet Explorer: 7.0.6002.16497 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1023.221 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\IFXSPMGT.exe
C:\Windows\system32\IFXTCS.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\IfxPsdSv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\Windows\Explorer.EXE
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\alg.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\System32\mobsync.exe
C:\Users\yadi\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\yadi\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = [You must be registered and logged in to see this link.]
uStart Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
mSearchAssistant = [You must be registered and logged in to see this link.]
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [Aim6]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [IFXSPMGT] c:\windows\system32\IFXSPMGT.exe /NotifyLogon
mRun: []
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
AppInit_DLLs: avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\yadi\appdata\roaming\mozilla\firefox\profiles\xv5wxzza.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\users\yadi\appdata\roaming\idm\idmmzcc2\components\idmmzcc.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-8 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-31 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-31 107272]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2006-10-12 38952]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-31 298264]
R2 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files\rosettastoneltdservices\RosettaStoneLtdController.exe [2008-9-16 352312]
R3 WCPU;WCPU;c:\program files\p4g\WCPU.sys [2008-12-29 11120]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 951632]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-4-2 9728]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-4-2 3072]

=============== Created Last 30 ================

2009-05-04 13:12 --d----- C:\USBNoRisk
2009-05-04 03:00 376,320 a------- c:\windows\system32\winhttp.dll
2009-05-03 22:16 --d----- c:\users\yadi\appdata\roaming\Malwarebytes
2009-05-03 22:16 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-03 22:16 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-03 22:16 --d----- c:\programdata\Malwarebytes
2009-05-03 22:16 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-03 22:16 --d----- c:\progra~2\Malwarebytes
2009-05-03 20:23 --d----- c:\users\yadi\appdata\roaming\Safer Networking
2009-05-03 20:22 --d----- c:\program files\Safer Networking
2009-04-22 10:38 --d----- c:\temp\mymovies
2009-04-14 00:07 --d----- c:\program files\Trend Micro
2009-04-12 00:15 --d----- c:\program files\mkv2vob
2009-04-12 00:14 --d----- c:\program files\common files\Wise Installation Wizard
2009-04-11 23:27 --d----- c:\program files\Winnydows
2009-04-11 22:49 --d----- c:\program files\URUSoft
2009-04-09 15:46 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf

==================== Find3M ====================

2009-05-04 12:46 41,918 a------- c:\users\yadi\appdata\roaming\nvModes.dat
2009-05-04 12:45 45,056 a------- c:\windows\system32\acovcnt.exe
2009-05-04 12:43 4,268 a------- c:\windows\bthservsdp.dat
2009-05-03 00:12 51,200 a------- c:\windows\inf\infpub.dat
2009-05-03 00:12 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-03 15:05 33 a------- c:\program files\ATKPF.ini
2009-03-19 16:51 160,356 a---h--- c:\windows\system32\mlfcache.dat
2009-03-19 14:03 1,907,712 a------- c:\windows\system32\BootMan.exe
2009-03-11 15:00 86,016 a------- c:\windows\inf\infstor.dat
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 21:10 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-08 21:10 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-02 17:11 33,021 a------- c:\windows\scunin.dat
2009-03-02 17:11 94,208 a------- c:\windows\ScUnin.exe
2009-02-26 18:37 118,784 a------- c:\windows\dsdxirmv.exe
2009-02-25 20:22 86,408 a------- c:\windows\system32\setupempdrv03.exe
2009-02-25 20:22 9,728 a------- c:\windows\system32\epmntdrv.sys
2009-02-25 20:22 3,072 a------- c:\windows\system32\EuGdiDrv.sys
2009-02-25 20:21 14,848 a------- c:\windows\system32\EuEpmGdi.dll
2009-02-10 16:29 2,034,176 a------- c:\windows\system32\win32k.sys
2008-10-18 09:59 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-01-12 16:54 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-01-12 16:54 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-01-12 16:54 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 13:25:35.57 ===============

kenny0537
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-05-04
OS OS : vista_32bit
Points Points : 27742
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need help im redirected by info-feed.com to random website

Post by kenny0537 on Mon May 04, 2009 5:29 pm

here's the second


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/29/2008 8:04:00 PM
System Uptime: 5/4/2009 12:44:51 PM (1 hours ago)

Motherboard: ASUSTeK Computer Inc. | | W7J
Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz | Socket 478 | 1992/167mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 59 GiB total, 6.424 GiB free.
D: is FIXED (NTFS) - 53 GiB total, 6.053 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP227: 5/2/2009 3:42:49 PM - Scheduled Checkpoint
RP229: 5/3/2009 12:03:52 AM - Configured Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Networˇ6§,
RP230: 5/3/2009 1:37:18 PM - Scheduled Checkpoint
RP232: 5/3/2009 10:12:00 PM - Avg8 Update
RP233: 5/4/2009 1:26:37 AM - Windows Update
RP234: 5/4/2009 3:00:10 AM - Windows Update

==== Installed Programs ======================

µTorrent
7-Zip 4.57
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AIM 6
Apple Mobile Device Support
Apple Software Update
Ares 1.9.7
ASUS Live Update
ASUS Splendid Video Enhancement Technology
ASUS WebCam, 1.3M, USB2.0, FF
AT&T Yahoo! Internet Mail
ATK Hotkey
ATKOSD2
AuthenTec Fingerprint Sensor Minimum Install
AutoUpdate
AVG Free 8.0
AviSynth 2.5
Boilsoft Video Joiner 5.32
Bonjour
Cakewalk VST Adapter 4
Combined Community Codec Pack 2008-01-24
Cool Edit Pro 2.1
Core FTP LE 1.3c
DivX
DivX Web Player
DreamStation DXi2
DVD Decrypter (Remove Only)
EASEUS Partition Master 3.5 Home Edition
FileShare 1.4
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Infineon TPM Professional Package
Internet Download Manager
iTunes
Java(TM) 6 Update 13
LifeFrame2
LightScribe 1.4.124.1
Malwarebytes' Anti-Malware
MeGUI modern media encoder (remove only)
Microsoft .NET Framework 1.1
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
mIRC
mkv2vob
MKVtoolnix 2.6.0
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB927978)
NB Probe
Nero 7 Essentials
NVIDIA Drivers
Power4Gear eXtreme
PowerForPhone
QuickTime
QuickTime Alternative 1.67
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Rosetta Stone Ltd Services
Roxio Drag-to-Disc
Roxio Easy Media Creator 9 Suite
SONAR LE
Starcraft
Synaptics Pointing Device Driver
Trillian
UPEK TouchChip TFM/ESS Drivers
USB2.0 1.3M WebCam
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.8a
WIDCOMM Bluetooth Software 6.0.1.3400
WinFlash
WinRAR archiver
Wireless Console 2
Xilisoft Video Converter Ultimate
Xingtone Ringtone Maker
Yahoo! Install Manager

==== End Of File ===========================

kenny0537
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-05-04
OS OS : vista_32bit
Points Points : 27742
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need help im redirected by info-feed.com to random website

Post by Belahzur on Mon May 04, 2009 5:34 pm

I see that you are running Ares and uTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • µTorrent
  • 7-Zip 4.57 <== old version
  • Ares 1.9.7

I see you have 7Zip and VLC player installed. Both of these you are running are old versions and need updating.

Download and install [You must be registered and logged in to see this link.]
When installing, it will ask if you want to uninstall the old version first before it can install the new version, so please select yes and allow it to install.

Next, if you use 7Zip, download and install [You must be registered and logged in to see this link.].

Let me know how the machine is running now. Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: I need help im redirected by info-feed.com to random website

Post by kenny0537 on Mon May 04, 2009 5:47 pm

its running good thank you for all your help i would have never thought of this on my own

kenny0537
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-05-04
OS OS : vista_32bit
Points Points : 27742
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need help im redirected by info-feed.com to random website

Post by kenny0537 on Mon May 04, 2009 5:48 pm

"

kenny0537
Novice
Novice

Posts Posts : 10
Joined Joined : 2009-05-04
OS OS : vista_32bit
Points Points : 27742
# Likes # Likes : 0

View user profile

Back to top Go down

Re: I need help im redirected by info-feed.com to random website

Post by Belahzur on Mon May 04, 2009 5:56 pm

Good. One last thing to do now.

  1. Go to Start.
  2. Search for "Run" and open the Run box.
  3. In the run box, type in "mbam /developer" without the quotes.


Doing this opens a special mode in MBAM. Now go into the "Update" tab and update it to the latest database, which is 2074.
Now go back into the "Scanner" tab and let it do another scan.

It might still find QuickTime Alternative, but if it does, DO NOT remove it.
Allow to the scan to finish and post the new log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum