You are not logged in.

Thursday, July 31st 2014, 7:35pm

The Avira Forum will be moved to the new platform Avira Answers soon. We'll make the transition of existing user profiles and threads as smooth as possible.
New visitors are able to log in on Avira Answers with the existing Avira account directly or sign up with a new account.

  • "Who?" started this thread

Date of registration:
Aug 12th 2010

  • Send private message

1

Thursday, August 12th 2010, 4:22pm

Constant redirection and pop up site caused by virus

I have scanned my laptop several times and now it says there is no virus.... However, if I do a search in google, it still misdirects me to various other non related sites AND even if I don't do a search, every now and again a website pops up trying to sell me some kind of work from home make a fortune thing. How do I block this website and how do I get rid of whatever is trying to redirect me to wrong sites? I should say I know very little about laptops etc. So please explain for a computer novice. Thank you.

marfabilis

Moderator

Date of registration:
May 14th 2010

Version:
Avira Free Antivirus
Avira Antivirus Suite
Avira Internet Security Suite
Avira Internet Security

Operating System:
System of a Down

  • Send private message

2

Thursday, August 12th 2010, 4:48pm

Hi,

Please post here a DDS Log.
  • Download the DDS Tool
  • Save the file to your Desktop
  • Double-click on the DDS.scr icon to start the program
  • Click on the run button to start DDS
  • DDS will now display a small black window providing information as to what DDS is doing on your computer

  • DDS will now start scanning your computer and compiling a variety of information about what programs are starting on your computer, what files have been recently created, and the general configuration of your computer.
  • When DDS has finished scanning, all of this information will be compiled and be displayed in two notepad windows named dds.txt and attach.txt
  • Save both files to your Desktop and post in your reply. You can post into small parts
| :: RU | EN | PT-BR | ZH-CN | ZH-TW ::

  • "Who?" started this thread

Date of registration:
Aug 12th 2010

  • Send private message

3

Thursday, August 12th 2010, 5:05pm

constant redirection dds reports as requested

Btw I really appreciate you taking your time to help me with this!
This is the first one, the other one says zip it up and attach unless otherwise asked to post. Should I post it, or should I zip it and attach it? And ... what does that mean and how do I zip? Also where's the attach button... Sorry... but it has made me realise I do need to learn the ins and outs of my laptop... any suggestions as to a good place to start? Again, thank you so much for your time as this is really frustrating!


DDS (Ver_10-03-17.01) - NTFSx86
Run by Clancey at 15:54:03.70 on 12/08/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.953 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\3 Mobile Broadband\3Connect\Wilog.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\system32\dllhost.exe
c:\program files\avira\antivir desktop\avconfig.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\VS7JIT.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Clancey\My Documents\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.co.uk/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [{00DA947F-68A0-668A-2DAA-9D54443A234F}] "c:\documents and settings\clancey\application data\ufoveg\mibu.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [sysfbtray] c:\windows\bill119.exe
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.euro.dell.com/systemprofiler/SysPro.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: {8D81CCCF-A50E-483C-9F5D-2EC29BD30D40} = 217.171.135.1 217.171.132.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-31 385880]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-7 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-7 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-7 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-7 60936]
R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2010-6-21 1737464]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-8-3 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2010-8-3 359952]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2010-8-3 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2010-8-3 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-3 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-3 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-8-3 40552]
S1 OBI;OBI;\??\c:\windows\system32\drivers\obi.sys --> c:\windows\system32\drivers\OBI.sys [?]
S2 dobi;dobi;c:\windows\system32\svchost.exe -k dobi [2005-8-16 14336]
S2 webserver;webserver;c:\program files\webserver\webserver.exe --> c:\program files\webserver\webserver.exe [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2009-10-14 102656]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-6-21 9216]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-8-3 34248]

=============== Created Last 30 ================

2010-08-10 14:18:55 0 d-----w- c:\program files\CCleaner
2010-08-07 17:45:20 0 d-----w- c:\docume~1\clancey\applic~1\Avira
2010-08-07 17:38:18 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-07 17:38:08 0 d-----w- c:\program files\Avira
2010-08-07 17:38:08 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-08-06 10:54:52 0 d-----w- c:\program files\CONEXANT
2010-08-05 15:36:23 0 d-----w- c:\program files\AnVi
2010-08-03 13:39:26 10283 ----a-w- c:\windows\system32\Config.MPF
2010-08-03 13:35:46 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-03 13:35:46 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-08-03 13:35:46 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-08-03 13:35:39 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2010-08-03 13:35:00 0 d-----w- c:\program files\common files\McAfee
2010-08-03 13:34:59 0 d-----w- c:\program files\McAfee.com
2010-08-03 13:34:49 0 d-----w- c:\program files\McAfee
2010-08-03 13:26:52 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-08-03 09:33:36 14638 ----a-w- c:\windows\fs1235.dat
2010-08-03 09:31:40 0 d-----w- c:\program files\webserver
2010-08-03 09:30:19 1 ----a-w- c:\windows\fdgg34353edfgdfdf
2010-08-02 11:10:35 1 ---h--w- c:\windows\bk23567.dat
2010-07-14 15:08:57 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 17:37:07 0 d-----w- c:\docume~1\clancey\applic~1\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1

==================== Find3M ====================


============= FINISH: 15:57:50.60 ===============

marfabilis

Moderator

Date of registration:
May 14th 2010

Version:
Avira Free Antivirus
Avira Antivirus Suite
Avira Internet Security Suite
Avira Internet Security

Operating System:
System of a Down

  • Send private message

4

Thursday, August 12th 2010, 5:49pm

You are using two antivirus, and it's not recommended.
Could you please post the attach.txt?
| :: RU | EN | PT-BR | ZH-CN | ZH-TW ::

  • "Who?" started this thread

Date of registration:
Aug 12th 2010

  • Send private message

5

Thursday, August 12th 2010, 6:38pm

non stop redirection

I had the McAfee with the laptop but had this problem and a friend told me about Avira. I think I would like to upgrade on the Avira when I can afford to. Do you recommend I remove the McAfee?

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 02/11/2007 15:30:10
System Uptime: 08/12/2010 14:44:03 (-2831 hours ago)

Motherboard: Dell Inc. | | 0KD882
Processor: Genuine Intel(R) CPU T2130 @ 1.86GHz | Microprocessor | 1862/133mhz
Processor: Genuine Intel(R) CPU T2130 @ 1.86GHz | Microprocessor | 1862/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 142 GiB total, 124.48 GiB free.
D: is CDROM (CDFS)
E: is CDROM (CDFS)
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP122: 25/05/2010 20:07:47 - Software Distribution Service 3.0
RP123: 26/05/2010 16:07:37 - Software Distribution Service 3.0
RP124: 27/05/2010 02:32:28 - Software Distribution Service 3.0
RP125: 07/06/2010 19:37:08 - System Checkpoint
RP126: 11/06/2010 02:55:56 - Software Distribution Service 3.0
RP127: 12/06/2010 11:13:40 - Software Distribution Service 3.0
RP128: 21/06/2010 21:24:33 - Installed 3Connect
RP129: 22/06/2010 13:11:10 - Software Distribution Service 3.0
RP130: 14/07/2010 22:51:34 - Software Distribution Service 3.0
RP131: 21/07/2010 13:11:19 - System Checkpoint
RP132: 22/07/2010 17:18:24 - System Checkpoint
RP133: 03/08/2010 12:42:41 - Software Distribution Service 3.0
RP134: 03/08/2010 12:47:00 - Installed Windows XP KB914882.
RP135: 04/08/2010 23:55:16 - Software Distribution Service 3.0
RP136: 05/08/2010 12:57:40 - Removed Microsoft Silverlight
RP137: 05/08/2010 12:59:30 - Removed Tiscali Internet
RP138: 05/08/2010 13:00:03 - Removed TalkTalk Assist & Go
RP139: 05/08/2010 13:07:36 - Removed Zoosk Messenger
RP140: 05/08/2010 15:48:35 - Software Distribution Service 3.0
RP141: 05/08/2010 17:01:13 - Software Distribution Service 3.0
RP142: 08/08/2010 19:51:48 - System Checkpoint
RP143: 09/08/2010 21:01:33 - System Checkpoint

==== Installed Programs ======================

3Connect
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Antivirus
Avira AntiVir Personal - Free Antivirus
Broadcom Management Programs
Browser Address Error Redirector
CCleaner
Conexant HDA D110 MDC V.92 Modem
Coupon Printer
Dell Support Center (Support Software)
Dell System Restore
Dell Wireless WLAN Card
DellSupport
Digital Line Detect
ESPNMotion
GemMaster Mystic
Google Desktop
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.514
High Definition Audio Driver Package - KB835221
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Huawei modem
IKEA HomePlanner Kitchen
Intel(R) Graphics Media Accelerator Driver
Invoke Solutions Participant 6.2.0.1452
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3
Logitech Audio Echo Cancellation Component
Logitech Desktop Messenger
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Map Button (Windows Live Toolbar)
McAfee SecurityCenter
MediaDirect
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mixer
Modem Helper
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MVision
My Web Search (Webfetti)
NetWaiting
OneCare Advisor (Windows Live Toolbar)
Orange Preload
Otto
OutlookAddinSetup
PartyPoker
Popup Blocker (Windows Live Toolbar)
QuickSet

  • "Who?" started this thread

Date of registration:
Aug 12th 2010

  • Send private message

6

Thursday, August 12th 2010, 6:39pm

non stop redirection

Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SigmaTel Audio
Smart Menus (Windows Live Toolbar)
Sonic Activation Module
Sonic Encoders
Sound Blaster Audigy ADVANCED MB Demo
Synaptics Pointing Device Driver
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Yahoo! Toolbar
ZTE_1.2059.0.8

==== Event Viewer Messages From Past Week ========

09/08/2010 01:11:58, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
08/08/2010 14:31:11, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
08/08/2010 11:15:40, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: OBI
08/08/2010 11:15:23, error: Service Control Manager [7023] - The dobi service terminated with the following error: The specified module could not be found.
08/08/2010 11:15:23, error: Service Control Manager [7000] - The webserver service failed to start due to the following error: The system cannot find the file specified.
08/08/2010 11:15:08, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
08/08/2010 11:15:08, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
07/08/2010 19:02:23, error: Service Control Manager [7031] - The dobi service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
07/08/2010 18:32:49, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
07/08/2010 18:32:49, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Clancey\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
07/08/2010 18:32:49, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
07/08/2010 18:25:53, error: Service Control Manager [7000] - The OBI service failed to start due to the following error: The system cannot find the file specified.
07/08/2010 18:25:50, error: Service Control Manager [7022] - The dobi service hung on starting.
05/08/2010 11:44:26, error: Microsoft Antimalware [2001] -

==== End Of File ===========================

  • "Who?" started this thread

Date of registration:
Aug 12th 2010

  • Send private message

7

Thursday, August 12th 2010, 6:39pm

constant redirection

Hi, Does that help? And ty again.

marfabilis

Moderator

Date of registration:
May 14th 2010

Version:
Avira Free Antivirus
Avira Antivirus Suite
Avira Internet Security Suite
Avira Internet Security

Operating System:
System of a Down

  • Send private message

8

Thursday, August 12th 2010, 6:46pm

Yeah you´re really infected.

Please follow these instructions below:
  • Download Malwarebytes Anti-Malware;
  • Make sure you are connected to the Internet;
  • Double-click on mbam-setup.exe to install the application.;
  • When the installation begins, follow the prompts and do not make any changes to default settings;
  • When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Then click Finish.

    MBAM will automatically start and you will be asked to update the program before performing a scan.
    If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.


  • Make sure the "Perform full scan" option is selected.
  • Note: Before running Malwarebytes’ Anti-Malware full scan, please disable temporarily AntiVir Guard to avoid conflicts.
  • Then click on the Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the content of that report in your next reply.
  • If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Now we'll need run the TDSSKiller
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your Desktop.
  • Once extracted, open the TDSSKiller folder and double click on TDSSKiller.exe to run the application, then click on Start Scan.
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
  • Logs have names like: UtilityName.Version_Date_Time_log.txt.
    E.g. C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
  • Post the result in your next reply
Then I will decide the next step.
| :: RU | EN | PT-BR | ZH-CN | ZH-TW ::

  • "Who?" started this thread

Date of registration:
Aug 12th 2010

  • Send private message

9

Thursday, August 12th 2010, 8:37pm

constant redirection

Oh Crap! Mind you, just as I thought. Ok will do as you have recommended. Thank you. Will I lose any of my stored information like pictures and files?

  • "Who?" started this thread

Date of registration:
Aug 12th 2010

  • Send private message

10

Thursday, August 12th 2010, 8:40pm

constant redirection

That's a lot of instruction so am going to log off now and start again in the morning. I'll post an update tomorrow afternoon. Thank you so much for all your help btw.

marfabilis

Moderator

Date of registration:
May 14th 2010

Version:
Avira Free Antivirus
Avira Antivirus Suite
Avira Internet Security Suite
Avira Internet Security

Operating System:
System of a Down

  • Send private message

11

Thursday, August 12th 2010, 8:49pm

No, no. I'll try to clean your machine without losing your images or files. These first steps will not solve the problem immediately but it will allow me to evaluate the most appropriate tool to provide the solution to your problem and to minimize any side effects, thinking about the integrity of your machine.

Ok I'll wait your response :)
| :: RU | EN | PT-BR | ZH-CN | ZH-TW ::

  • "Who?" started this thread

Date of registration:
Aug 12th 2010

  • Send private message

12

Friday, September 3rd 2010, 3:09pm

constant redirection

Hi Marfabilis,

First apologies for such a delay in my reply, but I was unwell and while I was unwell my laptop became even more unwell than me!

I started to carry out the tasks you suggested, but further infections (over 7000 in one day alone) meant that all efforts took hours and hours....

So, when I was feeling better and up to the task, I dug out my instruction booklets and original discs, saved my pictures and files and wiped and reprogrammed my laptop and ... I think it's worked! :)

I want to thank you for your help because at the time that this happened I was at my wits end and the fact that you took the time to look at my logs and to make postive suggestions really helped me get it together and actually try to remedy the situation without it costing me an absolute fortune. (I'm a very poor medical student and every penny counts!)

I'd like to ask you a couple more questions please. First, when I insert my discs of saved pictures and files, will the original virus be on there? If so, will Avira detect this and stop it? And secondly, how do I remove the installed McAfee files from my computer so I can just have the Avira files?

Again, thank you so much for all you help.

kevin009

Community member

Date of registration:
Aug 9th 2007

Operating System:
Windows 7

  • Send private message

13

Friday, September 3rd 2010, 3:35pm

Quoted

I'd like to ask you a couple more questions please. First, when I insert my discs of saved pictures and files, will the original virus be on there? If so, will Avira detect this and stop it? And secondly, how do I remove the installed McAfee files from my computer so I can just have the Avira files?
If you backed up your data into these discs while your machine was infected, then I suggest that you do an on-demand scan of your discs with AntiVir and MBAM before opening or copying them to the hard disk.

If MBAM detects anything that AntiVir didn't, please send the samples AntiVir missed to the Avira virus lab using this link as suspected malware. You'll get an email response.

This post has been edited 1 times, last edit by "kevin009" (Sep 3rd 2010, 3:38pm)


  • "Who?" started this thread

Date of registration:
Aug 12th 2010

  • Send private message

14

Friday, September 3rd 2010, 4:02pm

constant redirection

Kevin,

Thank you.

I'll do that now!

marfabilis

Moderator

Date of registration:
May 14th 2010

Version:
Avira Free Antivirus
Avira Antivirus Suite
Avira Internet Security Suite
Avira Internet Security

Operating System:
System of a Down

  • Send private message

15

Friday, September 3rd 2010, 5:03pm

Despite the MBAM and Avira are great, they are not 100% .. Save only your mp3's, videos, images, documents, software licenses, emails and executable programs which are very important and which cannot be downloaded again from the Internet. Disposal system files, installed programs and temporary files. This will minimize possible failures of detection of both programs.

About McAfee: http://service.mcafee.com/FAQDocument.aspx?id=TS100507

Regards,

Marco
| :: RU | EN | PT-BR | ZH-CN | ZH-TW ::