Author Topic: [Resolved K] Links redirected  (Read 1780 times)

0 Members and 1 Guest are viewing this topic.

Offline cd36

  • Bronze Member
  • Posts: 6
[Resolved K] Links redirected
« on: January 01, 2012, 04:17:53 pm »
I don't know where it came from, but I've started to have issues with clicking links and being redirected to other sites, and it can happen on any webpage I visit. I have ran Microsoft Security Essentials and Malwarebytes, and while they both removed stuff, it hasn't gone away. I also noticed in System Config an item called CreoLab with command "C:\ProgramData\gnperzkdflyggno\uskk.exe" that I have disabled from starting up. My DDS and Hijackthis logs are below.

DDS (Ver_2011-08-26.01) - NTFSAMD64
 Internet Explorer: 9.0.8112.16421
 Run by Jeff at 10:40:56 on 2011-12-30
 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.6142.3895 [GMT -6:00]
 .
 AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
 SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
 SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 .
 ============== Running Processes ===============
 .
 C:\Windows\system32\wininit.exe
 C:\Windows\system32\lsm.exe
 C:\Windows\system32\svchost.exe -k DcomLaunch
 C:\Windows\system32\svchost.exe -k rpcss
 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
 C:\Windows\system32\atiesrxx.exe
 C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
 C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
 C:\Windows\system32\svchost.exe -k netsvcs
 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 C:\Windows\system32\svchost.exe -k GPSvcGroup
 C:\Windows\system32\SLsvc.exe
 C:\Windows\system32\svchost.exe -k LocalService
 C:\Windows\system32\svchost.exe -k NetworkService
 C:\Windows\system32\atieclxx.exe
 C:\Windows\System32\spoolsv.exe
 C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
 C:\Windows\System32\svchost.exe -k HPZ12
 C:\Windows\System32\svchost.exe -k HPZ12
 C:\Windows\SysWOW64\PnkBstrA.exe
 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
 C:\Windows\system32\svchost.exe -k imgsvc
 C:\Windows\System32\svchost.exe -k WerSvcGroup
 C:\Windows\system32\SearchIndexer.exe
 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
 C:\Windows\system32\WUDFHost.exe
 C:\Windows\system32\taskeng.exe
 C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
 C:\Windows\system32\svchost.exe -k HPService
 C:\Windows\system32\Dwm.exe
 C:\Windows\system32\taskeng.exe
 C:\Windows\Explorer.EXE
 C:\Program Files\Microsoft Security Client\msseces.exe
 C:\Program Files (x86)\Steam\Steam.exe
 C:\Windows\SysWOW64\Ctxfihlp.exe
 C:\Program Files (x86)\AnalogX\NetStat Live\nsl.exe
 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 C:\Windows\SysWOW64\CTXFISPI.EXE
 C:\Program Files (x86)\Opera\opera.exe
 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
 C:\Windows\system32\wuauclt.exe
 C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
 C:\Windows\system32\notepad.exe
 C:\Windows\SysWOW64\NOTEPAD.EXE
 C:\Windows\SysWOW64\cmd.exe
 C:\Windows\SysWOW64\cscript.exe
 C:\Windows\SysWOW64\conime.exe
 C:\Windows\system32\wbem\wmiprvse.exe
 .
 ============== Pseudo HJT Report ===============
 .
 uStart Page = hxxp://www.netflix.com/
 mWinlogon: Userinit=userinit.exe,
 BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
 BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
 uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
 mRun: [CTxfiHlp] CTXFIHLP.EXE
 mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
 mRun: [NetStat Live] "C:\Program Files (x86)\AnalogX\NetStat Live\nsl.exe"
 mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 mPolicies-explorer: NoActiveDesktop = 1 (0x1)
 mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
 mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
 mPolicies-system: EnableLUA = 0 (0x0)
 mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
 DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
 DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
 DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
 TCP: DhcpNameServer = 192.168.1.1
 TCP: Interfaces\{5BD42926-54B3-4BFF-8F54-C99827680ADE} : DhcpNameServer = 192.168.1.1
 BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
 BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
 mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
 mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
 mRun-x64: [NetStat Live] "C:\Program Files (x86)\AnalogX\NetStat Live\nsl.exe"
 mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 Hosts: 66.197.194.231 www.google-analytics.com.
 Hosts: 66.197.194.231 ad-emea.doubleclick.net.
 Hosts: 66.197.194.231 www.statcounter.com.
 Hosts: 69.72.252.254 www.google-analytics.com.
 Hosts: 69.72.252.254 ad-emea.doubleclick.net.
 .
 Note: multiple HOSTS entries found. Please refer to Attach.txt
 .
 ============= SERVICES / DRIVERS ===============
 .
 R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
 R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
 R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-9-7 21504]
 R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
 R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
 R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdLH6.sys --> C:\Windows\system32\drivers\AtihdLH6.sys [?]
 R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
 R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
 R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
 R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
 R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
 R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
 R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
 S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
 S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
 S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-9-7 79360]
 S3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2011-9-8 79360]
 S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
 S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
 S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
 S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2011-9-7 19968]
 S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
 S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-9-7 89920]
 .
 =============== File Associations ===============
 .
 JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
 .
 =============== Created Last 30 ================
 .
 2011-12-30 16:25:22 388096 ----a-r- C:\Users\Jeff\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
 2011-12-30 16:25:22 -------- d-----w- C:\Program Files (x86)\Trend Micro
 2011-12-29 18:47:58 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{87488462-90DB-498E-94DF-A745C0CB860F}\offreg.dll
 2011-12-29 17:02:28 -------- d-----w- C:\Users\Jeff\AppData\Roaming\Malwarebytes
 2011-12-29 17:02:23 -------- d-----w- C:\ProgramData\Malwarebytes
 2011-12-29 17:02:22 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
 2011-12-29 17:02:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
 2011-12-29 14:42:14 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{87488462-90DB-498E-94DF-A745C0CB860F}\mpengine.dll
 2011-12-28 14:31:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
 2011-12-28 14:31:45 2048 ----a-w- C:\Windows\System32\tzres.dll
 2011-12-28 14:31:42 85504 ----a-w- C:\Windows\System32\csrsrv.dll
 2011-12-28 14:31:42 559616 ----a-w- C:\Windows\System32\EncDec.dll
 2011-12-28 14:31:42 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
 2011-12-28 14:31:42 2764800 ----a-w- C:\Windows\System32\win32k.sys
 .
 ==================== Find3M ====================
 .
 2011-12-13 04:33:02 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 2011-11-10 11:54:13 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
 2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
 2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
 2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
 2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
 2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
 2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
 2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
 2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
 2011-10-26 03:21:54 66560 ----a-w- C:\Windows\System32\OpenVideo64.dll
 2011-10-26 03:21:48 56832 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
 2011-10-26 03:21:40 66560 ----a-w- C:\Windows\System32\OVDecoder64.dll
 2011-10-26 03:21:34 56832 ----a-w- C:\Windows\SysWow64\OVDecoder.dll
 2011-10-26 03:21:24 16991744 ----a-w- C:\Windows\System32\amdocl64.dll
 2011-10-26 03:20:42 13950464 ----a-w- C:\Windows\SysWow64\amdocl.dll
 2011-10-26 03:05:10 10496512 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
 2011-10-26 02:16:06 24866816 ----a-w- C:\Windows\System32\atio6axx.dll
 2011-10-26 02:06:10 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
 2011-10-26 02:05:58 748544 ----a-w- C:\Windows\SysWow64\aticfx32.dll
 2011-10-26 02:04:28 892416 ----a-w- C:\Windows\System32\aticfx64.dll
 2011-10-26 02:01:46 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
 2011-10-26 02:01:36 517120 ----a-w- C:\Windows\System32\atieclxx.exe
 2011-10-26 02:00:58 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
 2011-10-26 01:59:48 18757120 ----a-w- C:\Windows\SysWow64\atioglxx.dll
 2011-10-26 01:59:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
 2011-10-26 01:59:22 423424 ----a-w- C:\Windows\System32\atipdl64.dll
 2011-10-26 01:59:16 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
 2011-10-26 01:59:04 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
 2011-10-26 01:58:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
 2011-10-26 01:58:54 59392 ----a-w- C:\Windows\System32\atiedu64.dll
 2011-10-26 01:58:48 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
 2011-10-26 01:55:48 4292096 ----a-w- C:\Windows\SysWow64\atidxx32.dll
 2011-10-26 01:46:12 5041664 ----a-w- C:\Windows\System32\atidxx64.dll
 2011-10-26 01:43:48 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
 2011-10-26 01:43:24 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
 2011-10-26 01:43:12 4044288 ----a-w- C:\Windows\System32\atiumd6a.dll
 2011-10-26 01:38:32 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
 2011-10-26 01:38:30 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
 2011-10-26 01:38:20 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
 2011-10-26 01:38:18 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
 2011-10-26 01:38:08 9978880 ----a-w- C:\Windows\System32\aticaldd64.dll
 2011-10-26 01:35:38 4353536 ----a-w- C:\Windows\SysWow64\atiumdag.dll
 2011-10-26 01:34:56 8449024 ----a-w- C:\Windows\SysWow64\aticaldd.dll
 2011-10-26 01:32:30 4189184 ----a-w- C:\Windows\SysWow64\atiumdva.dll
 2011-10-26 01:29:32 5510144 ----a-w- C:\Windows\System32\atiumd64.dll
 2011-10-26 01:29:24 58880 ----a-w- C:\Windows\System32\coinst.dll
 2011-10-26 01:22:38 486912 ----a-w- C:\Windows\System32\atiadlxx.dll
 2011-10-26 01:22:30 339968 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
 2011-10-26 01:22:20 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
 2011-10-26 01:22:16 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
 2011-10-26 01:22:16 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
 2011-10-26 01:22:12 39936 ----a-w- C:\Windows\System32\atig6txx.dll
 2011-10-26 01:22:06 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
 2011-10-26 01:21:58 326656 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
 2011-10-26 01:21:12 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
 2011-10-26 01:21:06 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
 2011-10-26 01:21:00 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
 2011-10-26 01:20:52 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
 2011-10-26 01:20:34 45056 ----a-w- C:\Windows\System32\atitmp64.dll
 2011-10-26 01:20:20 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
 2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\atimpc64.dll
 2011-10-26 01:16:06 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
 2011-10-26 01:15:58 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
 2011-10-26 01:15:58 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
 .
 ============= FINISH: 10:41:10.15 ===============

DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 07/09/2011 9:01:45 PM
System Uptime: 29/12/2011 12:47:32 PM (22 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | EP45-UD3L
Processor: Intel(R) Core(TM)2 Quad CPU    Q9550  @ 2.83GHz | Socket 775 | 2834/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 56 GiB total, 12.307 GiB free.
D: is CDROM ()
E: is CDROM (UDF)
F: is FIXED (NTFS) - 128 GiB total, 29.783 GiB free.
G: is FIXED (NTFS) - 105 GiB total, 20.684 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart D110 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP128: 24/12/2011 12:49:48 PM - Windows Update
RP129: 25/12/2011 9:55:59 AM - Scheduled Checkpoint
RP130: 27/12/2011 6:20:40 PM - Windows Update
RP131: 28/12/2011 8:32:04 AM - Windows Update
RP132: 29/12/2011 - Scheduled Checkpoint
RP133: 29/12/2011 8:42:09 AM - Windows Update
RP134: 30/12/2011 - Scheduled Checkpoint
RP135: 30/12/2011 10:25:18 AM - Installed HiJackThis
.
==== Hosts File Hijack ======================
.
Hosts: 66.197.194.231 www.google-analytics.com.
Hosts: 66.197.194.231 ad-emea.doubleclick.net.
Hosts: 66.197.194.231 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
Hosts: 69.72.252.254 www.statcounter.com.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
AnalogX NetStat Live
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
DDL and DTS Connect License Activation
Dolby Digital Live Pack
DTS Connect Pack
Foxit Reader 5.1
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Java Auto Updater
Java(TM) 6 Update 30
Malwarebytes Anti-Malware version 1.60.0.1800
Mass Effect
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenAL
OpenOffice.org 3.3
Opera 11.60
PS_AIO_07_D110_SW_Min
PunkBuster Services
Realtek Ethernet Controller Driver
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Sid Meier's Civilization V
Steam
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VLC media player 1.1.11
.
==== Event Viewer Messages From Past Week ========
.
28/12/2011 8:35:59 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
27/12/2011 6:09:13 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/12/2011 9:01:26 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
24/12/2011 12:38:31 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================



 Logfile of Trend Micro HijackThis v2.0.4
 Scan saved at 10:30:06 AM, on 30/12/2011
 Platform: Windows Vista SP2 (WinNT 6.00.1906)
 MSIE: Internet Explorer v9.00 (9.00.8112.16421)
 Boot mode: Normal

 Running processes:
 C:\Program Files (x86)\Steam\Steam.exe
 C:\Windows\SysWOW64\Ctxfihlp.exe
 C:\Program Files (x86)\AnalogX\NetStat Live\nsl.exe
 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
 C:\Windows\SysWOW64\CTXFISPI.EXE
 C:\Program Files (x86)\Opera\opera.exe
 C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
 F2 - REG:system.ini: UserInit=userinit.exe,
 O1 - Hosts: ::1 localhost
 O1 - Hosts: 66.197.194.231 www.google-analytics.com.
 O1 - Hosts: 66.197.194.231 ad-emea.doubleclick.net.
 O1 - Hosts: 66.197.194.231 www.statcounter.com.
 O1 - Hosts: 69.72.252.254 www.google-analytics.com.
 O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
 O1 - Hosts: 69.72.252.254 www.statcounter.com.
 O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
 O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
 O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
 O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
 O4 - HKLM\..\Run: [NetStat Live] "C:\Program Files (x86)\AnalogX\NetStat Live\nsl.exe"
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
 O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
 O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
 O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
 O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
 O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
 O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
 O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
 O23 - Service: Creative Dolby Digital Live Pack Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe
 O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
 O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
 O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
 O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
 O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
 O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
 O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
 O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
 O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
 O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
 O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
 O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
 O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
 O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
 O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
 O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 --
 End of file - 6041 bytes
« Last Edit: January 07, 2012, 05:06:59 pm by kevinf80 »



Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7129
Re: [Resolved K] Links redirected
« Reply #1 on: January 01, 2012, 05:12:02 pm »
Hello cd36 and welcome to SpywareHammer,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.
  • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
  • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
  • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
  • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
  • If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
  • If you have any P2P applications installed such as BitTorrent, uTorrent, Limewire etc etc, please uninstall them before we begin.
  • If you are using Cracked or Illegal software your thread will be locked and all help will cease.

Please proceed as follows :-

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 1 and validate by tapping Enter
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Kevin


Offline cd36

  • Bronze Member
  • Posts: 6
Re: [Resolved K] Links redirected
« Reply #2 on: January 01, 2012, 06:27:08 pm »
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 07/09/2011 9:01:45 PM
System Uptime: 29/12/2011 12:47:32 PM (22 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | EP45-UD3L
Processor: Intel(R) Core(TM)2 Quad CPU    Q9550  @ 2.83GHz | Socket 775 | 2834/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 56 GiB total, 12.307 GiB free.
D: is CDROM ()
E: is CDROM (UDF)
F: is FIXED (NTFS) - 128 GiB total, 29.783 GiB free.
G: is FIXED (NTFS) - 105 GiB total, 20.684 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart D110 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart D110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart D110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP128: 24/12/2011 12:49:48 PM - Windows Update
RP129: 25/12/2011 9:55:59 AM - Scheduled Checkpoint
RP130: 27/12/2011 6:20:40 PM - Windows Update
RP131: 28/12/2011 8:32:04 AM - Windows Update
RP132: 29/12/2011 - Scheduled Checkpoint
RP133: 29/12/2011 8:42:09 AM - Windows Update
RP134: 30/12/2011 - Scheduled Checkpoint
RP135: 30/12/2011 10:25:18 AM - Installed HiJackThis
.
==== Hosts File Hijack ======================
.
Hosts: 66.197.194.231 www.google-analytics.com.
Hosts: 66.197.194.231 ad-emea.doubleclick.net.
Hosts: 66.197.194.231 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
Hosts: 69.72.252.254 www.statcounter.com.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
AnalogX NetStat Live
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
CCC Help English
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
DDL and DTS Connect License Activation
Dolby Digital Live Pack
DTS Connect Pack
Foxit Reader 5.1
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Java Auto Updater
Java(TM) 6 Update 30
Malwarebytes Anti-Malware version 1.60.0.1800
Mass Effect
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenAL
OpenOffice.org 3.3
Opera 11.60
PS_AIO_07_D110_SW_Min
PunkBuster Services
Realtek Ethernet Controller Driver
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Sid Meier's Civilization V
Steam
Toolbox
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VLC media player 1.1.11
.
==== Event Viewer Messages From Past Week ========
.
28/12/2011 8:35:59 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
27/12/2011 6:09:13 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
25/12/2011 9:01:26 AM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
24/12/2011 12:38:31 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.     Feature: Behavior Monitoring     Error Code: 0x80004005     Error description: Unspecified error      Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7129
Re: [Resolved K] Links redirected
« Reply #3 on: January 01, 2012, 06:40:18 pm »
That aint the log from RogueKiller!!

Offline cd36

  • Bronze Member
  • Posts: 6
Re: [Resolved K] Links redirected
« Reply #4 on: January 01, 2012, 07:02:17 pm »
Oops sorry, i had the wrong one in my clipboard.  Here is the roguekiller log!

RogueKiller V6.2.2 [12/31/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: Jeff [Admin rights]
Mode: Scan -- Date : 01/01/2012 18:26:30

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1       localhost
::1             localhost
66.197.194.231 www.google-analytics.com.
66.197.194.231 ad-emea.doubleclick.net.
66.197.194.231 www.statcounter.com.
69.72.252.254 www.google-analytics.com.
69.72.252.254 ad-emea.doubleclick.net.
69.72.252.254 www.statcounter.com.


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 82a97467000f11f4d54864945856e546
[BSP] 82525897293d1cea06eff97a66bd050e : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 137426 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 268414020 | Size: 112628 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 6bcf3b454e93cbe0dc11fcfe9e6cd638
[BSP] 75fb3be7d8ca8753dc60529e148e78d1 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 60019 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt




Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7129
Re: [Resolved K] Links redirected
« Reply #5 on: January 01, 2012, 07:13:18 pm »
Quit all running programs and run RogueKiller once again.

  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 2 and validate by tapping Enter
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Next,

Quit all running programs and run RogueKiller once again.

  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 3 and validate by tapping Enter
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

Next,

Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application. (If you still have Malwarebytes installed just update and run as below)
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Let me see the two logs from RogueKiller and the log from Malwarebytes...

Kevin




Offline cd36

  • Bronze Member
  • Posts: 6
Re: [Resolved K] Links redirected
« Reply #6 on: January 01, 2012, 07:35:25 pm »
RogueKiller V6.2.2 [12/31/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: Jeff [Admin rights]
Mode: Remove -- Date : 01/01/2012 19:28:27

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1       localhost
::1             localhost
66.197.194.231 www.google-analytics.com.
66.197.194.231 ad-emea.doubleclick.net.
66.197.194.231 www.statcounter.com.
69.72.252.254 www.google-analytics.com.
69.72.252.254 ad-emea.doubleclick.net.
69.72.252.254 www.statcounter.com.


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 82a97467000f11f4d54864945856e546
[BSP] 82525897293d1cea06eff97a66bd050e : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 137426 Mo
1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 268414020 | Size: 112628 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 6bcf3b454e93cbe0dc11fcfe9e6cd638
[BSP] 75fb3be7d8ca8753dc60529e148e78d1 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 2048 | Size: 60019 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


RogueKiller V6.2.2 [12/31/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: Jeff [Admin rights]
Mode: HOSTSFix --  Date : 01/01/2012 19:29:12

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1       localhost
::1             localhost
66.197.194.231 www.google-analytics.com.
66.197.194.231 ad-emea.doubleclick.net.
66.197.194.231 www.statcounter.com.
69.72.252.254 www.google-analytics.com.
69.72.252.254 ad-emea.doubleclick.net.
69.72.252.254 www.statcounter.com.


¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1   localhost

Finished : << RKreport[3].txt >>
RKreport[2].txt ; RKreport[3].txt



Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.29.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jeff :: JEFF-PC [administrator]

01/01/2012 7:29:36 PM
mbam-log-2012-01-01 (19-29-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 177139
Time elapsed: 1 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7129
Re: [Resolved K] Links redirected
« Reply #7 on: January 02, 2012, 02:45:46 am »
How is your system responding, are you still having re-direct issues?

Offline cd36

  • Bronze Member
  • Posts: 6
Re: [Resolved K] Links redirected
« Reply #8 on: January 02, 2012, 06:02:43 am »
I haven't noticed it yet, but it was fairly infrequent previously.  I'll use it for a day and let you know.  Thanks!

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7129
Re: [Resolved K] Links redirected
« Reply #9 on: January 02, 2012, 09:21:14 am »
Sounds good to me, post back when you`re ready :t

Offline cd36

  • Bronze Member
  • Posts: 6
Re: [Resolved K] Links redirected
« Reply #10 on: January 04, 2012, 09:29:33 pm »
Well it's been a couple of days and I haven't had any redirects, so I think it is fine. 

So does MSE and MBAM not fix hijacked host files?

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7129
Re: [Resolved K] Links redirected
« Reply #11 on: January 05, 2012, 03:18:31 am »
No MSE and MB to not fix your Host file. OK do the following:

Step 1

  • Download OTC by OldTimer and save it to your desktop. Alternative mirror
  • Double click icon to start the program.
    If you are using Vista or Windows 7, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself. Any tools/logs remaining on the Desktop can be deleted.
If any of the following remain on your Desktop either delete or drag to the recycle bin:

RogueKiller
RKQuarantine
RKreport.txt


Step 2

Download TFC  to your desktop, from either of the following links
 Link 1
 Link 2
  • Save any open work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select “Run as Administartor”
  • If prompted, click "Yes" to reboot.
Save any open work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds.  TFC may re-boot your system, if not Re-boot it yourself to  complete cleaning process <---- Very Important

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc.  Always remember to re-boot after a run, even if not prompted

Step 3

You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here   Before clicking the Start scan  button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing....
...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.

Let me know if the above steps complete OK, also if any remaining issues or concerns...

Kevin


Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7129
Re: [Resolved K] Links redirected
« Reply #12 on: January 07, 2012, 05:06:21 pm »
Since this issue appears to be resolved  the topic has been closed. Glad we could help.  :t

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

The fixes and advice in this thread are for this System only. Do not apply the instructions from this thread to your own System. Please start a new thread describing your issue and someone will be along to assist you.